Just in Time for an Election Cycle … Noice.
The District of Columbia Board of Elections (DCBOE), a key department managing voting processes within the D.C. Government, is currently under scrutiny as an investigation is underway into a cybersecurity incident. The alleged breach significantly involves the potential exposure of a wealth of voter records, a claim made by a threat actor going by the ominous moniker, RansomedVC.
Interestingly, the pathway into this veritable trove of information wasn’t a direct assault on the DCBOE’s servers but a more insidious sidestep – the web server of DataNet, the hosting provider for D.C.’s election authority. Upon becoming aware of this appalling breach, DCBOE promptly contained the situation by taking its website offline and replacing it with a maintenance panel.
Prompt Incident Response by MS-ISAC
This swift move was a part of the measures taken by DCBOE, in tight coordination with MS-ISAC’s Computer Incident Response Team (CIRT), as they worked to lessen the impact of the breach. The board didn’t stop there. In partnership with federal heavyweights like the FBI and the Department of Homeland Security (DHS), DCBOE embarked on a thorough evaluation of its internal systems.
Simultaneously, the board carried out vulnerability scans on its database, server, and IT networks, hoping to discover any potential weak points that could have been exploited by the threat actors.
RansomedVC in Play Again
According to RansomedVC, the group has managed to capture over 600,000 lines of U.S. voter data related to D.C. voters. As proof of the theft, they have produced a single record, allegedly showing the personal details of a D.C. voter, which includes plenty of confidential information from ID numbers to contact details.
In response, the Washington election authority clarified that while some voter registration data is indeed public, confidential details like contact information and Social Security numbers should not typically be accessible.
It’s Easy to Sell Records to Putin When You Live in Russia
Which One of These Guys Wants US Voter Data?
(we see you.)
RansomedVC, speaking to DataBreaches.net, mentioned plans to sell the stolen voter records to a single buyer. This follows on from an anonymous source’s assertion that the DCBOE’s stolen database was initially put up for sale on hacking forums like BreachForums and Sinister.ly by a user dubbed ‘pwncoder’.
The veracity of these sets of claims, not just from RansomedVC but also concerning the Sony breach, remains somewhat ambiguous. Despite the cyber-underworld’s penchant for show-and-tell, complete confirmation of the data’s authenticity remains elusive, thereby adding an extra layer of complexity to the ongoing investigation.