< Back to Searchlight Blog

Darknet interference in the 2020 US presidential election

Published on 03 Nov 2020 by Louise

Many sources are concerned what impact darknet-related activities will have on the 2020 US presidential election. Potential threats range from ransomware attacks against local government databases, far-right schemes to spread misinformation regarding mail-in ballots, phishing emails targeting election officials and large amounts of US voter registration data for sale on the dark web.

In the weeks and months leading up to the much-anticipated US presidential election, the darknet has featured regularly in news stories concerned about interference in the democratic process. Darknet involvement spans numerous potential menaces, including hacking election systems and deploying malware, phishing attacks against voters and officials and voter data breaches. However, the most likely threat is thought to be targeted misinformation campaigns, with the aim of further polarising US society ahead of the vote.

Perhaps the most feared, but least probable, threat to the integrity of the US election relates to the security of the vote itself, which Cyberwire claims is "unlikely to be compromised". That said, it is worth noting the Doppelpaymer ransomware attack on Hall County, Georgia's critical systems, including its voter signature database and phone services, which slowed signature verification and reportedly resulted in stolen documents being posted on a dark web site. There have also been reports of discussion on darknet forums regarding potential vulnerabilities of electronic voting systems and ballot tallying machines to malware and RATs (remote administration tools), though these conversations do not neccesarily indicate the existence of actionable plans.

Phishing attacks are also high on the radar of potential election threats, in the wake of various email-based scams against election officials and voters alike. Some of these phishing attacks bore financial consequences: the Wisconsin GOP recently revealed a loss of over $2 million from its Donald Trump reelection campaign fund, as a result of failing to identify purported vendor invoice emails as scams. Donald Trump's official website was defaced in October, with hackers claiming to have accessed "internal conversations" and posting links to send them the cryptocurrency Monero, suspected to be the result of a phishing scam. Election officials have also been targeting by suspected phishing emails which encourage users to click on a link, ostensibly to receive two-factor authentication hardware.

The most high-profile phishing story pertained to a threatening email campaign designed to appear to originate from far-right group Proud Boys, which sent messages aimed at voter intimidation targeting largely Democrat-leaning individuals. Though the story quickly gained attention due US intelligence services assigning responsibility for the campaign to the governments of both Russia and Iran, a Stanford report found no conclusive evidence of foreign involvement. Regardless of the perpetrators' identity, this campaign of intimidation brought renewed focus to the issue of voter registration data being widely available for purchase on darknet markets, as this information was likely used to determine which individuals to target based on their voting record, location and preferences.

Numerous outlets have commented on the high volume of US voter registration data available to purchase on dark web sites, with Searchlight's Cerberus tool returning over 280 results for listings related to "US voter", including single and multi-state voter databases. When combined with further leaks, such as driver's license databases, it is feared this information could be weaponised for purposes of voter suppression or even individual voter fraud. However, the biggest risk stemming from voter data being available on the darknet is its utility in targeted misinformation and social engineering campaigns designed to further polarise and pressurise US political discourse, particularly in key swing states. Rumours bubbling up from darknet circles onto the clearnet include spreading distrust of new voting systems, mail-in ballots and the 2020 election results in general, with compromised voter data conferring the added advantage of effectively geo-targeting misinformation to the most vulnerable regions and individuals.

Screenshot of Cerberus Darknet Market Search results for "US voter"

Try our Darknet Intelligence/Forensics tool for free, contact enquiries@slcyber.io


Latest News from Searchlight

28 Oct 2020

Darknet market landscape more volatile - and lucrative - than ever

Recent trends of law enforcement shutdowns and exit scams by popular marketplaces have made the Western darknet market landscape increasingly volatile, with no single platform dominating in terms of volume. This multipolarity, combined with the rise of cryptocurrencies such as Bitcoin, has facilitated the number of markets on the darknet to reach record levels.

Read more...

28 Oct 2020

Darknet interference in the 2020 US presidential election

Many sources are concerned what impact darknet-related activities will have on the 2020 US presidential election. Potential threats range from ransomware attacks against local government databases, far-right schemes to spread misinformation regarding mail-in ballots, phishing emails targeting election officials and large amounts of US voter registration data for sale on the dark web.

Read more...

28 Oct 2020

Finnish psychotherapy centre data breach: hackers blackmail individual patients

Hackers gained access to thousands of confidential records for patients of private Finnish psychotherapy centre Vastaamo, reflecting a broader trend of poor cybersecurity across global healthcare systems.

Read more...

27 Apr 2020

Have COVID-19 Health Organisations been hacked?

Pastebin and Twitter are actively removing files containing thousands of email addresses and passwords, allegedly belonging to various health organisations involved in the fight against COVID-19.

Read more...