Initial Reactions to Election 2024 Across the Darknet

November 06, 2024

DarkOwl analysts have been closely monitoring darknet sites like Ramp4U, BreachForums, XSS, and Exploit in addition to chat platforms like Telegram and Discord for any concerning or threatening language in the lead up to, on the day of, and following the November 5, 2024 American presidential election.

We have identified individuals across the deep and dark web—particularly on the dark web-adjacent messaging app Telegram—spreading misinformation regarding the electoral process. On the morning of November 5, Cambria County Commissioner Scott Hunt in Cambria County, Pennsylvania announced a “ballot printing issue” that resulted in tabulators being unable to scan ballots. The issue was caused by “how the ballots were printed,” and was not a problem with the machines. Numerous individuals online, however, were observed misrepresenting the information and spreading numerous conspiracy theories. These have included unfounded claims that voting machines were tampered with to undermine the Republican vote.

These conspiracy theories fall into a larger trend of mis- and disinformation undermining trust in the electoral process, which gained significant traction following the 2020 presidential election. On the day of the election, analysts continued to observe the spread of false narratives suggesting that voting system manufacturers like Dominion Voting Systems are “changing votes.” Many individuals in far-right Telegram channels are also continuing to reiterate the conspiracy theory that the 2020 presidential election was “stolen.”

As noted in DarkOwl’s recent 2024 U.S. Presidential Election Disinformation on the Dark Web whitepaper, U.S.-based conspiratorial political movements like QAnon are actively sharing false information pertaining to the 2024 presidential election. In the weeks leading up to the election—and on Election Day—QAnon Telegram channels have spread misinformation claiming that the “deep state” is taking steps to “steal the election.” The conspiratorial political movement, for instance, has pointed to the length of time needed to count ballots as a sign of interference. Many of these unfounded claims stem from—and are amplified by—falsities spread by prominent political figures, including former President Donald Trump. Far-right Telegram channels have notably picked up on posts made by Donald Trump on Election Day claiming that there is “massive cheating” taking place in Philadelphia. Philadelphia officials have already issued a statement in response countering the former president’s unfounded claim.

Furthermore, on Election Day, the Federal Bureau of Investigation (FBI) announced that there are fabricated videos spoofing the FBI—using both its name and insignia—currently circulating online. As highlighted by CBS News, the videos are spreading “false information about security threats and election integrity.” Although the threat actors behind the videos have not been identified at this time, researchers believe it is likely that Russia is behind the disinformation. This would be consistent with expectations that nation states—particularly Russia, Iran, and China—would ramp up disinformation operations closer to November 5.

Mis- and disinformation claiming that the election is being “stolen” and that voting machines are being hacked was increasingly observed on the night of November 5 and in the early hours of November 6, prior to the announcement of president-elect Donald Trump’s victory. Following the announcement, individuals in far-right Telegram chats were seen claiming that the “steal” was stopped “at the last minute.” Moreover, since the results have come in, DarkOwl has observed left-wing individuals—particularly on Twitter/X—spreading conspiracy theories claiming that the election was “rigged” in favor of president-elect Donald Trump. As was the case with far-right conspiracy theories, there is no evidence to support these claims.

DarkOwl analysts identified a post on RAMP4U titled, “USA state of Georgia Police Department Captain email hacked | ELECTIONS SPECIAL HACK.” This post, originally published by the user, Pwnstar, on 11/02/2024, has gained attention, and the threat actor stated it was being shared specifically ahead of the election.

Below is a screenshot of Pwnstar’s original post, which claims to have 2.3 GB of emails belonging to “Captain of Georgia PD.” No city, county, or town was named, but the user further alleges that this data goes all the way back to 2012 until Sep 2024. Most replies asked the user for the price of the data leak and whether the information is genuine.

The following screenshot also appeared on Pwnstar‘s original post. The image is an alleged data sample from the Georgian police captain’s leaked emails – specifically a “Municipal Court Jail Docket Sheet.”

The Georgia police captain post has continued to receive attention from prospective buyers clarifying details about the leak followed by the threat actor, Pwnstar, responding. Below are a couple noteworthy comments.

Pwnstar accused Dinamit of being a journalist or law enforcement agent:

A thread titled, “USA Voter Databases Collection” originally appeared on Breachforums in June 2023, but has recently resurfaced as a popular thread in light of the 2024 election. Several users claim to have recent data for various states including the following information:

  • Voter ID Number
  • First & Last Names
  • DOB
  • Full Addresses
  • Email & Phone Numbers

This post did not continue to receive additional replies after the elections results were finalized. However, DarkOwl Analysts identified an actor named OriginalCrazyOldFart that has a particular interest in US voter data.

There are 13 pages of replies. Pages 12 and 13 contain comments from 11/1/2024 until Current Date. One response worth noting was from OriginalCrazyOldFart on 11/2/2024 where this user claims that they have current Voter lists for various states like Georgia and Iowa.

DarkOwl analysts searched BreachForums and discovered OriginalCrazyOldFart has posted several threads related to US voter data as well as regularly publishing various types of leaked databases related to private companies and government agencies around the world. One thread titled, “2024 Statewide North Carolina Voter list. 8,695,045 lines (plus OHIO VOTERS),” was originally created on 7/31/2024, but has continued to receive comments as recent as 11/6/2024. This actor claims to have the following data for voters in North Carolina and Ohio:

  • DOB
  • Phone Number
  • Race
  • Driver’s License Numbers

OriginalCrazyOldFart replied to 4 different users asking to clarify the type of data for sale. In this particular response they go into details about how they obtained data from various states including:

  • New York
  • Pennsylvania
  • Wisconsin
  • Missouri
  • Arkansas
  • Kansas
  • Utah

These posts highlight the interest that threat actors have in voting information, even after information has been available for long periods of time. Although given the PII (personal identifiable information) available in these leaks it is more likely the information would be used for traditional hacking and phishing techniques rather than to perpetrate any type of data fraud. However, once a threat actor obtains this kind of data it is difficult for us to know how they are going to use it.

Furthermore, watching activity on the dark web in the run up to the election, during election day and in the immediate aftermath, highlights the effect that this event has had on certain aspects of the community. Rhetoric from those on Telegram and other sites noticeably changed in light of the result. DarkOwl analysts will continue to monitor these groups and conversations to see how the conversation changes in the coming months up to an including the inauguration to understand if threats, conspiracy theories and other threatening rhetoric persists or increases from both sides of the aisle.


Keep up to date with DarkOwl’s research. Follow us on LinkedIn.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.