Campaign 2018: Election Hacking is a weekly series from CBS News & CNET about the cyber-threats and vulnerabilities of the 2018 midterm election.
Voter data and the digital weapons hackers use to subvert elections are bought and sold daily on a corner of the internet known as the dark web.
It is a network of websites that is tough to access but functions much like the internet we use every day.
You can buy everything from guns and drugs to botnets and ransomware. And cyber-criminals can purchase voter records and hacking tools.
The dark web is not accessible using typical web browsers like Chrome or Safari. Instead, you are required to log on using a virtual private network, or VPN, and the Tor web browser. Tor is an acronym for "the onion router." Every computer has an identifying IP address, and the Tor browser can help shield your machine's location by sending info through several layers of servers.
"Voter and consumer data ends up on the dark web through a number of paths," says TechRepublic staff writer Alison DeNisco Rayome. "Sometimes it's after the breach of a major company, as we saw with Equifax, when a criminal takes advantage of security flaws in a corporate system and gains access to employees' or customers' personally identifiable information, including names, Social Security numbers, and addresses."
When companies like Equifax or government agencies like the Office of Personnel Management (OPM) are hacked, the data is usually sold in dark web forums. Voter data is particularly cheap, says Rayome.
"In 2016, the federal Election Assistance Commission was hacked, and stolen login credentials of its staff were discovered on the dark web. This highlights how important it is for federal election officials to evaluate election systems and patch any vulnerabilities to avoid attacks, and detect and mitigate them when they do happen," says Rayome.
In 2017, one anonymous hacker offered more than 40 million voter registration records from at least nine states. Hackers sold copies of the Arkansas and Ohio databases for just $2 each. This year, thousands of voter records from a robocall firm were leaked to the dark web.
The records often include a voter's first and last name, Social Security number, home address, voting history, partisan preference, and other sensitive details. This information allows hackers to target social media propaganda and purchase ads used in influence campaigns.
Cryptocurrency like bitcoin is the economic engine that powers cyber-criminals on the dark web.
According to Robert Mueller's July 2018 indictment of 12 Russian intelligence officers, hackers associated with Moscow's Main Intelligence Directorate, the GRU, used about $95,000 in bitcoin to finance their efforts to influence the 2016 election.
Cryptocurrency transactions allowed the GRU to establish websites, fake personas, and botnets that were unleashed in an attempt to sway voters in the U.S.
Social media platforms with a high number of abandoned accounts are a prime target for hackers. Twitter botnets are a particularly hot commodity on the dark web, says one hacker who spoke anonymously with CBS News. He says the social media site's vulnerabilities make it an easy target for hackers looking to build a botnet and run influence campaigns.
"[Twitter] has messed up in a portion of the ... application allowing cross site scripting [sic]," the hacker says, referring to code that allows two independent web apps to communicate with each other. Cross-site scripting is a technique that allows for additional functionality on social media sites but can expose data to hackers inadvertently.
"I then used this knowledge to brute force account logins. I guess you can say I cracked an algorithm and I now have multiple databases."
The hacker claims this gave him access to over 5,000 Twitter accounts that he used for a mid-size botnet. Botnets on social media can power influence campaigns by amplifying a propaganda and misinformation. They can also be used for distributed denial of service (DDoS) attacks, which are simple to perform and can wreak havoc. During a DDoS attack, the targeted website is flooded with traffic, overwhelming routers and essentially shutting it down. In October 2016, for example, the Mirai botnet made internet-based communications systems inaccessible for hours.
Ransomware sold on the dark web could also be a powerful election hacking tool. In 2016 a group known as The Shadow Brokers purloined and leaked an offensive cyber-weapon toolkit developed by the NSA called EternalBlue. Derivatives of EternalBlue — malware known as WannaCry, which was traced back to North Korea, and NotPetya, which was linked to Russia — crippled nearly 300,000 machines in multiple countries last year and caused nearly $4 billion in damage.
The nightmare scenario on election day? A similar attack that would sabotage election-day turnout by shutting down essential computer systems, throwing the process into chaos and undermining confidence in the election, according to Fortalice Solutions CEO and former White House Chief Information Officer Theresa Payton.
"We know that ransomware has been hitting cities large and small all across America and all across the world," says Payton. "Election Day is a single day. So the question is: If ransomware hits, what's the backup plan to allow people to vote?"