The personal data of some 186 million U.S. voters has been hacked ahead of presidential elections, according to cybersecurity firm Trustwave.
Citing that fears of election interference and disinformation campaigns by foreign parties and other actors, Trustwave said its investigations have uncovered “massive databases with detailed information” about U.S. voters and consumers offered for sale on various hacker forums.
These databases, the Chicago-based company warned, include a “shocking level” of detail about citizens including their political affiliation. Nearly 200 million voters are impacted; according to Pew Research, as of 2018 there were 234 million total registered voters in the U.S.
Trustwave said information in the voter database could be used to “conduct effective social engineering scams and spread disinformation to potentially impact the elections, particularly in swing states.”
The sellers of the database claim that it includes 186 million records – if this figure is accurate, that would imply that it contains information on practically every American eligible to vote.
Cybercriminals will likely seek to profit from this treasure trove of information by selling it to third parties.
Trustwave noted the existence of hacker websites where – after some initial vetting – members can obtain, exchange, or sell data that has either been leaked or hacked. Some of this information is publicly available, but some has been illegally obtained, too.
Trustwave noted that these databases are usually sold for a few hundred dollars, up to $1,000, payable in bitcoins.
Some of this information can also be found in the so-called “dark web” — content that is not visible through conventional search engines and which require specific software, configurations, or authorization to access.
“Having all this information — those adept at disinformation campaigns can impact voters by crafting social engineering attacks that leverage that data,” Trustwave said. “This voter and consumer information can easily be used for geo-targeted disinformation campaigns over social media, email phishing, and text and phone scams.”
Trustwave said it handed over information it gleaned from hackers to the Federal Bureau of Investigation.
“An enormous amount of data about U.S. citizens is available to cyber criminals,” said Ziv Mador, vice president of security research at Trustwave, NBC reported.
The FBI has already warned that Iran and Russia have obtained U.S. voter registration data (including email addresses) and may seek to interfere in the 2020 presidential election.
John Ratcliffe, director of national intelligence in the Trump administration, said on Wednesday that Iran somehow secured U.S. voter registration information and used this data to send threatening emails to Democrat voters while posing as members of the far-right Proud Boys organization.
“We are committed to finding and investigating fraud during this election,” the FBI told NBC. “While we cannot comment on information we may or may not have received from the public, we want to assure the American people the FBI is closely coordinated with our federal, state, and local partners to safeguard our voting processes.”
Separately, NPR reported that in July, cybersecurity experts at RiskIQ and Northrop Grumman warned the Department of Homeland Security that online voter registration systems in California and Florida – two populous states and crucial in the election – were vulnerable to hackers.
Four years ago, for example, the registration data of some voters in Riverside County, Calif. had been changed and they could not vote in local elections.