Besides the sale of drugs, weapons and other items of the like, dark web vendors are now availing a fresh market to ready buyers—the voting registration details of millions of United States voters ahead of the upcoming midterm elections, held next month.
Threat intelligence firms Intel471 and Anomali reported that hackers have managed to access U.S. voter information and put it up for sale on the dark web.
This is according to their analysis of recent posts and advertisements made on a popular hacking forum in the dark web.
The firms further indicated that so far, the data of an estimated 35 million voters is available for purchase. The rates differ per state and range between $150 and $12,000.
The hackers were able to access such details as the voters’ names, contact details, physical addresses, as well as voting history.
Based on the advertisements on the dark web, this crime affected voters from 19 states. The majority of the voter data, about 23 million records, are from three states.
According to a blog post by Anomali researchers, these 19 states include Wyoming, Iowa, Oregon, West Virginia, South Dakota, Wisconsin, South Carolina, Texas, Georgia, Utah, Kentucky, Kansas, New Mexico, Montana, Louisiana, Mississippi, Tennessee, Minnesota, as well as Idaho. Some of these states have spoken up against the sale.
Complaints from Oregon
According to Oregon Secretary of State Dennis Richardson, the state is among those whose voter information is up for sale.
The U.S. Department of Homeland Security identified a 19-year-old dark web user who has been trying to sell the state’s voter registration information.
The people of Oregon can access this information publicly at a fee of $500. However, it is against the state’s law to resell this data.
Based on a memo from the executive director of the National Association of Secretary of States, the dark web databases contain the voters’ phone numbers, full names and addresses.
The Oregon Department of Justice is now working with the Federal Bureau of Investigation to deal with the problem.
Reports from the State of Kentucky
Kentucky Secretary of State Alison Lundergan Grimes acknowledged that Kentucky is among the 19 victim states of the voter data sale. However, so far, the state’s voting system appears uncompromised.
The price for Kentucky voter information is $2,000.
This data entails the voters’ names and addresses. It also contains their voter history, specifically the elections in which they have previously participated.
The voter data sellers may have stolen or bought the records from individuals and campaigns that may have obtained them legitimately.
In a statement, Grimes reported that the Secretary of State’s office has no reason to believe that the voter registration system has been compromised.
Still, she said the incident is a reminder that the state needs to take action in enhancing the levels of cybersecurity in its internal systems.
Idaho Reports Similar Crime
The State of Idaho has also come out with reports of voter data sale on the dark web. The Office of the Secretary of State has warned the voters that an unknown dark web actor has access to their details.
Like in Kentucky, the officials speaking about Idaho’s case have reported that the hackers have not tampered with the voter system.
Idaho Secretary of State Lawerence Denney stated in a news release that his office has begun to work on investigating the matter along with the National Association of Secretaries of States and Homeland Security.
Based on Homeland Security’s findings at the moment, the user only seems to be interested in buying publicly available voter data and reselling it.
However, this seller may be exposing the voters to numerous dangers.
What It Means for the Victims
Considering that the midterm elections are about to take place, concerns have been raised that the incident may affect the voting process for the victims.
Those who buy the stolen voter details have a chance to compromise the victims’ registration status.
With their personal information, they could potentially make false alterations to the voters’ details to stop them from participating in the elections.
There are several ways in which the buyers can interfere with the voters’ details. For one, they can change their physical addresses.
They can also delete their registration to disable their eligibility status. The criminals could also make absentee ballot requests.
In addition, when combined with other personally identifiable details obtained from previous data breaches (such as the massive Equifax breach of 2017), the stolen 2018 voter data may come in handy for darknet buyers who want to use the information for identity theft.
Latest posts by M.H. (see all)
- 2 South Carolina Men Sentenced in Darknet Mail Bomb Case - March 12, 2019
- Thousands of Pakistani Bank Cards Are Available on the Dark Web - March 7, 2019
- Over 600 Million Hacked Accounts Available on Dream Market - February 22, 2019