Threat actors are ratcheting up their cyberattacks ahead of the 2018 midterms, exposing voter databases, operating influence campaigns and eroding voter confidence, according to research by Carbon Black.
Ahead of the 2018 midterm elections, the security firm’s researchers found 20 different state voter databases containing more than 81.5 million voter records – including names, genders, voter IDs, addresses, citizenship status and phone numbers – for sale on the dark web, several of them from swing states, Carbon Black’s quarterly incident response threat report revealed.
Researchers found thousands of Instagram followers, Facebook likes, YouTube views and Twitter retweets on the dark web for “a small amount of cryptocurrency” with some listings offering “’laser-focused’ ads” to recipients. “Manipulating social media is a relatively low-cost endeavor, and hackers on the dark web appear to have tools at the ready for manipulating public opinion on major American platforms,” the report said.
Freelancers are thriving underground and dark web-oriented search engines make them much easier to find. Some of the hackers and hacking teams “offer to target government entities for the purposes of database manipulation, economic/corporate espionage, DDoS attacks and botnet rentals,” the report said, but their services are costly – in the “hundreds to thousands of dollars per target” range.
“Being offered for sale and being purchased are very different. A lot of this information is either public, already leaked by services like Facebook or can be purchased legally from several sources,” said Gabriel Gumbs, vice president of product strategy at STEALTHbits Technologies.
“The real concern from a security perspective is how this information, whether obtained through nefarious means or legal but still shady means, can and will be used for social attacks,” said Gumbs, who added that a federal law governing the data is much needed.
“More regulation is not normally something I would call for, however, having a well-defined and widely applied standard for identification and protection of citizen data is something we can learn from our European counterparts,” he said.