[BreachExchange] Hacktivism: A Neglected Threat Looms Over US Election

[Destry Winant]

https://www.riskbasedsecurity.com/2020/10/06/hacktivism-a-neglected-threat-looms-over-us-election/

Back in 2016, the news was flooded with debate, discussion and outrage
over Russia’s alleged meddling in the American presidential election.
While many still do not fully agree with the extent or real impact,
articles were published that showed that cyber threat actors backed by
the Russian government attempted to influence American voters through
a variety of actions ranging from social media campaigns, the spread
of disinformation, to email inbox hacking, and voter database and
election supply chain hacking.

Political leaders and pundits alike expressed concern at the extent of
the cyberattacks and many supported investigations into possible
Russian cyberattacks to influence the American election. Four years
later, Russian interference continues to be an inflammatory topic.

These types of attacks might seem unique to this generation, but in
fact influence campaigns and the spread of disinformation as a
political tactic have been around for nearly as long as the political
systems they seek to undermine. What is new, is that the modern
plethora of digital platforms has enabled campaigns to be conducted in
near real-time and at a much greater scale.

The potential negative impact is amplified when coupled with the
ability to compromise systems and data. With the November elections
fast approaching, researchers at Risk Based Security have observed
greater circulation of and interest in voter-related information on
the dark web. While some of the information may be from public
sources, and has not been independently verified for authenticity, it
is certainly a signal of renewed interest in this type of data.

Steps to mitigate the risk and secure voter data and electoral systems
must be taken to protect the integrity of our democratic process and
ensure the legitimacy of the results; if not for this election, all
future elections.

Hacktivism and the Art of Misdirection

Politically motivated hacking, or hacktivism, is not a new occurrence.
It can be traced back to the ’80s and ’90s, when threat actors
realized the reach of the growing internet infrastructure. More
recently, governments have dedicated significant resources towards
progressing their international goals through hackers.

With so much going on in 2020, there does seem to be a certain
alarming sense of complacency among voters, local officials, and the
media in combating and discussing the issue prior to the upcoming
presidential election. While the pandemic and the campaigns of the
current candidates continue to dominate headlines, the cybersecurity
industry as a whole appears to be less focused on tackling hacktivism
than it did in 2016.

We have published articles and reports detailing the vulnerabilities
present in U.S. Electronic Voting Machines, as have others, but with
the exception of the excellent work of a handful of researchers
including Kim Zetter, the media’s level of interest has been low.

This could be due to general “breach fatigue”, heightened focus on the
mail-in voting process, or simply the overwhelming amount of
newsworthy events taking place in recent weeks. It makes sense to
focus on the issues that are on your doorstep, rather than those that
are not as transparent.

But if hacktivism is “old news” to the cyber world, it certainly
doesn’t appear to discourage hackers. In fact they are profiting from
the misdirection, and probably would prefer to keep it that way.

The Usual Suspects

Our researchers observed numerous databases claiming to consist of
American voter information being shared and discussed at a growing
rate on both Russian speaking and English speaking hacking forums.
There is little to indicate these databases signal recent breach
activity. Since voter information is public record in some states, the
databases may just simply consist of scrapes of public sources. It is
also possible the data is recycled or extracted from previous
breaches. Federal officials have gone so far as to issue a warning
that these databases are being circulated to further fear, uncertainty
and cast doubt about the upcoming election. While our researchers have
not analyzed these databases, the recent increase in shares or
discussions of these databases points to a timely interest:

Michigan – Database of over 7 million voters including PI and voting
information.
North Carolina – Database of over 8 million voters including PI and
voting information.
Washington – Database of 5 million voters including PI and voting information.
Florida – Multiple databases including PI and voting information, with
voting history.
Other US states – Database containing 66 files of individuals from
various states with personal information and political views; private
database of 186 million voters with personal information and political
party affiliation offered for sale.

It is an uncomfortable fact that these purported voter databases
involve pivotal states like Florida, Michigan and North Carolina.

While much of this data might have been collated from older or
publicly accessible sources, the potential dangers are still very
real. The increased attention and cooperation between hackers points
to a growing interest and overall risk. They would most likely prefer
for us to think that hacktivism isn’t a real issue, given the current
climate, but circulating these types of databases can leave voters
feeling vulnerable and feed mistrust of voter systems. Additionally,
just because the data may be older or publicly sourced, it can still
have value for attempting voter fraud or target voters using highly
personalized campaigns as detailed in the 2016 election.

The Hacktivism Trend

Risk Based Security has recently observed other noteworthy hacktivism
campaigns related to political unrest in Belarus and Catalonia. When
large demonstrations against the Russian-friendly government in
Belarus started in August, so did the dissemination of particularly
Belarussian information on Russian speaking forums. Our researchers
discovered the following databases shared after the protests began:

A database of organizations in Belarus with 300,000 organizations.
A database of individuals serving administrative leave for
participating in the protests.
A database of individuals arrested in Minsk between August 8th – 17th.
A database of individuals in Belarus awarded medals for “impeccable
service” by the President.

Last year, when anti-government protests erupted in Catalonia our
researchers also observed numerous website defacements and leaked
databases used to pressure or threaten the Spanish government.

Given the growing reliance and rising number of digital platforms in
the world, we can expect that political hacktivism is and will be an
enduring threat everywhere.

Are We Out of Time?

While hacktivism during a year with major political events seems
inevitable, critical safeguards have likely not kept up with threat
actor advancements or ambitions.

Research published at the end of last year found that experts were
easily able to breach the voting machines that are being used for the
2020 election. The same was found in the 2018 midterm elections.
Naturally, the outdated systems and teams of local election volunteers
are no match for the nation-backed threat actors. Similarly, voters
may not know their information is public record and that they are at
an increased risk for targeting. More informed voters on how their
information is potentially being abused could help combat the risk in
the future.

The good news is that there are resources available. The Cybersecurity
& Infrastructure Security Agency has implemented numerous programs for
protecting election infrastructure. However, despite being made freely
available, local election boards have struggled to make use of the
services.

The U.S. election is only weeks away and with new reports that
state-sponsored hacktivism is once again on the rise, it seems
imperative that more needs to be done. An increase in the reporting
from the media as well as discussion from the cybersecurity industry
over the heightened risks can help create more pressure necessary to
move quickly.

With 29 days until the election and already more than 2 million votes
cast, it is likely too late in this election cycle for a radical shift
in mentality toward security, but we can certainly still change the
narrative for all the ones to come.