Don't second guess. Go with experience.

The Truth Behind Voter Registration Data Found on the Darknet

Voter registration data on Darknet

Election security has been a heightened focus of concern since 2016 and the media is highlighting a range of activities that could indicate serious hacker activity as we head in the 2020 election. We’re worried about hacking voting systems and stolen voter registration data in addition to the deliberate distribution of false candidate information. The unfortunate result is people are questioning the integrity of the democratic process, and sadly staying away from the polls because they believe their vote won’t make a difference.

It’s always been important that we understand the truth behind the headlines and that we keep things in perspective. This is especially true when it comes to digging into the stories about the threats that face our elections. Facts without context can be distorted too easily. It’s our job to try to learn as much as we can about the full story.

Sign Up to Receive Our Monthly Newsletter: Election Security In the News Sign up here

Data On the Darknet Isn’t Always Serious

Stolen registration data is a perfect example of a story that can cause unwarrented alarm. It’s true that voter records have shown up on the Darknet. It’s also true that much of this information is for sale in the underground marketplaces. However, these facts alone don’t support the assumptions that this undermines the integrity of the vote. It is much more complicated than that. This is good news, but it also means we can’t stop being vigilant.

There are several reasons that it’s not time to panic. The voter registration data found on the Darknet is already free available to anyone who requests it, so the chances that this information was stolen is fairly slim. What’s more this information doesn’t include the information that attackers need to cause real damage. It doesn’t include social security or login credentials. It consists of names, phone numbers, addresses and voter affliation. At worst, it’s information marketers and campaigners can use to send you mountains of mail, but it’s not really useful to cyber attackers.

The Data Is Not Always Stolen from Voter Registration Systems

Another face is the information is often acquired through companies that aren’t protecting their customer date properly. We are being too quick to blame voter registration systems when the data easily could have come from other sources.

Hackers tend to be ego-driven in addition to profit-driven. They like to brag about their activities to each other to encourage repeat business. They also exagerrate their work to the outside world to further the chaos they want to cause. Don’t believe everything you hear about how they collected data or the type of data.

The final reason we don’t need to panic is data is dynamic. Our profiles and personal information is always changing. Data doesn’t stay current for long, and in most of these cases, the data is outdated. It was probably repackaged from old sources. It’s not useful. It’s not as valuable as the seller claims it is.

Your Best Defense Is Staying Focused

The hacker community can make scary claims. The media can pick up the stories and run them without full context. We don’t have to believe everything we read or hear. Take the claims seriously as a starting point for investigation. Don’t take them as absolute fact that signals doom. Stay vigilant. Practice good security habits like:

  • Monitor Darknet forums for activity that could indicate a real problem.
  • Review your data capture processes regularly.
  • Assess how you share data within your organization.

Don’t get distracted by the latest headlines. Stay focused on improving your processes.

About the author

Monty St John

Monty is a security professional with more than two decades of experience in threat intelligence, digital forensics, malware analytics, quality services, software engineering, development, IT/informatics, project management and training. He is an ISO 17025 laboratory auditor and assessor, reviewing and auditing 40+ laboratories. Monty is also a game designer and publisher who has authored more than 24 products and 35 editorial works.

Contact CyberDefenses today to learn how we can help your company’s cybersecurity needs.