Russian government hackers hacked U.S. voting system manufacturer last August: NSA report

The second track was the hacking of the Democratic National Committee (DNC) and the Hillary Clinton campaign, and then publishing a mix of authentic and doctored documents on Wikileaks, coordinating the publication schedule with Julian Assange so as to inflict maximum damage on the Clinton campaign. Robert Mueller and several congressional committees are now investigating, among other things, whether operatives in the Trump campaign advised the Russian government hackers and Assange about which of the tens of thousands of documents stolen should be published on Wikileaks to hobble the Clinton campaign (see “Florida GOP operative asked for – and received — Russian hackers’ help in congressional race,” HSNW, 26 May 2017).

The NSA classified report now offers evidence that in addition to the massive disinformation campaign and the strategically tailored hacking campaign, Putin’s hackers were pursuing a third track: Interfering with the voting machines and vote counting.

The Intercept notes that the hacking of the DNC computers and the email accounts of senior Democrats during the campaign has been amply documented, but vote-tallying was believed to have been unaffected, despite the concerted effort exerted by the Russian government hackers.

The NSA report given to the Intercept offers details of one of possibly several cyberattacks by Russian military intelligence aiming to interfere with the process of voting and vote counting, and a subsequent attack, just days before the 8 November election, on 122 local campaign officials in several key states.

The first attack took place on 24 August, targeting Florida-based VR Systems, a company which manufactures electronic voter identification systems used by poll workers.

This attack “evidently [aimed] to obtain information on electronics-related software and hardware solutions,” the NSA report says.

VR Systems’ voter identification machines were used by jurisdictions in states which are firmly Republican or Democratic, like California, Illinois, New York, Indiana, and West Virginia – but, importantly, also by jurisdictions in key swing states like Florida, North Carolina, and Virginia.

The New York Times reports that the NSA says that the 24 August attack on VR Systems was most likely successful, and that the GRU hackers used the data, which was most likely obtained from hacking VR Systems, to set up and conduct the second set of cyberattacks, a “voter registration themed spear-phishing campaign targeting U.S. local government organizations.”

The NSA said that in late October or early November, the GRU hackers sent 122 local officials emails which looked as if they were sent by VR Systems. The emails contained attachments which, the email said, were updates to the voter identification systems’ manual and checklist. Downloading the attachment, the NSA says, would have downloaded malware from a remote server.

The NSA, using the GRU’s full name, says: “Russian General Staff Main Intelligence Directorate [GRU] actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.”

The Intercept notes the NSA requested a number of redactions in its publication of the document, and that the editors agreed to some of the redactions which were not clearly in the public interest.

The NSA’s assessment says that there is still uncertainty over how successful the Russian government operatives were in their hacking. The NSA also does not offer a conclusion about whether this third track of the Russian government interference affected the outcome of the election.

Security experts say that the suggestion that Russian government hackers may have gained access – even if limited access — to electronic voting systems is likely to increase worries about Russian interference in the 2018 mid-term and 2020 presidential election, as well as worries about growing Russian meddling in the election processes in other countries.

The Justice Department, in a deposition in support of the Winner’s arrest warrant, said: “On or about May 9, Winner printed and improperly removed classified intelligence reporting, which contained classified national defense information from an intelligence community agency, and unlawfully retained it. Approximately a few days later, Winner unlawfully transmitted by mail the intelligence reporting to an online news outlet.”

The statement added: “Once investigative efforts identified Winner as a suspect, the FBI obtained and executed a search warrant at her residence. According to the complaint, Winner agreed to talk with agents during the execution of the warrant. During that conversation, Winner admitted intentionally identifying and printing the classified intelligence reporting at issue despite not having a ‘need to know’, and with knowledge that the intelligence reporting was classified.

“Winner further admitted removing the classified intelligence reporting from her office space, retaining it, and mailing it from Augusta, Georgia, to the news outlet, which she knew was not authorized to receive or possess the documents.”