Campaign 2018: Election Hacking is a weekly array from CBS News CNET about a cyber-threats and vulnerabilities of a 2018 midterm election. Part 1: Phishing attacks. Part 2: Influence campaigns. Part 3: . Next week: Hacking hardware and software.
Voter information and a digital weapons hackers use to mishandle elections are bought and sole daily on a dilemma of a internet famous as a dark web.
It is a network of websites that is tough to entrance though functions most like a internet we use any day.
You can buy all from guns and drugs to botnets and ransomware. And cyber-criminals can squeeze voter annals and hacking tools.
The dim web is not permitted regulating standard web browsers like Chrome or Safari. Instead, we are compulsory to record on regulating a practical private network, or VPN, and a Tor web browser. Tor is an acronym for “the onion router.” Every mechanism has an identifying IP address, and a Tor browser can assistance defense your machine’s plcae by promulgation info by several layers of servers.
“Voter and consumer information ends adult on a dim web by a series of paths,” says TechRepublic staff author Alison DeNisco Rayome. “Sometimes it’s after a crack of a vital company, as we saw with Equifax, when a rapist takes advantage of certainty flaws in a corporate complement and gains entrance to employees’ or customers’ privately identifiable information, including names, Social Security numbers, and addresses.”
When companies like Equifax or supervision agencies like a Office of Personnel Management (OPM) are hacked, a information is customarily sole in dim web forums. Voter information is quite cheap, says Rayome.
“In 2016, a sovereign Election Assistance Commission was hacked, and stolen login certification of a staff were detected on a dim web. This highlights how critical it is for sovereign choosing officials to weigh choosing systems and patch any vulnerabilities to equivocate attacks, and detect and lessen them when they do happen,” says Rayome.
In 2017, one unknown hacker offering some-more than 40 million voter registration annals from during slightest 9 states. Hackers sole copies of a Arkansas and Ohio databases for only $2 each. This year, thousands of voter records from a robocall organisation were leaked to a dim web.
The annals mostly embody a voter’s initial and final name, Social Security number, home address, voting history, narrow-minded preference, and other supportive details. This information allows hackers to aim amicable media promotion and purchase ads used in change campaigns.
Cryptocurrency like bitcoin is a mercantile engine that powers cyber-criminals on a dim web.
According to Robert Mueller’s Jul 2018 indictment of 12 Russian comprehension officers, hackers compared with Moscow’s Main Intelligence Directorate, a GRU, used about $95,000 in bitcoin to financial their efforts to change a 2016 election.
Cryptocurrency exchange authorised a GRU to settle websites, feign personas, and botnets that were unleashed in an attempt to lean electorate in a U.S.
Social media platforms with a high series of deserted accounts are a primary aim for hackers. Twitter botnets are a quite prohibited commodity on a dim web, says one hacker who spoke anonymously with CBS News. He says a amicable media site’s vulnerabilities make it an easy aim for hackers looking to build a botnet and run change campaigns.
“[Twitter] has messed adult in a apportionment of a … focus permitting cranky site scripting [sic],” a hacker says, referring to formula that allows dual eccentric web apps to promulgate with any other. Cross-site scripting is a technique that allows for additional functionality on amicable media sites though can display information to hackers inadvertently.
“I afterwards used this believe to beast force comment logins. we theory we can contend we burst an algorithm and we now have mixed databases.”
The hacker claims this gave him entrance to over 5,000 Twitter accounts that he used for a mid-size botnet. Botnets on amicable media can energy change campaigns by amplifying a promotion and misinformation. They can also be used for distributed rejection of use (DDoS) attacks, that are elementary to perform and can wreak havoc. During a DDoS attack, a targeted website is flooded with traffic, strenuous routers and radically shutting it down. In Oct 2016, for example, the Mirai botnet made internet-based communications systems inaccessible for hours.
Ransomware sole on a dim web could also be a absolute choosing hacking tool. In 2016 a organisation famous as The Shadow Brokers purloined and leaked an descent cyber-weapon toolkit grown by a NSA called EternalBlue. Derivatives of EternalBlue — malware famous as WannaCry, that was traced behind to North Korea, and NotPetya, that was related to Russia — crippled scarcely 300,000 machines in mixed countries final year and caused scarcely $4 billion in damage.
The calamity unfolding on choosing day? A identical conflict that would harm election-day audience by shutting down essential mechanism systems, throwing a routine into disharmony and undermining certainty in a election, according to Fortalice Solutions CEO and former White House Chief Information Officer Theresa Payton.
“We know that ransomware has been attack cities vast and tiny all opposite America and all opposite a world,” says Payton. “Election Day is a singular day. So a doubt is: If ransomware hits, what’s a backup devise to concede people to vote?”
- Hacker’s paradise: Secrets of a “dark web” (CBS News)
- 48 Hours: Click for a Killer (CBS News)
- Here be monsters: A beam to a dim web (CNET)
- Researchers find stolen troops worker secrets for sale on a dim web (CNET)
- Dark Web: The intelligent person’s guide (TechRepublic)