Republican Data Broker Exposes 198M Voter Records

Almost 200 million voter profiles culled by Republican data broker Deep Root Analytics were left exposed on an Amazon S3 server.

Detailed voter profiles of 198 million voters were left exposed on an Amazon S3 account by Republican Party-affiliated data broker Deep Root Analytics. The discovery was made by Chris Vickery, cyber risk analyst at security firm UpGuard.

“This was one of the most data rich datasets I’ve ever found,” Vickery told Threatpost. “It’s the kind of information that would allow you to micro-target a campaign and win elections.”

Vickery said more than 1.1 terabytes of data was exposed and was chockfull of sensitive information that includes voter names, addresses, birth dates, religious affiliations, TV viewing habits, stances on political issues such as US energy independence, and views on President Donald Trump’s proposed policies.

In a statement issued Monday, Deep Root Analytics acknowledged it was the owner of the data and took full responsibility for exposing it. “Through this process, which is currently underway, we have learned that access was gained through a recent change in asset access settings since June 1,” it read in part.

“The data that was accessed was, to the best of our knowledge, this proprietary information as well as voter data that is publicly available and readily provided by state government offices.

Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access,” Deep Root Analytics wrote.

Vickery said that the data went far beyond just publicly available voter registration information and had been enhanced significantly with about 50 different categories. He added, information that was part of his discovery also included a long list of clients such as the American Crossroads Super PAC and at least 15 other clients identified by only last names, such as Cheney, Ayotte and Heck.

According to UpGuard’s Cyber Risk Team, which¬†revealed the discovery Monday, data-brokers Deep Root Analytics worked on the behalf of the Republican National Committee (RNC) and specifically contributed to the Donald Trump election campaign. “There is so much here. It sprawls so deep and so far. It goes all the way to the RNC itself. This shows so much of the inner workings of the RNC,” Vickery said.

Vickery has a long history of uncovering insecure voter records. In June 2016, he found a database of 154 million U.S. voter profiles on an unprotected server, and in February 2016, he found a database of 191 million voters that was traced back to the data broker NationBuilder.

Researchers said while the data was owned by Deep Root Analytics, it was enhanced through relationships with two other Republican contractors, TargetPoint Consulting and Data Trust. According to Deep Root Analytics’ website, it specializes in TV advertising and has the ability to understand “media consumption data.”

“Data is shared between these companies. Part of the licensing agreement to use this data says anything they enhance this data with they have to hand it back to Data Trust,” Vickery said. “And then that gets shared with the next group. It’s a big trading and sharing program that uses loopholes to get around campaign influence laws.”

Vickery said he found the voter data by scouring the internet for insecure databases on Amazon Web Services by focusing his attention on URL strings ending in some combination of “DRA” (for Deep Root Analytic) and “DW” (for Data Warehouse).

“The data repository, an Amazon Web Services S3 bucket, lacked any protection against access. As such, anyone with an internet connection could have accessed the Republican data operation used to power Donald Trump’s presidential victory, simply by navigating to a six-character Amazon subdomain: ‘dra-dw,'” the report stated.

He said it is impossible to know, independently, how long the data was exposed for. “All we know is that the data was incredibly detailed. In the wrong hands this information could be extremely helpful for targeting voters or for phishing attacks.”

Suggested articles