With a few weeks left to the midterm elections, voter information from 19 states has appeared on the dark web
Up to 35 million voter registrations from 19 American states are on sale in a popular hacking forum on dark web, according to reports of digital forensics specialists from the International Institute of Cyber Security.
Investigators from a cybersecurity firm reported the discovery of different communications in dark web offering a lot of voter databases last Monday, including personal identifying information and voting history of people who have participated in elections.
This represents the first incident of voter registration data for sale in hacking communities this 2018, as reported by experts in digital forensics. The discovery takes place weeks before the midterm elections in the United States, to be held in next November.
“With the mid-term elections of November 2018 to only four weeks, malicious actors could use the availability and validity of voter registrations, if combined with other possibly compromised data, to disrupt the electoral process or carry out a large-scale identity theft”, the investigators mentioned. “Given the demand from illicit suppliers for weekly updates of voter registrations and their high reputation in hacking forums, we evaluated with moderate confidence that attackers could have permanent access to databases and/or contact with Government officials in the states where this occurs”.
The investigators did not explicitly name the hacking forum where they found this information.
This incident affects 19 states; 23 million of total records on sale cover only three of the 19 affected territories. The affected states are Georgia, Idaho, Iowa, Kansas, Kentucky, Louisiana, Minnesota, Mississippi, Montana, New Mexico, Oregon, South Carolina, South Dakota, Tennessee, Texas, Utah, West Virginia, Wisconsin, and Wyoming.
According to researchers, voter list prices range from $150 to $12k USD, depending on the state where the database came from. These prices may be related to the number of voter registrations found in each database.
Records contain voter data, including full name, phone numbers, physical addresses, voting history, and other unspecified data related to previous electoral processes.
“We estimate that all content reported could exceed 35 million records”, the researchers mentioned.
According to reports of experts in digital forensics from the International Institute of Cyber Security, a high profile actor is organizing a crowd funding campaign to buy each of these databases. It is believed that, after the purchase, the databases will be made available to the members of the hacking forum, with early access for those who invested in the crowd funding
The US authorities’ concern about voter data security continues to grow as the day of the vote approaches.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.