Attacks/Breaches

7/24/2017
05:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Voter Registration Data from 9 States Available for Sale on Dark Web

Nearly 10 million voter records sold for just $4 over last few days, according to LookingGlass Cyber Solutions.

Threat intelligence company LookingGlass Cyber Solutions says it has discovered over 40 million voter records from nine different states being traded in an underground forum for stolen credit card data and login credentials.

The voter records being offered for sale include the voter's full first, last and middle name, voter ID, birthdate, voter status, party affiliation, residential address and other details. The data belongs to voters in Arkansas, Colorado, Connecticut, Delaware, Florida, Michigan, Ohio, Oklahoma and Washington State.

Over the last two days, voter databases from at least two of the states—Arkansas and Ohio—were sold for a mere $2 each, or a total of $4 for almost 10 million voter records. That suggests financial gain is not the primary reason for the activity, according to LookingGlass.

'Logan,' the individual who has advertised the data and is selling it on a site called RaidForums, has hinted at possessing voter records for an additional 20 to 25 states, says Jonathan Tomek, director of threat research at LookingGlass Cyber Solutions.

Logan appears to have obtained the voter information through Freedom of Information Act (FOIA) requests, website requests, and also through social engineering them from states where an entity would otherwise be required to purchase the information, he says.

What makes his activities additionally illegal is his attempt to sell the data for purposes other than political purposes, he noted. Many states prohibit the republishing of voter data or the use of it for commercial purposes. Violators can face fine and prison terms of up to five years.

"Logan is not affiliated with any group to our knowledge," Tomek says. "We believe he is acting alone. I can say he is over 18, travels a bit internationally, and works for a cybersecurity company," he says.

Tomek says LookingGlass does not have information on how many people might have purchased the voter information or what they might do with it. "We do know he is actively trading this information for other stolen items such as credit cards and login credentials," he says. "The combination of the voter information plus the other data has potential to be very bad since the voter data contains birthday, home address, email, and full name."

News of the sale of millions voter records in an underground cyber forum comes amid an ongoing controversy over the Trump Administration's push to get publicly available voter registration records from each state in connection with an inquiry into potential voter fraud in last year's general elections.  A Trump appointed election integrity commission in fact met for the first time just last Wednesday to discuss next steps into the matter.

A total of 24 states have so far complied with the Trump Administration's request for voter data. But the District of Columbia and 17 states have so far refused to hand over the data. Some groups like the American Civil Liberties Union (ACLU) have sued the Trump election commission citing voter suppression fears.

The Help America Vote Act (HAVA) currently requires all 50 states to maintain a central voter file in electronic format. The content and availability of the data in these files varies dramatically by state, as can be seen in this U.S. Election Project interactive map maintained by the University of Florida, Gainesville.

Some states make all the information they have in their voter files available to those eligible to view or purchase the data. Others withhold certain information like the voter's Social Security Number, date of birth and driver's license number. As PBS noted in a report last week, 19 states consider an individual's full birth date to be part of the public record, while a voter's race and party affiliation is considered public information in six states and 32 states respectively.

Currently, only the registered parties, political committee and a candidate or their committee registered in all areas can purchase all available statewide voter data, according to the US Elections Project website. The total cost for a US citizen to purchase all available voter registration data for all states is around $126,500. Politically oriented non-profits, candidates, parties and their committee would pay around $136,000.

Related content:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Former Student Admits to USB Killer Attack
Dark Reading Staff 4/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11332
PUBLISHED: 2019-04-18
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.
CVE-2019-9161
PUBLISHED: 2019-04-18
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an etc/config/wac/wns_cfg_admin_detail.x...
CVE-2019-11015
PUBLISHED: 2019-04-18
A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). This occurs because of paste access...
CVE-2019-11331
PUBLISHED: 2019-04-18
Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.
CVE-2019-9160
PUBLISHED: 2019-04-18
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).