< Back to Searchlight Blog

Darknet interference in the 2020 US presidential election

Published on 03 Nov 2020 by Louise

Many sources are concerned what impact darknet-related activities will have on the 2020 US presidential election. Potential threats range from ransomware attacks against local government databases, far-right schemes to spread misinformation regarding mail-in ballots, phishing emails targeting election officials and large amounts of US voter registration data for sale on the dark web.

In the weeks and months leading up to the much-anticipated US presidential election, the darknet has featured regularly in news stories concerned about interference in the democratic process. Darknet involvement spans numerous potential menaces, including hacking election systems and deploying malware, phishing attacks against voters and officials and voter data breaches. However, the most likely threat is thought to be targeted misinformation campaigns, with the aim of further polarising US society ahead of the vote.

Perhaps the most feared, but least probable, threat to the integrity of the US election relates to the security of the vote itself, which Cyberwire claims is "unlikely to be compromised". That said, it is worth noting the Doppelpaymer ransomware attack on Hall County, Georgia's critical systems, including its voter signature database and phone services, which slowed signature verification and reportedly resulted in stolen documents being posted on a dark web site. There have also been reports of discussion on darknet forums regarding potential vulnerabilities of electronic voting systems and ballot tallying machines to malware and RATs (remote administration tools), though these conversations do not neccesarily indicate the existence of actionable plans.

Phishing attacks are also high on the radar of potential election threats, in the wake of various email-based scams against election officials and voters alike. Some of these phishing attacks bore financial consequences: the Wisconsin GOP recently revealed a loss of over $2 million from its Donald Trump reelection campaign fund, as a result of failing to identify purported vendor invoice emails as scams. Donald Trump's official website was defaced in October, with hackers claiming to have accessed "internal conversations" and posting links to send them the cryptocurrency Monero, suspected to be the result of a phishing scam. Election officials have also been targeting by suspected phishing emails which encourage users to click on a link, ostensibly to receive two-factor authentication hardware.

The most high-profile phishing story pertained to a threatening email campaign designed to appear to originate from far-right group Proud Boys, which sent messages aimed at voter intimidation targeting largely Democrat-leaning individuals. Though the story quickly gained attention due US intelligence services assigning responsibility for the campaign to the governments of both Russia and Iran, a Stanford report found no conclusive evidence of foreign involvement. Regardless of the perpetrators' identity, this campaign of intimidation brought renewed focus to the issue of voter registration data being widely available for purchase on darknet markets, as this information was likely used to determine which individuals to target based on their voting record, location and preferences.

Numerous outlets have commented on the high volume of US voter registration data available to purchase on dark web sites, with Searchlight's Cerberus tool returning over 280 results for listings related to "US voter", including single and multi-state voter databases. When combined with further leaks, such as driver's license databases, it is feared this information could be weaponised for purposes of voter suppression or even individual voter fraud. However, the biggest risk stemming from voter data being available on the darknet is its utility in targeted misinformation and social engineering campaigns designed to further polarise and pressurise US political discourse, particularly in key swing states. Rumours bubbling up from darknet circles onto the clearnet include spreading distrust of new voting systems, mail-in ballots and the 2020 election results in general, with compromised voter data conferring the added advantage of effectively geo-targeting misinformation to the most vulnerable regions and individuals.

Screenshot of Cerberus Darknet Market Search results for "US voter"

Try our Darknet Intelligence/Forensics tool for free, contact enquiries@slcyber.io

Latest News from Searchlight

20 May 2021

Is all press good press? DarkSide, Colonial Pipeline and Ransomware-as-a-Service

This article explores the darknet structures and relationships sustaining the ransomware ecosystem, and enquires whether the consequences of DarkSide's attack against Colonial Pipeline will affect the continued growth of this lucrative cybercriminal enterprise.


03 Mar 2021

Zero-day exploit in Accellion FTA leads to data compromise of multiple companies

This article evaluates the recent slew of data breaches suffered by a range of major organisations as a result of vulnerabilities in the soon-to-be-retired Accellion File Transfer Appliance, as well as the implications of suspected involvement by notorious ransomware gang Cl0p.


06 Jan 2021

Covid-19 and the darknet: deceit, disinformation and disruption

Since the beginning of the coronavirus pandemic, darknet actors have exploited the heightened sense of fear and uncertainty for financial and even political gain. In tandem with the much-anticipated rollout of vaccines for the disease in multiple countries worldwide, actors have renewed efforts at Covid-related fraud, disinformation, and cyber-espionage.


02 Dec 2020

The quest for Monero deanonymisation and potential impacts on darknet markets

Monero, often hailed by darknet users as the most private cryptocurrency available, has recently been the subject of efforts by security researchers to deanonymise and trace its transactions. How will Monero's potential traceability affect the illicit trade that occurs on darknet markets?