"An enormous amount of data about U.S. citizens is available to cyber criminals" and foreign adversaries, said Ziv Mador, vice president of security research at Trustwave, which found the material.
The data within the three different PDL indexes also varied slightly, some focusing on scraped LinkedIN information, email addresses and phone numbers, while other indexes provided information on individual social media profiles such as a person’s Facebook, Twitter, and Github URLs. According to their website, the PDL application can be used to search: Over 1.5 Billion unique people, including close to 260 million in the US.
"In the wrong hands, this voter and consumer data can easily be used for geotargeted disinformation campaigns over social media, email phishing and text and phone scams," he added, "before, during and after the election, especially if results are contested."
The data is a mix of material stolen in various hacks of companies in recent years and publicly available data retrieved from government websites, he said. In most states, voter registration information is publicly available, for example.
Trustwave monitors dark web forums for threat information, and it came across a hacker calling himself Greenmoon2019 who was offering the data for sale. Trustwave used fictitious identities to induce the hacker to provide more information, including a Bitcoin wallet that Greenmoon2019 used to collect payment.
RelatedBitcoin wallets — virtual storage facilities for the most commonly used cryptocurrency — publicly display transactions but not the identities of those making them. Trustwave was able to trace payments to a larger wallet, created in May, that has taken in $100 million in what the company believes is illicit proceeds, Mador said. Not all of that was from data sales, he said.
1 challenge for CXOs, but only 39% have a defense strategy Why deepfakes are a real threat to elections and society 10 signs you may not be cut out for a cybersecurity job Dark Web: A cheat sheet for business professionals Dan Patterson: In this portfolio of information about you and your neighbors, give me some examples of what's in those little rows and columns inside the spreadsheet of information that we call data.
The wide availability of personal information is not new, but the idea that such a huge cache is for sale as the election approaches underscores how easy it would be for malicious actors to cause trouble. Trustwave said the hacker was offering 186 million voter records and 245 million records of other personal data.National Intelligence Director John Ratcliffe said Wednesday night that Iran had obtained voter registration information and used it to send threatening emails to Democrats while posing as the Proud Boys, a white supremacist group. Ratcliffe said the Russian government had also obtained voter registration information.
Voter registration data is public in many states, but email addresses are not often part of the public data. The hacker identified by Trustwave used other stolen data to pair email addresses with voter rolls and offer it for sale as a package, Mador said.The databases on sale by Greenmoon2019 would allow malicious actors to target the email addresses of only registered Democrats, for example, or only registered Republicans.Trustwave said it turned over what it had gathered to the FBI, which told NBC News in a statement:
"We are committed to finding and investigating fraud during this election. While we cannot comment on information we may or may not have received from the public, we want to assure the American people the FBI is closely coordinated with our federal, state, and local partners to safeguard our voting processes."