Editor's Note: This is a complimentary piece of content we share from our Core Intelligence platform. RANE’s foundational intelligence product covers four major categories of risk: cybersecurity, physical safety, geopolitics, and compliance. Core Intel allows our clients to view risk through a unique, integrated lens, providing situational awareness across multiple risk categories. Contact us to learn more.
Ahead of a highly consequential U.S. presidential election in November, physical and cyber threats are expected to abound as domestic and foreign actors seek to sway voters in the lead-up to election day. Amid widespread political polarization and contentious policy disputes on a slew of issues, Americans are also weighing the role that the United States should play in foreign policy crises in Ukraine and Israel. An array of foreign states, including Russia, China and Iran – as well as non-state actors like hacktivists and cybercriminals – are expected to target the high-profile event in an effort to influence, disrupt or extort individuals and organizations in line with a range of political or financial objectives. Both foreign and domestic actors are already and will continue to leverage novel generative artificial intelligence (AI) tools to amplify the emotional appeal of various synthetic audio or video content, in turn exacerbating inflammatory grievances and heightening social unrest. Beyond the cyber realm, physical security threats will also be elevated, including general insecurity arising from potential protests, street clashes and riot activity, as well as targeted violence against individuals such as election workers, candidates and their affiliates, and minority groups. In order to better understand how individuals and organizations can prepare themselves for an active election threat landscape, RANE spoke with Peter Warmka, Founder of The Counterintelligence Institute, and Matteo Tomasini, Managing Director & Practice Lead at Prescient.
How This Election Diverges From Past Precedents
In order to conceptualize the impending threat landscape, RANE first asks Warmka how this election diverges from the 2016 and 2020 presidential elections and how these distinctions will drive novel threats this election cycle. According to Warmka, "there are more points of contention now moving into November than we had in any previous election that can become flashpoints." He goes on to describe how a rise in political polarization and politically motivated violence in the United States has created a greater precedent for extremist actors to pursue lone-wolf attacks. Though he caveats this by saying that lone wolf actors are likely to make up a few sporadic, isolated incidents, Warmka notes that previous incidents often empower them.
On the cyber front, RANE asks Tomasini how he is contemplating the upcoming election in light of historical precedents. Tomasini acknowledges that the presidential elections in 2016 and 2020 witnessed a significant uptick in foreign interference, and he predicts that this trend will only increase further in 2024 as a result of ever-growing domestic polarization. Tomasini also describes how, in the cyber landscape, "one of the biggest differences is going to be the sophistication and scale of the threat actors given a lot of advancements over the last four years, particularly those in artificial intelligence tools, which have dramatically lowered the barrier of entry for would-be threat actors. These same advancements have also made sophisticated threat actors all the more dangerous."
The Information Environment
Underpinning the upcoming election will be the information environment where domestic and foreign actors will vie to create compelling narratives to influence voters, particularly on social media platforms. RANE asks Tomasini what the state of the information threat environment will be in the next few months, especially in the context of increased polarization. According to Tomasini, "the disinformation ecosystem has evolved considerably, and [threat actors] are becoming smarter in terms of knowing what social media platform to leverage and how to better target individuals." He further reiterates the role that AI tools are likely to play in the election, as disinformation actors use synthetic audio and visual creations to dupe or manipulate audiences, including through so-called "deepfake" creations. As a result of these tools' increasing accessibility, even individuals who do not possess advanced technical knowledge can create and disseminate convincing fictitious images or audio clips falsely representing a candidate or political party in an effort to disparage or manipulate their rhetoric or political stances.
Foreign and Domestic Threat Actors
Among the countries most likely to target the U.S. presidential election, Tomasini points to the typical culprits: Russia, China and Iran. Amid the ongoing Russian war in Ukraine and other international crises, including the war in Gaza, Tomasini notes that foreign actors have particular reasons to be highly motivated during the election process "to disorient or destabilize the U.S. election system or to favor one candidate over the other." In line with tactics used during past elections, Tomasini describes how state-sponsored influence campaigns will likely include spear-phishing emails and the creation of various websites and social media accounts to spread narratives that align with their specific interests, such as decreasing U.S. foreign aid to various geopolitical situations or undermining U.S. alliances with Europe and NATO.
Tomasini also explains that some foreign actors may not attempt to back one candidate or another but rather simply aim to sow discord. He claims that some countries, such as China, will "have a vested interest in attempting to destabilize the election, to make the U.S. look bad and there is no greater stage than one of the country's national elections to attempt to do so." Outside of foreign actors, domestic political parties in the United States are also likely to leverage synthetic AI tools during campaigning, further complicating the information landscape and the line between legitimate and illegitimate. In a recent example, AI tools featured heavily in Argentina's November 2023 election, wherein both primary presidential candidates leveraged AI tools to disparage their competitors and bolster their own persona.
Nonstate Actors: Hacktivists and Cybercriminals
In addition to disinformation and influence campaigns, nonstate cyber threat actors such as hacktivists and cybercriminals are also expected to ramp up ahead of the general election. Both domestic and foreign hacktivist groups will likely seek to target political parties and organizations aligned with political or social causes to express their own positions. According to Tomasini, "hacktivists are going to be ideologically driven, so they will likely focus their cyber attacks on exfiltrating data from opposing political parties or try to disrupt the election itself, whether it's attacking infrastructure or targeting individual election officials." Importantly, hacktivist groups typically possess only rudimentary offensive cyber capabilities, with many campaigns only manifesting via distributed denial-of-service (DDoS) attacks or website defacements.
Outside of hacktivist groups, cybercriminals are also expected to ramp up activity during the election, including via an array of financially motivated phishing and social engineering attacks that leverage election news or developments as bait for victims. Tomasini also points to the fact that ransomware groups may attempt to target the election because it's such a grand stage and as such, disrupting electoral processes could lend high-profile ransomware syndicates greater prestige. These groups would likely seek to pursue software supply chain attacks in sensitive industries like healthcare, critical infrastructure or the public sector in order to maximize disruptions for citizens and heighten media attention around the incident.
The Physical Threat Landscape
This inflamed and contested information environment will also be especially elevated during key electoral dates and political events and will likely be accompanied by an influx in physical violence, namely those targeting political and electoral organizations or personnel. In a recent example, the British government announced in late February that it would be ramping up security for lawmakers after politicians reported receiving threats related to the Israel-Hamas war. Like the United Kingdom, the United States is also likely to see an escalation in targeted incidents against lawmakers and government workers, particularly amid an array of domestic and international issues. In the leadup to election day in November, there will be a wide array of key events, including political party conventions, political primaries, presidential dates and legal trial dates/decisions relating to current Republican presidential candidate Donald Trump. In addition to an influx of potential hacktivist and disinformation activity around these political and judicial activities, the physical premises of these events are also likely to be targeted by protestors, vandals or lone-wolf actors. For example, the Republican National Convention, scheduled for July 15-18 at the Fiserv Forum in downtown Milwaukee, Wisconsin, and the Democratic National Convention, scheduled for Aug. 19-22 at the United Center in West Chicago, are both at a heightened likelihood of attracting physical threat actors.
Protest Activities
Outside of acute moments of heightened threat activity surrounding these events, there are also likely to be increasingly frequent cases of vandalism and intense protests, which may extend to small-scale clashes with law enforcement and counter-protesters over contentious flashpoint issues. While Warmka warns that many of these protest activities are likely to be most prolific in the immediate aftermath of the election, the risk is also likely to be prominent in the lead-up to the election, particularly around key political events and especially around Trump's legal proceedings. In addition to physical safety considerations for individuals in nearby areas for political protests on emotionally charged issues more likely to involve levels of violence, these protests, especially larger gatherings taking place in larger cities, will prompt travel disruptions, particularly in downtown areas of cities as well as public parks or squares that will serve as likely assembly points. This could prompt delays in business activities or client meetings. In alternative, less likely scenarios, political violence could intensify in relation to events surrounding Trump's legal proceedings in the lead-up to the 2024 election, particularly if he is convicted or expected to be convicted. It could also strengthen perceptions among Trump's supporters that he is being politically persecuted – a narrative that Trump's political campaign team is likely to propagate on social media – and increase the likelihood that supporters would engage in violent activity, such as increasingly disruptive protests.
Key Dates
Trump has been indicted in four legal cases, of which two have been assigned trial dates (though these may be subject to change). While these legal proceedings may experience delays related to appeals processes or other challenges, as of late March, the Manhattan hush-money criminal trial began with jury selection on April 15, while the Federal Mar-a-Lago classified documents trial date is slated for May 20, but Trump's lawyers have since argued that it would be "unfair" to hold the trial before the November election. A new trial date has not yet been set, but it is widely expected to be pushed back, with Justice Department prosecutors proposing a July 8 start date, though this has not yet been agreed to or finalized. The Supreme Court has also scheduled oral arguments for April 25 to review Trump's claim of immunity from prosecution in the federal election subversion case, which will further delay his Jan. 6 election subversion trial. The timing of the trial will depend on the length of time the Supreme Court will need to review the immunity claim, but legal analysts estimate that the case will begin by the end of July. Because the Supreme Court has agreed to weigh in on Trump's claim, the trial is not likely to conclude until mid to late October, potentially just days before the general election on Nov. 5. Decisions regarding the trial may prompt protests with high risk of escalation, particularly in Washington D.C.
The Manhattan hush-money case is likely to be ongoing until mid-May to early June and will take place in Manhattan courthouses, representing heightened risks in this area throughout this time period. Trump-owned facilities and the Trump Tower, in particular, may also be potential areas where protests may occur and/or escalate. While the Federal Mar-a-Lago classified documents trial date may be pushed to July or later, reports nonetheless suggest this case will take place at the U.S. District Court in Fort Pierce, Florida, representing a heightened risk for political violence in this area at the beginning and throughout the trial.
Targeted Attacks and Isolated Incidents
In addition to protests, there will also be elevated risks of targeted attacks against minorities, politicians, judges and federal employees, though these are likely to remain sporadic, isolated incidents. Warmka tells RANE that these incidents will most likely occur through lone-wolf actors, which he views as potentially a bigger danger than more large-scale, organized violent attacks. He elaborates that "the chance that there is an organized type of armed reaction or violence is less so" but that there is "always the possibility of lone wolves." Though lone-wolf actors are likely to represent only sporadic, isolated incidents, Warmka notes that "they are empowered by the people who have done it earlier." This means these sporadic incidents have the propensity to fuel further action by similar actors.
Insider Threats
Heightened political tensions in the United States also portend a heightened possibility of political disputes among employees as well as reputational risks, backlash or criticism of company affiliations or stances on particular social issues. In a more severe case, a disgruntled employee could potentially retaliate against a company's political activities or stances by leaking sensitive information or conducting other types of disruptive activity in the event that they disagree with a firm's stance or policy on a certain issue. Sensitive information may include client, personal, financial or other protected information, information on a company's partnerships and ongoing projects or proprietary data. In such a case, a disgruntled employee may be prompted to take action if their own views do not align with a company's political stances as indicated by donations to certain PACs or organizations that have received backlash, a company's DEI or ESG policies, healthcare coverage or approach to women's healthcare or stance on abortion. A similar risk includes the possibility that a nation-state actor coerces an employee to divulge damaging or sensitive information such as confidential work with government contracts, financial data, high-profile client work or other related information.
Best Practices
RANE concludes by asking Warmka and Tomasini what best practices individuals and organizations can follow during the election period to minimize their physical and cybersecurity risks. Tomasini first points out that one of the positive takeaways from the increase in reporting of cyber threats to the last election is that the American population already has some degree of awareness and experience with an array of cyber threats and, as such, will likely be better prepared than the last election. In addition, he notes that companies have also increased their readiness largely via private and public sector collaboration, which will similarly bolster whole-of-nation preparation efforts. At the individual level, however, Tomasini notes that individuals need "to stay informed, be extra critical of what they read, with the understanding that not everything on social media is true, despite who may apparently be posting it," especially as disinformation campaigns become more sophisticated as the result of AI enhancement. Knowing how to discern a deepfake image – typically distinguishable by blurry edges, unnatural features or misalignment – will be essential in navigating social media feeds rife with illegitimate content. Tomasini also encourages individuals to be cognizant of "general cyber hygiene such as steps like enabling multi-factor authentication and not clicking on links and managing vulnerabilities on internet-facing systems, whether it is a home computer or a mobile phone."
At the company level, Tomasini encourages organizations to pursue information sharing with government institutions and to maintain open channels of communication with public sector institutions. On the physical security side, Warmka encourages individuals to also be up to date with developing situations and avoid crowded situations where protest activities may occur. Warmka also encourages organizations, namely those that may have connections to a political party or social cause, to maintain a low profile around the election proceedings and to avoid advocating for policies or political activities that may be contentious or more likely to stir protests.
About the Experts:
Peter Warmka is the Founder of The Counterintelligence Institute, where he leverages his time as a Senior Intelligence Officer with the U.S. Central Intelligence Agency (CIA). Warmka specializes in counterterrorism, intelligence, crisis management, physical security, security management, executive protection, program management, homeland security, internal investigations, national security, surveillance, counterintelligence and private investigations.
In addition to his current role, Warmka works as an Independent Public Speaker and an Adjunct Professor at Webster University. Warmka holds an MBA in International Management from Thunderbird School of Global Management and a Bachelor of Arts in Liberal Arts from the University of Wisconsin-Milwaukee.
Matteo Tomasini is Managing Director and Cyber Practice Lead for Prescient, a global risk management and intelligence services firm. He is also Founder & CTO of District 4 Labs, a deep and dark web data company that offers investigators and cyber analysts access to billions of records with compromised personally identifying information. Tomasini previously served as Director of Incident Response and Threat Intelligence at BlueVoyant and as a senior practitioner at K2 Intelligence. Matteo's expertise includes Deep and Dark Web investigations, social media intelligence, online threat monitoring, threat attribution and complex cyber investigations. In addition to managing and working on all the above matters, Matteo has also personally developed new tools and technologies to enhance them. Matteo earned Bachelor of Arts degrees in Political Science and History from the University of California, Los Angeles, as well as a Master of Arts in International Relations from the Fletcher School of Law and Diplomacy.
