A new dark web analysis has shown that almost the entire US Voter database was up for sale months before the US presidential election began.
While it’s not news that voting information has been sold on the dark web in the past, the analysis found that the database contained 186 million records. Which, if authentic, would account for almost all US voters.
186 million records for sale
Cybersecurity company TrustWave infiltrated dark web marketplaces and found almost whole sets of the US voter and consumer database.
During investigations around the elections, the Trustwave SpiderLabs team discovered massive databases with detailed information about US voters and consumers offered for sale on several hacker forums. Those databases] contain a shocking level of detail about citizens including their political affiliation.
The sellers of the US voter database claim that it includes 186 million records, and if that is correct, that means it includes information about nearly all voters in the US The information found in the voter database could be used to conduct effective social engineering scams and spread disinformation to potentially impact the elections, particularly in swing states.
The members-only site RaidForums, where the dataset was sold. was described by TrustWave as being:
widely known in certain circles as a place where members can obtain leaked and hacked data.
The seller has earned over $100m in 5 months
While it hasn’t been confirmed that the entire database was sold, Trustwave has confirmed that the seller has received payments since May.
Based on Bitcoin transaction information also obtained by TrustWave SpiderLabs during the investigation, the cybercriminal group made a fortune worth $100m USD in the last five months alone.
We managed to obtain details of one of the bitcoin wallets that can be used to pay to GreenMoon2019 for those databases. Money that is collected in that wallet was transferred to a bigger wallet. Hundreds of other wallets transferred amounts into that main wallet.
Many of the transfers were in hundreds of dollars or a bit more, much like showing in the price list above. This main wallet was created in May and already received bitcoins in the value of over 100 million USD. GreenMoon2019 (the seller) probably is part of a group of cybercriminals that draw amazing revenues from selling these databases and potentially other services and deliverables.
However, GreenMoon2019, was not the only seller on the market.
While GreenMoon2019 gained attention by investigators for selling data on almost the entire US voter population, other sellers were re-selling free government information for a quick payday.
Voting data was available for as little as $9.99
Cybersecurity firm TrendMicro released a report in May showing that marketplaces for US voter data had been available for as little as $9.99.
TrendMicro investigated 600 dark web forums and found that there were several market places which offered state voting databases. The sellers had been active for year before the US presidential election, some with 100% satisfaction or ‘feedback’ rates.
And when The Canary checked several sites on 5 November, we found that these datasets are still available:
Clicking on the question mark in the above image gives more information about what’s contained in the dataset. For example, the Florida voter database apparently contains the details of 12.5 million voters:
However, it’s likely given the low value of these datasets that they are either outdated or public information.
Interestingly, at least some of the data stems from publicly available government resources and hackers happily mention that in forum discussions. Other parts of the data were likely obtained from various data leaks.
TrendMicro explained that even outdated voter information is valuable:
Outdated voter databases are often shared for free, while more current databases are put up for sale. Compromised voter databases combined with other user data can help malicious actors craft effective propaganda. For example, key data points can be used to create a target profile for a specific countries’ electorate.
The real deal?
While TrustWave has not confirmed if they attempted to access the US voter database, it did access part of the US consumer database.
The US consumer database was also up for sale and contained 245 million records, which would account for almost the entire US voter population.
TrustWave fact-checked one million data sets against public records and found that the data was “consistently accurate”.
We managed to obtain a sample file of one million records from this actor. We checked the data against various public legit sites and social media networks, and the data was found consistently accurate. It includes information about citizens such as:
- Full name
- Physical address
- Phone number
- Email address
- Number of children and their ages
- Marital status
- Ethnic group
- Their home value and purchase date
- Their mortgage amount and lender name
- A very long list of potential interest areas
Not all fields are populated. Some have data almost fully filled out while others are only scarcely populated. It is so detailed, that this file looks like a professional profiling database prepared by a government organization or enterprise.
Super databases could be used to sway voters
While re-selling freely available information may seem like a small scam, this information can be used along with leaked data to create super databases.
What makes these databases so super is that they can be used to influence opinions and spread information that isn’t true. As TrustWave summed up:
In our investigation of criminal activities surrounding the U.S. elections, we uncovered massive amounts of information on U.S. voters up for sale along with other databases detailing individual consumers. This information can be used for social engineering and disinformation campaigns before, during, and after elections to help sway opinions toward one party or another.
As we have shown these activities are extremely profitable and there is a real demand for these databases. We have also shown that cybercriminals are most likely mixing illegally obtained data from leaks with publicly available information on citizens and correlating them to create super databases with detailed information on almost every U.S. citizen and citizens of other major countries.
A very real threat
In a changing market, where marketplaces shift from platform to platform, once data is out there, it is very difficult to control its spread and use.
But one thing is certain, as TrustWave states, this information can “easily be used” for “disinformation campaigns”:
In the right hands, this voter and consumer information can easily be used for geo-targeted disinformation campaigns over social media, email phishing, and text and phone scams. The world is concerned about the spread of disinformation to sway public opinion – yet sensitive information on citizens is widely available.
While it remains unclear at the stage whether the US database was sold and used for disinformation purposes during the US election, it is clear that that the potential for such campaigns is a very real threat.
Featured image Pexels – Karolina Grabowska