False Voter Data (Scam) – Malware

Overview

As the 2024 U.S. elections approached, the security of the electoral process faced new and evolving threats. Among the most concerning was the rise of disinformation campaigns aimed at undermining public confidence in the election process. One of the most insidious tactics involved the spread of false claims regarding hacked voter registration databases. These fabricated reports suggested that cybercriminals or foreign adversaries had gained access to sensitive voter information, when, in fact, no breach had occurred. The goal of these campaigns was not just to mislead, but to sow distrust in the U.S. democratic system, further polarizing the electorate and creating confusion in the lead-up to election day.

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) responded to this emerging threat with a joint public service announcement (PSA) in September 2024. In their statement, they highlighted the dangers of disinformation related to voter data, urging the public to critically assess claims of voter database breaches. The agencies made it clear that the false claims were part of a coordinated effort by malicious actors to create chaos and discredit the integrity of U.S. elections. These actors, including foreign adversaries and cybercriminals, often used social media platforms to amplify their false narratives, reaching wide audiences and triggering widespread concern, even though the claims had no factual basis.

Targets

Individuals

How they operate

The core of the false voter data scam revolved around the dissemination of fake reports claiming that hackers or foreign actors had compromised voter registration databases. These databases, containing publicly available information such as names, addresses, party affiliations, and voter identification numbers, were portrayed as sensitive data that had been stolen or exposed in a breach. However, most of the data that was circulated in these false claims was already publicly accessible through various means, including state and local government databases. By leveraging legitimate information that was freely available, the attackers were able to deceive the public into thinking that a breach had occurred when, in fact, there was no such compromise.

Technically, the disinformation campaign relied heavily on social media platforms and forums to amplify the reach of the false claims. Malicious actors, often with ties to foreign adversaries or cybercriminal groups, used automated bots and fake accounts to distribute fabricated stories across popular platforms like Twitter, Facebook, and Reddit. These bots were designed to mimic real user behavior, posting misleading headlines and linking to bogus websites that purported to have “leaked” voter data. By flooding these platforms with large volumes of disinformation, the attackers were able to create an illusion of widespread concern over voter data security. The rapid spread of these claims made it difficult for both the public and election officials to separate fact from fiction.

In terms of technical execution, the campaign often used a variety of tools to fabricate and manipulate voter data. One of the key tactics was the creation of fake “leak” websites, which appeared to host stolen voter information. These sites often used convincing but fabricated database dumps or screenshots, which falsely showed large volumes of voter data being exposed. The attackers behind these websites used simple but effective techniques such as web scraping, where they would collect publicly available voter registration data and then republish it on their fake leak pages. They would also insert misleading headlines or claims about the “source” of the data, often attributing it to a high-profile cyberattack or foreign nation-state actor.

The technical deception didn’t stop with fake websites. The attackers also employed phishing techniques to further their disinformation campaign. They sent out emails and messages that appeared to come from trusted election authorities or cybersecurity firms, claiming that voter databases had been breached. These messages often contained links to the same fake leak sites, encouraging recipients to click through and “verify” the breach for themselves. Once again, the goal was to create a false narrative of compromise, leveraging urgency and fear to drive clicks and attention.

Moreover, attackers took advantage of the public’s lack of familiarity with the nature of voter data. While most of the information involved in the scam was public, it was framed in a way that made it seem like sensitive data had been stolen, exploiting the widespread fear of cybersecurity threats. By distorting this information, the attackers were able to manipulate public perception, making it appear as though an election disaster was imminent. They capitalized on the confusion, not by stealing information but by altering the narrative surrounding the data.

To ensure the effectiveness of their tactics, the malicious actors behind the scam relied on the vulnerability of traditional media outlets and political influencers to amplify their narrative. By presenting themselves as whistleblowers or cybersecurity experts, they gained credibility and further spread their message. News outlets, which sometimes failed to verify the authenticity of the claims quickly enough, inadvertently contributed to the disinformation by covering the fabricated breach. This tactic demonstrated how easily manipulated the public could be when it came to complex cybersecurity issues and election security.

In response to the growing threats of disinformation surrounding U.S. elections, the FBI and CISA worked diligently to counter these attacks. They provided guidance to election officials and the public, encouraging them to be cautious about claims of voter data breaches and to rely on trusted, verified sources for information about election security. Additionally, they worked with social media platforms to detect and remove false claims, ensuring that the spread of misinformation was curtailed as much as possible.

In conclusion, the false voter data scam was a well-executed disinformation campaign that exploited technical tools and public fear to undermine confidence in the U.S. election system. By manipulating publicly available information and leveraging modern communication channels, malicious actors were able to create an illusion of widespread cybersecurity threats. However, by understanding the technical mechanics behind these tactics, both the public and authorities can better defend against similar campaigns in the future, ensuring that disinformation does not undermine the integrity of democratic processes.

References

• FBI and CISA Release Joint PSA, Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections