With the 2020 presidential election drawing ever nearer, voters can expect to be bombarded with information. Not all of it will be factual. Sure, that’s a given for any election, let alone this one which has already seen the truth being stretched well beyond breaking point when it comes to political point-scoring.
Get started on your cybersecurity degree at American Military University.
The debates around postal votes and voter registration have been particularly predatory, and many a mistruth is portrayed as fact. So, when a news agency reported that the registration data of some 7.6 million Michigan voters had been stolen and was available on a Russian dark web hacker forum, it does not surprise that the story quickly went viral. Especially, it should be said, as further voter information covering swing states such as Florida was also said to be available.
What is the truth behind the reporting?
As a journalist specializing in cybersecurity, my inbox was on fire yesterday with emails from security vendors and their PR agencies, all eager to provide comments on the Russian hacker story.
One tweet from a well-respected journalist that mentioned the Russian media report was retweeted more than 13,000 times.
Here’s the thing, though; a little bit of digging suggested that the original Russian news agency report was far from accurate in many respects.
The database in question does, indeed, contain information on Michigan voter registrations. It has been available since March.
So far, so good.
Apart from the fact that the information contained is all publicly available to anyone who makes a freedom of information request to the Michigan Department of State.
Oh, and while it may well have been distributed on a dark web forum, it’s also been readily available on the clear, public, internet for months as well.
Michigan Department of State, the FBI and CISA respond
A tweet from the Michigan Department of State confirmed as much: “Our system has not been hacked,” it stated, “We encourage all Michigan voters to be wary of attempts to ‘hack’ their minds, however, by questioning the sources of information and advertisements they encounter and seeking out trusted sources, including their local election clerk and our office.”
Then the Department of Homeland Security, Cybersecurity and Infrastructure Agency (CISA), and the Federal Bureau of Investigations (FBI) pitched in with a joint statement.
Neither agency had “seen cyberattacks this year on voter registration databases or on any systems involving voting,” the statement said. Unverified sources of information should be “viewed with a healthy dose of skepticism,” the agencies concluded.
Chris Krebs, the CISA director, said that it’s critical people keep their cool in the next few months and “the last measure of resilience is the American voter.”
One thing is for sure, foreign state hackers and various cyber-criminal organizations will undoubtedly be probing election systems. Whether that be for the political capital or, in the case of ransomware players, financial gain is moot.
On this occasion no attack took place and no records were stolen or compromised.