The Rise Of Politically Identifiable Information

Next: Breach Detection Times Have Not Improved
Previous: The Security Industry Mindset: Black Hat 2015 vs....
Enormous amounts of compromised political information are floating around the dark web. And no one wants to talk about it.
Writer Emily W.
July 19, 2016

Emily serves as the VP of Research at Terbium Labs. With a background in International Relations, Emily alternates between quiet rants about Russian politics and foreign policy, while crafting blog posts about the realities of the Dark Web (hint: red rooms aren't real).

During the Super Tuesday primaries this year, while everyone was focused on the latest results, someone quietly leaked the names, home addresses, and contact information for every GOP delegate in a western state. The list was up for a day or two, and then went away, with no one in the media the wiser.

As the Republican National Convention gets underway, we are keeping a close eye on the appearance of new and politically relevant data. The leak of delegates during the primaries is a single data point in a long election cycle of data breaches and political leaks. Donald Trump was doxxed, and server information for his properties was exposed. A list reported to be his email contacts showed up online with names, positions, and contact information. The now infamous DNC breach resulted in a series of document leaks, with more appearing every week. What’s next?

These are only a small portion of the political PII that appears on the dark web day to day. Admittedly we’re seeing more as the election approaches - and we expect to see at least one more big leak sometime during the conventions, with another appearing as we head into election day. These election leaks are not outliers, however. We regularly see dumps of state and local government officials, the staff of a senator or interns of a congresswoman, or perhaps a detailed list of family members for an unpopular governor.

The politicians are exposed. The delegates are exposed. And, more pressingly, the voters are exposed.

Voting databases have also been in the news over the last several months, as one country or state after another faces issues with misconfigured databases or exploited voter lists - not the least of which is the 191 million records exposed at the end of 2015. These voting databases contain detailed personal information, voting history, and party affiliations, along with voter ID numbers. Voting databases aren’t the only source of exposure. Right now, there’s a full state’s Driver’s License database for sale on one of the major dark web markets, providing all of the same information accessible through a voter database.

Around the world and at a convention center in Ohio, all eyes are on the candidates. In the next few days we should have a final answer on the Republican nominee. The real question is, who’s watching their data?

analysis January 08, 2019
New Commodities, New Consequences: Child Data on the Dark Web

analysis December 06, 2018
The Year Ahead: Developments in the Dark Web Data Trade

Sensitive data had a very bad year in 2018—and the year isn’t over yet. With the increase of large-scale breaches, what drives the underground economy for data on dark web markets? How will that...