Fake 'Russian Hack' Of Public Michigan Voter Rolls Gets Absurdly Overhyped On The Interwebs

from the good-old-fashioned-freak-out dept

On Tuesday morning a story began making the rounds indicating that Russian hackers had somehow managed to hack into Michigan's election systems, gaining access to a treasure trove of voter data. Russian newspaper Kommersant was quick to proclaim that nearly every voter in Michigan -- and a number of voters in additional states -- had had their personal information compromised. The report was quickly parroted by other outlets including the Riga-based online newspaper Meduza, which insisted that the breach was simply massive:

"Russian hackers have leaked the personal data of nearly every voter in Michigan (7.6 million of the state’s 7.8 million voters), as well as the information of another million voters in Arkansas, Connecticut, North Carolina, and Florida, according to the newspaper Kommersant. The data recently appeared on a Darknet forum, posted by a user nicknamed “Gorka9.” The information was current as of March 2020 and a source at the security firm “InfoWatch” confirmed to Kommersant that the data is authentic.

For each American voter targeted in the leak, the following information is now available: full name, date of birth, sex, date of registration, home address, zip code, email address, voter ID number, and polling station number."

The reports also insisted that hackers were then exploiting the U.S. Rewards for Justice Program to get paid for bringing the hack to the attention of the U.S. government. From there, the story quickly ballooned across Twitter, thanks in part to journalists:

The problem? This data was already either widely available, or available via a basic Freedom of Information Act (FOIA) request. Much like the recent hysteria over TikTok (in which many people act as if banning the app prohibits China from accessing U.S. user data that's available pretty much everywhere thanks to our crap privacy and security standards), people that actually study or report on infosec for a living were then forced to try and do damage control by adding useful context. That context being that the ease in which anybody could obtain this data means it doesn't actually hold much value:

The disconnect between those that cover infosec for a living, and those who engage in security or privacy tourism on Twitter was a bit jarring:

The one truly interesting bit, that the U.S. tip line was being exploited to pay hackers for directing them to publicly accessible data, is far more interesting and will require additional reporting. Meanwhile, the Michigan Department of State was forced to issue a statement noting it was never hacked, and urging internet users to exercise a little better judgement in terms of what they choose to hyperventilate over:

All told, just another day on the internet. Granted, our non-transparent and dodgy election security systems in many states still pose a genuine threat to U.S. security. A threat that's not being fully addressed due to the fact we seem to have idiotically made basic election security a partisan issue. But freaking out over inflated claims of hacks that never happened sure as hell isn't helping to fix that problem.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: fact checking, hacks, journalism, michigan, russia, voter rolls