World News

Voter data widely available on dark web, cybersecurity experts say

FBI confirms Iran responsible for wave of fake emails intended to intimidate voters

What is being done to protect voters and the election? Reaction from Bramer Group chair Don Bramer.

Targeting millions of voters with misinformation may be as easy as clicking the right button in 2020.

The Fox News Investigative Unit has been made aware of a digital marketplace where anyone with enough cash can apparently purchase the kind of detailed data about U.S. voters that could lead to the sorts of targeted campaigns the FBI and the Director of National Intelligence are now attributing to Iran and Russia.

The listing for the data itself is on the dark web, a version of the internet that is invisible to normal search browsers, but that is available to anyone with the right tools. 

“The sellers of the U.S. voter database claim that it includes 186 million records, and if that is correct, that means it includes information about nearly all voters in the U.S.”

The Russian and Iranian campaigns apparently resulted in emails being sent to Democrats in battleground states like Florida, Arizona and Pennsylvania, and contained threatening messages designed to intimidate voters.


DNI John Ratcliffe confirmed during a press conference that both of those foreign nations are in possession of some U.S. voter data, and are attempting to exercise their influence ahead of the election. Ratcliffe is now being called upon to brief all members of the Senate about the announcement.

The apparent voter information in this alleged marketplace has zero impact on peoples’ ability to cast ballots, or the integrity of the voting system as a whole. Much of the information also resembles the kind of legitimate consumer data sets that are bought and sold for advertising purposes.

However, the extent of what is available in this obviously more illicit marketplace is eye-opening. And the implications of having this type of information available for anyone to purchase may now be even more obvious given what Iran and Russia are alleged to have been doing.

The particular listing of personal data-for-purchase that was flagged to Fox has apparently been sitting out in the open for weeks, and remains available for anyone to buy – even today.


In the screenshot below, which purports to show the listing, the vendor alleges to have highly specific information about “up to 180 million U.S. users from all 50 states.”

The Fox News Investigative Unit has been made aware of a dark web marketplace where anyone with enough cash can purchase the kind of detailed information about voters that would be necessary to conduct the kinds of targeted misinformation campaigns being attributed to Iran and Russia by FBI and DNI.
((Vinny Troia/Night Lion Security))

It further describes exactly what kind of “details, demographic and marketing data” is provided for each person, including “Facebook ID, Phone, email address, name, address, city, state, zip, voter information – political party preferences” and much, much more.

The apparent seller notes that the information can be bought as a whole, or individually by state.

According to Vinny Troia, CEO of cybersecurity company Night Lion and the person who flagged the listing to Fox News, the information goes further than just politics. It includes mortgage lender information, the types of credit cards someone uses, and even possibly details about peoples’ children.

"There are a number of different online vendors that sell this type of data," Troia told Fox. Lately, he added, "there’s been a massive influx of new players appearing and data going up for sale due to the upcoming election."


Even Troia admits that while awareness is high, "law enforcement are short on time and resources to track and remove all the different sources as they pop up."

Troia shared another document, which Fox is unable to independently verify, that appears to show what one of these listings actually looks like.

It contains a variety of information about the individual listed, including their first and last names, date of birth, and city of residence, but also credit card types, mortgage lender and marital status. There are no voter or political registration details, but there is plenty of other data in the listing.

The Fox News Investigative Unit was shown what appears to be the personal information of a voter that was taken from an online database available for purchase on the dark web.
((Vinny Troia/Night Lion Security))

Another cybersecurity firm, Trustwave, reported similar findings to Troia's on October 21, and added that it believes the problem may be even larger.

"The sellers of the U.S. voter database [analyzed by Trustwave] claim that it includes 186 million records, and if that is correct, that means it includes information about nearly all voters in the U.S.," Trustwave wrote in its report.

The company added that it’s not only voters whose data is being bought and sold. "The U.S. consumer database is claimed to include 245 million records,” Trustwave wrote, “which is nearly the entire population."

“There are a number of different online vendors that sell this type of data and lately, there’s been a massive influx… due to the upcoming election. It’s not hard to find if you know where to look but law enforcement are short on time and resources…”

"So for now, voter and marketing data is easily purchased and records contain hundreds or thousands of data points," Troia lamented, while also noting the practice is "virtually impossible to stop. Breached data sets keep getting recycled and re-packaged for new purposes."

And the hacker community is just the tip of the iceberg, Troia says. "Ultimately, the responsibility falls on organizations that leave this information unsecured while continuing to act as brokers to other organizations wanting to purchase that data," he told Fox.


"The government could step in and regulate the sale of this type of data, but so far it hasn’t," Troia said. "If lawmakers are serious about shutting this data economy down, they should fine companies that sell and resell this type of data," he argued. "There are hundreds of legitimate companies where you can purchase full data sets and no laws or conversations about regulating any of it."

Source: Read Full Article