US | AI-enabled cyber threats to election

Foreign state and local non-state actors are highly likely to use AI tools in attempts to influence and disrupt the US elections on 5 November 2024

• Multiple election officials this year have been the victims of swatting incidents (hoax 911 calls reporting a crime at the target’s house)
• Corporate executives who are perceived as being anti-Trump in far-right online spaces are at high risk of being targeted by swatting attempts

Hostile state and non-state actors are highly intent on conducting cyber operations to disrupt the US presidential election in November. They will almost certainly use publicly available AI tools to create deepfakes. We have seen multiple state actors use these to conduct influence campaigns around elections in other countries this year. AI tools are also very likely to enhance swatting attacks against polling stations and business executives. Still, foreign manipulation of the election results remains very unlikely, given the US has a high degree of national cyber resilience.

Deepfakes of high-profile executives circulate online

Both state and non-state actors will almost certainly use AI tools to try to influence the election outcomes. But such campaigns will very probably be ineffective. These tools can be used to create fake images, audio, or video clips. For instance, Chinese influence networks spread videos of AI-generated news anchors discussing current events with a strongly pro-China bias in the lead up to the January 2024 presidential election in Taiwan.

State and non-state actors are likely to conduct similar operations targeting US voters. But we doubt deepfakes will significantly sway the results. A study of AI-generated deepfakes in 18 elections this year by the UK’s national data science institute found they had no clear impact on the outcomes. And while US officials have warned that the frequency of this type of cyber activity will rise this year because of the election, domestic intelligence agencies appear to be prepared for this.

There is a more than even chance that deepfake audio or video of high-profile executives will circulate ahead of the election. Deepfakes are much more realistic than in previous election cycles due to advancements in AI technology. We anticipate that business leaders who have openly endorsed a particular candidate are most likely to be targeted by these types of campaigns. Deepfake videos of Bill Gates claiming he had profited billions from COVID-19 vaccines were used by the anti-vaxxer movement in 2023 to disparage pharmaceutical companies.

Swatting attempts very likely to target election infrastructure

There is a very good chance that swatting attempts will target election officials and some business executives in the coming months. Swatting is when someone sends a police or emergency services response team to another address by falsely claiming that there is an ongoing emergency (e.g. hostage situation). This is usually by making a 911 call, but has also been triggered by social media posts. The aims of swatting are varied, ranging from a prank to an attempt at provoking a police shooting.

We assess that there is a high risk of swatting attempts against polling stations on election day. On 28 May, the US Cybersecurity and Information Security Agency (CISA) released a swatting prevention guidance document intended for election workers. Since December 2023, four senior election officials have been the victims of swatting incidents.

Much like other types of cybercrime, swatting perpetrators are rarely caught and convicted, and can conduct these attacks from other countries. There are currently no confirmed cases of swatting incidents originating overseas, although in our analysis state sponsors of offensive cyber operations like Russia would plausibly seek to do so.

A successful swatting incident at a polling station would potentially cause operational disruption to surrounding businesses for at least several hours. In such cases, emergency responders are highly likely to close nearby roads and evacuate surrounding buildings. The high terrorism threat level around the polls means the authorities are likely to err on the side of caution when responding to potential hoax incidents. They cannot prevent swatting attempts and have very limited ability to deter them as the perpetrators are rarely caught.

Swatting campaigns likely to target business executives

Companies and business leaders that become controversial in far-right spaces online are likely to be targeted by swatting attempts in the coming months. Former American Media CEO David Pecker was swatted in April after testifying against Donald Trump during the hush money trial. We have recently observed participants in far-right US social media groups encouraging each other to conduct swatting attacks and celebrating successful ones against people they perceive as being anti-Trump.

We anticipate that swatting attempts against business executives will occur more frequently in the months leading up to the elections. Far-right groups are likely to mobilise during this time period, especially since Trump is the presumptive Republican nominee. In 2023, one cybersecurity firm reported up to 50 swatting attacks targeting corporate executives each month, mostly aimed at companies in the healthcare and esports gaming industries. There is no publicly available data for 2024, but such attacks will probably also target executives at media companies this year, as Trump has been very critical of many news outlets.

AI tools enhance swatting attacks

AI tools like voice cloning apps will almost certainly enhance the credibility of swatting attempts this year. Cybercriminals are already using these apps to conduct voice phishing attacks against companies. We observed a surge in hacking forum posts advertising free AI voice generation apps toward the end of 2023. At least one swatting incident involving an election official this year was triggered by a call to 911 created with a voice generation app.

Deepfakes will probably be used to trigger or enhance swatting attempts. A fake video posted to social media depicting a mass shooting or hostage situation that is believed to be real could trigger a larger and faster emergency response, therefore causing more disruption. In 2023, there were dozens of swatting attempts targeting US schools where the perpetrators posted fake social messages that claimed a mass shooting had taken place. We are currently unaware of any swatting incidents that also used deepfake images or videos posted online.

Foreign manipulation of election results is unlikely

It is very unlikely that foreign cyber interference will alter the election results, in our assessment. Such operations by hostile state actors rarely target election infrastructure directly. Much of the US’ voting infrastructure remains paper-based and therefore relatively impervious to cyber interference. Cybersecurity firm Mandiant also said in a recent report that it had not observed any voting machine compromise ‘in the wild’. The risk to US national cyber resilience remains low.