Google and sister company to offer cyber security to election groups
Google and sister company Jigsaw are joining forces to defend election organizers and civic groups against cyber attacks free of charge as the broader tech industry seeks to fend off criticism that it is not doing enough to stop online efforts to distort elections.
The growing frequency of politically-motivated online attacks — from the recent hacking of Twitter accounts by Turkish nationalists to the U.S. Democratic Party’s email breach — has left governments and pro-democracy groups scrambling for ways to thwart hackers and the rising tide of “fake” news.
Alphabet Inc subsidiaries Jigsaw and Google are offering a free Protect Your Election package to low-budget organizations. The service to ward off website attacks has already been offered to news organizations for the past year under what is known as Project Shield.
Last week Jigsaw, which develops security tools for civic groups, joined up with Google to defend a voter information website that came under cyber attack during the Dutch national election.
The KiesKompas and Stemwijzer websites — used by about half of Dutch voters to see which parties best match their political views — were knocked out by a deluge of web traffic on March 14, which spilled over into election day.
“The attack was not child’s play: it was very sophisticated because the attackers kept trying different avenues of attack again and again,” said KiesKompas director Willem Blanken.
KiesKompas, which rougly translates as ChoiceCompass, enlisted the help of Jigsaw on the evening of March 14, while Stemwijzer, or VoteGuide, signed up NBIP, a non-profit group set up by about 100 Dutch internet and telecoms providers.
The election guide services remained out of action on the morning of the vote, but both were successfully restored to service around midday.
FAKE NEWS, EXTREMISM
The rise of Google and tech rival Facebook was welcomed as a gift to democracy and free speech against autocratic governments.
More recently, however, there has been a growing backlash against fake news on social media, which has polarized political debate, and the failure to stop extremist groups using their networks to spread propaganda and find new recruits.
Google vowed on Tuesday to police its websites better by ramping up staff numbers and overhauling its policies after several companies deserted the internet giant for failing to keep their adverts off hate-filled videos.
A spokesman for Jigsaw said on Tuesday that it plans to offer the Protect Your Election suite free to individuals and organizations involved in forthcoming national votes in France, South Korea and Germany and subsequent elections as they occur.
Jigsaw is funded by Alphabet and remains autonomous from Google, though the sister companies work together on larger-scale projects.
Project Shield defends against so-called Distributed Denial of Service (DDoS) attacks that have plagued the web since about 2000 and which government and commercial experts say have intensified over the past year.
Such attacks have targeted not only political parties, but also election monitors and independent news organizations in Myanmar (2010), Malaysia (2013), Ecuador (2015), Mexico (2015-2016), Montenegro (2016) and the Netherlands (2017).
Hundreds of companies compete to protect websites from intruders, including Clouldflare, Akamai and Imperva Incapsula. Basic measures are often free and more robust safeguards can cost hundreds of dollars a month.
However, sustained high-volume attacks at decisive moments during elections can quickly run up thousands of dollars in bills — a big stretch for civic groups with minimal funding.
In addition to Project Shield, Jigsaw is offering Password Alert to ward off attempts to steal Google passwords and Two-Step Verification for an added layer of protection on web and mobile accounts as part of its Protect Your Election toolkit.
News websites, human rights websites and election monitoring and information websites are eligible to apply for DDoS protection, the Jigsaw spokesman said.
Candidates and campaigns are eligible for the two-password protection tools, but not the free DDoS protection. More details can be found at: g.co/protectyourelection
This starter set of security tools offer baseline protection but can only go so far in thwarting the dizzying array of political shenanigans that now play out in cyberspace.
They could do little, for example, to ward off the hijacking of high-profile Twitter accounts by a Turkish nationalist hacker group that took place as the Dutch voted last week and attracted widespread media attention.
These attacks involved hacking into an Amsterdam-based social media analytics company to post anti-Dutch and anti-German messages amid a diplomatic spat with Turkey.
Officials at the Dutch election guides said that web traffic on their sites appeared to come from various nations but the identity of the attackers remains a mystery. Several of the officials denied a De Telegraaf report that Turkey was behind the attacks.
“There’s just nothing to substantiate that. We simply don’t know,” KiesKompas director Blanken said.