Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Voter Records From 19 States Is Being Sold on a Hacking Forum, Threat Intelligence Firms Say (zdnet.com)

Posted by msmash on from the privacy-woes dept.

Catalin Cimpanu, reporting for ZDNet: The voter information for approximately 35 million US citizens is being peddled on a popular hacking forum, two threat intelligence firms have discovered. "To our knowledge this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data," said researchers from Anomali Labs and Intel471, the two companies who spotted the forum ad.

The two companies said they've reviewed a sample of the database records and determined the data to be valid with a "high degree of confidence." Researchers say the data contains details such as full name, phone numbers, physical addresses, voting history, and other voting-related information. It is worth noting that some states consider this data public and offer it for download for free, but not all states have this policy.

16 of 102 comments (clear)

  1. Duh by Tulsa_Time · · Score: 4, Insightful

    It is worth noting that some states consider this data public and offer it for download for free

    So why not make it clear in your headline what % of the data is not public before getting all excited...

    --
    5 out of 6 people enjoy Russian Roulette & 6 out of 7 Dwarfs are not Happy
    1. Re:Duh by Anonymous Coward · · Score: 5, Funny

      If you're not going to over react, please don't post.

    2. Re: Duh by EvilSS · · Score: 4, Informative

      How the fuck is this public info? Anyone can view your voting history? Is the USA a banana republic?

      Voter rolls (name and contact info) are public in most states. Additional data available is usually what elections you voted in, and in some states what primary ballot you pulled. These are usually restricted to campaign and other political uses by state law (marketers, not working on political issues, are usually barred from using it, for example).

      Note that how you voted (i.e. who you voted for) is not recorded and not part of any record.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    3. Re: Duh by Stormy+Dragon · · Score: 2, Interesting

      The last few election cycles, the Pennsylvania GOP has been targeting democrats and non-voters in Republican heavy areas by sending out threatening letters containing a list of your neighbors, who they registered for, and if they voted, and threatening to send the neighbors similar letters after the election if you don't switch parties and vote.

    4. Re: Duh by youngone · · Score: 3, Insightful

      Please note A/C that in many US states voters also have to register their party preference.
      It is one of the many, many little ways the Republicans and Democrats keep their cosy little duopoly going and prevent the people of the US from having any real choice about who rules them.

  2. They is? by Type44Q · · Score: 2, Insightful

    Records is getting sold, is they?

  3. "history" may be misleading by xaosflux · · Score: 4, Interesting

    Keep in mind, that the "voting history" in the summary is easy to sensationalize. In most cases it only means you were issued a ballot, and possibly for mail-in ballots that you returned it. No state has a history of what actual voting selections were made.

    1. Re:"history" may be misleading by bobbied · · Score: 2

      Keep in mind, that the "voting history" in the summary is easy to sensationalize. In most cases it only means you were issued a ballot, and possibly for mail-in ballots that you returned it. No state has a history of what actual voting selections were made.

      You hope.

      I know.... Seriously. The "Secret ballot" will remain so and unless you can somehow infer from the precinct results and list of who voted a specific ballot that was cast (Say for instance, EVERY vote cast was the same in a precinct, and YOU voted, so I can determine how you voted). But those situations are extremely rare. If you vote in a precinct where the votes cast isn't unanimous, you are safe from exposure of your unique vote.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    2. Re: "history" may be misleading by davide+marney · · Score: 3, Informative

      I know. I am an election official in Virginia. We're not idiots. Of course your vote is private.

      --
      "We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
    3. Re:"history" may be misleading by EvilSS · · Score: 2

      It's pretty much impossible to collect that data. Your identifying data isn't anywhere on the ballot or machine.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    4. Re:"history" may be misleading by Obfuscant · · Score: 2

      Your identifying data isn't anywhere on the ballot or machine.

      In a vote-by-mail state, your identifying data is on the envelope that contains your ballot. You TRUST that the election officials do not enter this data when they scan your ballot --- it is in a machine readable format so could be OCRd easily.

      This is the system that Wyden wants implemented for the entire country.

      When I voted in a "show up and vote on a paper ballot" system, there was a strip of paper on each ballot that contained the ballot number, which was recorded in the electoral rolls when it was given to you. You could see the election official remove that strip (after verifying the number against the number recorded next to your name) before your ballot joined the others in the box.

    5. Re:"history" may be misleading by EvilSS · · Score: 2

      In my state the ballot is sealed in an envelope inside the one you mail in, which by law cannot have your identity on it. It gets thrown out if it does, which is why it has got big, bold letters telling you to not write anything on it. The mail in envelopes are opened under supervision of election judges from both parties, and the ballot envelopes are deposited into containers, taken to a different room, opened, and counted (again under supervision of election judges), so it would take a pretty solid conspiracy by the county clerk and both political parties to break that privacy. Even if they did, where would they record it? Everything is official, public record. They aren't going to keep some secret database of mail in voters. That would, inevitably, get discovered.

      As for the ballot ID, as you said, it was removed from the ballot before being counted.

      --
      I browse on +1 so AC's need not respond, I won't see it.
  4. Everything is a "hack" now. by geekmux · · Score: 4, Interesting

    "US Voter Records From 19 States Is Being Sold on a Hacking Forum...It is worth noting that some states consider this data public and offer it for download for free, but not all states have this policy."

    Why am I willing to bet that 19 states do have this policy, turning this "hacking" story into nothing more than clickbait?

    We used to get pissed when "hacking" was mislabeled or misunderstood. Now we're just pissed that no one has a fucking clue what a hack is anymore because everyone is labeling every stupid little thing as hacking. Found a shortcut to work? You "hacked" your commute. Used a microwave instead of the stove? You "hacked" your dinner prep. Downloaded free public information? You "hacked" the voting public.

    Enough of the "hacking" shit already.

    1. Re:Everything is a "hack" now. by Nidi62 · · Score: 2

      Well everything is "AI" now, so this fits in. I am developing a "hacking AI". It scans networks looking for vulnerabilities. Totally innovative. I call it nmap.

      I'm developing a hacking tool that trains AI with machine learning to break blockchains. And it has a VR/AR UI.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
    2. Re:Everything is a "hack" now. by bjwest · · Score: 2

      Well everything is "AI" now, so this fits in. I am developing a "hacking AI". It scans networks looking for vulnerabilities. Totally innovative. I call it nmap.

      I'm developing a hacking tool that trains AI with machine learning to break blockchains. And it has a VR/AR UI.

      Phtttt. Unless you're creating a gooey interface in Visual Basic, you ain't hacking shit.

      --

      --- Keep the choice with the user..
  5. No need to worry by Blinkin1200 · · Score: 2

    No need to worry. I have marked them all deceased and returned them to their source.