Millions of Voter, Consumer Records for Sale on ‘Dark Web’
Hackers are selling detailed information about tens of millions of American voters and consumers on the “dark web,” underscoring vulnerabilities ahead of the Nov. 3 presidential election, according to a new cybersecurity analysis.
Trustwave, a Chicago-based cybersecurity company that monitors the dark web for threats, said in the report it discovered “massive databases with detailed information about U.S. voters and consumers offered for sale on several hacker forums.”
Those databases contain records revealing “a shocking level of detail” about citizens, including their political affiliations. One seller said their database included 186 million records — which, if correct, would mean it contains information about nearly every registered voter in the United States, Trustwave said.
Another seller claimed their consumer database contained 245 million records, which would be nearly the entire U.S. population.
“Cybercriminals have figured out ways to monetize the upcoming elections using information from data leaks and publicly available sources and are actively shopping them for profit,” the firm wrote.
“The information found in the voter database can be used to conduct effective social engineering scams and spread disinformation to potentially impact the elections, particularly in swing states.
“In the right hands, this voter and consumer information can easily be used for geo-targeted disinformation campaigns over social media, email phishing, and text and phone scams.”
Intelligence agencies say Iran, Russia have tried to meddle in pollsCNN
The announcement, two weeks before the Nov. 3 election showed the level of alarm among top US officials that foreign actors were seeking to undermine Americans’ confidence in the integrity of the vote.
Much voter data is already publicly available, but the report said their compilation into large, readily usable databases is troublesome. Some consumer records also listed citizens of other countries, including Britain, Canada, Ireland and South Africa.
Trustwave said having names, addresses, age, gender, and political affiliations can be useful for “all sorts of scams” and can “target voters based on their voting history.”
“Databases found here may be given for free or sold. Databases are typically sold for a few hundred dollars, up to a thousand dollars, payable in bitcoins,” the firm said.
Trustwave suggested that state and city governments should re-evaluate the public records they make available online, as they often make things easier for cybercriminals.
“If corporations are the only ones held to strict regulations when it comes to data privacy, disinformation campaigns and social engineering will be difficult if not impossible to address,” it wrote.
“These activities are extremely profitable and there is a real demand for these databases. We have also shown that cybercriminals are most likely mixing illegally obtained data from leaks with publicly available information on citizens and correlating them to create super databases with detailed information on almost every U.S. citizen and citizens of other major countries.”
The report was published on the same day National Intelligence Director John Ratcliffe announced that Iran and Russia have obtained voter information, and blamed Tehran for an email campaign to intimidate Democratic voters.
Threatening emails purportedly sent from the “Proud Boys” — a far-right, male-only militant organization that supports President Donald Trump — appeared to use digital databases to target Democratic voters, Ratcliffe said.
Trustwave said it turned over the information it found to federal agents.
“We are committed to finding and investigating fraud during this election,” an FBI spokesman told NBC News. “While we cannot comment on information we may or may not have received from the public, we want to assure the American people the FBI is closely coordinated with our federal, state, and local partners to safeguard our voting processes.”