Cybersecurity firm finds hacker selling info on 148 million U.S. voters

Ken Dilanian
Martha Crowley casts her absentee in-person ballot at a polling site at the Milwaukee Public Library's Washington Park location in Milwaukee, on the first day of in-person voting in Wisconsin, October 20, 2020.
Bing Guan | Reuters

A cybersecurity firm says it has found a hacker selling personally identifying information from more than 200 million Americans, including the voter registration data of 148 million.

The revelation underscored how vulnerable Americans are to email targeting by criminals and foreign adversaries, even as American officials announced that Iran and Russia had obtained voter registration data and email addresses with an eye toward interfering in the 2020 election.

Much of the data identified by Trustwave, a global cybersecurity firm, is publicly available, and almost all of it is the kind that is regularly bought and sold by legitimate businesses. But the fact that so many names, email addresses, phone numbers and voter registrations were found for sale in bulk on the dark web underscores how easily criminals and foreign adversaries can deploy it as the FBI said Iran has done recently, sending emails designed to intimidate voters.

More from NBC News:

Spyware hidden in Chinese tax software was probably planted by a nation-state, say experts

When it's democracy, not hackers, that crashes election websites

Qualcomm announces photo verification tool

“An enormous amount of data about U.S. citizens is available to cyber criminals" and foreign adversaries said Ziv Mador, vice president of Security Research at Trustwave, which found the material.

"In the wrong hands, this voter and consumer data can easily be used for geo-targeted disinformation campaigns over social media, email phishing, and text and phone scams," he added, "before, during and after the election, especially if results are contested."

The data is a mix of material stolen in various hacks of companies in recent years, and publicly available data retrieved from government web sites, he said. In most states, voter registration information is publicly available, for example.

Trustwave monitors dark web forums for threat information, and came across a hacker calling himself Greenmoon2019 offering the data for sale. Trustwave used fictitious identities to induce the hacker to provide more information, including a Bitcoin wallet that Greenmoon2019 used to collect payment.

Bitcoin wallets — virtual storage facilities for the most commonly used cryptocurrency — publicly display transactions, though not the identities of those making them. Trustwave was able to trace payments to a larger wallet, created in May, that has taken in $100 million in what the firm believes is illicit proceeds, Mador said. Not all of that was from data sales, he added.

The wide availability of personal information is not new, but the idea that such a huge cache is for sale as the election approaches underscores how easy it would be for malicious actors to cause trouble. Trustwave said the hacker was offering 148 million voter records and 245 million records of other personal data.

Director of National Intelligence John Ratcliffe said Wednesday night that Iran had obtained voter registration information and used it to send threatening emails to Democrats while posing as the Proud Boys, a white supremecist group. Ratcliffe said the Russian government had also obtained voter registration information.

Voter registration data is public in many states, but email addresses are not often part of the public data. The hacker identified by Trustwave used other stolen data to pair email addresses with voter rolls and offer it for sale as a package, Mador said.

The databases on sale by Greenmoon2019 would allow malicious actors to target the email addresses of only registered Democrats, for example, or only registered Republicans.

Trustwave said it turned over what it had gathered to the FBI, which told NBC News in a statement:

"We are committed to finding and investigating fraud during this election. While we cannot comment on information we may or may not have received from the public, we want to assure the American people the FBI is closely coordinated with our federal, state, and local partners to safeguard our voting processes."