Trump lawsuit site to report rejected votes leaked voter data

[tarekma7]

 

The DontTouchTheGreenButton.com website just launched by the Trump campaign in relation to the recently filed Arizona "rejected votes" lawsuit was discovered to be leaking voter data.

 

The data included the voter name, address, and a unique identifier. However, reports have surfaced of users alleging the website has SQL Injection flaws that make it possible to collect a voter's SSN and date of birth.

 

"Hastily" launched website leaks data:

 

Over the weekend, President Trump's re-election campaign and the Republican National Committee filed a lawsuit in Arizona alleging the polling officials in Maricopa County had incorrectly rejected in-person votes on Election Day, by misusing a mechanical feature (a green button) of the voting machines.

 

“Poll workers struggled to operate the new voting machines in Maricopa County, and improperly pressed and told voters to press a green button to override significant errors,” said Matt Morgan, Trump 2020 campaign general counsel.

 

“The result is that the voting machines disregarded votes cast by voters in person on Election Day in Maricopa County,” alleged Morgan. 

 

To collect anecdotal evidence from voters who may have observed such behavior at the polling stations which validates what the lawsuit alleges,  the campaign set up a website to collect sworn declarations from voters.

 

The website DontTouchTheGreenButton.com requests personal information from voters, such as their name and address, phone number, email address, date of birth, and last 4 digits of social security number (SSN), and answers to multiple-choice questions. 

 

To limit the ability to submit declarations only to Maricopa County voters, the website lets users "search" for their name and auto-populate their address, as shown below:

 

 

The website lets a registered voter look their name up and auto-populate the address

Given voter records are already public information, the ability for anyone to look up this information is hardly surprising—although an obvious privacy concern.

 

However, the website used an API  that may make it possible to scrape voter information in bulk.

 

From bulk data collection to alleged SQL Injections

Provided the website was launched fairly quickly after the lawsuit was filed, some users are calling it "hastily set-up" and ridden with data leaks and SQL Injection flaws. 

 

BleepingComputer observed the data was being pulled from the server using Algolia REST API.

 

The exposed API key and Application ID in the request could let anyone programmatically run queries to scrape the voter data in bulk from the service.

 

 

The JSON data returned by the REST API contains a list of 5 voter names and addresses by default, along with unique identifiers based on the search query (e.g. first few letters of the voter's name).

 

In theory, one could make automated queries to download voter information by altering the hitsPerPage value shown above to a higher value, and do this repeatedly for different multi-letter combinations until they have crawled the entire data set.

 

 

This API used to retrieve voter information has since been removed from the DontTouchTheGreenButton.com site.

 

On Reddit, some users further alleged that the website was matching the name and address submitted against the last 4 digits of SSN entered by the user and exposing the partial SSN. 

 

Whereas, other users mentioned one could execute a SQL Injection attack against the website to obtain the SSN and Date of Birth information for voters.

 

BleepingComputer did not verify these additional allegations.

 

This event marks the second API leak incident this year concerning voter registration data.

 

Earlier this year, an API used by the Biden campaign's Vote Joe app was found to be leaking voter data that should have remained confidential. 

 

When launching a mission-critical website such as Donttouchthegreenbutton.com it may be a good idea to conduct a thorough security assessment to safeguard user data and privacy.

 

Source

[Karlston]

A reminder to members that political comments are against the Guidelines.

 

In this topic please remain on-topic, thanks.

[steven36]

If they stupid  enough to go  on some web site like DontTouchTheGreenButton and put there  personal info because some old fart  can't face realty  he lost  they  deserved  to be Pwn There Website security got rated an "F" at HTTP Observatory

https://observatory.mozilla.org/analyze/donttouchthegreenbutton.com

[cosy]

@Karlston

This is not a political forum

You can as well remove this topic.

We have many good things to do here or elsewhere as such topics

[steven36]

16 minutes ago, cosy said:

@Karlston

This is not a political forum

You can as well remove this topic.

We have many good things to do here or elsewhere as such topics

 Like a admin told me before political news per say is not ban from this site as long as its of news of a technical manner and this is   . The News dont cause problems  a post can't fight  in the comments  only people do .So its only against the rules  for members to talk about  politics in the comments. I don't think Open poster post this  news to cause problems they have a good track record  of only posting  news that is of a technical manner.

[Karlston]

11 minutes ago, cosy said:

This is not a political forum

You can as well remove this topic.

We have many good things to do here or elsewhere as such topics

 

As @steven36 has said, this article is about a data leak of voter records and how it happened. That makes it OK here.

[mp68terr]

Several threads already spoke about the 'failure' of the voting machines and how difficult it is to secure electronic votes. Why are these machines in use?

Even in a big country with many people voting, it should not take more than few hours to count the votes and transmit the result to central places.

How many people are voting per voting place?

[steven36]

I been here for years an

26 minutes ago, mp68terr said:

Several threads already spoke about the 'failure' of the voting machines and how difficult it is to secure electronic votes. Why are these machines in use?

Even in a big country with many people voting, it should not take more than few hours to count the votes and transmit the result to central places.

How many people are voting per voting place?

This has nothing to do with voting machines  it has to do with a non goverment  3rd party  site leaking data   . 3rd party sites leak data everyday  the  person this is for has history of his supporters  data leaking it's not the 1st time  but hopefully it will be one of the last times  .

 

It's a website  setup by his lawyers    but the problem  with the site was

Quote

Unfortunately the "Name" field reveals lists of voter names and addresses as you type

The  site is 403  all morning  here   it seems  to be offline  it  was 403  i checked long before  it  got posted here i seen a dispossession on this early on today.

 

Edit the site still   works as long as  you use a USA  IP   its 403  forbidden outside the USA.

[mp68terr]

8 minutes ago, steven36 said:

I been here for years an

This has nothing to do with voting machines  it has to do with a non goverment  3rd party  site leaking data   . 3rd party sites leak data everyday  the  person this is for has history of his supporters  data leaking it's not the 1st time  but hopefully it will be one of the last times  .

Yes, the leak itself has to do with a site. You're right. But the problem arises because of the improper use of the voting machines. If the voting machines can be used improperly IMHO they should not be used at all.

[steven36]

1 minute ago, mp68terr said:

Yes, the leak itself has to do with a site. You're right. But the problem arises because of the improper use of the voting machines. If the voting machines can be used improperly IMHO they should not be used at all.

That's  a whole  other  topic  and  that's a claim that  not been proved  yet .  Thats' the state job  to recount the votes  just like they recounted  them for Gore  when he lost he still  lost Trump deserves   due process just like others before him got  but   click jacking  peoples info on the web will never  hold up in court  someone can  steal info and put in those boxes even.

[mp68terr]

10 minutes ago, steven36 said:

That's  a whole  other  topic  and  that's a claim that  not been proved  yet .  Thats' the state job  to recount the votes  just like they recounted  them for Gore  when he lost he still  lost Trump deserves   due process just like others before him got  but   click jacking  peoples info on the web will never  hold up in court  someone can  steal info and put in those boxes even.

Cannot access the site and don't know what kind of machine was used there. Let's hope that there is a record of individual votes.

[steven36]

46 minutes ago, mp68terr said:

Cannot access the site and don't know what kind of machine was used there. Let's hope that there is a record of individual votes.

It has nothing to do with voting machines its a questionnaire that ask did you see a poll worker or not  at the place you voted , it has to do with people  , It ask  for your name ,  address from were  voted and the last digits of your SSN  but  it's a moot point because it's leaking  people who fills it info out. there not claiming  voting  machines  messed  up the vote.

 

There  saying people rigged the vote at the polls  by running them out of the  polls because they rules in place on how many people are allowed because of  the pandemic  . So they made them leave after they voted  and that why they made this website  out of suspicion  to try and get proof of it and its most likely nothing to there claims because from what i read  about it they ran the  left out the buildings  as well because of social  distancing rules. .

[Akaneharuka]

Is it possible that,If they use human instead of machine the voted result will be more secure ?

[Arachnoid]

12 minutes ago, Akaneharuka said:

Is it possible that,If they use human instead of machine the voted result will be more secure ?

 

The article is not about the voting machines and whether they are safer to use than the old manual system that would be another subject, but a poorly written website set up by Trump supporters that is leaking user data.