In October 2018, a troubling discovery was reported by researchers at Anomali Labs and Intel 471. As it turns out, hackers have obtained millions of voter records and sold them on the dark web for the highest bidder. The voters’ personal information involved could be a goldmine for both digital and brick-and-mortar criminals, not to mention marketers of all stripes.
So, what’s the actual story here? Should we really be worried about a cybercrime epidemic, and should we take real steps to ensure that our data haven’t been leaked?
What are the details behind the 2018 US voter records leak?
Even the basic details are quite shocking. According to the researchers, about 35 million individual voter records have been obtained from 19 US states and put up for sale on the “Dark Web.“ Not only that, but the company behind the leaks claims to receive updates on voter registrations from contacts across each of those states each week. So, it looks like a complex network of data brokers is targeting democracy in the US.
It’s important to note, however, that accessing US voter records is not technically illegal. Selling them for profit, though, is another matter entirely. But while it’s worrying that registration details can be sold for profit, this is not even the main concern. More troubling still is the likelihood that the information contained in voter registration records could be used for nefarious purposes.
What information do the leaked voting documents contain?
So, let’s say you’re wondering whether your data is among the Texas data records that were leaked. Should you be on your guard against targeted cyberattacks as a result?
As far as we know, the voting records are full of information that could be valuable for phishers. Here’s a sample of the kind of information cybercriminals could derive from standard voter records:
· Your full name
· Your landline and cell phone numbers
· Your current and verified street address
· Your voting history and party affiliation
This information on its own is relatively harmless. However, when combined with information from criminal records, driver licenses, or credit databases, it’s easy to see how it can be abused by skillful criminals.
It’s worth noting that while many of these details are publicly available from voter records, it’s common for states involved in the leak to offer voters a variety of “opt outs”, giving them the impression of privacy and security. But this may not be effective, so don’t assume that your details haven’t been leaked even if you ticked all the right boxes.
Which states does the information leak involve?
The 2018 voter records leak doesn’t apply to all voters in all US states, at least as far as we know. That said, a large number of states are vulnerable. And just in case you were worried, the current list is as follows:
· Wyoming
· Wisconsin
· West Virginia
· Utah
· Texas
· Tennessee
· South Dakota
· South Carolina
· Oregon
· New Mexico
· Montana
· Mississippi
· Minnesota
· Louisiana
· Kentucky
· Kansas
· Iowa
· Idaho
· Georgia
How did the hackers obtain so many voting records?
While we don’t have too much background data about the networks involved in the US voter records leak, we can make some guesses about how it transpired.
For one thing, the voter records may have been obtained via legal means. In this case, however, those involved would have needed to actually collect the records in-person, leaving a paper trail in the process. That, however, seems unlikely given their criminal ambitions.
It’s much more likely that a single individual or group gained access to servers containing voter information, either externally or via contacts within state organizations. The claim that they receive regular updates suggests that this access is very much ongoing.
Questions remain about how the records made their way from state servers to the depths of the Dark Web, given that voting records aren’t supposed to be given to for-profit organizations. And we do know that profits are involved. At the moment, the lists are sold for anything between $150 and $12,500, so money is being made even before the phishers get started.
How to find out whether your voter registration records were leaked
Another major question is whether other states than those we listed above were affected. As of yet, we can’t be sure about this. If you’re worried about whether your Michigan voter records or Florida voter records are up for grabs on the dark web, there may be something you can do to check.
In theory, you could actually access the Dark Web to check whether your details are part of the leak. If you try this route, though, be aware that accessing the dark web can carry security risks involving malware and other infections. So, take precautions – update your antivirus app, don’t click on suspicious links and, above all else, install a VPN.
Is the US voter records leak a serious security risk?
As we noted earlier, the major risk attached to voter information sales relates to cybercrime. The data contained in these records can help hackers build in-depth profiles of potential targets. They can combine this with other publicly available or hacked information, or use certain techniques to monitor your communications. When they know all about you, stealing your identity is much easier.
This makes it even more important to have a good Virtual Private Network (VPN) installed, since VPNs make it difficult to “sniff” users’ online traffic or intercept their emails. But don’t panic. We’ve been here before, in 2016 and 2017. The web didn’t melt down then, and it won’t now. Still, there seems to be room for improvement in the way American democracy is managed, that’s for sure.
