Now that the hype has died down after the much anticipated midterm elections, Sixgill, the cybersecurity leader which analyzes the Dark Web to detect and defuse cyber attacks, discovered that the U.S. voter database tracing back to the 2008 Vermont election was being offered for sale on a top-tier forum on the Dark Web. The alert that came from Sixgill also stated that it allegedly contained data from as recently as September of this year.
Voter tampering and fraud are not new to the election world. One only needs to look back at the famous (or infamous – depending on who you voted for) Trump elections of 2016. Voter fraud can be classified as one of the biggest threats to democracy to date.
Only a few months ago, a particularly alarming hack was carried out at the DEFCON hackathon conference over a weekend by an 11-year-old boy who managed to hack into an imitation Florida state voting website and change the results of the “election” in less than 10 minutes, which highlights just how prevalent this kind of activity on the Dark Web could be, not to mention, easy.
This is indicative of how criminal activity is becoming more accessible and prevalent, which only highlights the need for cyber security intelligence to identify threats to our privacy. Sixgill stands out as one of the top cyber threat detectors.
In this specific case, Sixgill gained access to the breached database of the most recent elections and noted that the information enclosed seemed to be authentic. Among the list of credentials are those of Vermont Senators Patrick Leahy and Bernie Sanders. The Dark Web investigator noted that the stolen credentials contain 476,560 records, numbers that align with recent official data published by Vermont’s Secretary of State. For each individual record in the database, one can see sensitive personal information belonging to individual voters, including their full name, legal and mailing addresses, year of birth, and even their past voting history
With Vermont clocking in with the highest voter registration ahead of an election this year — around 93% — they were considered one of the highest pools of voters in the state’s history vulnerable to fraud and identity theft. Aside from bots and Super PACs controlling and trolling elections, selling voter information and registration over the Dark Web can have a domino effect starting from Vermont (as one of the smallest states) all the way West to California, leaving most of the population.
Sixgill has tracked many similar voter databases offered for sale over the last year, many of which sold between $1000-$3000, a pattern indicating that dark web fraudsters find such databases highly valuable. This type of personal information can be exploited by dark web criminals to commit any number of illegal activities, including identity theft and credit card fraud.
Sixgill certainly is one of those companies who understands the cyber security world of fraud in more depth. However, one cannot help but wonder the scope of their impact, when sensitive information can be made available by a child hacking the system in less time than it takes for somebody to actually go and cast a vote in the first place.