FBI and CISA Publish a PSA on Malicious Cyber Activity Against Election Infrastructure

October 05, 2022 — The Federal Bureau of Investigation (FBI) and CISA have published a joint public service announcement that:

  • Assesses malicious cyber activity aiming to compromise election infrastructure is unlikely to result in large-scale disruptions or prevent voting.
  • Confirms “the FBI and CISA have no reporting to suggest cyber activity has ever prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information.”

The PSA also describes the extensive safeguards in place to protect election infrastructure and includes recommendations for protecting against election-related cyber threats.

Malicious Cyber Activity Against Election Infrastructure Unlikely to Disrupt or Prevent Voting

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) assess that any attempts by cyber actors to compromise election infrastructure are unlikely to result in large- scale disruptions or prevent voting. As of the date of this report, the FBI and CISA have no reporting to suggest cyber activity has ever prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information. Any attempts tracked by FBI and CISA have remained localized and were blocked or successfully mitigated with minimal or no disruption to election processes.

The public should be aware that election officials use a variety of technological, physical, and procedural controls to mitigate the likelihood of malicious cyber activity (e.g., phishing, ransomware, denial of service, or domain spoofing) affecting the confidentiality, integrity, or availability of election infrastructure systems or data that would alter votes or otherwise disrupt or prevent voting. These include failsafe measures, such as provisional ballots and backup pollbooks, and safeguards that protect against voting malfunctions (e.g., logic and accuracy testing, chain of custody procedures, paper ballots, and post-election audits). Given the extensive safeguards in place and distributed nature of election infrastructure, the FBI and CISA continue to assess that attempts to manipulate votes at scale would be difficult to conduct undetected.

Election systems that house voter registration information or manage non- voting election processes continue to be a target of interest for malicious threat actors. Cyber actors may also seek to spread or amplify false or exaggerated claims of cybersecurity compromises to election infrastructure; however, these attempts would not prevent voting or the accurate reporting of results.a

The FBI and CISA will continue to quickly respond to any potential threats, provide recommendations to harden election infrastructure, notify stakeholders of threats and intrusion activity, and impose risks and consequences on cyber actors seeking to threaten U.S. elections.

Recommendations

  • For information about registering to vote, polling locations, voting by mail, provisional ballot process, and final election results, rely on state and local government election officials.
  • Remain alert to election-related schemes which may attempt to impede election administration.
  • Be wary of emails or phone calls from unfamiliar email addresses or phone numbers that make suspicious claims about the elections process or of social media posts that appear to spread inconsistent information about election-related incidents or results.
  • Do not communicate with unsolicited email senders, open attachments from unknown individuals, or provide personal information via email without confirming the requester’s identity. Be aware that many emails requesting your personal information often appear to be legitimate.
  • Verify through multiple, reliable sources any reports about compromises of voter information or voting systems, and consider searching for other reliable sources before sharing such information via social media or other avenues.
  • Be cautious with websites not affiliated with local or state government that solicit voting information, like voter registration information. Websites that end in “.gov” or websites you know are affiliated with your state or local election office are usually trustworthy. Be sure to know what your state and local elections office websites are in advance to avoid inadvertently providing your information to nefarious websites or actors.
  • Report potential crimes—such as cyber targeting of voting systems—to your local FBI Field Office.
  • Report cyber-related incidents on election infrastructure to your local election officials and CISA ([email protected]).
Cyber Criminals Increasingly Exploit Vulnerabilities in Decentralized Finance Platforms to Obtain Cryptocurrency, Causing Investors to Lose Money

SUMMARY

The FBI is warning investors cybercriminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to steal cryptocurrency, causing investors to lose money. The FBI has observed cybercriminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency. The FBI encourages investors who suspect cybercriminals have stolen their DeFi investments to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.

THREAT

Cybercriminals are increasingly exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal cryptocurrency, causing investors to lose money. A smart contract is a self-executing contract with the terms of the agreement between the buyer and seller written directly into lines of code that exist across a distributed, decentralized blockchain network. Cybercriminals seek to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms.

Between January and March 2022, cybercriminals stole $1.3 billion in cryptocurrencies, almost 97 percent of which was stolen from DeFi platforms, according to the US blockchain analysis firm Chainalysis. This is an increase from 72 percent in 2021 and 30 percent in 2020, respectively. Separately, the FBI has observed cybercriminals defraud DeFi platforms by:

  • Initiating a flash loan that triggered an exploit in the DeFi platform’s smart contracts, causing investors and the project’s developers to lose approximately $3 million in cryptocurrency as a result of the theft.
  • Exploiting a signature verification vulnerability in the DeFi platform’s token bridge and withdraw all of the platform’s investments, resulting in approximately $320 million in losses.
  • Manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities, including the DeFi platform’s use of a single price oracle,(a) and then conducting leveraged trades that bypassed slippage checks (b) and benefited from price calculation errors to steal approximately $35 million in cryptocurrencies.

RECOMMENDATIONS

Investment involves risk. Investors should make their own investment decisions based on their financial objectives and financial resources and, if in any doubt, should seek advice from a licensed financial adviser. In addition, the FBI recommends investors take the following precautions:

  • Research DeFi platforms, protocols, and smart contracts before investing and be aware of the specific risks involved in DeFi investments.
  • Ensure the DeFi investment platform has conducted one or more code audits performed by independent auditors. A code audit typically involves a thorough review and analysis of the platform’s underlying code to identify vulnerabilities or weaknesses in the code that could negatively impact the platform’s performance.
  • Be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit.
  • Be aware of the potential risk posed by crowdsourced solutions to vulnerability identification and patching. Open source code repositories allow unfettered access to all individuals, to include those with nefarious intentions.

The FBI recommends DeFi platforms take the following precautions:

  • Institute real time analytics, monitoring, and rigorous testing of code in order to more quickly identify vulnerabilities and respond to indicators of suspicious activity.
  • Develop and implement an incident response plan that includes alerting investors when smart contract exploitation, vulnerabilities, or other suspicious activity is detected.

a Price oracles are tools that query, retrieve, and verify price information about a given asset used by the DeFi platform’s smart contracts.
b Slippage refers to price difference between when a transaction is submitted and when the transaction is confirmed (validated) on the blockchain. Slippage checks are designed to minimize or eliminate slippage.