Keeping Election Security News In Perspective

Questions to Raise Cybersecurity Awareness

Very few would argue that recent headlines concerning election security haven’t been alarming. From hacking to voting systems to stolen voter registration data and the deliberate distribution of false candidate information, it’s no wonder people are questioning the integrity of election results.

It’s hard to know who or what to believe, and while there is questionable information floating around, much of what we’ve read concerning election security is based on fact. However, “just the facts” without context can be just as dangerous or misleading as lies.

One example is the recent concern over 35 million voter registration records that were discovered in the Darknet marketplace.

Sign Up to Receive Our Monthly Newsletter: Election Security In the News Sign up here

Through our research, the CyberDefenses team has been able to confirm that the story is true, but the story doesn’t warrant panic, and here’s why:

  • This voter registration data is already freely accessible to anyone who requests it from their state governments. In many cases, this information is used by candidates or non-profit organizations in marketing campaigns focused around gathering votes or support for causes.
  • This information includes names, phone numbers, addresses and voter affiliation, not social security numbers or login credentials.
  • This information is routinely found on the Darknet because many companies fail to take the right steps to protect it. Consequently, it is not available only via voter registration records. This fact reduces the probability that the data is related to an election-focused attack.
  • Hackers tend to exaggerate their claims of how the data was collected or the type of data included to promote themselves as a go-to resource for valuable information. The likelihood of these records being sourced through nefarious means is probably slim.
  • In many cases, this data is outdated. There is a high chance that it has been repackaged from old sources and is not as valuable as the sellers claim it is.

In the midst of the midterm elections, it is not surprising that the hacker community is capitalizing on the heightened focus around election security.They make an interesting claim that they have the ability to continuously retrieve voter registration information. Election officials should take these claims seriously by monitoring the data that is showing up in hacker forums. Plus, reviewing their data capture and dissemination process would be another wise move.

We’re likely going to see more activity such as this. Some of it does indicate threats that should be addressed immediately, but other events, while concerning, aren’t as alarming as some would want us to believe.

About the author

Monty St John

Monty is a security professional with more than two decades of experience in threat intelligence, digital forensics, malware analytics, quality services, software engineering, development, IT/informatics, project management and training. He is an ISO 17025 laboratory auditor and assessor, reviewing and auditing 40+ laboratories. Monty is also a game designer and publisher who has authored more than 24 products and 35 editorial works.