Voter fraud is, unfortunately, an all too real reality. It seems to be more rampant today than ever before, and maybe that is because of incidents like data breaches. It’s sort of an oxymoron – reverting to digital and paperless systems has made our lives much more convenient, yet, in turn, has also made us vulnerable to those who can hack their way through our digital fortresses.
How RansomedVC exploited DataNet to hit the DC Board of Elections
The District of Columbia Board of Elections (DCBOE) is the latest entity grappling with the fallout of compromised voter information. A cybercriminal group known as RansomedVC, which specializes in data extortion, targeted the DCBOE.
RansomedVC didn’t go straight for DCBOE’s own system, sidestepping what might be expected to be a heavily guarded front door in terms of cybersecurity. The group instead targeted DataNet, which is not the DCBOE itself, but a hosting provider responsible for managing the online platform and data of Washington, D.C.’s election authority.
Imagine DataNet as a kind of digital warehouse where DCBOE’s data is stored. The attackers didn’t break into DCBOE’s office, per se, but the warehouse where DCBOE’s information is stored.
While no internal DCBOE databases or servers were directly affected, this approach not only provided a path to the sensitive data but also brought to light the sometimes overlooked vulnerabilities that can exist when third-party vendors are involved in data management and storage.
RansomedVC claims 600,00 lines of U.S. voter data with proof of authenticity
RansomedVC claims to have its hands on 600,000 lines of U.S. voter data, specifically records from Washington, D.C., voters, as a result of the breach. They now claim they are selling this stolen information on the dark web, though the exact price remains a mystery.
As proof of authenticity, RansomedVC shared a single record containing the personal details of a Washington, D.C., voter. This dataset includes the individual’s name, registration ID, voter ID, partial Social Security number (SSN), driver’s license number, date of birth, phone number and email. While some voter registration data is public in Washington, D.C., confidential info like contact details and SSNs are off-limits according to election authorities.
Ransomware group gloats about their hacks and bold claims
RansomedVC seems to be enjoying its moment in the limelight following this cyber incident. This isn’t their first rodeo in the world of high-profile hacks, and their track record includes some bold, if not audacious, claims.
A notable instance from their past involves a claimed breach of Sony. RansomedVC asserted they had penetrated Sony’s defenses, walking away with over 260GB of files. A modest 2MB archive was released as supposed proof of their activities. The truth of this claim has remained somewhat enigmatic, with no third-party verifications able to completely affirm the authenticity of their statement. Sony has investigated the situation but has not confirmed or denied the breach publicly.
DCBOE and federal agencies effort to contain data breach
In the wake of the data breach, the DCBOE was quick to mobilize, launching an intensive investigation. They didn’t work alone on figuring out what happened; they got the FBI and the Department of Homeland Security to help out. Together, they started a big, thorough investigation to understand and manage the situation better.
When the DCBOE became aware of the cyber breach, they promptly took their website offline, displaying a maintenance page to the public. This wasn’t only about fixing issues; it was a strategic move to safeguard the ongoing investigation and shield any additional data from being compromised.
How to keep safe
Keeping safe online, especially when there are hackers around like RansomedVC, can be a bit tricky. The digital world can sometimes be like a big city where most people are friendly, but there are a few who might try to pick your pocket. Now, although hacks like this may be a bit out of our control, there are ways to keep your data safe and secure. Here how:
- Have good antivirus software on all your devices: The best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices. Having good antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails and ultimately protect you from being hacked. Get my picks for the best 2023 antivirus protection winners for your Windows, Mac, Android and iOS devices.
- Use identity theft protection: Identity theft protection companies can monitor personal information like your home title, SSN, phone number and email address and alert you if it is being sold on the dark web, which RansomedVC claims to be doing. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.
- Have strong passwords and use 2-factor authentication: Using the same password across multiple platforms will always make you more vulnerable because if one account gets hacked, they all get hacked. And 2-factor authentication is just an extra shield that will prevent a hacker from getting into your accounts. Make sure to use a password manager to keep track of all your passwords.
- Free service to stay protected: If you’re concerned about your data on the dark web, head over to experian.com/darkweb. They offer a dark web scan to check if your information is on the dark web. It’s offered once for free, with no credit card information required. The scan looks back to 2006 and searches over 600,000 web pages for your SSN, email or phone number. If your information is compromised, Experian will let you know the next steps you should take.
- Use a VPN: Consider using a VPN to protect against hackers snooping on your device as well. VPNs will protect you from those who want to track and identify your potential location and the websites that you visit. See my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.
Kurt’s key takeaways
The DCBOE’s experience with hackers like RansomedVC shows us how important it is to be safe online for our voting systems and individually as Americans. Hackers are getting smarter, targeting not just individuals but big organizations to get valuable data.
That’s concerning, especially when it’s stuff like our voting information. We need to make sure we’re doing everything possible to protect ourselves and be as resilient as possible against these threats, like using good antivirus software, being careful with our personal details and having very strong passwords.
How do you approach maintaining your digital safety, and are there particular strategies or experiences you’ve found valuable in safeguarding your online presence? Let us know by writing us at Cyberguy.com/Contact.
Answers to the most asked CyberGuy questions:
Copyright 2023 CyberGuy.com. All rights reserved.