As America heads toward the November elections, concerns rise about bad actors manipulating data and perpetrating fraud and theft.
Breaches of online platforms and internal data systems have risen dramatically worldwide since 2020, and the United States is by far the hardest-hit country, suffering 90,405,511 breaches in the final quarter of 2023, or 26,662 per 100,000 people.
This puts the United States ahead of even such populous nations as China, Russia, and India, which experienced 70,641,931, 50,119,934, and 17,056,018 breaches, respectively, in the same quarter.
In the first quarter of 2024, the frequency of breaches in the United States rose 185 percent compared with the previous quarter, affecting 90.4 million accounts.
That’s according to a report from the cybersecurity firm Surfshark, which has tracked data breaches globally, quarter by quarter, and has found four billion breaches worldwide since 2020.
The report’s findings are particularly concerning as America prepares to head to the polls in November as memories of bitter disputes over the integrity and accuracy of results in recent elections are still raw.
According to Chris Were, the chief executive officer of Verida Network, an Australian cybersecurity firm, the weaknesses of the electronic networks used to register and count votes in many countries are still largely unaddressed, and the implications are alarming.
“Traditional electronic voting systems often encounter concerns regarding security and privacy due to the manual or outdated electronic methods employed for casting and tallying votes. A single vulnerability in such systems could potentially lead to widespread manipulation of votes,” Mr. Were told The Epoch Times.
Surfshark’s report found that account breaches in the third quarter of 2023 occurred at a rate of 627 per minute, and the trend increased by 434.9 percent in the final quarter of last year. This meant that 3,353 accounts suffered breaches every minute at the hands of bad actors.
In all, 434.5 million account hacks and disruptions occurred in the final quarter of 2023, meaning that five out of every hundred people worldwide became victims of one or another type of breach, the report states.
The findings make the second quarter of 2023 look halcyon by comparison, with a total of 37.6 million account breaches, or 11.6 times fewer than in the final quarter of the year, according to the report.
Lina Survila, a Surfshark spokesperson, cited the incidence of 90.5 million account breaches in America in the first quarter of the current year and placed the figure within a trend that has accelerated rapidly since 2004. Looking at the data from that year to the present, 290 breaches have happened per minute, she said.
Exploiting Trust
Bad actors often take advantage of a lack of sophistication on the part of some users and their tendency to trust people claiming to represent legitimate organizations, even including law enforcement agencies.
The attacks on the integrity of accounts take many forms, including phishing, password theft, and the impersonation of companies and individuals, often pretending to want to assist the victim with account recovery or—in many cases—with transactions purporting to require service fees or the transfer of funds from one account to another.
Often, hackers gain access to a victim’s personal email account in order to commit a further breach, for example, by accessing a cryptocurrency platform on which the victim had conducted trades and investments. In a typical example of such a crime in October 2023, a senior citizen in Saskatchewan, Canada, who had utilized the crypto platform HoneyBadger, lost a fortune when a hacker got into his email account and went onto HoneyBadger to purchase large amounts of crypto—posing as the account’s legitimate user—before absconding with the stolen currency.
“This troubling data emphasizes the critical need for organizations to bolster their cyber defenses and for individuals to prioritize cybersecurity awareness,” Ms. Survila stated.
Elections in Peril
Fortunately, many law enforcement agencies are ready and willing not only to warn citizens about online scams, but to assist victims in trying to recover stolen funds.
As the United States heads into election season, Mr. Were believes a larger concern is the continuing vulnerability of voting systems to hacking and manipulation. The dangers are myriad, and they are scarcely limited to multiple voting, illegal voting, or the misreporting of election results, which are often merely a function of poor oversight.
“Malicious actors may exploit vulnerabilities to manipulate the recording, maintenance, and tallying of votes, or they may tamper with or destroy evidence crucial for auditing and verifying the accuracy of election results,” he said.
As grim as the picture may be, Mr. Were sees potential in the use of zero-knowledge proofs, which election overseers can incorporate into electronic voting systems to verify voter eligibility. It is possible to do this, he said, without divulging any identifying information about the voter or the candidate whom the voter selects.
“Establishing a credible ‘digital identity’ verification for electronic voting can be challenging. Zero-knowledge proofs provide a solution by allowing verification of criteria such as voting age and registration without disclosing sensitive data. This safeguards against coercion and vote-selling while upholding the legitimacy of the election process,” Mr. Were said.
In practice, this might mean following a protocol where a citizen visits an official government website to verify himself or herself, he explained. The citizen would then receive a zero-knowledge credential from a third-party network, establishing proof of eligibility to vote. The citizen could then present the credential at a physical or online voting site, proving both his or her eligibility and that he or she had not already cast a vote in the election. Mr. Were said it would then be possible to submit the proof of eligibility and the vote itself to an encrypted blockchain.
“This would preserve secrecy while the total votes are periodically published on a public blockchain like Ethereum. Consequently, the only public information is the total votes for each candidate.”