“Vote early and often” has been attributed to one of Illinois’ noted gangsters, Al Capone. Databases containing sensitive US voter information from multiple counties in Illinois were openly accessible on the Internet, revealing 4.6 million records. Cyber Researcher Jeremiah Fowler has discovered. These included driver's license numbers as well as full and partial Social Security Numbers and documents like death certificates and included voter records, ballots, multiple lists, and election-related records.
Fowler determined that all the counties appear to contract with an Illinois-based election management service called Platinum Technology Resource. This service provides voter registration software, other digital tools, and services like ballot printing.
Suspecting that other counties might be inadvertently exposing similar data, Fowler replaced the county name in the database format and discovered 13 publicly accessible databases and an additional 15 that were not publicly accessible. According to multiple news articles and Freedom of Information Act (FOIA) documents posted online, these counties have contracts with a company called Platinum Technology Resource. This company offers various services, including ballot printing, election management, and voter registration software.
The counties indicated in the exposed databases also offer a voter information portal that redirects to a domain indicating “Platinum vrms”, which he speculates stands for “voter record management system”. To verify this, he called several county clerks’ offices and was informed that only one vendor (Platinum Technology Resource) manages their voter and election data known as Platinum Elections Services.
Once Fowler was reasonably sure who managed the database, he sent a responsible disclosure notice to Platinum Technology Resource. In a follow-up review the next day, he noticed the database was still publicly accessible. To identify other contact details, he found several additional FOIA documents indicating an Illinois-based technology company called Magenium is responsible for the technical support of Platinum Elections Services.
The exposed databases contained documents with lists of available or active voters, absentees, early mail-in voting records, and duplicate voters. Although there were no signs of any wrongdoing, protecting elections and voter data from cyber-attacks is crucial, which may include tampering with documents or using exposed voter information for fraud or misinformation.
Concerns about election tampering through a cyber-attack could undermine confidence in the accuracy and fairness of election outcomes, which is why the US government has deemed election data as critical infrastructure.
This article is shared at no charge and is for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
Comments