Another year and another major leak has exposed the voting records of tens of millions of Americans. No, this is not a republish from 2015. A new report from research team Anomali Labs has uncovered nearly 35 million US voting records for sale within an underground hacking forum on the DarkNet, reportedly encompassing 19 different US States. The hackers are selling the records online ranging anywhere from a few hundred dollars to twelve thousand five hundred dollars, depending on state, and the sellers allegedly have no shortage of buyers lining up to purchase the data.
As Anomali‘s report points out, “The databases include valuable personally identifiable information and voting history.” Adding that “The disclosure reportedly affects 19 states and includes 23 million records for just three of the 19 states. No record counts were provided for the remaining 16 states, but do include prices for each state. We estimate that the entire contents of the disclosure could exceed 35 million records.”
View Full Report from Anomali: https://www.anomali.com/blog/estimated-35-million-voter-records-for-sale-on-popular-hacking-forum
As for why I deem this story important enough to cover here today, this is because I personally covered US voting data breaches throughout the course of 2015 and into 2016. More specifically, I once covered how over 400 million US voting records had been uncovered by the end of June 2016 alone, less than 5 months before the Presidential election that year. In fact, my research on stolen US voting records and the manipulation of US voting machines was featured in front of the US Senate Intelligence Committee in 2017.
To get you caught up to speed here, hackers had begun targeting voting records of US citizens living in both “Swing States” and states expected to host contentious Congressional/Senate battles. This was done in order to learn as much information as possible about potential voters and voting demographics throughout different states, including things like their personal interests, inclinations and how they were most likely to vote. Moreover, hackers, threat actors and/or lobbying groups desperately sought this type of information so that they could target them with emails, phone calls or advertisements on social media, either appealing to their personal interests to re-enforce their vote or appealing to their dark side to get them riled up/belligerent and therefore more likely to vote. It was also not uncommon for most independent voters to be sent different forms of propaganda in hopes it would swing or influence their vote one direction or another.
For example, you might remember that Russian actors once paid to advertise Black Lives Matter protests/rallies specifically to White Supremacists on social media, simply to get people riled up, protesting against and hating one another. Similarly, they also advertised conservative news platforms/postings specifically to liberal audiences for the same reasons – vice versa.
Sample of Information Exposed In 2015/2016 Breaches:
Major Voting Record Data Breaches 2015 – 2016
12-29-2015 | Personal Details of 191,337,174 US Voters Hacked on Misconfigured Federal Database: http://news.softpedia.com/news/misconfigured-database-exposes-details-of-191-million-us-voters-498185.shtml
1-3-2016 | Second Leaked Data-Base Containing 19 million records on Demographic Information on Specific Voters & 56,722,986 More Voters: https://www.databreaches.net/did-a-christian-right-wing-organization-expose-private-details-of-millions-of-people/
5/23/2016 | 154 Million More Voter Records Hacked: http://news.softpedia.com/news/hackers-breach-us-company-and-unwittingly-expose-154-million-voter-records-505553.shtml?utm_content=buffer871e1&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer
To that very point, even Anomali points out “With the November 2018 midterm elections only four weeks away, the availability and currency of the voter records, if combined with other breached data, could be used by malicious actors to disrupt the electoral process or pursue large-scale identity theft.” Essentially, for all the same reasons this sort of data was stolen before the US Presidential election of 2016.
As for the states effected, the most recent data breach is said to have effected Louisiana, Texas and Wisconsin the most, with nearly 23 of the 35 million records coming from these 3 states alone. The other 16 states effected include Montana, Iowa, Utah, Oregon, South Carolina, Wisconsin, Kansas, Georgia, New Mexico, Minnesota, Wyoming, Kentucky, Idaho, South Carolina, Tennessee, South Dakota, Mississippi, and West Virginia. At the present moment in time, only the voting records of Kansas have become published publicly.
Perhaps most importantly, the hackers alleged to have contacts in various state Government around the country, ensuring that all data provided is up to date and that any information to come throughout the future is viable. This is also concerning in its own right because, if we are to take the hackers at their word here, this means that there are “rogue” US Government employees in 19 States actively “colluding” to release the voting records of private citizens just 4 weeks away from the November 2018 mid-term elections. I haven’t done enough research to analyze the different battles or seats up for grabs in each of the 19 states implicated in the leak, but the situation is certainly worth monitoring.
Categories: Hacking News