WASHINGTON — A cybersecurity agency says it has discovered a hacker promoting personally figuring out data from greater than 200 million Individuals, together with the voter registration knowledge of 186 million.
The revelation underscored how susceptible Individuals are to e mail focusing on by criminals and overseas adversaries, at the same time as American officers introduced that Iran and Russia had obtained voter registration knowledge and e mail addresses with an eye fixed towards interfering within the 2020 election.
A lot of the info recognized by Trustwave, a world cybersecurity agency, is publicly obtainable, and virtually all of it’s the sort that’s frequently purchased and offered by professional companies. However the truth that so many names, e mail addresses, cellphone numbers and voter registrations had been discovered on the market in bulk on the darkish internet underscores how simply criminals and overseas adversaries can deploy it because the FBI mentioned Iran has performed lately, sending emails designed to intimidate voters.
“An infinite quantity of knowledge about U.S. residents is accessible to cyber criminals” and overseas adversaries mentioned Ziv Mador, vice chairman of Safety Analysis at Trustwave, which discovered the fabric.
“Within the incorrect palms, this voter and client knowledge can simply be used for geo-targeted disinformation campaigns over social media, e mail phishing, and textual content and cellphone scams,” he added, “earlier than, throughout and after the election, particularly if outcomes are contested.”
The info is a mixture of materials stolen in varied hacks of firms lately, and publicly obtainable knowledge retrieved from authorities internet sites, he mentioned. In most states, voter registration data is publicly obtainable, for instance.
Trustwave screens darkish internet boards for menace data, and got here throughout a hacker calling himself Greenmoon2019 providing the info on the market. Trustwave used fictitious identities to induce the hacker to offer extra data, together with a Bitcoin pockets that Greenmoon2019 used to gather fee.
Bitcoin wallets — digital storage services for essentially the most generally used cryptocurrency — publicly show transactions, although not the identities of these making them. Trustwave was in a position to hint funds to a bigger pockets, created in Might, that has taken in $100 million in what the agency believes is illicit proceeds, Mador mentioned. Not all of that was from knowledge gross sales, he added.
The huge availability of private data will not be new, however the concept that such an enormous cache is on the market because the election approaches underscores how straightforward it could be for malicious actors to trigger bother. Trustwave mentioned the hacker was providing 186 million voter information and 245 million information of different private knowledge.
Director of Nationwide Intelligence John Ratcliffe mentioned Wednesday night time that Iran had obtained voter registration data and used it to ship threatening emails to Democrats whereas posing because the Proud Boys, a white supremecist group. Ratcliffe mentioned the Russian authorities had additionally obtained voter registration data.
Voter registration knowledge is public in lots of states, however e mail addresses are usually not usually a part of the general public knowledge. The hacker recognized by Trustwave used different stolen knowledge to pair e mail addresses with voter rolls and supply it on the market as a bundle, Mador mentioned.
The databases on sale by Greenmoon2019 would enable malicious actors to focus on the e-mail addresses of solely registered Democrats, for instance, or solely registered Republicans.
Trustwave mentioned it turned over what it had gathered to the FBI, which advised NBC Information in an announcement:
“We’re dedicated to discovering and investigating fraud throughout this election. Whereas we can not touch upon data we could or could not have obtained from the general public, we wish to guarantee the American individuals the FBI is intently coordinated with our federal, state, and native companions to safeguard our voting processes.”