[BreachExchange] Historic data breach exposes practically all US voters ahead of election
Destry Winant
destry at riskbasedsecurity.com
Fri Oct 23 10:33:55 EDT 2020
https://www.techradar.com/in/news/historic-data-breach-exposes-practically-all-us-voters-ahead-of-election
Ahead of next month’s US presidential election, security researchers
have identified databases containing detailed information about voters
across the nation listed for sale on several hacker forums.
According to security firm Trustwave, the sellers claim the database
contains 186 million records, which would account for practically all
US voters.
For context, 126 million voters cast a ballot in the 2016 election,
although this figure represented a 20-year low and analysts expect
this year’s election to draw a record-breaking turnout.
The leaked databases are said to contain a wealth of highly personal
information, including names, addresses, age, gender, contact details
and even political affiliation.
US election data breach
The US voter database was initially discovered on RaidForums.com, a
website that allows members to sell and acquire stolen data.
According to Trustwave, databases are traditionally sold for up to a
thousand dollars in bitcoin, but the seller of the complete voter
database, GreenMoon2019, asked that interested parties negotiate a
price over direct message.
An analysis of one bitcoin wallet used to pay GreenMoon2019, which was
created only in May, showed receipt of more than $100 million in
payments.
Conversations between forum members suggest the voter database
aggregates information stolen from unknown sources with data that is
publicly available to download from the NCSBE.gov website.
“I can’t believe this information is just publicly listed on there
[sic] site, it includes details about each vote like date of birth,
address, party affiliation and address,” wrote one forum member.
Trustwave warned the NCSBE that cybercriminals were discussing the
data online, but the organization insisted the information available
consists of public records only.
Although all data breaches can affect those whose information has been
exposed, the potential for harm is particularly clear in the context
of an election already expected to suffer as a result of external
intervention. Only this week, for example, Iranian intelligence was
found to be responsible for a pro-Trump email campaign designed to
intimidate Florida voters.
The fear, according to Trustwave, is that malicious actors could use
voter information to “conduct effective social engineering scams and
spread disinformation to potentially impact the elections,
particularly in swing states”.
In a post-social media world, the premise of the fair and democratic
vote has already been undermined, but handing malicious actors
detailed information with which to conduct campaigns can only further
aggravate the problem.
More information about the BreachExchange
mailing list