A new survey finds that hackers are trying to sell more than 35 million voter registration records on the darknet, fueling fears about security at the polls just weeks before the Nov. 6 midterm elections.
The popular technology site ZDNet earlier this week published research conducted by Anomali Labs and Intel 471 documenting records from 19 states for sale, including personal voter information such addresses, phone numbers and voting history.
The researchers told ZDNet: “To our knowledge this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data.”
Department of Homeland Security officials, who oversee election security measures at the federal level, sharply disputed the researchers’ conclusions Tuesday, arguing in a statement that “much of the information purportedly being sold is available in most states either publicly or commercially.”
The popular hacking market site “Raid Forums” was offering the data on the darknet, a collection of encrypted sites that can’t be accessed with traditional browsers and search engines.
Prices vary from state to state. Minnesota lists cost $150, while information on 6 million Wisconsin voters ran at $12,500.
With election officials across the country still concerned about Russian efforts to hack into more than 20 states during the 2016 polls, debate is heating up over whether America’s electronic voting systems are more or less secure in this cycle.
The report that voter data may be for sale spurred several states into action. In Kentucky, which had voter data for sale on the dark net for $2,000, Democratic Secretary of State Alison Lundergan Grimes called for an official probe.
“The revelation that this data is being peddled on the dark web and could potentially fall into the hands of bad actors greatly concerns me and should every Kentuckian,” Ms. Grimes said in a statement. “I am working with our election integrity partners, including the Department of Homeland Security, to investigate the matter.”
Ms. Grimes said she had no evidence that her state’s voter registration system had been compromised, but said the incident underscored the complexity of election cybersecurity.
DHS officials said they were aware of the report, but a spokesperson told Defense One that “it does not appear that this data is indicative of a successful breach of state or local election infrastructure.”
For months, DHS has been warning that voter registration data are more publicly available than most people realize.
But the agency has also argued that this does not always jeopardize election security, contending that threats to actual voting infrastructure differ from the public release of voter lists, which are often used by political campaigns.
A representative from Anomali Labs noted that while the data available via the darknet was the same or similar to lists states sell for political activities, the public release was never authorized, raising the prospect for an outside influence operation to exploit the data.
• Dan Boylan can be reached at dboylan@washingtontimes.com.
Please read our comment policy before commenting.