Ever since the U.S. election campaigns began, there have been concerns over rising disinformation campaigns. Security experts from Trustwave SpiderLabs stated they found a massive database that contained detailed information about U.S. voters and consumers kept for sale on the hackers site RaidForums.com and various other darknet forums. “This data can be useful for all sorts of scams and in particular, can be useful to target voters based on their voting history,” Trustwave said.
Voter List on Sale!
The hackers claimed that the leaked voter database includes names, addresses, age, gender, and political affiliation of 186 million voters in the U.S. Trustwave stated that cybercriminals could abuse the exposed database to perform various social engineering scams and spread disinformation that may potentially impact the elections. Threat actors have obtained the voters’ information from publicly available government resources and various data breaches. Cybercriminals have found ways to monetize the information, ranging from a few hundred to thousand dollars, payable in bitcoins.
“The thread about this database was entirely removed from the forum. Most likely the forum administrator did that to avoid unnecessary attention from researchers and law enforcement agencies. However, we established contact with the seller who said the voter database is still available to purchase,” Trustwave said.
Not the First Sale!
This is not the first time threat actors are selling voter information on the darknet. Earlier, the voter databases of around 35 million U.S. citizens were peddled on a hacking forum. It is found that cybercriminals obtained unauthorized access to the U.S. voter registration databases and put them for sale in dark web forums. The database holds personal information like names, phone numbers, address details, and voting history. They also said the data is priced between $150 and $12,500, affecting over 19 States in the U.S.
Unsecured Election Infrastructure
According to a survey from Venafi, 70% of cybersecurity professionals most likely believe their local governments cannot defend election infrastructure against cyberattacks from domestic and foreign threat actors. The survey, based on election infrastructure cybersecurity, also disclosed that 75% of security experts consider that the spread of malicious information is the biggest cyber risk to election integrity.