The voter information for approximately 35 million US citizens is being peddled on a popular hacking forum, two threat intelligence firms have discovered.
"To our knowledge this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data," said researchers from Anomali Labs and Intel471, the two companies who spotted the forum ad.
The two companies said they've reviewed a sample of the database records and determined the data to be valid with a "high degree of confidence."
Also: Trump administration: We'll let AI 'freely develop' in US TechRepublic
Researchers say the data contains details such as full name, phone numbers, physical addresses, voting history, and other voting-related information. It is worth noting that some states consider this data public and offer it for download for free, but not all states have this policy.
The supposed data comes from 19 US states. The list and pricing, as advertised by the hacker himself, is as follows below:
- Montana - 1000$
- Louisiana - 5000$ (3 Million Voters)
- Iowa - 1100$
- Utah - 1100$
- Oregon - 500$
- South Carolina - 2500$
- Wisconsin - 12500$ (6 Million Voters)
- Kansas - 200$
- Georgia - 250$
- New Mexico - 4000$
- Minnesota - 150$
- Wyoming - 500$
- Kentucky - 2000$
- Idaho - 1000$
- Tennessee - 2500$
- South Dakota - 2500$
- Mississippi - 1100$
- West Virginia - 500$
- Texas - 1300$ (14 Million Voters)
The seller revealed the voter records count for only three of the databases --Louisiana (3 million), Wisconsin (6 million), and Texas (14 million)-- totaling 23 million records. He is asking for $42,200 for all 19 databases.
"We estimate that the entire contents of the breach could exceed 35 million records," said Anomali Labs researchers.
Users commenting on the forum suggested this might be the data that was leaked in the Robocent incident in June, but the person who's selling the voter data claimed that "data is refreshed each Monday of every week," suggesting that he either still has access to the compromised servers or a way to receive these updates through other means.
"Certain states require the seller to personally travel to locations in-state to receive the updated voter information. This suggests the breach is not necessarily a technical compromise but rather an extensive operation involving cooperation within the election organizations," the Anomali Labs team pointed out.
The advertisement selling the 2018-updated voter records is one of the hacking forum's most popular topics. Anomali Labs says that within hours of the ad going online on October 5, there was a crowdfunding campaign up and running.
Multiple forum users pooled funds together to buy one or more databases part of this large offering and share them with the rest of the forum's registered users.
"At the time of this report, the first of 19 available voter databases, Kansas, has been acquired and published," Anomali Labs said. "A second crowdfunding project, voted by forum members to select the next state, is close to 20.7% of its funding goal. Oregon currently leads the voting for the second state to be published."
In an interview with ZDNet, Anomali Labs lead researchers Roberto Sanchez told us authorities have been made aware of the forum thread.
"Our operators engaged with the threat actor 'Downloading,' the original vendor of the voter database thread, to assess their credibility," Sanchez told ZDNet.
"We believe this to be an alias for the forum administrator named 'Omnipotent' based on shared email address between Downloading and Omnipotent."
Furthermore, Omnipotent has a history of sharing voter databases on his forum. Before the new thread advertising voter records from 19 states, he also shared voter records on his forum from five other US states:
- Washington 2018 Voter Database
- Pennsylvania 2018 Voter Database
- North Carolina 2018 Voter Database
- Florida 2018 Voter Database
- Connecticut 2018 Voter Database
- Ohio 2018 Voter Database
Previous and related coverage:
The Voatz app is designed for troops serving abroad and uses blockchain tech.
Facebook is planning to establish a physical "war room" designed to bring staff together to find and destroy attempts to meddle with upcoming elections.
Claiming a win over Russian plans to hack US politicians, Microsoft unveils a new security service to detect attacks expected in the lead-up to the midterms.
And nearly all of them are up for re-election later this year.
- Flaws in ACT election systems could reveal voters' votes
- Facebook bolsters security protections for candidates, elected officials
- Google warned: Your YouTube ads interfere with our elections, says Russia
- Election hacking: getting the words right
- DOJ explains recent wave of cyber-espionage-related indictments
- Google forcibly enables G Suite alerts for government-backed attacks
- DHS aware of ongoing APT attacks on cloud service providers
- Twitter bans distribution of hacked materials ahead of US midterm elections
- Microsoft's efforts for a Digital Geneva Convention get underway
- UK Conservative Party conference app leaks MPs' personal details
- US government rolls out 2-step verification for .gov domain owners
- Google tested this security app with activists in Venezuela. Now you can use it too CNET
- Apple tells Congress it was never hacked by Chinese spy chips CNET
- North Korea is likely underwriting cyberattacks by mining Monero TechRepublic