HBO’s Kill Chain Shows Weaknesses in U.S. Election Security
Are America’s elections safe from cyberattacks? The answer, according to HBO’s recent documentary Kill Chain: The Cyber War on America’s Elections, is a resounding no.
Kill Chain examines past cyberattacks on election infrastructure, as well as vulnerabilities in voting systems that are slated for use in 2020 federal, state and local elections. The documentary follows cybersecurity researchers, U.S. politicians, and even attackers who have hacked systems used in previous elections. Collectively, the experts agree: current U.S. election technology is immensely vulnerable.
A key weakness that is highlighted time and time again: Unsecured privileged access to election systems. Exploitation of privileged credentials is one of the most widely utilized attack vectors in cyberattacks today. And the reason is simple. Once attackers have a foothold into the network, they can use these credentials to escalate privileges and move laterally. In the case of IT infrastructure supporting elections, an attacker could gain access to a single computer and infect additional machines – eventually being able to execute a complete network takeover.
As someone with a strong professional and personal interest in cybersecurity, this documentary really emphasized the need for better security and data privacy education, not just in our elections but also in daily life. Several of the identified attacks could have been prevented by following basic cybersecurity best practices. For those of you who haven’t seen the documentary, I’ll be cautious of spoilers, but let’s dig into how privileged access management solutions can protect against the weaknesses of U.S. election technology.
Prevent Credential Theft – The Entry Point of the 2016 Election Assistance Commission Breach
In December 2016, the Election Assistance Commission (EAC), the federal government organization overseeing election security, revealed that its database had been breached by attackers affiliated with a nation-state.
Stolen privileged credentials from an EAC administrator were the attacker’s entry point. Kill Chain interviews the administrator whose credentials were used to access EAC systems, who claims he may have been targeted for credential theft since he was “the new guy,” having just joined EAC. While user management and onboarding tasks can be intensive workloads, securing the privileged credentials of new employees is essential to the success of any privileged access management (PAM) program.
Modern privileged access management solutions can secure and automatically rotate privileged credentials and isolate them to help prevent credential theft. Automatic discovery capabilities can also help ensure all privileged accounts are managed through the solution, including the onboarding of new employees and revoking privileges of former employees.
Stop Lateral and Vertical Movement – The Dangers of a Nation-State Attack
Kill Chain makes the point that once nation-state attackers had a foothold in the EAC database, they were able to move laterally to the server hosting all election data. Once in control of this server, they could wipe all voting data, essentially rendering the election meaningless.
In this case, the attacker downloaded voting data and sold it to the highest bidder, another foreign government. But effectively, the EAC’s lack of controls rendered our election systems vulnerable to multiple foreign actors. As the EAC administrator stated, once in control of the server, “they can do whatever they want to that database.”
Elsewhere, Kill Chain points out that despite frequent claims otherwise, voting systems are heavily networked. Nationally, voter registration is linked to the internet for easy enrollment, while voting machines communicate on LAN networks that are heavily susceptible to attack. Lateral attacker movement between these machines could compromise entire polling centers, allowing less sophisticated attackers like or organized crime groups to manipulate their local elections.
Privileged access management best practices can enhance election security by helping stop lateral and vertical movement. Session isolation capabilities can limit a compromised credential’s range of motion to a single system, session monitoring provides visibility into privilege-related activity and automatic credential rotation capabilities notably constrain an attacker’s window of opportunity. Finally, privileged access management can support Zero Trust frameworks and just-in-time privilege elevation to allow users to access privileged accounts only on a temporary, as needed basis.
Limit Privilege Escalation and Abuse – Securing the Local Election Infrastructure
One of the most interesting parts of Kill Chain is an interview with one anonymous attacker who successfully escalated privileges to gain root access to Alaska’s main election server in the 2016 federal election. The attacker claims that once in control of the server, he “felt like God,” and could have changed live voting data or even removed candidates from the ballot. The documentary even hints the attacker may have intended to use Alaskan systems as a steppingstone to federal systems.
The documentary stops short of making this accusation, but the point is clear: U.S. election security infrastructure fails to contain privilege escalation.
Elsewhere, Kill Chain explores the various vulnerabilities of the three most popular voting systems, which run on woefully out-of-date operating systems like Microsoft Windows 7.* The documentary even cites a U.S. Air Force penetration tester who specifically names easy privilege escalation as an unforgivable vulnerability of one vendor’s polling computers.
Privileged Access Management solutions that reinforce the principle of least privilege, in which each privileged account is granted only necessary permissions – no more and no less – is a good starting point. Further, privileged threat analytics can automatically detect anomalous activity and alert and trigger an automatic response to high-severity incidents and take remedial actions to stop attacks.
While Kill Chain, which ultimately argues for paper ballots, makes it clear there are significant U.S. election security threats outside of the realm of privileged access management, the documentary makes it clear that better privilege-related controls are needed across American election infrastructure. And while this documentary focused solely on election security, these attacks could very easily translate into any business that holds sensitive data. No matter the organization, a modern privileged access management program is essential to developing a strong cybersecurity posture.
*Note: Microsoft has adjusted its end-of-support for Windows 7 to protect machines used in the 2020 election cycle.