Trustwave is probably not a company you’ve ever heard of, but you’re definitely going to be hearing about them for the next few months. They claim that they have found a hacker on the dark web selling the personal information of over 200 million Americans – so nearly all adult Americans, including the voter registration information of over 185 million.
The data seems to have come from a mix of sources. Some of it is material stolen and disseminated in various hacks over recent years. But much of it isn’t, being instead the publicly available information that legitimate companies buy and sell about you every day. Phone numbers, addresses (physical and email), incomes, household composition, ages, shopping preferences, these are all the products of many companies that you voluntarily trade with every day. But the voter registration data is concerning, especially in the wake of a number of targeted, threatening emails received by voters registered as Democrats in Alaska and Florida.
(According to National Intelligence Director John Ratcliff, those emails came from Iran, posing as the white supremacist group Proud Boys.)
And the sheer mass of this collation of data, all for sale from a single source and so close to a vital election, is alarming.
“An enormous amount of data about U.S. citizens is available to cybercriminals and foreign adversaries,” said Ziv Mador, the vice president of security research at Trustwave.
Watching for sales of this sort is part of what Trustwave does, monitoring the so-called dark web – the part of the internet designed to be hard to stumble upon and harder to track – for threat information and red flags. According to their research, the individual or group selling the data, who goes by the username Greenmoon2019, has been paid over $100 million in Bitcoin for this and other services.