The digital attacks on the Brazilian electoral system that took place on election Sunday clearly show the consolidation of something that was feared but it was not yet clear: the amalgamation of the practices of disinformation and cybersecurity.
Until recently, these two problems went hand in hand, although there were points of contact between them. In the 2020 elections, it became clear that they became one.
Disinformation practices use computer and human resources to attack the public. To do this, they use robots, fake profiles, hidden articulate and well-funded groups, promoting artificial content, automated distribution of personal messages, etc., practices called DATTI (Adversarial Misinformation, Tactics and Influence Techniques).
The new thing is that in the past 18 months they have lost their effectiveness. By shifting the focus from content to methods of propagation and funding them, the Federal Supreme Court managed to contain many of them. The Supreme Electoral Court also created digital coordination to combat disinformation, which had positive results.
More importantly, digital platforms, which have come under tremendous pressure, came into play to curb these modalities of coordinated spurious behavior. The efforts have paid off and disinformation campaigns have lost some of their effectiveness. From there a turning point occurred.
These articulate and well-funded groups struggled to manipulate the public the way they had and focused their strategy on cybersecurity. If undermining the “content” isn’t having that much effect, they have tried to undermine the “infrastructure”, in this case attacking the electoral system itself and its legitimacy.
We saw that in the elections. The TSE was the target of an ingenious action that attacked the electoral system in a coordinated and planned manner from various angles.
Initially, on the 15th, the attackers leaked a series of data that had been stolen from the TSE system. This data does not affect the election result, but disclosing the leak on the election date was used to generate FUD (acronym for fear, uncertainty and doubt), a well-known technique of destabilization.
Then a denial-of-service attack was launched against several TSE systems, which received an avalanche of simultaneous access requests from the air.
In addition, an articulate group went on social networks to spread disinformation, claiming that the elections had been compromised and that the election results should not be accepted.
In other words, there were at least three coordinated attack vectors, two related to cybersecurity and one related to disinformation. It is a sophisticated operation that requires planning and signals an evolution in digital manipulation techniques.
From now on, not only disinformation practices, but also attacks on the infrastructure must be combated. This is the brave new world we have entered that even Aldous Huxley could not have foreseen.