.jpg?disable=upscale&width=1200&height=630&fit=crop "Iraqi Voter Information Hacked and Found for Sale Online")
Recent findings from a team of researchers shed light on a major security breach involving the sale of Iraqi voter data following a cyberattack on the country’s Independent High Electoral Commission (IHEC). Resecurity, the cybersecurity firm behind the discovery, revealed that a 21.58 GB database containing Iraqi voter cards and personally identifiable information was being hawked on the dark web. They also uncovered a customized software client designed for IHEC’s “Operations & Data Management Department.”
The frequency of election cyber threats has risen dramatically in recent years, escalating from 10% in 2015 to 26% in 2022, which poses significant risks to democratic processes globally. These threats include the leakage of voters’ data, incidents driving influence campaigns, and attacks that render election systems unavailable.
Resecurity’s team, working with sources familiar with these digital record repositories, confirmed that the leak took place around 2019. They also discovered a similar Dark Web posting from 2022, although this data turned out to be corrupt. However, the latest illicit disclosure is the authentic deal.
According to Gene Yoo, chief executive of Resecurity, the acquired data is valid and contains vital information that was verified with law enforcement partners in Iraq. Translation from Arabic of the key fields in the database confirmed the presence of voting information, with details about voters (names, dates of birth), polling stations, and registration centers to collect votes, among other information.
But how did the breach occur? Resecurity believes that the compromise was most likely the result of an IT supply chain compromise involving technology from third-party suppliers that the threat actors hacked. Another possibility is that the leak came from an insider with access to IHEC infrastructure, as election infrastructure systems are generally isolated from the internet, making a remote hack less probable.
It is important to note that Iraq is gearing up for parliamentary elections scheduled in October 2025. The leaked voter data could be used by miscreants to create targeted propaganda and campaigns targeting specific segments of voters. Unlike compromised payment card data or passwords that can be changed in response to a hack, leaked voter data remains exploitable for years after the initial leak.
Resecurity’s report highlighted the deployment of cyberespionage groups, operating under the direction of nation-state actors, to target voter PII for electoral interference. According to them, this data is extremely valuable as it provides crucial demographic insights and context about target populations during both pre-election and post-election stages.
The issue of who is behind the voter data theft raises concerns, as potential suspects could include nation-state actors interested in destabilizing Iraq or domestic actors involved in protest activities. Resecurity pointed to Iran and dissident Kurd nationalists as the two most likely suspects, with some evidence pointing at the latter. They explained that several threat actors involved in the campaign are believed to originate from the Kurdistan region and speak Sorani, a Kurdish dialect.
This incident in Iraq is part of a larger trend of leaked voter information and electoral interference occurring across many countries, including the US, Indonesia, Israel, Turkey, and African nations, highlighting the significant global threat posed by cyber threats to elections.
It is evident that threat actors are actively trying to acquire and exploit voter data, prompting nations to bolster their defenses and remain vigilant. Resecurity’s researchers advise organizations and individuals to monitor their “Dark Web” data footprint and emphasize the importance of securing the IT supply chain of elections, including contractors involved in system administration and related vendors. These findings are crucial for ensuring the integrity of election processes and preventing unauthorized access to voter information.