Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search

The Virginia Department of Elections database may have been hacked and is online on the dark web

Pietro Melillo : 30 June 2024 10:41

A serious security incident appears to have hit the Virginia Department of Elections, causing the unauthorised dissemination of a large election database. The attack, claimed by a user known as IntelBroker, was made public through an online forum dedicated to data breaches.

The Virginia Department of Elections is the body responsible for administering elections in the state of Virginia. This department ensures that all elections are conducted fairly, transparently, and in compliance with state and federal laws. It oversees voter registration, supervises local and state elections, and maintains the integrity of the electoral process through secure data management and election staff training.

Currently, we cannot precisely confirm the accuracy of the reported breach, as the organization has not yet issued an official press release on their website regarding the incident. Therefore, this article should be considered as an ‘intelligence source’.

Details of the Attack

Vuoi diventare un Ethical Hacker?
Non perdere i nostri corsi e scrivi subito su WhatsApp al numero
375 593 1011  per richiedere informazioni dicendo che hai trovato il numero sulle pagine di Red Hot Cyber

Supporta RHC attraverso:


Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.

According to reports, the compromised database contained detailed information about electoral candidates. IntelBroker, the user who claimed responsibility for the attack, stated that the database had previously been sold on the forum. However, they decided to make it public to prevent further fraud by new accounts that could have taken advantage of this information. Currently, we cannot precisely confirm the accuracy of the reported information, as no official press release regarding the incident has been issued on the department’s website.

IntelBroker

IntelBroker is a threat actor operating on the dark web, associated with the CyberNiggers group. Specializing in selling access to compromised systems, IntelBroker has orchestrated attacks against companies such as Zscaler and Europol.

Active on underground forums like XSS, Breachforums, and Exposed, IntelBroker has sold sensitive data at surprisingly low prices. IntelBroker also develops ransomware and is known for their ability to compromise high-profile systems, acting as an Initial Access Broker.

However, the information published by IntelBroker turned out to be wrong at times, with reports attributing attacks to companies other than those actually affected.

Compromised Information

The leaked database includes a total of 65,000 rows of data, with details such as:

  • CandidateId
  • CandidateName
  • TOTAL_VOTES
  • Party: Party affiliation
  • WriteInVote:
  • LocalityCode
  • LocalityName:
  • PrecinctId
  • PrecinctName
  • DistrictId
  • DistrictType
  • DistrictName
  • OfficeId
  • OfficeTitle
  • ElectionId
  • ElectionType:
  • ElectionDate
  • ElectionName:
  • NumberOfSeats:

Implications of the Breach

The dissemination of such sensitive information raises serious questions about the security of electoral data and the privacy of candidates. The leaked information can be used for malicious purposes, influencing public trust in the electoral system.

Conclusion

This incident underscores the importance of robust security for electoral data. Institutions must adopt preventive and reactive measures to protect sensitive information and maintain the integrity of the electoral process. Voters need to have confidence that their data and the electoral system as a whole are protected against such breaches.

As is our practice, we always leave space for a statement from the organization should they wish to provide updates on the matter. We will be happy to publish such information with a specific article highlighting the issue. RHC Dark Lab will monitor the situation to publish further news on the blog, should there be substantial updates. If there are individuals informed about the facts who wish to provide information anonymously, they can use the whistleblower’s encrypted email.

Pietro Melillo
Head of the Dark Lab group. A Computer Engineer specialised in Cyber Security with a deep passion for Hacking and technology, currently CISO of WURTH Italia, he was responsible for Cyber Threat Intelligence & Dark Web analysis services at IBM, carries out research and teaching activities on Cyber Threat Intelligence topics at the University of Sannio, as a Ph.D, author of scientific papers and development of tools to support cybersecurity activities. Leads the CTI Team "RHC DarkLab"