Weaponized Data Breaches: Fueling a Global Cyber Cold War

Even before the recent escalation in geo-political tensions, nation-state actors and nefarious individuals have targeted government agencies across the globe with the goal of exfiltrating personal information and surreptitiously aggregating extensive troves of data to advance their position in a Global Cyber Cold War.

This new battlefield is filled with obfuscated identities and anonymous adversaries that have weaponized data breaches of government sites and combined this data with publicly available data to create powerful new sources of intelligence.

Compromised data, in recent years, has contributed to numerous misinformation (read: fake news) campaigns — creating distrust within communities and across nations, and has been used by cybercriminals to hack into voting machines and the electoral process – putting democracy at risk.

Civil unrest, voter polarization, and international power politics has increased demand for this data, and the poor state of security of voter registration databases and local, state and national election systems have made them easy targets. As a result, we have seen increased circulation of voter information available in the underground community.

This is concerning, not only here in America, but around the world and particularly in developing countries where corruption, internet censorship, misinformation proliferation and election interference  are far too common — yet punitive measures against the perpetrators are minimal at best.

Cyber-criminals are constantly evolving their methods of attacks, and have even started leveraging voter registration records, which do not even have to be breached. These lists have always been publicly available, depending on individual state requirements, but were intended to be used for political campaigns. Some states charge a fee, some require that you need to be a state resident to attain them, some are widely open for anyone at all.

Today, these voter registration records are far easier to acquire and are being exploited, particularly right before national elections. Alarmingly, underground communities are trading and even crowdsourcing for voter records.

This activity sharply increased ahead of the 2016 election, in 2015, and the sale, trading, and publishing of aggregated voter data cataloged by state started back in 2018 for the 2020 U.S. presidential election, and we are once again seeing an upswing in chatter and trading in voter registration records.

This increased exposure makes the data even more easily accessible and fuels not just targeted fake news campaigns, but also numerous types of election fraud, including false registrations, fraudulent use of absentee ballots, and voter impersonation, to name a few.

A 2018 Threat Report revealed that U.S. federal agencies experienced more data breaches than other sectors and our 2019 4iQ Identity Breach Report found that the number of breach packages circulating in underground markets that came from breaches of government sites was the fastest growing, increasing annually by 291%. Just one breach with information on one individual’s email and password can be used to take over their email account, or personal information can be used for social engineering or extortion or to launch other attacks that impact individuals, companies and countries around the world. Given the number of breaches and volume of personal information exposed, we are all at risk.

While an adversary only has to find a single vulnerability to infiltrate a system and initiate a cyber attack, countries and companies alike have to take a multi-layered approach and protect every device, server, application and asset to prevent intrusion. Given this complexity, breaches will happen and we must implement resilient systems that can quickly detect and recover from attacks — but all of us have to do our part.

Individuals should secure their devices, use a password manager and sign up for identity theft protection services. Companies must invest in improving their security posture, report intrusions and work with law enforcement agencies to disrupt and deter adversaries and the government should stop accusing breached companies — the victims — and instead pass meaningful legislation to protect its citizens and companies and provide incentives for organizations to appropriately respond to breaches.

Escalating geo-political tensions are intensifying the global cyber cold war with no end in sight – unless there is a concerted collective effort to promote data security. In General Keith Alexander’s words: “The key lesson here for both physical and cyber attacks is simple: If we aren’t willing to impose real, serious and public consequences for bad acts by our enemies, we ought not be surprised when they get more aggressive. That aggression is likely to elicit a more significant response, potentially leading to a much larger conflict.”

Much of the response will be played out in the cyber domain, fueled by data breaches and resulting in attacks that create another wave of data breaches – where both the target and collateral damage are our individual privacy and our nation’s democracy.

What’s Hot on Infosecurity Magazine?