Russian military intelligence carried out a last-ditch hacking campaign against U.S. election infrastructure in the days leading up to the 2016 presidential election, according to a top secret intelligence document.
The National Scrutiny Agency analysis, which was provided anonymously to The Intercept Monday and independently authenticated, is the most specific U.S. government account of Russian interference in the election that has been reported to date. It details the extent to which Russian cyber intelligence operatives may have penetrated various elements of the election system, including VR Systems, a Florida-based provider of electronic voting services and equipment used in eight states.
While it doesn’t show any underlying “raw” intelligence upon which the analysis is based, the NSA document reveals specifics about which elements of the Russian government were responsible for the hacking and what techniques were used, reports The Intercept.
In a summary statement, the analysis explains that Russian military intelligence, known as the GRU, conducted the cyber attacks described in the document:
“Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.”
The NSA document, dated May 5, 2017, doesn’t weigh in on whether the campaign had any effect on the outcome of the U.S. election, but it does raise fresh concerns that Russian hackers were able to breach elements of the voting system. It also directly contradicts Russian President Vladimir Putin’s repeated denials that Moscow has interfered in the elections of Western countries.
Putin admitted Thursday that “patriotic” individuals may have launched cyber attacks against Western governments in response to anti-Russian attitudes, but he dismissed accusations that Russian intelligence was responsible for election-related hacking. (RELATED: Putin: ‘Patriotic’ Hackers May Have Launched Cyber Attacks Against West)
The NSA report, however, makes it clear that GRU orchestrated a cyber attack against U.S. election infrastructure, reports The Intercept. A team within the GRU that had a “cyber espionage mandate specifically directed at U.S. and foreign elections” was determined to attack the systems connected to the voter registration process, including makers of devices that maintain and verify the voter rolls.
The hackers devised a spear-phishing scheme to send bogus emails to employees of an unnamed U.S. election software company, believed to be VR systems. GRU ultimately wanted gain access to local government computers through its hacking of the private company, reports the Intercept.
CNN originally reported the hack of a private election software company in October, but U.S. officials did not confirm the name of the firm at that time. Hackers connected to Russian intelligence carried out the attempted intrusions of state election sites, but the cyberattacks wouldn’t have affected the votes cast or the vote counts, FBI officials said.
Eric Geller, a cybersecurity reporter for Politico, noted that it is unlikely any voting machines themselves were connected to the compromised databases maintained by VR Systems.
I know of no confirmed case of a voting machine being accidentally connected to the internet. Direct remote hacking is *extremely* unlikely.
— Eric Geller (@ericgeller) June 5, 2017
The potential harm from attacks like those carried out by GRU is that they are effectively a “denial-of-service” attack on voters, according to election security experts. Pamela Smith, president of election integrity watchdog Verified Voting, told The Intercept that companies that manage voter rolls are an enticing target for anyone who wants meddle in the voting process.
“If someone has access to a state voter database, they can take malicious action by modifying or removing information,” she said. “This could affect whether someone has the ability to cast a regular ballot … and it may mean the voter has to jump through certain hoops such as proving their information to the election official before their eligibility is affirmed.”