According to a report by NBC News on the 22nd, Trustwave, a US cybersecurity company, said that they discovered that a hacker was selling personally identifiable information of more than 200 million Americans, including registration data of 186 million voters.
Cybersecurity company Trustwave said that most of the data they identified is publicly available, and almost all data is available for regular trading by legitimate businesses. But in fact, they found that a large amount of information and data about names, email addresses, phone numbers and voter registration records were sold in batches on the dark web.
"Such a large amount of U.S. citizen data may be used for cybercrime, or used by foreign adversaries," said Ziff Mador, vice president of Trustwave, who is responsible for security research. Allegedly, he was the one who discovered these citizen data.
He added: “Before, during, and after the election, criminals can easily use this voter and consumer data to promote false information and conduct illegal activities through social media, email, phishing, and phone fraud.”
He said that in recent years, hackers have carried out cyber attacks on a large number of companies, stole citizen information, and grabbed public data from government websites. These data constitute the information data leaked on the dark web. It is reported that in most states in the United States, voter registration information is publicly available.
According to the report, Trustwave has been monitoring dark web forums for information that poses a threat to security. During the period, it encountered a hacker who called himself "Greenmoon2019" who offered to sell data. The staff used virtual identities to induce hackers to provide more information, including the Bitcoin wallet the hacker used to collect money.
Bitcoin wallets on the dark web will publicly display transaction information, but not the identity of the trader. Mador said that they tracked down another Bitcoin wallet with huge income created by the hacker in May. The wallet contained $100 million in funds. After their analysis, they believe that the money is the hacker's illegal proceeds, but not all illegal funds come from the income of sales data.
Personal information leakage is nothing new, but as the US election approaches, such a huge data leakage means that criminals can easily disrupt the election. Trustwave said that hackers provided a total of 186 million voter data and 245 million other personal data records.
Voter registration data is public in many states, but voters’ email addresses are usually not public. Mador said that the hacker used other data he had stolen to match citizens’ email addresses with voter lists and package them for sale.
In addition, by using the data sold by the hacker, criminals can target their attacks to voters who only support Democrats or Republicans and provide their email addresses.
At present, Trustwave said that they have transferred the information it collected to the FBI, which is investigating this.