BOSTON — The hackers came with an arsenal of tools to bolster their powers.
The attackers purchased a botnet on the internet to spread disinformation. They purchased zero-day exploits to infect devices. They launched a DDoS attack on the local 911 call center.
In a Sept. 20 exercise that simulated hackers sowing chaos on Election Day, a red team of attackers relied on this mix of cutting edge technology to carry out their plans.
A team of current and former law enforcement officers, who acted as a blue team, relied on their own set of tools to protect the simulated vote. They wanted to secure internal communications so it could not be attacked. They wanted to attribute cyberattacks. And they wanted to combat disinformation.
Law enforcement officials, who participated in the exercise hosted by the cybersecurity firm Cybereason, said that they would have likely postponed the vote if the exercise was a real event. The simulation was a test run of what intelligence officials fear is a worst case scenario for the upcoming mid-term vote.
But the exercise also provided insight into the tools and products that hackers and law enforcement would rely on in the event of an emergency. The test run offered clues for what each side needed in the heat of battle, and sets the stage for future investments for government and business.
Hacker Tools Challenged
The hackers relied on a combination of crowdsourced platforms and known attack methods.
“We used Twitter botnets, injected inaccuracies into traffic touting systems, hacked into autonomous cars, and used zero day attacks” during the simulation, Danielle Wood, director of advocacy services at Cybereason and a member of the red team, told Fifth Domain.
But the technology and defense community have invested in ways to counteract those tactics.
In 2015, DARPA ran a Twitter bot detection challenge that challenged teams to identify webs of fake users on the platforms.
“All three winning parties found that machine learning techniques alone were insufficient because of lack of training data,” a paper which summarized the results said. “However, a semi-automated process that included machine learning proved useful.”
The use of zero-day exploits to infect devices has also been stifled by law enforcement efforts.
The heyday for zero-day exploits sold on the dark web was 2013, Jared Semrau, head of vulnerability and exploitation intelligence at FireEye, told Fifth Domain. Today, Semrau said only a small number of exploits are sold on the dark web because it is believed many former vendors have been arrested, and the sales have moved to other platforms.
Can You Hear Me Now? Good.
Current and former law enforcement officials who participated showed how much they rely on internal and external communication during a crisis. As the red team of hackers launched DDoS attacks on the 911 call centers, the blue team of police officers wanted to get networks back online.
DARPA has invested in a “Extreme DDoS Defense” program that it hopes can improve resilience of computer networks. The program works by dispersing cyber assets, confuses attackers, and changes network endpoints so they can avoid being clogged. In addition, the Defense Information Systems Agency has also said it needs to help the Department of Defense prepare for massive DDoS attacks.
The police officers focused on ensuring internal communications as well during the simulation so they could talk to each other seamlessly.
The Department of Homeland Security plans on researching end-to-end phone call encryption for government use, Vincent Sritapan, a program manager at DHS’ Science and Technology Directorate told Fifth Domain in August.
The law enforcement officers also said they would have wanted to attribute the cyber attacks if possible, but added that to do so they would have asked the federal government for assistance.
The intelligence community has created an “election small group” that is focusing on securing the upcoming mid-term elections by passing on threat indicators. But the limitations of law enforcement’s tools are clear, according to Ed Davis, the former Boston police chief who was a member of the blue team during the simulation.
“No matter how trusted your sources are they are always going to be attacked, because everyone has a megaphone.”
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.