On Friday, while the country was worked up in a frenzy over Republican tax fuckery, a cybersecurity firm announced that it had discovered a two databases containing a total of 19 million California voter records had been breached. Hackers had deleted the data, installing a note in its place that simply read, “your database is downloaded and backed up on our secure servers,” with a ransom note for .2 bitcoin (at this moment, that’s around $3,500).
One was a manually crafted set of voter registration data for a local district and the other appeared to contain the entire state of California with 19,264,123 records, all open for public access.
The stolen information contains just about everything an average 400lb. guy sitting in their parents basement would need to seriously screw with complete strangers. That’s stuff like first, last, and middle names, birth dates, phone numbers, mailing addresses, party affiliation, and voting precincts. There were 18.2 million registered voters in California for the 2016 election, and some of the data stolen contained information from previous elections, so probably it’s easier to just say that every registered voter in California is now fucked.
If you’re freaking out about whether or not your personal information has been compromised, don’t worry, Russia already hacked the election systems of 39 different states during the 2016 election. Earlier this year, some dingus contracted by the RNC to mine data on Republican voters exposed 200 million people in a breach that is as hilarious as it is terrifying; super nerds noted the sheer scale of stolen information could be used to “steal an election.” Just to throw some salt on that open wound, the NSA’s secret skunkworks lab was hacked and thieves ran off with seriously powerful Top Secret cyber weapons they’ve since been using to hold your banks, businesses, and grandmas hostage for bitcoin.
Over the summer, some white hat hackers showed just how easy it is to hack an electronic voting machine at DefCon, the biggest cyber security convention in the world. The hope was that by showing old farts that their blind faith in some fancy flavor-of-the-week tech firm can have very dire consequences without proper oversight and scrutiny.
The exhaustive pleading from the the good guy hacker community hasn’t fallen on entirely deaf ears though. On Wednesday, Sen. Ron Wyden asked national security advisor HR McMaster to make securing our elections priority for the executive branch.
Congressional leadership conveniently chooses to believe that this is a states’ rights issue, even if it means leaving our national elections vulnerable to cyber attacks. As such, the executive branch must shoulder the burden of protecting federal elections from foreign cyberattacks.
Wyden plans to introduce legislation that would create a senior White House official for election cybersecurity, establish a working relationship between the National Institute of Standards and Technology (NIST) and DHS, make DHS designate political campaigns as critical infrastructure, and have the Secret Service include a cyber security detail in their mission to protect candidates. That’s a serious step in the right direction, but remember most Congress creeps can’t be bothered to program a VCR, let alone acknowledge Russian election fuckery, so his bill will likely end up in legislative purgatory.
Most stolen data eventually ends up on the Dark Net where it’s sold anonymously in marketplaces to anyone with enough magical Internet money. Since some municipalities can’t even afford to decent cybersecurity, it’s toss up if legislators will make robust cybersecurity part of their election platforms in the coming years. In the interim period, as always, this is the part where some nerd breathlessly tells you to learn and practice basic cybersecurity.