Posted on October 22, 2020 at 1:05 PM
A cyber security firm says it has discovered a hacker selling personally details of more than 200 million Americans on the dark net.
The security firm, Trustwave, revealed this yesterday and said about 250 million records of personal data were also offered for sale along with 186 million U.S. voter records.
This shows how the U.S. is vulnerable to email phishing by foreign adversaries and cyber criminals. It’s coming when the Americans are preparing to go to the polls for presidential elections next month.
Trustwave said most of the stolen data are available in the public, and legitimate businesses buy and sell such type of data on a regular basis.
However, the worry is the availability of millions of voter registration details, phone numbers, and email addresses in a single bulk offered on the dark web.
It shows that threat actors and foreign adversaries can easily deploy it by sending emails to intimidate voters, just as Iran has done recently.
President of security research at Trustwave, Ziv Madov, provided some details about the security firm’s discovery. He said the stolen data has been made available to cybercriminals in one large chunk, making it easy for anyone with such data to consider launching phishing attacks.
“An enormous amount of data about U.S. citizens is available to cyber criminals” and foreign adversaries, he said.
According to Madov, if the data get into the wrong hands, the consumer data and voter data can be used for geo-targeted disinformation campaigns via phone scams, email phishing campaigns, as well as social media campaigns.
He further added that the data may still be used after the elections, especially when the result is contended.
Details in data also contains data from past hacks
The details in the data contain a mix of available data gathered from government websites as well as several hacks of different companies in the past.
Trustwave, which finds threat information by monitoring dark web forums, discovered the hacker, who calls himself Greenmoon2019, offering the data for sale on a dark forum.
The security team used fake identity to make the hacker provide more details about the data, including the Bitcoin wallet the hacker used to receive payment.
Even with the virtual wallet, the hacker could not be traced because these accounts only show transactions but not the identities of the traders.
However, Trustwave traced Bitcoin payments to a larger account, with more than $100 million transactions. Trustwave believes such amount is not only from proceeds from data sales, but also from proceeds made from illicit business dealings.
Mador said the hacker’s Bitcoin wallet was created in May, which is further proof that he has been involved in other illegal dealings not pertaining to the sale of stolen data.
The availability of the information is not new, as similar data can be sold and purchased by legitimate businesses. However, the size of the data and the timing close to the U.S. election is what is worrying for cyber security personnel.
As the U.S. election draws near, the data shows how easy it could be for threat actors to disrupt the election.
John Ratchliffe, National Intelligence Director, revealed yesterday that Iran gathered voter registration details and used it to threaten Democrats through emails.
Security bodies need to safeguard Americans’ voting process
In many American states, voter registration data can be accessed publicly. However, email addresses are usually not part of the data. With this information available along with email addresses, it appears the hacker did an extra work by pairing the voter register details with their email addresses, making the data more relevant to threat actors.
Any threat actor who buys the compiled data from Greenmoon2019 can use it to target the email addresses of only registered Republicans, or only registered Democrats.
The security researcher has already sent its findings to FBI, according to Madov. He said the security firm has taken it upon itself to monitor and investigate cybercrime relating to the upcoming election. He said although the security team is not allowed to share all the detail about its findings, the FBI has everything the firm has got about the incident.
As a result, Trustwave is expecting an organized effort from the security agencies, local, state, and federal partners to protect America’s voting process, he concluded.