Will Cyber-Attackers Hack The UK Election? I Don't Think So

02/06/2017 13:30


Image: Shutterstock

The UK General Election is now only a week away, and it arrives against the backdrop of media hype and coverage surrounding possible attempts by hackers to influence national elections (see: US, French elections). With so much media focus around hacking - political or otherwise - it's understandable that people may expect the UK General Election to be a target. While it may be captivating to imagine that hackers are puppet masters pulling the strings of governments across the globe, it's important to take a step back and consider the likelihood of this happening based on historical evidence.

I'm very hesitant to assume that it will happen. The fear of election manipulation is far more likely the result of media hype and what is known as 'FUD' (fear, uncertainty and doubt) than it is by actual interference. There's an element of McCarthyism to election hacking since the election of US President Donald Trump, with a lot of unsubstantiated allegations being passed off as fact (see also: Fake News).

Of course, worries relating to election manipulation are without doubt a concern, but we must be wary of misplacing blame to fit a political narrative. The allegations of Russian interference in the US Presidential election are just that; allegations devoid of hard evidence. In fact, what it does prove is that it can be all too easy for the media to lend credence to a fantasy narrative peddled by a political party or those with a vested interest. That's not to say that such interference can't happen, but if as a society we are going to accept such allegations as truth, I hope our burden of proof is higher than, "this person said so".

My background is in forensic investigations (15 years and roughly 2,500 investigations), and in that field we often employ a principle known as 'Occam's razor', which proposes that the scenario with the fewest assumptions is the one most likely to be accurate. Before pointing fingers at the Russians or Chinese, we should follow leads the same way the police do in physical investigations. If there is election tampering, they would first ask who has the most to benefit? They would explore who has the means, method and motive to bring into question the validity of the election.

Do hacktivist groups have this motivation? If so, how would they benefit from one person being elected over another? There has not been any credible evidence that any group was involved in any politically motivated hacking other than some malware strings and IP address similarities. Since many different types of malware are commoditised (meaning they can be bought and sold) on the black market by literally anyone in the world with a computer and some bitcoins, this is hardly what I would call "concrete evidence". A finding for sure, but only a single data point - the burden of proof for their involvement is much higher. And IP addresses can very easily be spoofed, or anonymised to hide the attackers' actual location. Again, this is a finding to be noted for sure, but it is not exactly a smoking gun.

This is why attribution is so difficult and should include multiple data points all pointing in the same direction (we call this nonrepudiation). Remember, according to the scientific theory, we should try to disprove our hypothesis, not prove them. Forensic investigations are very much scientific processes, and investigators should remain independent fact finders; devoid of opinion and in relentless pursuit the truth.

It is far more likely that a leak, breach or hack were to come from within those parties in the race (ie...those with the most to gain by bringing the validity of the election into question). But wherever the attack originates or what medium is used in the execution of that attack, investigation and forensic technology is now so advanced, the residual evidence of the that attack cannot be completely identified, contained, and eradicated. In these types of investigations, if there is evidence, it can be found - devoid of political leaning, opinion, or desire.

This is the beauty of digital evidence; it does not lie and it does not have ulterior motives, it simply is.

Our job is to find it and tell the story of the evidence devoid of opinion. As Joe Friday famously said on the TV show Dragnet, "Just the facts ma'am".