Just as in 2016, headlines dominating the news this election week largely circle around a core topic – election insecurity and misinformation. FireCompass used its internet wide cyber security monitoring platform to determine just how vulnerable the US is to these types of attacks.
There are multiple news and reports on how spreading misinformation is the #1 threat to influencing elections. Though hacking into voting machines is theoretically possible there is no strong evidence of such exploitations. However, spread of misinformation to influence the outcome of elections is available in abundance. The 2016 Facebook–Cambridge Analytica data breach was a data leak whereby it was claimed that millions of Facebook users’ personal data were harvested without consent by Cambridge Analytica, predominantly to influence the voters. ABC news has reported that US adversary countries have obtained voter data in election interference campaigns. The United States Department of Justice reports the grand jury indicted multiple offenders for hacking offenses related to elections.
FireCompass Study : Objectives & Methodology
At FireCompass we conducted a study to find out how easy or hard it is to use cyber attacks as a part of the misinformation campaign to influence the election.
Firecompass has utilised its publicly available open source intelligence available in the deep, dark and surface web to arrive at insights included in the current research. Firecompass has collected, indexed and analysed publicly available open source data for the last few years. Data consists of Web Applications (1 Million+ Alexa Web Sites), 100K Top Mobile Apps, 10+ Billion Leaked Credentials Records on Dark Web, 180 Million Ports and Services. We indexed the data in such a way that we can run queries such as “Find all the sensitive records related to an Organisation given by its primary domain”. One of the biggest challenges of the research is to attribute data related to the US and primarily US Elections. We have used normalization techniques for attribution based on sample analysis in cases where direct attribution is not possible.
5 M Open Databases, 200+ billion exposed data including personal information are publicly available
Massive amount of data available on the Surface, Deep and Dark Web. In the Dark Web hackers have leaked millions of data. However in the Deep Web, thousands of organizations have inadvertently exposed their database . In the cloud there are thousands of cloud buckets which are open without passwords. Many of these are Shadow IT or assets which are inadvertently made online without the knowledge of the security team.
Such data can be collected by malicious actors without the need for any hacking since it is publicly available and being served on a platter to anybody on the internet. This data can then be analyzed to find information that could be useful in spreading of misinformation. One can harvest email addresses, phone numbers, personal preferences, physical addresses and much more. This information can then be used to create targeted campaigns to influence them. Today Big data and AI can make it simple once such data is harvested.
Following Figure shows TBs of data available to be crawled and indexed by Nation Wide Threat Actors (APTs).
1 out of 5 American’s credentials leaked, making it easy to compromise accounts and spread misinformation.
FireCompass studied billions of credentials i.e. username and password pairs that are available in the dark web. Such credentials are available due to numerous breaches that have happened in the past through companies like Linkedin, Equifax & other breaches. Such passwords can be used to compromise the email or social media accounts of individuals including common man to celebrities and influencers. Once such accounts are compromised, it can then be used to spread misinformation through social messages, emails or sometimes even covert “likes” in social media which can sway traffic towards messages that can change public opinion. A few interesting findings are:
- 1 out of every 5 Americans credential is leaked
- Globally there are 9+ billions leaked credentials available publicly or in the dark web
- On an average there are 56K credentials leaked per enterprise.
About FireCompass
FireCompass is a SaaS platform for Continuous Automated Red Teaming (CART) and Attack Surface Management (ASM). FireCompass continuously indexes and monitors the deep, dark and surface web using nation-state grade reconnaissance techniques. The platform automatically discovers an organization’s digital attack surface and launches multi-stage safe attacks, mimicking a real attacker, to help identify attack paths that are otherwise missed by conventional tools. FireCompass is led by serial cybersecurity entrepreneurs and backed by prominent investors and venture capitalist funds. To learn more, visit www.firecompass.com.
References:
https://www.wbur.org/onpoint/2020/10/26/the-anatomy-of-an-election-disinformation-campaign
https://www.npr.org/2020/10/24/927300432/robocalls-rumors-and-emails-last-minute-election-disinformation-floods-voters
https://www.theguardian.com/us-news/2020/oct/21/russia-iran-us-voter-data-security-fbi-election
https://www.npr.org/2020/10/27/927807674/voters-guide-to-election-security-in-the-2020-presidential-campaign
https://abcnews.go.com/Politics/fbi-russia-iran-obtained-voter-data-election-interference/story?id=73750385
https://www.dispatch.com/story/news/politics/elections/presidential/2020/10/21/russian-and-iranian-voter-intimidation-hasnt-hit-ohio-larose-says-states-voter-registration-is-open/3723122001