Research Article
A Canary in the Voting Booth: Attacks on a Virtual Voting Machine
@INPROCEEDINGS{10.1007/978-3-031-56580-9_1, author={Michael Madden and Dan Szafaran and Philomena Gray and Justin Pelletier and Ted Selker}, title={A Canary in the Voting Booth: Attacks on a Virtual Voting Machine}, proceedings={Digital Forensics and Cyber Crime. 14th EAI International Conference, ICDF2C 2023, New York City, NY, USA, November 30, 2023, Proceedings, Part I}, proceedings_a={ICDF2C}, year={2024}, month={4}, keywords={Elections Security Threat Intelligence Cybersecurity}, doi={10.1007/978-3-031-56580-9_1} }- Michael Madden
Dan Szafaran
Philomena Gray
Justin Pelletier
Ted Selker
Year: 2024
A Canary in the Voting Booth: Attacks on a Virtual Voting Machine
ICDF2C
Springer
DOI: 10.1007/978-3-031-56580-9_1
Abstract
Elections are critically contentious and attempted interference must be monitored. To better understand how an attacker might attempt to compromise an internet facing voting infrastructure, we built and deployed a Virtual Voting Machine (VVM) to masquerade as a real electronic voting machine during the 2022 U.S. midterm elections. The honeypot collected 17,682 hits from October 27 to November 9, 2022, even though it was neither publicized nor associated with known elections infrastructure.
This paper describes how anyone running such a honeypot might find a huge number of automated hits that are uninteresting, as well as a few that were interesting. We analyzed this traffic and found that many hits resulted from bot-based scraping of our digital architecture or internal security tests. We also received two credible threat types including:
1) infection attempts from the Mirai and Mozi botnets, and
2) a sophisticated tunneling attempt that appeared to originate from overseas.
We propose that deployments of VVM honeypots will help understand potential attacker’s techniques and sophistication. VVM honeypots may also help defenders prepare for and manage real attacks against electronic elections infrastructures.
