IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Dark Web Chatter Offers Insights on Election Cyberthreats

With the U.S. presidential race entering its final sprint, a new analysis of conversations on dark web forums shows hackers discussing potential ways to be disruptive with disinformation and attacks on voting infrastructure.

a shadowy figure on the dark web
Shutterstock/Dmytro Tyshchenko
Data circulating on the dark web could give hackers the ammunition they need to target voters and voting infrastructure ahead of election day, a new report claims.

DarkOwl, a company that uses web crawlers to search darknets like Tor, Zeronet, and I2P, released a study Tuesday revealing how bad actors have discussed disrupting electoral processes via cyberattacks and disinformation.

In this digital underworld, some hackers discuss targeting vulnerabilities in ballot tallying machines; others trade voter registration data between themselves. One "prominent malware developer" boasts that his Remote Access Trojans (RATs) could be used to infect election systems using old security flaws.

The company also found ongoing discussions about potential ways to infiltrate three of the most prominent election administration vendors — Election Systems and Software (ES&S), Hart InterCivic, and Dominion Voting — which are responsible for producing a majority of the voting equipment in the country.

At the same time, the potential for bad actors to organize disinformation campaigns within this environment is high, the report shows. There is a "significant ecosystem" for disinformation services within darknets, wherein customers can procure campaigns from disinformation-as-a-service vendors.

These schemes are fueled by a glut of leaked or hacked data circulating online, according to the report. Some of this information comes from freely available sources online, while other information is the result of previous data breaches and leaks. 

In particular, the report makes note of the recent incident involving Tyler Technologies, provider of state and local government election results products, which was hit by ransomware hackers last month. DarkOwl collected some "2,000 corporate e-mail addresses" of Tyler Technologies that were discovered in darknets, the report says. 

Recent reports have also shown some longstanding vulnerabilities may exist in voter registration databases that are currently exploitable. 

The recent research has shown the way that leaked data sets can be valuable underworld capital, "how they're traded, sold, and how those seed disinformation campaigns," a company analyst told Government Technology

However, the discussions being had in these forums don't necessarily mean that discussed attacks would be successful. Some of the vulnerabilities that have been discussed are quite old and most companies and agencies would have issued patches by now.

"DarkOwl assesses election officials and technology vendors would very likely patch their systems accordingly well before the general election, thus the successful use of such a threat is highly improbable," the report says. 

Still, the findings troublingly show how aggregated data can be weaponized. Hackers "could leverage voter names, e-mail addresses and telephone numbers to connect with new audiences and market personalize advertisements according to their views on specific topics, propensity to vote and other factors."

Exactly what kind of threat actors are involved in these transactions? It's often impossible to say, but there are some usual suspects worth mentioning. 

"In that world you don't know who is who," said the analyst, though she added: "The Russians are infamous for tapping unaffiliated organizations and criminal groups to do their bidding."

Lucas Ropek is a former staff writer for Government Technology.
Special Projects
Sponsored Articles
  • How the State of Washington teamed with Deloitte to move to a Red Hat footprint within 100 days.
  • The State of Michigan’s Department of Technology, Management, and Budget (DTMB) reduced its application delivery times to get digital services to citizens faster.

  • Sponsored
    Like many governments worldwide, the City and County of Denver, Colorado, had to act quickly to respond to the COVID-19 pandemic. To support more than 15,000 employees working from home, the government sought to adapt its new collaboration tool, Microsoft Teams. By automating provisioning and scaling tasks with Red Hat Ansible Automation Platform, an agentless, human-readable automation tool, Denver supported 514% growth in Teams use and quickly launched a virtual emergency operations center (EOC) for government leaders to respond to the pandemic.
  • Sponsored
    Microsoft Teams quickly became the business application of choice as state and local governments raced to equip remote teams and maintain business continuity during the COVID-19 lockdown. But in the rush to deploy Teams, many organizations overlook, ignore or fail to anticipate some of the administrative hurdles to successful adoption. As more organizations have matured their use of Teams, a set of lessons learned has emerged to help agencies ensure a successful Teams rollout – or correct course on existing implementations.