Slashdot Mirror

← Back to Stories (view on slashdot.org)

Robocall Firm Exposes Hundreds of Thousands of US Voters' Records (bleepingcomputer.com)

Posted by msmash on from the privacy-woes dept.

An anonymous reader shares a report: RoboCent, a Virginia Beach-based political robocall firm, has exposed the personal details of hundreds of thousands of US voters, according to the findings of a security researcher who stumbled upon the company's database online. The researcher, Bob Diachenko of Kromtech Security, says he discovered the data using a recently launched online service called GrayhatWarfare that allows users to search publicly exposed Amazon Web Services data storage buckets. Such buckets should never be left exposed to public access, as they could hold sensitive data.

28 comments

  1. Oops our bad... by Archfeld · · Score: 0

    I'd be willing to bet that money changed hands and that the data was 'acquired' by some people who shouldn't have it when the data was 'accidently' left exposed.

    --
    errr....umm...*whooosh* *whoosh* Is this thing on ?
    1. Re:Oops our bad... by Anonymous Coward · · Score: 0

      ah yes, the old we're stupid, not evil defense

  2. Meh. by HeckRuler · · Score: 4, Insightful

    What the fuuuuuuoooookay. Not their voting record, just their "Personal details". IE, whatever they've told these robocallers.

    It's phone-book stuff plus party and demographics. meh. I mean, it's a leak, and you know, shame on a lazy corporation and all that. But this isn't real groundbreaking. If you donate to a political candidate, that's public knowledge anyway.

    1. Re:Meh. by ole_timer · · Score: 1

      please leave your message at the sound of the click...click, buzzzz....

      --
      nothing to see here - move along
    2. Re:Meh. by Anonymous Coward · · Score: 0

      Yeah, we should just let these companies keep on being c-units.

    3. Re:Meh. by HeckRuler · · Score: 1

      What part of "shame on a lazy corporation" didn't you read?

  3. Three strikes! by Fly+Swatter · · Score: 1

    Robocaller, strike one. Politician, strike two. Sloppy security with regard to citizens, strike three! Get out.

  4. Luddites Rejoice by Anonymous Coward · · Score: 0

    They warned us this would happen. And we didn't listen.

  5. So what by Anonymous Coward · · Score: 2, Insightful

    Robocall firms are already the people you don't want to have that.

  6. Voting records are public by Anonymous Coward · · Score: 0

    If you have registered to vote, your details are available to anyone who asks.

    1. Re:Voting records are public by DickBreath · · Score: 1

      At least they should have to go to the tribble to ask.

      --

      I'll see your senator, and I'll raise you two judges.
    2. Re:Voting records are public by Anonymous Coward · · Score: 0

      that's the trouble with tibbles

  7. Voter records publicly available in most states. by Anonymous Coward · · Score: 4, Informative

    Most, if not every state provides very low cost voter records for a very small fee. They'll just send you a DVD with all the voters addresses, names, age, and voting records. It fits in a few gigabytes of zip.

    There's several websites where you can lookup someones voting record online, per state. Some states only allow the information to be used for political purposes, but that's incredibly broadly defined, and mostly just to stop people putting up stalker websites.

  8. Another amazon leak by Anonymous Coward · · Score: 0

    This seems to happen a lot.

    Amazon should be making it a lot harder to accidentally leak this stuff.

    And I don't blame these guys. If you've never used AWS before, try to figure out how to securely use any of their nonsense-named tools. You'll find plenty of hundred page white papers but no simple checklist.

    1. Re:Another amazon leak by DickBreath · · Score: 1

      > Amazon should be making it a lot harder to accidentally leak this stuff.

      Yeah, and:
      * IoT devices should make their hardcoded backdoor passwords harder to find
      * They should run telnet on a non-standard port for extreme security
      * They should make their root passwords more than six characters

      --

      I'll see your senator, and I'll raise you two judges.
    2. Re:Another amazon leak by Anonymous Coward · · Score: 0

      Why even bother with root passwords? Now a days most people don't allow remote logins at all, so the password is moot. They go the sudo route. Are lazy. And getting into any other account t on the box and typing: sudo bash gives you root.

    3. Re:Another amazon leak by DickBreath · · Score: 1

      I think all 3 "best" practices I mentioned are actually bad ideas.

      --

      I'll see your senator, and I'll raise you two judges.
  9. Re: Voter records publicly available in most stat by Anonymous Coward · · Score: 4, Informative

    Before anyone overreacts.

    The voting records provided display that you showed up at the polling place or voted an absentee ballot. Not the actual votes cast.

  10. Am I the only one by Anonymous Coward · · Score: 0

    who read "RoboCent" as "RoboCunt"?

  11. Public information by Train0987 · · Score: 2

    Voter registration information is public info available from the Secretary of State or numerous websites for a small fee like this one: http://aristotle.com/data/data...

  12. Robocallers act irresponsibly? NO! by RyanFenton · · Score: 2, Interesting

    The first rule of robocallers: You should not allow robocallers to exist.

    The second rule of robocallers: If they somehow exist, you must immediately outlaw them, and enact enormous fines against any company shown to contribute to them. These fines will bypass any corporate account masking, and go directly to each individual in the company or network of companies, based on their percent ownership, and will typically be for hundreds of millions of dollars for a nationwide campaign.

    The third rule of robocallers: If they are found to be protected by jurisdiction lines, you must have a bank of anti-robocallers that are only permitted to call the offending nations - they will put out anti-robocalling messages 24 hours a day, every day of the year to every phone number in that jurisdiction. Blocking these calls will be met by blocking any communications along those channels.

    The zeroth rule of robocallers: Automated spam of all sorts increasingly counts as robocalls, as technology advances.

    Ryan Fenton

  13. Re:Voter records publicly available in most states by Anonymous Coward · · Score: 1

    Actually, voter records being public has been the law since what? 2006? I can't remember. But I know I can get a copy of all voter registration data in my home state of Washington by filling out a form on Washington states secretary of states website. They'll email me a link to download it (usually a few hours later) after my request is approved.

  14. Re:Robocallers act irresponsibly? NO! by Anonymous Coward · · Score: 1

    Fifth rule: Previous rules don't apply until a funding mechanism is identified.

    Corollary to Fifth rule: Good luck with that.

  15. Make it private by andymadigan · · Score: 1

    It's time to start making voter registration information private. Political parties and candidates aren't using the data to build convincing, well-meaning campaigns. They're just trying shout empty slogans louder than the other guy. My "representative", Nancy Pelosi, just uses the data to spam people using government-owned servers, complete with fake unsubscribe links.

    Soon data brokers will get in on this and set up fake campaigns just to grab the voter records from the source and sell them to the IRS scammers.

    --
    The right to protest the State is more sacred than the State.
    1. Re:Make it private by Patent+Lover · · Score: 1

      Soon?

  16. Free in some states by Anonymous Coward · · Score: 0

    Like Texas. Anyone can look it online for free. It'll list the name and address.