State and local governments make voter databases readily available to give academics, pollsters, and pretty much anyone who asks a nationwide impression of voter registration and election turnout.

But on occasion—and especially before elections—this publicly available information makes its way onto sites where users typically share and sell breached databases and hacking tools.

On Tuesday, for example, a user by the name of greenmoon2019 advertised a list of 186 million voter affiliation records on the popular hacking forum RaidForums, with phone numbers for 60 million of those entries. The seller claimed that the list included full names, addresses, gender, age, and political affiliation of the individuals.

The Record did not obtain the database and cannot verify it’s authenticity, but a sample of the data provided by the seller appears to be real. Calls made to several individuals on the list were answered, and those individuals verified that information on the list was accurate. None of the individuals contacted said they were aware their data was being sold online.

To compile such a database, one could scrape information from various local election offices, said Dmitry Smilyanets, an expert threat intelligence analyst at Recorded Future who notified The Record of the RaidForums post. The data could also be stolen from political advertising organizations, targeted research operations, or mass mailing companies that collect it for commercial or campaign purposes.

Although the data can be obtained legally with relative ease, it can lead to widespread confusion when it appears on hacking forums. Russian newspaper Kommersant, for example, caused a stir earlier this month when it claimed that a stolen database of 7.6 million Michigan voters was posted to a hacking forum. In fact, the data was publicly available.

“Public voter information in Michigan and elsewhere is accessible to anyone through a FOIA request,” the Michigan Secretary of State’s office said in a statement. “Our system has not been hacked.”

If voter information is easy to obtain, an obvious question is why is it being sold on hacking forums, and who would buy it?

Nation states and other sophisticated threat actors interested in election interference would already have such data, and it would likely be of nominal use to them, said Smilyanets. “The Russians know how to get these databases—they probably already have it, and it’s probably well-updated,” he said.

Cybercriminals, on the other hand, could use the information for digital scams, said Stu Solomon, chief operating officer at Recorded Future. “Smaller, criminally-minded enterprises could use it to make phishing campaigns more successful,” he said. For example, cybercriminals could send mass campaign-related emails to registered Democrats or Republicans asking for donations. Adding this type of targeted information to a phishing campaign, in what is sometimes referred to as a phishing lure, could trick an individual into sending money or giving the individual more sensitive data, like credit card details.

Another possibility is that people who post advertisements for voter-related data don’t have any intention to sell it. Instead, the posts could be bait laid out by law enforcement officials, said Smilyanets.

“There are a lot of cops on these forums… it could potentially be a staged operation to find actors who are interested in election interference,” he said.

The seller of the database allegedly containing information on 186 million voters has been active on the forum for more than a year, and has advertised large mortgage and car ownership databases in the past.


administrator

Editorial Director, The Record by Recorded Future

Freelance writer