Election securityEstimated 35 Million voter records for sale on hacking forum

Data on up to 35 millionU.S. voters in as many as 19 states is for sale online, according to a new report from two cybersecurity firms – Anomlai and Intel471. DHS says, however, that much of the data is either public or available for purchase from state and local governments.

Redwood City, California-based Anomali posted the following post to its website:

Anomali Labs researchers in close partnership with Intel 471, a leading cybercrime intelligence provider, have uncovered a widespread unauthorized information disclosure of US voter registration databases. To be clear, this voter information is made generally available to the public for legitimate uses. Anomali and Intel 471 researchers discovered dark web communications offering a large quantity of voter databases for sale. The databases include valuable personally identifiable information and voting history. The disclosure reportedly affects 19 states and includes 23 million records for just three of the 19 states. No record counts were provided for the remaining 16 states, but do include prices for each state. We estimate that the entire contents of the disclosure could exceed 35 million records. Researchers have reviewed a sample of the database records and determined the data to be valid with a high degree of confidence.

Of note, the seller indicates they receive weekly updates of voter registration data across the states and that they receive information via contacts within the state governments. Certain states require the seller to personally travel to locations in-state to receive the updated voter information. This suggests the information disclosure is not necessarily a technical compromise but rather a likely targeted campaign by a threat actor redistributing possibly legitimately obtained voter data for malicious purposes on a cybercrime forum.

To our knowledge, this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data, including US voters’ personally identifiable information and voting history. With the November 2018 midterm elections only four weeks away, the availability and currency of the voter records, if combined with other breached data, could be used by malicious actors to disrupt the electoral process or pursue large-scale identity theft.

The post goes on to offer details of the stolen information, and the states affected, and concludes:

The previously unseen disclosure of 2018 voter data highlights the continued interest amongst the criminal underground for obtaining and monetizing voter registration information. Given the illicit vendor claims of weekly updates of voter records and their high reputation on the hacker forum, we assess with moderate confidence that he or she may have persistent database access and/or contact with government officials from each state.

These types of unauthorized information disclosures increasing the threat of possible disruptive attacks against the U.S. electoral process such as voter identity fraud and voter suppression.

For more election coverage, check out our findings on email spoofing, “Email Spoofing a Threat to the 2018 US Midterm Elections” and an assessment of US election security we did with CSO, “The Changing Landscape of US Election Security.”