A hacker is selling a database of all US voters for $7,800 on the dark web
In recent times, all data breaches that are taking place are finding its way to the principal black market known as ‘Dark Web’. One can easily find any kind of data that they are looking for here.
It is now learnt that a hacker is trying to sell a database that supposedly contains registration records for voters in all 50 US states, Tech Insider reported. A seller using the pseudonym of ‘DataDirect’ is offering US voters’ registration records on the dark net marketplace “The Real Deal.”
The Real Deal, a popular site many cyber criminals use for buying and selling everything from illegal drugs to zero-day software exploits. The seller is offering US voters’ records for each state at 0.5 BTC (around USD 340). The seller is also ready to offer the records at a “bulk rate” of 12 Bitcoin, or about $7,800.
“US voter registration records. Selling the DB on a State-by-State basis. 0.5 BTC per state (you must tell me which State you want. Some people think it’s unfair to make each State cost the same amount because some States are much bigger than others. I think it’s just easier this way.” states the item description.
Currently, it is difficult to say if the offered data is legit but the same seller is also offering Thomson Reuters World-Check terrorist database on the same Dark Net Marketplace ”The Real Deal”.
The listing includes supposed screenshots of the databases, which are .json files, with file names of apparent states, such as fl.json for Florida and az.json for Arizona. Another screenshot appears to have voters’ information, which includes full name, date of birth, address, phone number, political party, date they registered to vote, state voter ID number and whether they voted in the general or primary elections for a given year going back to the year 2000.
However, there were no Social Security numbers present in the data viewed by Tech Insider.
An important fact about the data is that in December 2015, the security expert Chris Vickery discovered million US voter registration records online. The precious data were stored in an unprotected server exposed online. However, it is not clear how DataDirect gained access to the precious archive. It is likely that he has found the same archive discovered by Vickery, but we cannot exclude that he hacked other servers containing the same information, including a government server.
DataDirect also shared two screenshots that show some records included in the archive. The first screenshot shows personal and voting details of a native from the State of California.
By looking at the sample screenshots it appears that the data is legit and if it really is, this is a huge blow to the US Election Assistance Commission (EAC) and users themselves. This kind of data could be used by threat actors in the wild to launch other attacks against the US voters. Data could be used in spear phishing attacks or any other scam scheme.
This is not the first time when entire country had its voters’ data at stake. In April 2016, a database containing voter data of each and every Mexican citizen was available on the Internet without any password protection. The archive went online for at least eight days after it was discovered. The database was set for a public access since September 2015.
Source: Business Insider