Security Gets Political With Hacks, Darknet Sales

  /     /     /  
Publicated : 22/11/2024   Category : security


Security Gets Political With Hacks, Darknet Sales


As presidential campaigns get into full swing, neither party is immune to online chicanery -- and neither are voters



With the Republicans meeting in Cleveland this week, political news dominated the headlines. So it will surprise exactly no one that security news turned political as well.
At a glance, there were a number of incidents where politics and security intersected.
Approximately 191 million American voter records were put up for sale on Darknet on a state-by-state basis for 0.5 Bitcoin ($330) each.
The hack of the Democratic National Committees servers
in June
included personal data of celebrity donors including Tom Hanks and Steven Spielberg, according to
press reports
this week.
A security vendor set up
unsecured Wi-Fi networks
to entice Republican convention-goers in and around Cleveland. The familiar trick worked: More than 1,200 logged in to play Pokemon Go, check email and browse porn; 68 percent of attached users had their identities exposed.
The millions of voter records for sale appear to be the
same ones discovered late last year
by MacKeeper security researcher Chris Roberts. The seller, DataDirect, uploaded screenshots to The Real Deal Marketplace, a commercial site on Darknet, or the Dark Web, a subset of the Internet accessible only through the anonymized Tor network.
DataDirects screenshots have the same data structure as those Roberts found and posted. The data fields contain personally identifying information: first, middle and last names; date of birth; address; and voting history.
Hackread
first reported the sale of the stolen data this week.
Law enforcement views such acts as no big deal, Roberts told
Dark Reading
. They say, We can look all that up in the phone book, but these records have date-of-birth information, which allows them to authenticate people, Roberts explained. When its concentrated like this, its even more powerful.
Knowing an individuals political party and their location can help make phishing emails more effective, according to Dan Palumbo, research director of the
Digital Citizens Alliance
, a consumer oriented coalition focused on education and Web safety. It wont look so out of place to the recipient.
When Roberts first discovered the voter records in December, he was chagrined to find there are no state or federal laws against posting them online. In contrast, Mexico has federal laws that prohibit leaking voter registration files, taking them across borders or using them for personal gain. We dont have anything on the books like that and Id like to see that change, Roberts said.
Its unclear whether DataDirect copied the records Roberts discovered, bought them from a third-party or acquired them by some other means. What is clear is that the agency that compiled the voter records, or the third-party they used to perform the work, was extremely lax in its security. The groups or commissions in charge of these databases need to do a better job protecting these records, Palumbo said. It needs to start there.
Government organizations can also do a better job of setting security benchmarks with third-parties they use on specialty projects, said Yogev Mizrahi, cybersecurity leader for security concern Hacked-DB. And security measures can fail when that external company puts the projects server in a public cloud or exposes the staging environment by not using even basic best practices, Mizrahi added in an email to
Dark Reading
.
This issue gets compounded if a government service or website asks for personal information as condition for completing a process or a login. By giving up more private information, attackers then can more easily exploit users for their own ends, Mizrahi said.
Related Content:
5 Tips For Making Data Privacy Part Of The Company’s Culture
8 Microsoft Office 365 Security Tips To Reduce Data Loss
Device Advice: Keeping Fraudsters From Consumer Info

Last News

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Security Gets Political With Hacks, Darknet Sales