Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
United States Government Privacy Security Politics

US Voter Records From 19 States Is Being Sold on a Hacking Forum, Threat Intelligence Firms Say (zdnet.com) 102

Catalin Cimpanu, reporting for ZDNet: The voter information for approximately 35 million US citizens is being peddled on a popular hacking forum, two threat intelligence firms have discovered. "To our knowledge this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data," said researchers from Anomali Labs and Intel471, the two companies who spotted the forum ad.

The two companies said they've reviewed a sample of the database records and determined the data to be valid with a "high degree of confidence." Researchers say the data contains details such as full name, phone numbers, physical addresses, voting history, and other voting-related information. It is worth noting that some states consider this data public and offer it for download for free, but not all states have this policy.

This discussion has been archived. No new comments can be posted.

US Voter Records From 19 States Is Being Sold on a Hacking Forum, Threat Intelligence Firms Say

Comments Filter:
  • Duh (Score:5, Insightful)

    by Tulsa_Time ( 2430696 ) on Monday October 15, 2018 @02:33PM (#57481512)

    It is worth noting that some states consider this data public and offer it for download for free

    So why not make it clear in your headline what % of the data is not public before getting all excited...

    • by Anonymous Coward

      All run by the same individual, and s/he has a system in place with which someone can get their name(s) removed from the lists.
      also offers the raw data files so individuals can build their own systems.

      https://arkvoters.com/
      https://coloradovoters.info/
      https://connvoters.com/
      https://delawarevoters.info/
      https://flvoters.com/
      https://michiganvoters.info/
      https://ohiovoters.info/
      https://oklavoters.com/
      https://rivoters.com/

    • Re:Duh (Score:5, Funny)

      by Anonymous Coward on Monday October 15, 2018 @03:14PM (#57481858)

      If you're not going to over react, please don't post.

    • Colorado offers SOME of the data for free. I do not see it on there.
      The voting data is the interesting part. It tells you how active somebody is (not who they voted for).
  • They is? (Score:3, Insightful)

    by Type44Q ( 1233630 ) on Monday October 15, 2018 @02:36PM (#57481546)
    Records is getting sold, is they?
  • by xaosflux ( 917784 ) on Monday October 15, 2018 @02:42PM (#57481580) Homepage

    Keep in mind, that the "voting history" in the summary is easy to sensationalize. In most cases it only means you were issued a ballot, and possibly for mail-in ballots that you returned it. No state has a history of what actual voting selections were made.

    • Re: (Score:2, Insightful)

      by bobstreo ( 1320787 )

      Keep in mind, that the "voting history" in the summary is easy to sensationalize. In most cases it only means you were issued a ballot, and possibly for mail-in ballots that you returned it. No state has a history of what actual voting selections were made.

      You hope.

      • Keep in mind, that the "voting history" in the summary is easy to sensationalize. In most cases it only means you were issued a ballot, and possibly for mail-in ballots that you returned it. No state has a history of what actual voting selections were made.

        You hope.

        I know.... Seriously. The "Secret ballot" will remain so and unless you can somehow infer from the precinct results and list of who voted a specific ballot that was cast (Say for instance, EVERY vote cast was the same in a precinct, and YOU voted, so I can determine how you voted). But those situations are extremely rare. If you vote in a precinct where the votes cast isn't unanimous, you are safe from exposure of your unique vote.

        • "I know.... Seriously." So, you have paid $42,000 and actually went over this information coming from these hackers? Unless you personally have looked at THESE FILES that TFA is talking about, you do NOT know.
          • Yes, I'm pretty sure about this, no I don't have the data.

            IF you want to prove this assertion wrong, go GET the data and do it. However, the law of this country is pretty clear on this so if you find information on actual votes cast by an individual, any individual, a crime has been committed that needs to be investigated and somebody needs to be charged and convicted for it.

            Now I've not seen anybody charged for this kind of thing and you know it would be HUGE news if it happened, so I'm about as sure of

      • by davide marney ( 231845 ) on Monday October 15, 2018 @03:29PM (#57481956) Journal

        I know. I am an election official in Virginia. We're not idiots. Of course your vote is private.

      • by EvilSS ( 557649 )
        It's pretty much impossible to collect that data. Your identifying data isn't anywhere on the ballot or machine.
        • Your identifying data isn't anywhere on the ballot or machine.

          In a vote-by-mail state, your identifying data is on the envelope that contains your ballot. You TRUST that the election officials do not enter this data when they scan your ballot --- it is in a machine readable format so could be OCRd easily.

          This is the system that Wyden wants implemented for the entire country.

          When I voted in a "show up and vote on a paper ballot" system, there was a strip of paper on each ballot that contained the ballot number, which was recorded in the electoral rolls when it was gi

          • by EvilSS ( 557649 )
            In my state the ballot is sealed in an envelope inside the one you mail in, which by law cannot have your identity on it. It gets thrown out if it does, which is why it has got big, bold letters telling you to not write anything on it. The mail in envelopes are opened under supervision of election judges from both parties, and the ballot envelopes are deposited into containers, taken to a different room, opened, and counted (again under supervision of election judges), so it would take a pretty solid consp
            • The mail in envelopes are opened under supervision of election judges from both parties,

              Which is why I said that you have to trust that they don't record the information. All of the description you provided is how they operate so that they create this trust.

              As for the ballot ID, as you said, it was removed from the ballot before being counted.

              No, it was removed from the ballot before it was mixed into the box with the other ballots, and I saw it happen with my own eyes. Counting took place after the polls closed. If they had waited until "before counting" then I would have to trust that it was being done.

              Do you not understand the difference between "know" and "trust"?

              • by EvilSS ( 557649 )

                The mail in envelopes are opened under supervision of election judges from both parties,

                Which is why I said that you have to trust that they don't record the information. All of the description you provided is how they operate so that they create this trust.

                As for the ballot ID, as you said, it was removed from the ballot before being counted.

                No, it was removed from the ballot before it was mixed into the box with the other ballots, and I saw it happen with my own eyes. Counting took place after the polls closed. If they had waited until "before counting" then I would have to trust that it was being done.

                So they counted them before they mixed them? Otherwise, pretty sure I'm still correct. Also do you not trust yourself? You witnessed it.

                Do you not understand the difference between "know" and "trust"?

                Just like you have to trust the local coffee shop not to serve everyone cyanide, or your mailman to not plant bombs in your mailbox. The odds of recording your vote info from either of the scenarios you mention is astronomically small. It's because we don't trust them that checks are put in place. If you can't trust anyone, well, you're screwed anyway. It would require vas

                • No, it was removed from the ballot before it was mixed into the box with the other ballots, and I saw it happen with my own eyes. Counting took place after the polls closed. If they had waited until "before counting" then I would have to trust that it was being done.

                  So they counted them before they mixed them? Otherwise, pretty sure I'm still correct. Also do you not trust yourself? You witnessed it.

                  I said they count them AFTER THE POLLS CLOSE, which is long after the ballots are put into the box. How you get "before they mixed them" from "after the polls close" I do not know, but it has to be either a complete lack of reading comprehension or a deliberate attempt at misinterpreting what I actually said.

                  Yes, pedantically, the strip is removed "before being counted", but that's only because the strip is removed before the ballot goes into the box. Just "before being counted" implies that it is removed

  • by geekmux ( 1040042 ) on Monday October 15, 2018 @02:45PM (#57481600)

    "US Voter Records From 19 States Is Being Sold on a Hacking Forum...It is worth noting that some states consider this data public and offer it for download for free, but not all states have this policy."

    Why am I willing to bet that 19 states do have this policy, turning this "hacking" story into nothing more than clickbait?

    We used to get pissed when "hacking" was mislabeled or misunderstood. Now we're just pissed that no one has a fucking clue what a hack is anymore because everyone is labeling every stupid little thing as hacking. Found a shortcut to work? You "hacked" your commute. Used a microwave instead of the stove? You "hacked" your dinner prep. Downloaded free public information? You "hacked" the voting public.

    Enough of the "hacking" shit already.

    • Well everything is "AI" now, so this fits in. I am developing a "hacking AI". It scans networks looking for vulnerabilities. Totally innovative. I call it nmap.
      • by Nidi62 ( 1525137 )

        Well everything is "AI" now, so this fits in. I am developing a "hacking AI". It scans networks looking for vulnerabilities. Totally innovative. I call it nmap.

        I'm developing a hacking tool that trains AI with machine learning to break blockchains. And it has a VR/AR UI.

        • I'm opening my checkbook now. Just tell me the number to write.
        • by bjwest ( 14070 )

          Well everything is "AI" now, so this fits in. I am developing a "hacking AI". It scans networks looking for vulnerabilities. Totally innovative. I call it nmap.

          I'm developing a hacking tool that trains AI with machine learning to break blockchains. And it has a VR/AR UI.

          Phtttt. Unless you're creating a gooey interface in Visual Basic, you ain't hacking shit.

        • ...AI ...machine learning ...blockchains. ...VR/AR UI.

          SHUT UP AND TAKE MY MONEY

        • But are you sending that AI to college?
  • by Blinkin1200 ( 917437 ) on Monday October 15, 2018 @02:52PM (#57481668)

    No need to worry. I have marked them all deceased and returned them to their source.

     

  • Amazing how nearly all are red states.
    I wonder why that is?
    In addition, the DBs are from this year due to updating. That means they have plenty of backdoors in the systems.

    I hope that you red states can afford to have your ID and credit stolen.
    Perhaps, you will finally back E-verify for real on all businesses.
    • by EvilSS ( 557649 )

      That means they have plenty of backdoors in the systems. .

      Backdoors? You can just go download it from many states. It's not considered private info. When I was involved with local politics I used to download the county records several times a year, straight from the county clerk's website. No login or anything. Just a pinky-swear and threat of prosecution if you used it for unauthorized purposes (like non-political marketing).

  • records are. record is.

If you have a procedure with 10 parameters, you probably missed some.

Working...