Cyberattack on DC election site exposes voter data to hackers

Voter fraud is, unfortunately, an all too real reality. It seems to be more rampant today than ever before, and maybe that is because of incidents like data breaches. It’s sort of an oxymoron – reverting to digital and paperless systems has made our lives much more convenient yet, in turn, has also made us vulnerable to those who can hack their way through our digital fortresses.

 

How RansomedVC exploited DataNet to hit the DC Board of Elections

The District of Columbia Board of Elections (DCBOE) is the latest entity grappling with the fallout of compromised voter information. A cybercriminal group known as RansomedVC, which specializes in data extortion, targeted the DCBOE.

RansomedVC didn’t go straight for DCBOE’s own system, sidestepping what might be expected to be a heavily guarded front door in terms of cybersecurity. The group instead targeted DataNet, which is not the DCBOE itself but a hosting provider responsible for managing the online platform and data of Washington D.C.’s election authority.

Imagine DataNet as a kind of digital warehouse where DCBOE’s data is stored. The attackers didn’t break into DCBOE’s office, per se, but the warehouse where DCBOE’s information is stored.

While no internal DCBOE databases or servers were directly affected, this approach not only provided a path to the sensitive data but also brought to light the sometimes overlooked vulnerabilities that can exist when third-party vendors are involved in data management and storage.

MORE: HACKER CLAIMS TO HAVE STOLEN MILLIONS OF 23ANDME USERS’ DATA

 

RansomedVC claims 600,00 lines of U.S. voter data with proof of authenticity

RansomedVC claims to have its hands on 600,000 lines of U.S. voter data, specifically records from D.C. voters, as a result of the breach. They now claim they are selling this stolen information on the dark web, though the exact price remains a mystery.

As proof of authenticity, RansomedVC shared a single record containing the personal details of a Washington, D.C. voter. This dataset includes the individual’s name, registration ID, voter ID, partial Social Security number, driver’s license number, date of birth, phone number, and email. While some voter registration data is public in D.C., confidential info like contact details and SSNs are off-limits according to election authorities.

 

Ransomware group gloats about their hacks and bold claims

RansomedVC seems to be enjoying its moment in the limelight following this cyber incident. This isn’t their first rodeo in the world of high-profile hacks, and their track record includes some bold, if not audacious, claims.

A notable instance from their past involves a claimed breach of Sony. RansomedVC asserted they had penetrated Sony’s defenses, walking away with over 260GB of files. A modest 2MB archive was released as supposed proof of their activities. The truth of this claim has remained somewhat enigmatic, with no third-party verifications able to completely affirm the authenticity of their statement.  Sony has investigated the situation but has not confirmed or denied the breach publicly.

 

MORE: RUSSIAN RANSOMWARE ATTACK SOFTWARE TARGETS APPLE MAC AND MACBOOK 

 

DCBOE and federal agencies effort to contain data breach

In the wake of the data breach, the District of Columbia Board of Elections (DCBOE) was quick to mobilize, launching an intensive investigation. They didn’t work alone on figuring out what happened; they got the FBI and the Department of Homeland Security to help out. Together, they started a big, thorough investigation to understand and manage the situation better.

When the DCBOE became aware of the cyber breach, they promptly took their website offline, displaying a maintenance page to the public. This wasn’t only about fixing issues; it was a strategic move to safeguard the ongoing investigation and shield any additional data from being compromised.

 

How to keep safe

Keeping safe online, especially when there are hackers around like RansomedVC, can be a bit tricky. The digital world can sometimes be like a big city where most people are friendly, but there are a few who might try to pick your pocket. Now, although hacks like this may be a bit out of our control, there are ways to keep your data safe and secure. Here how:

Have good antivirus software on all your devices: The best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices. Having good antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked.

Special for CyberGuy Readers:  My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package. 

Get my picks for the best 2023 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Best Antivirus Protection 2023

 

Use identity theft protection: Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web, which RansomedVC claims to be doing.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

Special for CyberGuy Readers:  Save up to 51% with my top recommendation is Identity Guard.

See my tips and best picks on how to protect yourself from identity theft.

Best identity theft protection services 2023

 

Have strong passwords and use 2-factor authentication: Using the same password across multiple platforms will always make you more vulnerable because if one account gets hacked, they all get hacked. And 2-factor authentication is just an extra shield that will prevent a hacker from getting into your accounts. Make sure to use a password manager to keep track of all your passwords.

Free service to stay protected: If you’re concerned about your data on the dark web, head over to experian.com/darkweb. They offer a dark web scan to check if your information is on the dark web. It’s offered once for free, with no credit card information required. The scan looks back to 2006 and searches over 600,000 web pages for your Social Security Number, email, or phone number. If your information is compromised, Experian will let you know the next steps you should take.

Use a VPN: Consider using a VPN to protect against hackers snooping on your device as well. VPNs will protect you from those who want to track and identify your potential location and the websites that you visit.

Special for CyberGuy Readers:  My top recommendation is ExpressVPN. It has a quick and easy setup, is available in 105 countries, and will not log your IP address, browsing history, traffic destination or metadata, or DNS queries.

Right now you can get 3 extra months FREE with a 12-month ExpressVPN plan. That’s just $6.67 per month, a saving of 49%!  Try 30 days risk-free.

See my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices.

Best VPNs for browsing the web privately 2023

 

MORE: HACKERS ARE WAGING A DIGITAL BATTLE IN THE ISRAEL-HAMAS CONFLICT 

Kurt’s key takeaways

The DC Board of Elections’ experience with hackers like RansomedVC shows us how important it is to be safe online for our voting systems and individually as Americans. Hackers are getting smarter, targeting not just individuals but big organizations to get valuable data. 

That’s concerning, especially when it’s stuff like our voting information. We need to make sure we’re doing everything possible to protect ourselves and be as resilient as possible against these threats, like using good antivirus software, being careful with our personal details, and having very strong passwords.

 How do you approach maintaining your digital safety, and are there particular strategies or experiences you’ve found valuable in safeguarding your online presence? Let us know by commenting below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

Answers to the most asked CyberGuy questions:

 

 

Copyright 2023 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

Understanding brushing scams and how to protect yourself

From TikTok to trouble: How your online data can be weaponized against you

Massive data breach at federal credit union exposes 240,000 members