The District of Columbia Board of Elections (DCBOE) is the latest entity grappling with the fallout of compromised voter information. A cybercriminal group known as RansomedVC, which specializes in data extortion, targeted the DCBOE.
RansomedVC didn’t go straight for DCBOE's own system, sidestepping what might be expected to be a heavily guarded front door in terms of cybersecurity. The group instead targeted DataNet, which is not the DCBOE itself, but a hosting provider responsible for managing the online platform and data of Washington, D.C.'s election authority.
Imagine DataNet as a kind of digital warehouse where DCBOE's data is stored. The attackers didn’t break into DCBOE’s office, per se, but the warehouse where DCBOE’s information is stored.
While no internal DCBOE databases or servers were directly affected, this approach not only provided a path to the sensitive data but also brought to light the sometimes overlooked vulnerabilities that can exist when third-party vendors are involved in data management and storage.
RansomedVC claims to have its hands on 600,000 lines of U.S. voter data, specifically records from Washington, D.C., voters, as a result of the breach. They now claim they are selling this stolen information on the dark web, though the exact price remains a mystery.
As proof of authenticity, RansomedVC shared a single record containing the personal details of a Washington, D.C., voter. This dataset includes the individual’s name, registration ID, voter ID, partial Social Security number (SSN), driver’s license number, date of birth, phone number and email. While some voter registration data is public in Washington, D.C., confidential info like contact details and SSNs are off-limits according to election authorities.
RansomedVC seems to be enjoying its moment in the limelight following this cyber incident. This isn’t their first rodeo in the world of high-profile hacks, and their track record includes some bold, if not audacious, claims.
A notable instance from their past involves a claimed breach of Sony. RansomedVC asserted they had penetrated Sony's defenses, walking away with over 260GB of files. A modest 2MB archive was released as supposed proof of their activities. The truth of this claim has remained somewhat enigmatic, with no third-party verifications able to completely affirm the authenticity of their statement. Sony has investigated the situation but has not confirmed or denied the breach publicly.
In the wake of the data breach, the DCBOE was quick to mobilize, launching an intensive investigation. They didn’t work alone on figuring out what happened; they got the FBI and the Department of Homeland Security to help out. Together, they started a big, thorough investigation to understand and manage the situation better.
When the DCBOE became aware of the cyber breach, they promptly took their website offline, displaying a maintenance page to the public. This wasn't only about fixing issues; it was a strategic move to safeguard the ongoing investigation and shield any additional data from being compromised.
Keeping safe online, especially when there are hackers around like RansomedVC, can be a bit tricky. The digital world can sometimes be like a big city where most people are friendly, but there are a few who might try to pick your pocket. Now, although hacks like this may be a bit out of our control, there are ways to keep your data safe and secure. Here how:
The DCBOE’s experience with hackers like RansomedVC shows us how important it is to be safe online for our voting systems and individually as Americans. Hackers are getting smarter, targeting not just individuals but big organizations to get valuable data.
That's concerning, especially when it’s stuff like our voting information. We need to make sure we’re doing everything possible to protect ourselves and be as resilient as possible against these threats, like using good antivirus software, being careful with our personal details and having very strong passwords.
How do you approach maintaining your digital safety, and are there particular strategies or experiences you've found valuable in safeguarding your online presence? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Answers to the most asked CyberGuy questions:
Copyright 2023 CyberGuy.com. All rights reserved.