Voter Data From 19 States Sold On Internet, Online Security Firms Say
Two threat intelligence firms confirmed the voter information of approximately 35 million United States citizens was being put up for sale on a popular hacking forum, reports said Monday.
Anomali researchers in close partnership with Intel 471, a leading cybercrime intelligence provider, spotted dark web communications offering a large number of voter databases for sale.
“To our knowledge, this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data, including U.S. voters’ personally identifiable information and voting history,” Hugh Njemanze, a chief executive officer of Anomali said, according to an Associated Press report. “With the November 2018 midterm elections only four weeks away, the availability and currency of the voter records, if combined with other breached data, could be used by malicious actors to disrupt the electoral process or pursue large-scale identity theft.”
The two companies said they’ve gone through a sample of the records available in the database, and added the information was valid with “a high degree of confidence.”
According to the researchers at the company, the data contained information such as full name, physical addresses, phone numbers, voting history, and other voting-related things. A report on ZDNet noted some states treated data regarding voter information as public and offer it online for free download.
The data up for sale in the hacking forum was thought to have come from 19 U.S. states. The pricing and list of the states and the data advertised in a popular English-language speaking hacking forum included Montana — $1000; Louisiana — $5000; Iowa — $1100$; Utah — $1100; $Oregon — 500; South Carolina — $2500; Wisconsin — $12500; Kansas — $200; Georgia — $250; New Mexico — $4000; Tennessee — $2500; South Dakota — $2500; Wyoming — $500; Kentucky — $2000; Mississippi — $1100; West Virginia — $500; Minnesota — $150; Idaho — $1000 and Texas — $1300, ZDNet reported.
The voter record count of only three databases was revealed in the forum: Louisiana (3 million), Wisconsin (6 million), and Texas (14 million), which totaled to 23 million records. According to reports, the hacker was asking for a total of $42,200 for all the 19 databases, and had promised to provide people who purchased the data with weekly updates regarding the information, Anomali Labs said.
"We estimate that the entire contents of the breach could exceed 35 million records," Anomali Labs researchers said.
The report said users commenting on the forum suggested the data was leaked in the Robocent incident in June when the robocall firm leaked personal details of thousands of U.S. voters. But the person, selling the current information claimed "data is refreshed each Monday of every week," which meant he or she still had access to the compromised servers, or had another means to receive updates.
"Certain states require the seller to personally travel to locations in-state to receive the updated voter information. This suggests the breach is not necessarily a technical compromise but rather an extensive operation involving cooperation within the election organizations," Anomali Labs said.
The firm said the ad for the sale of voter data was online Oct. 5, and since then multiple crowdfunding campaigns were set up to buy it. The company said the advertisement was one of the most popular topics on the hacking forum, and added multiple forum users pooled funds together to gain access to the one or more database with a plan to share it with the rest of the registered users of the forum.
"At the time of this report, the first of 19 available voter databases, Kansas, has been acquired and published," Anomali Labs said in a statement. "A second crowdfunding project, voted by forum members to select the next state, is close to 20.7 percent of its funding goal. Oregon currently leads the voting for the second state to be published."
"Our operators engaged with the threat actor 'Downloading,' the original vendor of the voter database thread, to assess their credibility," Anomali Labs lead researchers Roberto Sanchez told ZDNet in an interview, adding authorities were made aware of the incident. "We believe this to be an alias for the forum administrator named 'Omnipotent' based on shared email address between Downloading and Omnipotent."
According to the original statement by Anomali Labs, this type of information can aid in criminal actions such as identity theft. It can also help in the false submission of changes online to the voter information, resulting in some legitimate voters being unable to cast their vote.
© Copyright IBTimes 2024. All rights reserved.