October 7, 2020 • RBS

Categories: Security News

Back in 2016, the news was flooded with debate, discussion and outrage over Russia’s alleged meddling in the American presidential election. While many still do not fully agree with the extent or real impact, articles were published that showed that cyber threat actors backed by the Russian government attempted to influence American voters through a variety of actions ranging from social media campaigns, the spread of disinformation, to email inbox hacking, and voter database and election supply chain hacking.

Political leaders and pundits alike expressed concern at the extent of the cyberattacks and many supported investigations into possible Russian cyberattacks to influence the American election. Four years later, Russian interference continues to be an inflammatory topic.

These types of attacks might seem unique to this generation, but in fact influence campaigns and the spread of disinformation as a political tactic have been around for nearly as long as the political systems they seek to undermine. What is new, is that the modern plethora of digital platforms has enabled campaigns to be conducted in near real-time and at a much greater scale.

The potential negative impact is amplified when coupled with the ability to compromise systems and data. With the November elections fast approaching, researchers at Risk Based Security have observed greater circulation of and interest in voter-related information on the dark web. While some of the information may be from public sources, and has not been independently verified for authenticity, it is certainly a signal of renewed interest in this type of data.

Steps to mitigate the risk and secure voter data and electoral systems must be taken to protect the integrity of our democratic process and ensure the legitimacy of the results; if not for this election, all future elections.

Hacktivism and the Art of Misdirection

Politically motivated hacking, or hacktivism, is not a new occurrence. It can be traced back to the ’80s and ’90s, when threat actors realized the reach of the growing internet infrastructure. More recently, governments have dedicated significant resources towards progressing their international goals through hackers.

With so much going on in 2020, there does seem to be a certain alarming sense of complacency among voters, local officials, and the media in combating and discussing the issue prior to the upcoming presidential election. While the pandemic and the campaigns of the current candidates continue to dominate headlines, the cybersecurity industry as a whole appears to be less focused on tackling hacktivism than it did in 2016.

We have published articles and reports detailing the vulnerabilities present in U.S. Electronic Voting Machines, as have others, but with the exception of the excellent work of a handful of researchers including Kim Zetter, the media’s level of interest has been low.

This could be due to general “breach fatigue”, heightened focus on the mail-in voting process, or simply the overwhelming amount of newsworthy events taking place in recent weeks. It makes sense to focus on the issues that are on your doorstep, rather than those that are not as transparent.

But if hacktivism is “old news” to the cyber world, it certainly doesn’t appear to discourage hackers. In fact they are profiting from the misdirection, and probably would prefer to keep it that way.

The Usual Suspects

Our researchers observed numerous databases claiming to consist of American voter information being shared and discussed at a growing rate on both Russian speaking and English speaking hacking forums.

There is little to indicate these databases signal recent breach activity. Since voter information is public record in some states, the databases may just simply consist of scrapes of public sources. It is also possible the data is recycled or extracted from previous breaches. Federal officials have gone so far as to issue a warning that these databases are being circulated to further fear, uncertainty and cast doubt about the upcoming election.

While our researchers have not analyzed these databases, the recent increase in shares or discussions of these databases points to a timely interest:

Maps by
  • Michigan – Database of over 7 million voters including PI and voting information.
  • North Carolina – Database of over 8 million voters including PI and voting information.
  • Washington – Database of 5 million voters including PI and voting information.
  • Florida – Multiple databases including PI and voting information, with voting history.
  • Other US states – Database containing 66 files of individuals from various states with personal information and political views; private database of 186 million voters with personal information and political party affiliation offered for sale.

It is an uncomfortable fact that these purported voter databases involve pivotal states like Florida, Michigan and North Carolina.

While much of this data might have been collated from older or publicly accessible sources, the potential dangers are still very real. The increased attention and cooperation between hackers points to a growing interest and overall risk. They would most likely prefer for us to think that hacktivism isn’t a real issue, given the current climate, but circulating these types of databases can leave voters feeling vulnerable and feed mistrust of voter systems. Additionally, just because the data may be older or publicly sourced, it can still have value for attempting voter fraud or target voters using highly personalized campaigns as detailed in the 2016 election.

The Hacktivism Trend

Risk Based Security has recently observed other noteworthy hacktivism campaigns related to political unrest in Belarus and Catalonia. When large demonstrations against the Russian-friendly government in Belarus started in August, so did the dissemination of particularly Belarussian information on Russian speaking forums. Our researchers discovered the following databases shared after the protests began:

  • A database of organizations in Belarus with 300,000 organizations.
  • A database of individuals serving administrative leave for participating in the protests.
  • A database of individuals arrested in Minsk between August 8th – 17th.
  • A database of individuals in Belarus awarded medals for “impeccable service” by the President.

Last year, when anti-government protests erupted in Catalonia our researchers also observed numerous website defacements and leaked databases used to pressure or threaten the Spanish government.

Given the growing reliance and rising number of digital platforms in the world, we can expect that political hacktivism is and will be an enduring threat everywhere.

Are We Out of Time?

While hacktivism during a year with major political events seems inevitable, critical safeguards have likely not kept up with threat actor advancements or ambitions.

Research published at the end of last year found that experts were easily able to breach the voting machines that are being used for the 2020 election. The same was found in the 2018 midterm elections. Naturally, the outdated systems and teams of local election volunteers are no match for the nation-backed threat actors. Similarly, voters may not know their information is public record and that they are at an increased risk for targeting. More informed voters on how their information is potentially being abused could help combat the risk in the future.

The good news is that there are resources available. The Cybersecurity & Infrastructure Security Agency has implemented numerous programs for protecting election infrastructure. However, despite being made freely available, local election boards have struggled to make use of the services.

The U.S. election is only weeks away and with new reports that state-sponsored hacktivism is once again on the rise, it seems imperative that more needs to be done. An increase in the reporting from the media as well as discussion from the cybersecurity industry over the heightened risks can help create more pressure necessary to move quickly.

With 29 days until the election and already more than 2 million votes cast, it is likely too late in this election cycle for a radical shift in mentality toward security, but we can certainly still change the narrative for all the ones to come.

Map by

Our products
The Platform
Risk Based Intelligence
Learn more
Vulnerability Intelligence
Learn more
Cyber Risk Analytics
Threat Intelligence
Learn more
Risk Management
Learn more