IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Dark Web Chatter Offers Insights on Election Cyberthreats

With the U.S. presidential race entering its final sprint, a new analysis of conversations on dark web forums shows hackers discussing potential ways to be disruptive with disinformation and attacks on voting infrastructure.

a shadowy figure on the dark web
Shutterstock/Dmytro Tyshchenko
Data circulating on the dark web could give hackers the ammunition they need to target voters and voting infrastructure ahead of election day, a new report claims.

DarkOwl, a company that uses web crawlers to search darknets like Tor, Zeronet, and I2P, released a study Tuesday revealing how bad actors have discussed disrupting electoral processes via cyberattacks and disinformation.

In this digital underworld, some hackers discuss targeting vulnerabilities in ballot tallying machines; others trade voter registration data between themselves. One "prominent malware developer" boasts that his Remote Access Trojans (RATs) could be used to infect election systems using old security flaws.

The company also found ongoing discussions about potential ways to infiltrate three of the most prominent election administration vendors — Election Systems and Software (ES&S), Hart InterCivic, and Dominion Voting — which are responsible for producing a majority of the voting equipment in the country.

At the same time, the potential for bad actors to organize disinformation campaigns within this environment is high, the report shows. There is a "significant ecosystem" for disinformation services within darknets, wherein customers can procure campaigns from disinformation-as-a-service vendors.

These schemes are fueled by a glut of leaked or hacked data circulating online, according to the report. Some of this information comes from freely available sources online, while other information is the result of previous data breaches and leaks. 

In particular, the report makes note of the recent incident involving Tyler Technologies, provider of state and local government election results products, which was hit by ransomware hackers last month. DarkOwl collected some "2,000 corporate e-mail addresses" of Tyler Technologies that were discovered in darknets, the report says. 

Recent reports have also shown some longstanding vulnerabilities may exist in voter registration databases that are currently exploitable. 

The recent research has shown the way that leaked data sets can be valuable underworld capital, "how they're traded, sold, and how those seed disinformation campaigns," a company analyst told Government Technology

However, the discussions being had in these forums don't necessarily mean that discussed attacks would be successful. Some of the vulnerabilities that have been discussed are quite old and most companies and agencies would have issued patches by now.

"DarkOwl assesses election officials and technology vendors would very likely patch their systems accordingly well before the general election, thus the successful use of such a threat is highly improbable," the report says. 

Still, the findings troublingly show how aggregated data can be weaponized. Hackers "could leverage voter names, e-mail addresses and telephone numbers to connect with new audiences and market personalize advertisements according to their views on specific topics, propensity to vote and other factors."

Exactly what kind of threat actors are involved in these transactions? It's often impossible to say, but there are some usual suspects worth mentioning. 

"In that world you don't know who is who," said the analyst, though she added: "The Russians are infamous for tapping unaffiliated organizations and criminal groups to do their bidding."

Lucas Ropek is a former staff writer for Government Technology.