How Alphabet plans to keep hackers away from this year’s election

16 May How Alphabet plans to keep hackers away from this year’s election

As we all look ahead to this year’s midterms with a mixture of excitement and panic, fully expecting hackers to once again target U.S. election systems, Alphabet security incubator Jigsaw announced today that it’s offering a new level of free protection to candidates and political organizations.

Jigsaw’s Project Shield has since 2016 offered free protection against distributed denial of service attacks to organizations like news media and human rights groups. Now, the company says, the service will also be available to U.S. political organizations including candidates and their campaigns and other groups like political action committees.

“We saw an opportunity here in the U.S. as we’re entering the election cycle to expand our purview in thinking about how do we protect access to information that is important to the functioning of democratic institutions,” says George Conard, product manager for Project Shield.

The announcement comes soon after officials in Knox County, Tennessee, said that a server reporting vote totals after primaries there went down amid what looked like a denial-of-service attack. Conard says Project Shield staff previously saw signs of such attacks against election-related systems in the Netherlands last year, around elections in that country. Russia also claimed earlier this year that systems in that country were targeted for DDOS attacks around the time of elections there.

Denial of service attacks typically don’t enable hackers to steal or alter data, but they can effectively censor websites by so overwhelming servers with traffic that they can’t process legitimate requests. Election security experts have warned that hackers might use such techniques during this year’s elections to undermine confidence in the election system. DDOS attacks have been on the rise in general, often powered by devices infected with malware that lets attackers enlist them into botnets able to generate heavy traffic from across the internet. Content delivery network provider Akamai reported that DDOS attacks were up about 14% in the last quarter of 2017 compared to the same period the previous year.

“Generally speaking, DDOS attacks have been increasing over the last several years,” says Conard. “They continue to get bigger. They continue to get more sophisticated.”

How it works

Project Shield’s system works by routing traffic to protected websites through Google’s network, filtering out requests that seem to be malicious before they can reach and potentially overwhelm servers at the targeted organization. Project Shield can also optionally cache web content to help speed delivery and further reduce the load on the servers of the organizations it’s protecting.

The company says that once organizations are approved for Project Shield protection, it can take them just a few minutes to tweak settings to enable the service. And while routing traffic through Google’s servers means the company will have access to traffic metadata, Conard says the company doesn’t use that information for purposes other than providing the DDOS protection and caching.

“We get the metadata logs which we have to have in order to defend sites,” he says. “We expire that data very, very quickly.”

Google and Jigsaw also offer other tools to organizations involved in elections, from candidates to journalists, through an initiative called Protect Your Election. That includes Google’s Advanced Protection Program, which requires a physical security key to access Google accounts and limits third-party app access to data like Gmail inboxes and Google Drive files.

People involved in elections–or anyone else–can also install a free Google Chrome extension called Password Alert, which protects against phishing by notifying users if they enter their Google passwords on any third-party websites. Phishing attacks were famously used during the 2016 election cycle to access emails belonging to John Podesta, Hillary Clinton’s campaign chairman.

Google isn’t the only major tech company taking steps to protect election security: Facebook has recently announced steps to boost transparency around political ads on its platform and curb foreign interference and the spread of misinformation.

Source: Fast Company