I was all set to do a newsletter on what we could expect from a Republican-controlled Senate and House on issues like national security, cybersecurity, and technology. But that’ll have to wait. Maybe for a while.
Like you, I’m reading everything Jonah, David, Nick, Kevin, and the rest of the Dispatch team are writing about the election so that I can know what happened, why it happened, and how I should be thinking about it. I guess my part of this effort should focus on the cyber side of the story. So, here we go.
First, let’s talk about DDoS attacks. In Illinois and Mississippi, websites used by state election officials, campaigns, and partisan groups were hit by distributed denial of service (DDoS) attacks, temporarily preventing their use. To set the table: A DDoS attack isn’t really a “hack,” because no system is compromised, and no data is leaked or changed (more on that in a bit). A bad guy will infect hundreds, thousands, or potentially millions of computers with code that allows them to then use this “botnet” to flood a website with fake traffic, slowing or shutting it down under the strain. It’s like if I were to remotely cause every Dispatch reader’s phone to simultaneously call the main line of the Alexandria, Virginia, police department—this would quickly prevent anyone from getting through to the department because its phone lines would be overwhelmed by the traffic.
It’s more of a harassment technique that, under the right circumstances, can have a significant impact. For example, in 2016 the Mirai botnet attack used more than 145,000 compromised devices to temporarily shut down access to several high-profile websites, including Airbnb, GitHub, Netflix, Reddit, and Twitter.