American democracy is never dull, but the news seems to be becoming ever more worrying. From voter disfranchisement to faulty voting machine software, there always seems to be a news story to worry American voters, and now you can add the leaking of millions of voter records to the list.

In October 2018, researchers at Anomali Labs and Intel 471 announced that they had made a troubling discovery. Apparently, many millions of voter records had been obtained by hackers, then sold on the dark web for anyone to use. The personal information involved could be a goldmine for hackers and other criminals, as well as marketers of all types.

So what’s the real story here? Should we be worried about an epidemic of cybercrime, and should we take steps to ensure our details haven’t been leaked?

What are the details behind the 2018 voter records leak?

The basic details are pretty shocking. According to researchers, around 35 million individual voter records have been obtained from 19 states and put up for sale via the “dark web“. Not only that, but the organization behind the leaks claims to receive weekly updates on voter registrations from contacts across those states. So it looks like a sophisticated network of information brokers is targeting the American democracy.

It’s important to note that accessing voter records is not technically illegal. Selling them for profit is another matter. But while it’s worrying that registration details should be sold for profit, that’s not even the main concern. More troubling still is the likelihood that the information contained in voter registration records could be used for criminal purposes.

What information is contained in the leaked voting documents?

leaked voting data

So, let’s say you’re worried about whether your data is among the leaked Texas data records. Should you be on your guard against targeted phishing and other attacks as a result?

As far as we know, the voting records are full of potentially valuable information for phishers. Here’s a sample of the kind of information cyber-criminals could derive from standard voter records:

  •       Your full name
  •       A verified, current street address
  •       Accurate landline and cell phone numbers
  •       Your voting history and party affiliation

This information on its own is relatively harmless, but when combined with information from driver licenses, criminal records or credit databases, it’s easy to see how it can be weaponized by skillful criminals.

It’s worth noting that while many of these details are publicly available from voter records, it’s common for states involved in the leak to offer voters a variety of “opt outs”, giving them the impression of privacy and security. But this may not be effective, so don’t assume that your details haven’t been leaked even if you ticked all the right boxes.

Which states does the information leak involve?

The 2018 voter records leak identified by Intel 471 and Anomali Labs doesn’t apply to all voters in all US states (as far as we know). So far, however, a large number of states are vulnerable. Just in case you were worried, the current list is as follows:

  •       Georgia
  •       Idaho
  •       Iowa
  •       Kansas
  •       Kentucky
  •       Louisiana
  •       Minnesota
  •       Mississippi
  •       Montana
  •       New Mexico
  •       Oregon
  •       South Carolina
  •       South Dakota
  •       Tennessee
  •       Texas
  •       Utah
  •       West Virginia
  •       Wisconsin
  •       Wyoming

How did hackers obtain so many voting records?

voting records sold

While we don’t have too much background information about the networks involved in this voter records leak, we can make some guesses about how it transpired.

For one thing, the voter records may have been obtained via legal means. In this case, however, those involved would have needed to collect the records in-person, while leaving a paper trail. That seems unlikely given their criminal ambitions.

It’s much more likely that an individual or group gained access to servers containing voter information, either externally or via contacts within state organizations. The claim that they receive regular updates suggests that this access is very much ongoing.

Questions remain about how the records made their way from state servers to the dark web, given that voting records are not supposed to be given to profit-making organizations. And we do know that profits are involved. At the moment, the lists are sold for anything between $150 and $12,500, so money is being made even before the phishers get started.

How to find out whether your voter registration records have been leaked

Another major question is whether states other than those listed above have been affected. We can’t be sure about this as yet. If you’re worried about whether your Michigan voter records or Florida voter records are up for grabs on the dark web, there may be something you can do to check.

In theory, it may be possible to actually access the dark web to check whether your details are part of the leak. If you try this route, be aware that accessing the dark web can carry security risks involving malware and other infections. So take precautions – update your virus checker, don’t click on suspicious links and, above all else, install a VPN.

Using a VPN for dark web access: What you need to know

Virtual Private Networks are an invaluable security tool to use when accessing the dark web. So if you’re trying to verify whether NC voter records have been hacked, you should have a VPN for dark web access.

A VPN will create an encrypted “tunnel” which makes it impossible for snoopers to see what you do online. If you’re visiting the dark web, this can sometimes cause issues with your ISP (or law enforcement) regardless of whether you are doing it for the right reasons, which makes this privacy protection meaningful.

VPNs also help to keep the Tor browser as secure as possible. You’ll need the Tor browser to actually access the forums where Michigan voter records could be up for sale.

Conclusion: Could the voter records leak be a serious security risk?

voter records leak

As we noted earlier, the major risk attached to voter information sales relates to cyber-crime. The information contained in these records can help hackers build in-depth profiles of potential targets. They can combine this with other publicly available or hacked information, or use techniques to monitor your communications. When they know all about you, stealing your identity is much easier.

This makes it even more important to have a good VPN installed, as VPNs make it tough to “sniff” users’ data or intercept their emails. But don’t panic. We’ve been here before, in 2016 and 2017. The web didn’t melt down then, and it won’t now. Still, there seems to be room for improvement in the way American democracy is managed, that’s for sure.