2024 U.S. Election Integrity Threats: Not Just Data Leaks & Hacks

Download Now

In a world where nothing can be 100% secure, U.S. elections are remarkably close. CISA has issued numerous statements assuring voters of the measures in place and warning against claims of hacking intended to "manipulate public opinion and undermine confidence in U.S. democratic institutions." Reviewing the last eight years of threats to voting records and voter data, we see that there of course real threats, but none that would undermine the legitimacy of U.S. election results.

Yes, America’s voting machines are secure

America’s voting machines have proven resilient against attacks, and there has never been any evidence to challenge the integrity of the results they produce. Voting machine makers Dominion and Smartmatic have collected hundreds of millions of dollars from defamation suits and they will likely get even more.

Disinformation threatens democracy

America’s electoral system, on the other hand, has been damaged by years of attacks. An election ends with an acknowledgment that the party who received more votes has won. Disinformation campaigns have aimed to give Americans the permission to reject the reality of that result, and even to embrace physical violence to assert their own. Amongst the real threats to the electoral process, according to the FBI and CISA, are “attempts to undermine public confidence in the security of U.S. election infrastructure through the spread of disinformation falsely claiming that cyberattacks compromised U.S. voter registration databases.”

Hacks, leaks, and other attacks

While the U.S.’s election infrastructure remains secure, there have been real information security incidents related to the electoral process. On one hand, there are cases where the confidentiality of voter personal information has been compromised. In many of these cases, the UpGuard Research team was able to proactively detect the leaks before threat actors. 

The real threats to the integrity of voting data come in the form of physical attacks on voting hardware and ballots. The timeline below illustrates some of these major events, which include hacks, leaks disinformation, and even physical threats.

2016

How the Russians hacked the DNC and passed its emails to WikiLeaks

July

Hack — Russian hacking groups gained access to the Democratic National Committee's systems during the 2016 campaign, releasing emails and other internal documents publicly through WikiLeaks.

How the Russians penetrated Illinois election computers

July

Hack — Russian hackers gained access to the names, addresses, dates of birth, driver's license numbers and partial Social Security numbers of about 500,000 Illinois voters via SQL injection attack on the Illinois State Board of Election.

2017

The RNC Files: Inside the Largest US Voter Data Leak

June

Leak — The UpGuard Research team discovered a publicly exposed copy of the RNC's voter database, containing detailed information on 198 million Americans.

The Chicago Way: An Electronic Voting Firm Exposes 1.8M Chicagoans

August

Leak — The UpGuard Research team discovered a publicly exposed copy of a Chicago voter database with 1.8M records.

2018

Overboard: How Tea Party Campaign Assets Were Exposed Online

September

Leak — The UpGuard Research team discovered a storage bucket containing internal documents from the Tea Party Patriots Citizens Fund.

Donald Daters, a dating app for Trump supporters, leaked its users' data

October

Leak — A French security researcher discovered an exposed database for an app connecting Donald Trump supporters.

2019

Political History: How A Democratic Organization Leaked Six Million Email Addresses

September

Leak — The UpGuard Research team discovered a storage bucket for the Democratic Senatorial Campaign Committee containing 6.2M records.

2020

Campaign Gaffe: How a Voter Contact App Exposed Credentials and Code

March

Leak — The UpGuard Research team discovered a publicly exposed code repository for Campaign Sidekick, a GOP get out the vote app.

The Russian Election Hack That Wasn't (This Time)

September

Disinformation — A Russian newspaper claimed that personal details from Michigan voters had been released by hackers; however, that information was already intentionally public.

Dumb mistake' exposed Iranian hand behind fake Proud Boys U.S. election emails, sources say

October

Disinformation — Threats originating from an email address apparently tied to the far right group "Proud Boys" were in fact sent by Iranian threat actors.

Florida County Database Mistake: Election Officials' Logins Among Exposed Data

October

Leak — The UpGuard Research team discovered publicly exposed documents from a Florida county, including credentials for county election officials.

2021

Trump allies breach U.S. voting systems in search of 2020 fraud 'evidence'

Physical threat — In eight separate incidents across five states, Trump supporters attempted to breach voting systems to demonstrate the machines's results were rigged.

Campaign of Fear: The Trump world's assault on U.S. election workers

Jun–Dec

Physical threat — A series of reports from Reuters on Trump supporters terrorizing election workers.

2022

A software CEO was arrested on suspicion of storing poll worker data in China

October

Leak — Conservative vote monitoring organization "True the Vote" discovered a publicly exposed database with U.S. election worker data hosted in China.

Judge restricts far-right group from carrying weapons, taking video at Arizona ballot drop boxes

November

Physical threat — Far right groups wearing body armor and carrying weapons took video and photographs of people using ballot drop boxes.

2023

Fox, Dominion reach $787M settlement over election claims

April

Disinformation — After Fox News aired claims that Dominion Voting Systems changed votes in the 2020 election from Trump to Biden, Dominion sued Fox. Ultimately they settled, with Fox paying $785.5M and admitting that their claims were false.

DC Board of Elections Says Full Voter Roll Compromised in Data Breach

October

Hack — Ransomware group RansomedVC claimed credit for breaching the voter data of the D.C. Board of Elections, including partial social security numbers, driver's license numbers, dates of birth, and contact information such as phone numbers and email addresses. The data was managed by DCBOE's vendor DataNet Systems.

2024

Rudy Giuliani loses bid to dismiss $148 million defamation judgment in Georgia election workers case

April

Disinformation — Rudy Giuliani accused two Georgia election workers of committing election fraud. They sued him for defamation and won, including $148M.

Iran Behind Trump Campaign Hack, US Government Confirms

August

Hack — Iranian threat actors compromised accounts belonging to members of the 2024 Trump campaign, stealing confidential information.

Right-wing influencers were duped to work for covert Russian operation, US says

September

Disinformation — A media company funding right wing influencers including Tim Pool, Dave Rubin and Benny Johnson was discovered to be funded by a Russian influence operation.

Police are searching for the person who set ballot boxes on fire in Washington and Oregon.

October

Physical threat — A fire set in a ballot box in Vancouver, Washington destroyed about 475 ballots. Another fire was set at a ballot box in Portland, Oregon, but only damaged a few due to fire suppressant technology in the box.

Colorado governor works to remedy leak of voting system passwords

October

Leak — The Colorado Secretary of State announced that a spreadsheet of passwords for voting systems were accidentally exposed online. However, the systems had other compensating controls preventing them from being accessed and has now remediated the exposure.

Disinformation and distrust

The rejection of reality, and of the results of the democratic process, delegitimizes the resulting goverment and makes America weaker at home and around the world. Every one of America’s adversaries understands this, which is why China, Iran, and Russia engage in campaigns to distribute deceptive content that amplifies divisions within the U.S. electorate.

The FBI and CISA recently issued a PSA about the election, but it’s not a warning about cyber attacks. Rather, it is a warning to be skeptical of such claims, as that disinformation is how foreign adversaries are best able to interfere in the election process.

“There has been incredible effort across local, state and federal governments to ensure the security and integrity of our nation’s election infrastructure. Americans should be confident that their votes will be counted as cast. They should also know that our foreign adversaries will try to make them believe otherwise. We encourage everyone to remain vigilant, verify the information they consume, and rely on trusted sources like their state and local election officials.”

- Cait Conley (CISA Senior Advisor)

Voter information privacy

A separate but intertwined concern in election security is the privacy of voters’ personal information. Voter rolls and political campaigns both require large collections of information about the voting public. Those data sets may be distributed, enriched, and managed by third parties, all of which increase the attack surface and likelihood of compromise. 

Unlike conspiracy theories about voting machines, concerns about data privacy for voter information do have a basis in reality. Threat actors have gained unauthorized access to voter databases. Entities processing voter information have left it exposed on the internet many times, as the UpGuard Research team and others have demonstrated many times.

Voter privacy and election integrity

Voter privacy and election integrity are intertwined in another way, too: the demonstrated risks to voter privacy have become fuel for disinformation campaigns. In 2020, a Russian media outlet claimed to have American voter PII from a hacked database, stirring anxieties about Russian hacking. People more familiar with US voter systems soon pointed out that the data– like much voter data– was publicly available. 

The Podesta email hack, the event that really marked the beginning of the current threat environment for election integrity, established a pattern that has been repeating ever since. There was a cyber threat– Russian hackers really did breach the DNC– but the impact was not to drive discussion of how to better defend against Russian intrusion.

The leaked emails were weaponized to fuel conspiracy theories. There are real cyber threats in an election, but it is the fantastic shadows they cast that are used to disrupt election integrity.

The real threat to U.S. election integrity

When we look at the possible threats to the integrity of U.S. elections, we see real threats, but not from hacking. Former president Trump and his allies have done more to “sow distrust of U.S elections,” as the FBI and CISA put it, than foreign adversaries ever could.

We know what could lead to votes not being counted at polling places: physical threats to the people who administer elections and destruction of the ballots themselves.

And while personal privacy will always be a valid concern, there are more likely ways for one’s private information to be compromised.

Ready to see
UpGuard in action?

Ready to save time and streamline your trust management process?