Equifax And Voting: A Tale Of Two Breaches

By now, you might have heard about the Equifax data breach (boldface mine):

Equifax, which supplies credit information and other information services, said Thursday that a data breach could have potentially affected 143 million consumers in the United States…

The company said the exposed data include names, birth dates, Social Security numbers, addresses and some driver’s license numbers, all of which Equifax aims to protect for its customers

“Most often, security questions to access those websites use that data, like a previous address, so this becomes an open-source intelligence nightmare, worse in many ways than the Office of Personnel Management government breach. It’s nasty. If I can get my hands on that information I can call a bank. They’re going to ask me for your Social, address, the information that was leaked here, to get access.”

I never asked Equifax to take my data–I am not a customer. As with Facebook, I’m just a product. If there were ever a reason to tax data collection, this would be it.

But there’s another use for this information (boldface mine):

Online attackers may be able to purchase – for as little as a few thousand dollars – enough personal information to potentially alter voter registration information in as many as 35 states and the District of Columbia, according to a new Harvard study…

Armed with personal information obtained through legitimate or illegitimate sources, hackers could know enough to impersonate voters and change key information using online voter registration systems.

One tactic, researchers said, would be to simply change voters’ addresses, making it appear – to poll workers at least – as though they were voting at the wrong location. Those voters might be forced to cast provisional ballots, which in many circumstances are not counted

“If you look at the outcome of the 2016 election…there were several states where the margin of victory was within one or two or five percent,” she continued. “If you want to change the result in a state that was determined by less than one percent of the votes, what is the smallest number of changes you can make and where do you make them?

…Data sets containing voter names and demographic information like addresses, party affiliation and even gender can be purchased or downloaded – often from government sites themselves – for only a few dollars. For just $18,000, researchers were able to buy voter lists from all 35 states, and Washington, D.C., that allow online registration.

Those lists, however, don’t contain the personal information – like Social Security or driver’s license numbers – most states use to confirm a voter’s identity online. Finding that, Sweeney said, was as simple as forking over $40 per month for access to a commercial data broker site…

While it is possible to find the information needed to alter voter information through legal means, Sweeney said the dark Web offered one major advantage – cost.

For just $1,002, an attacker could purchase two datasets – one believed to have come from a massive data breach of credit bureau Experian – that contained the names, address, dates of birth, gender, and Social Security numbers of most adult Americans.

Armed with that information, Sweeney, Yoo and Zang said, attackers could theoretically access and alter the voting information of thousands of individuals. In some states, they found, it would cost a mere $1 to change one percent of voter records, while the median cost was just $41…

Although it may be relatively easy to gain access to the Social Security and driver’s license numbers needed to make changes to voter information, Sweeney said states may have additional security – such as having officials review and confirm address changes – that could halt an attack before major damage is done.

While those efforts may have so far been successful, Sweeney, Yoo and Zang, are urging states to take additional steps to protect against potential attacks. “A human may notice if a larger than usual number of changes appear, but what if the number is only a few more a day? A computer program might do better.” said Sweeney.

Thankfully, there’s no reason to think that other nations would attempt to affect the outcome of our elections. Also, there’s no long history of dirty tricks attempting to screw up minority voters, so there’s nothing to worry about.

The only way we will get around to securing our vote is when these problems affect white Republicans. Until then, we just better hope Von Bismarck’s aphorism of “God has a special providence for fools, drunkards, and the United States of America” still holds.

This entry was posted in Bidness, Fucking Morons, Resistance Rebellion And Death, Voting, We're Really Fucked. Bookmark the permalink.

1 Response to Equifax And Voting: A Tale Of Two Breaches

Comments are closed.