It’s public knowledge that the 2018 midterm elections in the U.S are due to be held under three weeks. In the light of that, a hacking forum that sells data breach information through an advertisement is also reported to be selling voting history of millions of Americans.
As elections are drawing near, fraudsters are all equipped to sell an estimated data of 35 million voters from updated statewide voter lists; names, physical addresses and contact numbers of millions of voters from 19 states are entailed as a part of the sale.
The 19 states that are affected by this data breach are Oregon, Mississippi, South Dakota, South Caroline, Tennessee, Utah, Georgia, West Virginia, Idaho, Wisconsin, Minnesota, Idaho, Wyoming, New Mexico, Texas, Iowa, Louisiana, Kansas, and Kentucky.
Voter Data provided for each state is seemingly priced in accordance to the sellers’ demand which varies from state to state. The data for all the 19 states will be stacked for a total of $42,200, let’s dissect this a bit —
The Louisiana file is loaded with information on 3 million voters and the Texas bundle appeared to be the largest with information on 14 million voters whereas Wisconsin file with information on 6 million voters was priced highest i.e, at $12,500.
What’s deduced by cybersecurity researchers?
Researchers at Anomali Labs and Intel471 learned that the data available on the website frequented by hackers is valid with a high degree of confidence as it is periodically updated and hence contains newest of information to attract potential buyers.
The revelation of new data being added every Monday worsens the entire alarming affair, if the revelation is to be believed, the criminals are still having the access to the voter records of the aforementioned states.
“the seller indicates they receive weekly updates of voter registration data across the states and that they receive information via contacts within the state governments. Certain states require the seller to personally travel to locations in-state to receive the updated voter information. This suggests the information disclosure is not necessarily a technical compromise but rather a likely targeted campaign by a threat actor redistributing possibly legitimately obtained voter data for malicious purposes on a cybercrime forum,” says the report by researchers at Anomali Labs.
Is the data in public domain or not?
In certain states, these voter registration lists can be obtained legally by authorized entities like researchers and journalists. However, acquiring voter lists for commercially motivated purposes is illegal.
Unlike authorized data brokers, the seller here won’t follow the imposed restrictions or the rule of law, the data will be rampantly circulated in the lanes where money will flow. With this act of data accumulation from those 19 states, the seller reduced the ease of access to the same for unauthorized parties.