4 min read

Elon Musk's phishing attack on America

Elon Musk's phishing attack on America

Or is it a denial of service (DoS) attack? Either way, Elon isn't a political actor. He's a threat actor.


One of the most complicating factors in the shock America is about to experience is that the voters who elected Donald Trump have almost no idea what they voted for.

I’m not talking about MAGA, who absolutely understands what a Trump/Vance administration will bring. It will bring punishment against their perceived enemies. Hardcore Trump support is “uniquely tied to animus toward minority groups” and the white Americans who “side” with said minorities. This isn’t some reductive conjecture. This is what the best research available has found, and that’s probably what you’ve experienced at your Thanksgiving table.

But these hardcore MAGA heads aren’t enough to win purple states. Trump needed to expand his support significantly, and he did. He expanded it past the right-leaning brains of every ethnicity who say things like “Yeah, but he’ll only deport the criminals,” knowing Trump has vowed the opposite. He brought in and kept out a set of voters who are so completely disconnected from the news that they may not haven’t even formed opinions beyond “high prices/Democrats = bad.”

That’s what the poll data tells us: the only group Trump won a majority of is Americans who consume no news.

This doesn’t mean they consumed no information. It likely means they’re far more influenced by the traces of information they got.

And what did they get?

Well, Elon Musk spent a quarter billion dollars (plus the $44 billion he summoned to conquer Twitter) to give them this:

Muslims in Michigan began seeing pro-Israel ads this fall praising Vice President Kamala Harris for marrying a Jewish man and backing the Jewish state. Jews in Pennsylvania, meanwhile, saw ads from the same group with the opposite message: Harris wanted to stop U.S. arms shipments to Israel.

Another group promoted “Kamala’s bold progressive agenda” to conservative-leaning Donald Trump voters, while a third filled the phones of young liberals with videos about how Harris had abandoned the progressive dream. Black voters in North Carolina were told Democrats wanted to take away their menthol cigarettes, while working-class White men in the Midwest were warned that Harris would support quotas for minorities and deny them Zyn nicotine pouches.

The Washington Post called this the “Republican false-flag effort to turn off Kamala Harris voters.” And you could call it politics as usual, as it’s based on things politicians often do: distort, dissuade, divide.

What’s new here is that this was almost entirely funded by one person exploiting the canyons in our campaign finance laws created by the detonation of our Constitution by a half-century of Republican domination of the Supreme Court. And he did it in an extraordinarily effective way—not effective as in well-designed or artful, but effective in the way a cyber attack is effective.

We can not look at Elon Musk as a political actor. He is a threat actor.

Now, pardon me for using my more than a decade of writing about cybersecurity for a cybersecurity company to make what will likely be terrible analogies to those with a firm grasp of cybersecurity. I was a marketing guy who revered the experts I worked with. And I’d surely be embarrassing them with the following.

What’s the closest cybersecurity analog to what Elon did?

It could be a denial of service (DoS) attack, defined by our Cybersecurity and Infrastructure Agency as “when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor.” By expanding the contorted worldview and weaponized distrust inherent in right-wing media, Elon effectively drowned out what this election—taking place after the fall of Roe, in the middle of a Gilded Age during a historically good job market that just happened to be a crucial turning point for the climate—should have been about. Instead, he made it about whatever bullshit he could get in front of you.

However, the anecdotal data from the Post suggests something more targeted. Call it a phishing attack, where a threat actor uses an “online scam enticing users to share private information using deceitful or misleading tactics.” Instead of seeking private information, Elon got that vote—or got you to throw away your vote.

So now, we have a scammed country trying to recover from the attack. But you can’t fully respond to an attack until you’ve hunted and removed the attackers. For now, we need to accept that the intrusion is ongoing. They’re in all our systems and will be there for at least four years, no matter how we get our defenses back up. And they’re going after our crown jewels.

You can hear me discuss this phishing attack and babble about other things on the Democrats Abroad podcast “Blue Vote Cafe.” (Yes, my wife already told me I need to shut up when other people are talking.)