Are new voter records being sold on the darknet?

The security of America's voting and voter registration systems has been a hot topic as of late. After hackers at the national information security conference DEF CON demonstrated how easy it was to infiltrate and compromise the voting technology that is currently used by a significant number of state and local polling systems, this conversation only continues to become more relevant. Which leads us to the lesser-discussed but no less important question: what happens with the voter data accumulated from these attacks? Since the personally identifiable information (PII) of voters may or may not be the primary goal of such attacks, why should we care?

"Someone Is Selling More Than 40 Million Voter Records on the Dark Web," headlines a recent article from MotherJones. Is this true? And if so, does it matter? Our analysts investigated.

Short answer: yes (ish)

We searched the darknet via our database of DARKINT, DarkOwl Vision, to confirm that such records were indeed being sold to willing buyers. The results confirm that yes, several sellers on darknet marketplaces are selling (or at least advertising, as DarkOwl does not make a practice of purchasing such items, even if it means being unable to irrefutably confirm their legitimacy) voter records that closely match the ones announced in MotherJones' PSA.

Thus, the short answer is: yes, one could ostensibly find and/or purchase this information on the darknet. However, this notion as it has been presented by our colleagues and news reports, is misleading. This is due to two things: 

  1. The information in question - particularly that cited by MotherJones, Dark Reading, and cybersecurity firms in the last weeks - is only being propagated on the darknet. These sources go so far as citing the source URL of the "compromised" data, which leads to a standard surface website that is accessible to anyone using Google.
  2. Similarly, this information is available elsewhere on the surface web as part of various government transparency clauses, including as part of the federal Freedom of Information Act, or of another state-specific mandate. 

While the fact that this information is being sold in darknet marketplaces is not entirely unnoteworthy, as the darknet is notorious for attracting criminals who find this type of information particularly lucrative in the long run, it is in our analysts' opinion that the sale of such information is being used more as headline fodder than as a substantive cautionary to involved parties.

So, should you be worried? 

Personally Identifiable Information (PII) is a hot commodity on darknet marketplaces. Information of this nature, including the voter data in question (which includes first, last, and middle names, voter ID numbers, birthdates, voter status, party affiliation, and addresses) offer cybercriminals the opportunity to commit various types of fraud, many of which are pervasive and cause significant damages to victims.

According to the cybersecurity firm, who claims to have "tracked in an underground forum, the leak of nearly 40 million U.S. voter records from eight different states," the data at hand contains the personal and sensitive information of current and former voters that may not have otherwise been available to the average American citizen. This is simply not the case.

 A screenshot from coloradovoters.info, a publicly accessible surface website.

A screenshot from coloradovoters.info, a publicly accessible surface website.

DARKINT matters

Nevertheless, as mentioned above, the fact that this information is being sold on the darknet suggests that it is likely being sought out for less than legal purposes. While anyone could visit each state voter data base and download each individually, it is being offered on the aforementioned marketplaces in a tidy, buyer-friendly package that some cyber criminals may find hard to resist. 

DarkOwl Cybersecurity possesses the largest commercially available database of darknet content. Using our darknet intelligence (DARKINT), companies, organizations or individuals can search and monitor for their proprietary information on the darknet, before it falls into the wrong hands. 


Curious about something you've read on our blog? Want to learn more? Please reach out. We're more than happy to have a conversation.