The initial breach was first reported last week after a House official warned lawmakers that they could have been exposed. But over the weekend, the scope of the breach and the number of lawmakers affected became clearer after a user of a hacking forum posted online what they claimed was the full set of data stolen from D.C. Health Link.

That file contained more than 67,500 unique entries. CyberScoop confirmed the authenticity of the data belonging to one individual in the data set, which includes names, email addresses, dates of birth, home addresses, Social Security numbers and details about insurance policies.

By late Monday, the user that uploaded the data threatened that more was to come. “More data exists, but will not be leaked for the time being,” a user named Denfur posted. “The use of it is something important. More than one database were (sic) exposed.”

The D.C. Health Benefit Exchange, the city agency that operates the insurance market, said Friday that 56,415 of its customers had their data swept up in the breach. The exchange also said it hired the threat intelligence firm Mandiant to conduct a forensic investigation of the breach.

A breach of this nature that includes the health care information alongside personal data can put victims at risk of additional scams and other types of cyberattacks. The fact that it includes sensitive information about national lawmakers along with their families and staff is even more concerning.

The data set posted Sunday includes more than 1,800 entries pertaining to people associated with Congress, whether members of the legislative body, their families or staff, a CyberScoop analysis of the data shows. The data also includes hundreds of names spread across at least 20 foreign embassies and thousands of other employers. As CyberScoop previously reported, the data set also includes former national security and defense officials and affects a wide swath of the capital city from employees of coffee shops, to dentist offices to civil society groups.

An examination by CyberScoop of the federal legislators included in the data posted on Sunday roughly corresponded with the tally provided by congressional aides, but given the large amount of data at play and threats by Denfur to release additional hacked material, the number of individuals ultimately affected may change.

Denfur claimed on Monday that the “vector for the attack was an open, exposed database,” and said that the database “was breached through simply connecting to it, no verification was required” and that it was “likely exposed for over a year and a half before the breach occurred.”

According to a source familiar with the response to the breach, the material posted online so far is not the full set of data that was exposed. The source, who spoke on condition of anonymity, said the initial incident response is still ongoing and that, contrary to the leaker’s description of D.C. Health Link being breached “through simply connecting to it” without verification, it took some familiarity with the database software to access the data.

With just under two dozen members included in the data set, the number of federal legislators exposed is smaller than the hundreds initially thought to be affected. But with hundreds of congressional staffers also exposed, the breach remains a top security concern on the Hill. On Tuesday the House Administration Committee will hold a members-only bipartisan briefing providing updates from US Capitol Police, the Chief Administrative Office and the House Sergeant at Arms, according to one of the aides.

The post Hacker posts more D.C. Health Link data online, exposing lawmakers’ personal information appeared first on CyberScoop.

But the biggest threat from these falsehoods and lies may come after voting ends and as officials begin announcing winners in contentious and tight elections around the country. 

“I certainly would not expect the disinformation to end on Election Day,” said Suzanne Spaulding, a former undersecretary at the Department of Homeland Security who now directs the Defending Democratic Institutions project at the Center for Strategic and International Studies. “I think in fact, that it will grow, particularly in a context in which it appears as though, for example, somebody who’s an election denier is losing.”

Researchers and national security officials warn that how these narratives play out and whether they gain widespread acceptance could determine if a significant percentage of the public rejects the outcome of the elections. And if they don’t, they warn, that could trigger outbursts of political violence. 

With influential figures such as former President Trump and his allies amplifying false voter fraud storylines, such as claims that delays in vote counting provide an opportunity for malfeasance, the immediate aftermath of the election will provide the best opportunity for bad actors to cast doubt on the process.

“That period after Election Day until the elections are certified can be a point of heightened risk because of the misinformation and disinformation that we see that’s out there,” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said on the sidelines of the Michigan Cyber Summit last month. 

In the run-up to the election, federal officials have warned of a variety of threats — from lies about hacked voting machines to manufactured claims of voter suppression or fraud being spread online to undermine the election’s legitimacy. National-security officials maintain that there is no major risk that the voting infrastructure will be hacked and votes changed, but that may not matter if disinformation about hacked voting systems or discarded ballots gains traction among the public.

In an effort to confront any Election Day concerns, CISA officials said the agency has established a special operations center staffed with officials from across the federal government, election organizations and the private sector. CISA is also hosting a virtual cyber “situational awareness room” so that state and local level officials can get support on voting day and for many hours after the polls close. 

Against the backdrop of distrust around the elections, federal officials are increasingly concerned that conspiracy theories and falsehoods have created a major threat to the physical violence at the polls. Disinformation “not only undermines the integrity of our election system,” Easterly said, but “can also do things like incite violence against these very hardworking, dedicated public servants, who are making sure that our elections are run effectively.”

These concerns mean that cybersecurity threats are no longer the chief worry for local election officials. “In supporting election officials, they tell me that physical security is their No. 1 concern,” said Geoff Hale, who leads the Election Security Initiative at CISA.

Influential figures are stoking these narratives. Last month, for example, former President Trump and Rep. Jim Jordan, the Ohio Republican, seized on a report that election officials in Colorado had sent mailers encouraging 30,000 noncitizens to register to vote. Trump and Jordan saw this honest mistake — which was quickly corrected and would not have resulted in noncitizens gaining the ability to vote — as evidence of a plot. Writing on Twitter, Jordan questioned Colorado officials’ claim that it was an accident with a question: “Anyone actually believe them?”

Two years after the 2020 election, when conspiracy theories and political grandstanding inspired the armed mob storming the U.S. Capitol to prevent a peaceful transfer of power, disinformation researchers and federal officials are on edge, fearful that this year’s election could see a repeat of 2020’s election fraud narratives — and falsely cast doubt on the election’s legitimacy in the minds of many Americans. 

Unlike in 2020, online audiences in 2022 are far more familiar — and perhaps more receptive to — election conspiracies  after the onslaught of similar messages during the last election, researchers warn. “Audiences are already primed just from all that happened in 2020,” said Kate Starbird, a disinformation researcher and a co-founder of the University of Washington’s Center for an Informed Public.

“The same sort of narratives that we saw in 2020. We expect to see a lot of them again this time around,” said Mike Caulfield, a research scientist who leads the Center for an Informed Public’s rapid response efforts. “You’re going to see narratives about machines being hacked, or designed to steal votes, you’re going to see reports of supposed poll worker collusion where poll workers are somehow trying to discard or alter people’s votes.” 

But, he said, the broad familiarity with election fraud narrative at the scale that we currently have — that’s new and that’s going to impact how things unfold.”

Researchers have observed foreign groups trying to target U.S. audiences with voter fraud narratives, too, but these campaigns have failed to gain traction and reach large audiences, a report by the Election Integrity Partnership, a research consortium, concluded last week.

But foreign government operatives are nonetheless eager to bolster the perception that they are meddling in U.S. politics. Russian businessman Yevgeny Prigozhin, a key figure in Russian information operations, claimed on Monday that he continues to wield influence in the U.S. “We have interfered [in U.S. elections], we are interfering and we will continue to interfere,” Prigozhin said in remarks reported by Reuters. “Carefully, accurately, surgically and in our own way, as we know how to do.”

In the absence of a successful foreign influence campaign, Americans are pushing most of the election falsehoods circulating online, researchers with Recorded Future’s Insikt Group concluded in a report published Monday. For instance, Trump and many of his fiercest supporters continue to post claims that voting equipment manufacturers  Dominion, Election Systems and Software and Smartmatic are part of a complicated, sprawling conspiracy  that stole the election from Trump.

After Election Day, those false claims about voting systems — sometimes based on genuine technical issues or human mistakes — can be weaponized to sow doubt in the results, said Crag Terron, a threat analyst with Recorded Future’s Insikt Group. “If the vote doesn’t go the way that people that share this narrative want it to, then this is a narrative that can be pointed to, and get people on side ahead of 2024.”

Twitter may be another complicating factor after the election. Elon Musk’s acquisition of Twitter and massive layoffs have researchers questioning whether the platform, which plays a key role in online discourse around political events, will live up to its own policies regarding elections.

Twitter officials maintain that the company’s content-moderation policies remain in place and that its commitments regarding “election integrity — including harmful misinformation that can suppress the vote and combatting state-backed information operations  — remain a top priority,” as Yoel Roth, Twitter’s head of safety and integrity, put it in a thread. 

But huge staff cuts mean that “the ways that platform worked yesterday are not going to be the ways that it works today,” Starbird said. 

Over the weekend, Twitter delayed rolling out changes to Twitter’s account verification process — which will cost $8 per month and reportedly no longer require users to confirm their identity to get a blue checkmark. That change could muddle things further for election officials who have encouraged voters to trust information published by official government sources.

“Although the mechanics of Musk’s new verification scheme remain unclear, there appears to be a clash between money-making and validating authenticity,” Eddie Perez, a former director for civic integrity at Twitter, told CyberScoop. “And in the midst of an election, voters need to know if what they are reading is real or fake.”

That uncertainty is especially concerning against the backdrop of dozens of Republican candidates on the ballot who have endorsed Trump’s claims of a stolen election. Their commitment to the election fraud narrative may mean that claims of irregularities at the polls live on far beyond Election Day.

Corrected Nov. 7, 2022: An earlier version of this article misstated the name of the Election Integrity Partnership. It is the Election Integrity Partnership, not the Election Integrity Project.

The post The disinformation threat facing US midterms extends beyond Election Day appeared first on CyberScoop.

Chris Krebs, director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), briefed the Senate Cybersecurity Caucus, a bipartisan group of lawmakers led by Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo. The newest member of the caucus, Sen. Maggie Hassan, D-N.H., confirmed the briefing in a statement.

“From ransomware attacks on local hospitals to a hack of federal government records, cyberattacks pose a serious threat to our communities and national security,” Hassan said.

In the last few years, poorly secured U.S. businesses, schools, and local governments have lost millions of dollars after ransomware infections. Over 100 public-sector ransomware attacks have been reported in 2019 alone, double the amount in 2018. This classified briefing followed an unprecedented, closed-door summit held by the FBI with the private sector in September that sought new ways of combatting ransomware attacks.

Details of specific topics covered during the session were shielded from the public due to the classified nature of the briefing. A CISA spokesperson did not immediately respond to a request for comment on the matter.

The briefing did cite as a case study an Aug. 16 ransomware incident that affected 23 local governments across Texas, according one person familiar with the briefing.

While many details of that attack have still not been disclosed — including the full list of communities impacted — it was initially directed at a managed service provider that transmitted a ransomware virus, alternatively known as Sodinokibi or REvil, to the victims with a $2.5 million demand. None of the victims in that attack are known to have paid the ransom.

The Texas attack prompted a response that included nearly a dozen state and federal agencies, and two ransomware attacks this year in Louisiana resulted in the declaration of statewide emergencies.

The Washington Post reported that Wednesday’s briefing would also cover ransomware’s potential impact on election security and what senators could do to address security vulnerabilities in their states.

The Senate last month passed a bill, sponsored by Gary Peters, D-Mich., and Rob Portman, R-Ohio, designed to create new DHS grants and other programs to help state and local governments defend themselves against cyberattacks, particularly ransomware. A Senate Homeland Security and Government Affairs Committee aide said the panel is currently working with its House counterpart to determine a path forward.

The post DHS official briefs senators on state ransomware threats in classified meeting appeared first on CyberScoop.