Fraud Management & Cybercrime , Fraud Risk Management , Social Engineering

Massive U.S. Voter Database Offered for Sale

Trustwave: Data Comes From Public Sources, Leaks
Massive U.S. Voter Database Offered for Sale
The reputation report for GreenMoon2019's account on (Source: Trustwave)

Voter information on as many as 186 million Americans was being offered for sale in an online forum, according to a Trustwave report. The information apparently came from public sources as well as data leaks, Trustwave’s SpiderLabs unit says.

See Also: The Dangerous Intersection Between OFAC And Ransomware

"We have downloaded a sample set of 1 million records and performed confirmation checks on the data and from what we can tell it is accurate,” says Karl Sigler, senior security research manager, at SpiderLabs at Trustwave. “There is no way to verify all purported 186 million records the cybercriminal is offering, but this particular cybercriminal has a high reputation score and is backed by other cybercriminals vouching for the quality of what he sells."

The list that had been offered for sale on a forum called is maintained by a threat actor with the moniker GreenMoon2019. It contains names, addresses, ages, genders, political affiliations and in some cases phone numbers. This same actor is also maintaining a list of U.S. consumers data that supposedly has 245 million records, Trustwave says.

Trustwave describes as a purveyor of leaked and hacked data. Databases are typically offered for free or sold for a less than $1,000, payable in bitcoins. But no price was listed for the voter list. Instead, interested parties were requested to send a private message to the account owner.

Trustwave says the thread about this voter database was recently removed from the forum. “Most likely, the forum administrator did that to avoid unnecessary attention from researchers and law enforcement agencies,” the researchers say. “However, we established contact with the seller who said the voter database is still available to purchase."

Database Updates

GreenMoon2019 is an English-speaker who has been a member of since 2019, Trustwave reports.

The threat actor has been updating this voter database for at least a year, apparently using data leaks as well as publicly available information, the researchers say.

Sigler says someone with basic database management skills could easily correlate data across multiple databases using open-source tools.

Purchases Made

Trustwave says it has tracked GreenMoon2019 completing sales of databases.

"We obtained his Bitcoin wallet history, which shows several transactions that match the prices he is soliciting for the databases, so at the very least, other cybercriminals have these databases and are most likely using them," Sigler says.

James McQuiggan, security awareness advocate at KnowBe4, believes the massive list of voter information would be attractive to fraudsters interested in waging phishing campaigns.

"With this information available to cybercriminals, there could be an immense number of phishing or socially engineered emails sent to the American public,” he says.

Voters Beware

Federal agencies have issued a steady stream of alerts warning voters of attempts to spread disinformation and discredit the election results. On Thursday, the FBI said Iran has obtained Americans' voter registration data and is using it in an attempt to push misinformation before the Nov. 3 presidential election (see: US Alleges Iran Sent Threatening Emails to Democrats).

In late September, warnings about potential disinformation campaigns designed to manipulate public opinion, discredit the electoral process and undermine confidence in U.S. democratic institutions were issued by the FBI and Department of Homeland Security (see: FBI, CISA Again Warn of Election Disinformation Campaigns this month).

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.