Picture: Lorie Shaull (CC BY 2.0 DEED)
The District of Columbia Board of Elections (DCBOE) is at the moment probing an information leak involving an unknown variety of voter information following breach claims from a menace actor generally known as RansomedVC.
DCBOE operates as an autonomous company throughout the District of Columbia Authorities and is entrusted with overseeing elections, managing poll entry, and dealing with voter registration processes.
Its investigation into the claims has revealed that the attackers accessed the knowledge by means of the net server of DataNet, the internet hosting supplier for Washington D.C.’s election authority.
Notably, the breach didn’t contain a direct compromise of DCBOE’s servers and inner methods.
“On 10/5, DCBOE grew to become conscious of cybersecurity incident involving DC voter information. Whereas the incident stays below investigation, DCBOE’s inner databases & servers weren’t compromised,” the company mentioned.
In shut cooperation with MS-ISAC’s Pc Incident Response Staff (CIRT), DCBOE took down its web site and changed it with a upkeep web page to include the state of affairs after figuring out it because the supply of the breach.
Because the discovery of the incident, the election board labored with knowledge safety specialists, the Federal Bureau of Investigation (FBI), and the Division of Homeland Safety (DHS) to conduct a complete safety evaluation of its inner methods.
Moreover, DCBOE initiated vulnerability scans throughout its database, server, and IT networks to determine potential safety points that may have facilitated the attackers’ entry to the stolen info.
Stolen knowledge up on the market on the darkish internet
RansomedVC alleges that the current incident resulted within the theft of over 600,000 traces of U.S. voter knowledge, encompassing information of D.C. voters.
“We have now efficiently breached the District of Columbia Board Of Elections and have gotten greater than 600k traces of USA Voters,” the menace actor says.
The stolen info is at the moment being supplied on the market on the menace actor’s darkish internet leak web site, however the actual value is undisclosed.
As verification of the info’s authenticity, RansomedVC has offered a single report containing what it claims to be the non-public particulars of a Washington D.C. voter.
This dataset contains the person’s title, registration ID, voter ID, partial Social Safety quantity, driver’s license quantity, date of beginning, cellphone quantity, e-mail, and extra.
“It must be famous that within the District of Columbia, some voter registration data-such as voter names, addresses, voting information, and celebration affiliation-is public info, until it has been made confidential in accordance with District of Columbia guidelines and laws,” the Washington election authority mentioned in its assertion.
Nevertheless, election authorities don’t present entry to confidential info comparable to voters’ contact info and SSNs.
RansomedVC informed DataBreaches.internet, who first reported the info leak on Thursday, that the stolen voter information can be bought to a single purchaser.
Recognized for controversial claims
Whereas RansomedVC has claimed the breach and is now promoting the info on their leak web site, an nameless supply informed BleepingComputer on October third that DCBOE’s stolen database was first put up on the market on the BreachForums and Sinister.ly hacking boards by a person named pwncoder (these posts have since been deleted).
As BleepingComputer was informed, the info was dumped from a stolen MSSQL database and contained the knowledge of greater than 600,000 D.C. voters.
Latest claims made by RansomedVC to have breached Sony’s methods and stolen over 260GB of recordsdata (with a 2MB leaked archive as proof) had been disputed by one other menace actor who identifies as MajorNelson.
The latter celebration launched a 2.4 GB archive of recordsdata on BreachForums, allegedly taken from Sony’s methods.
Whereas the info shared by these attackers appears linked to Sony, BleepingComputer couldn’t independently validate the authenticity of both celebration’s claims.
#D.C #Board #Elections #confirms #voter #knowledge #stolen #web site #hack