In the lead-up to the 2024 campaign, concerns about threats to campaigns and the election process were significant. While much attention focused on potential AI and deepfake-driven misinformation, these threats didn't materialize as severely as worst-case scenarios suggested. Though some deepfakes and inauthentic content did circulate, their impact on the election requires further evaluation. Instead, the most significant attacks used traditional techniques like phishing and Distributed Denial of Service (DDoS) attacks on websites.
Three major incidents captured broad media attention and public interest: the Biden robocall incident during the New Hampshire Primary, the successful attack on the Trump campaign, and the parallel attack on the then-Biden campaign in the summer.
Most other cyber incidents received limited attention, even within the political sector. While some were reported by select media outlets, they didn't become national stories.
The most comprehensive insights into the cyber threat environment came from companies like Google and Microsoft, whose threat analysis work provided a deeper understanding of foreign adversaries' actions and methods. These reports, along with federal government warnings, proved invaluable (see links below).
In the infographic below, DDC presents a timeline of these attacks.
Below are the details of the incidents in the infographic along with some additional other cyber incidents of note.
A widespread robocall appearing to be a voice of President Joe Biden advised New Hampshire residents against voting in the presidential primary, and instead save their vote for the November general election.
The call stated: “Republicans have been trying to push nonpartisan and Democratic voters to participate in their primary. What a bunch of malarkey. We know the value of voting Democratic when our votes count. It’s important that you save your vote for the November election.
NY State Deepfake - January 2024
In a video allegedly showing Keith Wright, a fixture in New York politics, he could be heard saying “I dug her grave and she rolled into it.” Laced with other profanities, he described a rival as “lazy, incompetent — if it wasn’t for her, I’d be in Congress.”
The 10-second clip spread quickly among Harlem political players — a seemingly stunning hot mic moment for the influential leader. But there was a problem: It was faked.
The audio was generated by artificial intelligence to sound like Wright and shared anonymously to cause political chaos. Wright quickly denounced it.
Texas Deepfake Mailer - April 2024
A mailer, paid for by the Jeff Yass-bankrolled Club for Growth Action PAC, depicted Phelan in an intimate hug with former U.S. House Speaker Nancy Pelosi, apparently a remake of Pelosi hugging new House Democratic Leader Hakeem Jeffries.
Less publicized was the flip side of the mailer, which falsely depicted Phelan at a lectern speaking at a Texas House Democratic Caucus news conference.
A video from Republican presidential candidate Ron DeSantis included apparently fake images of former President Donald Trump hugging Anthony Fauci.
In a collage of six pictures of the two men, three appear to be AI-generated fakes depicting Trump and Fauci embracing. The other three are real photos of the two men together in March 2020, according to AFP, which first identified the fakes.
Selectively edited clips of President Biden circulated online to paint the picture of a physically and mentally challenged commander-in-chief as he was attending the D-Day commemoration in Normandy.
Utah Governor Spencer Cox Deepfake - June 2024
A video circulated appearing to show Gov. Spencer Cox admitting to fraudulently gathering signatures in the gubernatorial race. A local elections officer warned her followers on Twitter/X that the video should serve as a “huge warning” moving forward.
A video using artificial intelligence voice-cloning mimicking the voice of Vice President Kamala Harris saying things she did not say raised concerns about the power of AI to mislead with Election Day about three months away.
The video, which was developed as a parody, used many of the same visuals as a real Harris ad. It was shared by Elon Musk shared it on platform X without explicitly noting it was originally released as a parody. Musk later clarified the video was intended as satire, pinning the original creator’s post to his profile.
Attack on Trump Campaign - August 2024
Former President Donald Trump’s campaign was attacked and information was stolen and distributed to the media.
The campaign blamed “foreign sources hostile to the United States,” citing a Microsoft report on Friday that Iranian hackers “sent a spear phishing email in June to a high-ranking official on a presidential campaign.” Spear phishing was the attack method. A third party close to the campaign had their account compromised and phishing emails from that “legitimate” source were sent to campaign officials who then had their accounts compromised.
Attempted Harris Campaign Attack - August 2024
At the same time the Trump campaign attack was happening, there was an attempted similar attack on the Harris campaign. The FBI reported that the attempted attack targeted three Biden-Harris campaign staffers.
The attack was unsuccessful.
Iran Sends Trump Data to Biden Campaign - September 2024
Iranian hackers sent unsolicited information they stole from Donald Trump’s presidential campaign to people who were affiliated with Joe Biden’s campaign.
The Office of the Director of National Intelligence, the FBI, and the Cybersecurity and Infrastructure Security Agency said in a joint statement that in late June and early July, Iranian malicious cyber actors “sent unsolicited emails to individuals then associated with President Biden’s campaign that contained an excerpt taken from stolen, non-public material from former President Trump’s campaign as text in the emails.”
There is no indication that Biden’s staff ever replied.
Harris Deepfake - September 2024
Using a fictitious San Francisco news outlet, Russian surrogates disseminated “fabricated videos designed to sow discord and spread disinformation” about the Kamala Harris presidential campaign, according to Microsoft.
One video, which “used an on-screen actor to fabricate false claims about Vice President Harris’s involvement in a hit-and-run accident,” was purportedly published by a San Francisco news outlet created days before the video was posted.
The video generated millions of views, according to Microsoft, and was produced by a troll farm with ties to the Kremlin.
Russia was behind social media posts making baseless and salacious claims about Minnesota Governor, Tim Walz. The false claim that the Democratic vice-presidential nominee abused a student as a teacher went viral after an anonymous X account posted what it said were screenshots of correspondence with an alleged victim.
The documents were debunked, and the account soon disappeared from the site.
Multiple experts tracking disinformation attributed the source to a disinformation network with ties to Russia called Storm-1516.
Georgia Secretary of State Reports DDoS Attack - October 2024
The Georgia Secretary of State reported that there were attempts to interfere with and attackers attempting to knock the absentee ballot website offline. Hundreds of thousands of IP addresses from numerous countries flooded the Georgia website with bogus traffic, a classic Distributed Denial of Service or DDoS attack.
China Verizon/Trump Phone Hack - October 2024
Chinese hackers targeted data from phones used by former President Donald J. Trump and his running mate, Senator JD Vance of Ohio, as part of what appears to be a wider intelligence-collection effort.
This was, and is still ongoing, sophisticated penetration of telecom systems.
The type of information on phones used by a presidential candidate and his running mate could be a gold mine for an intelligence agency or other bad actors. A successful attack could reveal Who they called and texted, how often they communicated with certain people, and how long they talked to those people. This is high-value information for an adversary like China.
Georgia Election Deepfake - October 2024
Georgia’s Secretary of State Brad Raffensperger reported the state had been targeted by election disinformation, pointing to a viral video of alleged voter fraud that he suggested could be the result of foreign meddling.
The original video, which emerged on the social media platform X, had well over half a million views and purportedly showed a Haitian immigrant claiming he voted several times for Vice President Kamala Harris in the presidential election. Even though the original post was deleted, the video continued to circulate on social media as proof of supposed voter fraud.
DDOS Campaign Website Attacks - November 2024
DDoS attacks targeting US political or elections-related Internet properties in particular picked up starting in September, with the more than 6 billion HTTP DDoS requests seen during the first six days of November exceeding the volume seen during all of September and October.
Cloudflare blocked a series of DDoS attacks targeting a high-profile campaign website. The attacks began on October 29, with a four-minute spike reaching 345,000 requests per second. On October 31, more intense attacks followed, with the first lasting over an hour, peaking at 213,000 requests per second. Hours later, on November 1, a larger attack reached 700,000 requests per second, followed by two more waves at 311,000 and 205,000 requests per second.
Over 16 hours, Cloudflare blocked more than 6 billion malicious HTTP requests between October 31 and November 1. Additional attacks continued on November 3, with peaks at 200,000 requests per second; on November 4, at 352,000; on Election Day, November 5, at 271,000 around 14:33 ET (11:33 PT); and on November 6, at 108,000.
Threat reports from Microsoft and Google
Microsoft Threat Intelligence Report: Iran steps into US election 2024 with cyber-enabled influence operations - Aug 2024
https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/5bc57431-a7a9-49ad-944d-b93b7d35d0fc.pdf
Google Threat Analysis Group: Iranian-backed group steps up phishing campaigns against Israel, U.S. - Aug 2024
https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/