On a sunny day last week during RSA 2020, a group of journalists huddled in a vault in the San Francisco Mint, plotting to wreak havoc and sow doubt on Election Day in the fictitious city of Adversaria.
Despite taking over traffic cameras, the governor’s Facebook account, the mayor’s Twitter account, plotting cyberattacks, developing deepfakes and crafting social media-base disinformation campaigns the Red Team: Kill Organized Systems (K-OS) hacktivist group’s efforts were successfully spurned by a team of competent do-gooders on the Blue Team: Adversaria Task Force, who were also gathered in a vault in the mint.
It was all part of a tabletop exercise organized by Cybereason, a mini version of the three-hour event the company typically runs in cities around the world to alert law enforcement, government officials and first responders – who typically populate the Blue Team – to the many ways hackers can disrupt elections and prepare them to respond at whatever attacks might come their way.
“Recent times have seen election tampering by special interest groups and foreign powers in the United States, Europe and Asia. With looming 2020 elections across the world the goal of Operation Blackout California was to examine and advance the organizational responsiveness of government entities to a hacking group’s attempts to undermine democratic institutions and systems of governance in the republic,” said Cybereason CSO Sam Curry, who led the Operation Blackout exercise. “Most election hacking discussions and exercises focus on the mechanics and minutiae of hacking election equipment or contaminating and violating the integrity of voter rolls. Cybereason’s exercise instead focused on everything else in the electoral system.”
The teams took five-minute turns, in which they were allowed two actions and a development. Actions for the Red Team included gaining access to city cameras, taking over social media accounts and news broadcasts while development is a capability the team wants developed out during the course of the exercise, such as the creation of a bot network to disseminate and amplify disinformation. On the Blue Team, actions included assigning police officers to a task; perhaps, deploying them to polling stations. The team’s development might be spinning out a capability such as gaining assistance from a federal agency.
While the Red Team in the RSA exercise successfully created a troll network as well as disrupted traffic signals, made a plausible threat of a terrorist attack. Effectively used social media and developed deep fake videos showing voting machine malfunctions, the Blue Team countered along the way, shutting down construction sites, deploying police officers to polling stations and reclaiming social media. In the end, the White Team adjudicating the exercise, determined that the Blue Team won the day, thwarting the Red Team’s malicious efforts.
“Overall, the red team of hackers hijacked a news station and took control of other social media channels in the city, but the blue team of law enforcement officials was able to restore order. A press release was issued by the mayor and police chief dispelling fake news and disinformation,” said Curry. “While the red team did create some chaos, however, it wasn’t lasting damage and the blue team successfully defended the elections.”