Jigsaw, a Google-founded technology incubator, wants to safeguard the upcoming 2018 U.S. midterm elections from cyber gangsters.
The New York-based think tank, sprung from Google’s former Ideas unit and now a subsidiary of Alphabet, said on Wednesday that it will dole out to registered political organizations a filtering system to prevent denial of service (DDoS) attacks from reaching their targets, in this case, campaign or election websites. The service will be provided free of charge, officials said.
Jigsaw’s anti-DDoS kit, launched two years ago as Project Shield to protect news media and human rights organizations, is one part of a larger initiative called Protect Your Election, a collection of free cybersecurity tools and services for political organizations to defend themselves against hacker weaponry, such as phishing. Jared Cohen, formerly with the U.S. State Department’s Policy Planning Committee, is Jigsaw’s founder and CEO.
“We’re offering Project Shield as a free service to U.S. political organizations registered with the appropriate electoral authorities, including candidates, campaigns, section 527 organizations, and political action committees,” said George Conard, Jigsaw product manager, in a blog post. “These organizations are critical parts of the democratic process, and they deserve the same defenses against cyber attacks that we’ve offered to news organizations around the world.” DDoS attackers are trying to “silence political speech and voters’ access to the information they need,” he said.
By most any measure, tools to launch a DDoS attack are available for a song and a dance, and websites catering to hackers looking to launch an assault can be readily located. One such outfit, Webstresser.org, said to be the world’s largest seller of DDoS attack tools, had 136,000 registered users before international law enforcement took it down last month. Buyers with little or no technical knowledge could purchase a DDoS kit for only $15 and shut down a targeted website without worry of being caught.
With the U.S. midterm election campaigns heating up, congressional legislators, election officials and security pros are on increasingly heightened alert to watch for and fend off hacking and website dismantling seen in the 2016 presidential season.
Both research data and anecdotal evidence support their fears. According to security specialist Kaspersky’s Q1 DDoS Intelligence Report, DDoS attacks were registered in 79 countries, with the majority launched against targets in China (59 percent), followed by the United States (18 percent) and South Korea (8 percent). During the period, the number of DDoS attacks peaked on January 19 (666 attacks) and March 7 (687 attacks). The longest attack lasted more than 12 days. Akamai’s Q4 data, as referenced by Jigsaw, showed the average number of DDoS attacks per targeted website increase to a high of 32, or a new attack every three days.
DDoS election-related assaults are no longer confined to national campaigns. Earlier this month, DDoS hackers with foreign IP addresses clogged a Knox County, Tennessee website during a primary election, crashing the page just as the polls were closing. It doesn’t take much to imagine the destruction that could rain on the electoral process at any point this fall.
Project Shield currently safeguards about 700 websites from DDoS attacks, Conard told CNet. Two years ago, it protected security journalist Brian Krebs' website from attacks by the Mirai botnet, which zombied more than 600,000 internet-of-things devices and crippled his site with up to 620 Gbps of data.
“Protecting critical infrastructure and institutions from cyber attacks is more important than ever,” Conard wrote. “With the U.S. midterm elections approaching, it’s crucial to make sure that private information is protected and public information is accessible.” Jigsaw intends to expand its DDoS protection services to international political organizations over the next few months, he said.
“What we’ve realized over the last couple years, seeing what happens during elections, is that DDoS attacks tend to spike,” Conard told the Washington Post. “We’re trying to understand what organizations that are vulnerable to digital attacks need and how we can keep them safer.”