Russian hackers attacked at least one U.S. voting software supplier days before last year’s presidential election, according to a government intelligence report leaked Monday that suggests election-related hacking penetrated further into U.S. voting systems than previously known.
The classified National Security Agency report, which was published online by The Intercept, does not say whether the hacking had any effect on election results. But it says Russian military intelligence attacked a U.S. voting software company and sent spear-phishing emails to more than 100 local election officials at the end of October or beginning of November. […]
The document said Russian military intelligence “executed cyber espionage operations against a named U.S. company in August 2016 evidently to obtain information on elections-related software and hardware solutions, according to information that became available in April 2017.”
The hackers are believed to have then used data from that operation to create a new email account to launch a spear-phishing campaign targeting U.S. local government organizations, the document said. “Lastly, the actors send test emails to two non-existent accounts ostensibly associated with absentee balloting, presumably with the purpose of creating those accounts to mimic legitimate services.”
* On to the Illinois angle…
A new published report suggests a vendor for the Illinois elections board might have been compromised by Russian hackers seeking to attack voting systems here and in other states.
Russian hackers attacked the voting-software supplier days before last year’s presidential election, according to the classified National Security Agency report.
The report, published online by The Intercept, does not say whether the hacking had any effect on election results. But it says Russian military intelligence attacked a U.S. voting software company and sent spear-phishing emails to more than 100 local election officials at the end of October or beginning of November.
The company involved has contracts in eight states: Illinois, California, Florida, Indiana, New York, North Carolina, Virginia, and West Virginia, according to The Intercept. It was unclear whether any officials in Illinois might have received spear-phishing emails.
Illinois election officials acknowledged to The Washington Post last year that they discovered “an intrusion” into the state’s election system in July, months before the November election.
* The Hill…
Though the manufacturer victimized by the attack has its name masked throughout the report, contextual clues imply that it might be VR Systems.
The email account used to spearphish customers is listed as firstname.lastname@example.org, and the attack made use of malware-infected files with titles that reference to the EViD poll book system. The report makes reference to voter-registration themed phishing attacks against third parties possibly using information from the account, making it likely the company is somehow related to registration or voter roles.
VR’s website says EViD products were used in California, Florida, Illinois, Indiana, North Carolina, New York and Virginia. The company is based in Florida.
The NSA document alleges the GRU have hacked the voting systems company using a false Google alert requiring a target to enter login credentials. According to the report, it also attempted a parallel campaign using a false email account meant to be confused with a second company.
The report does not claim that voting machines were hacked, a once-popular post-election theory from Democrats, nor does it state whether the information pertaining to the voting systems could be used to hack those systems.
* What’s EViD?…
The EViD system is a network of electronic devices at voting sites communicating with each other and with the county’s voter registration system. The electronic devices—EViD stations—allow poll workers to quickly check in voters during early voting and on election day.
A voter’s voting history is transmitted immediately to the county database, eliminating the massive effort for post-election processing, and concerns about multiple votes.
With the EViD system, there’s no need for printed poll books: all the information you need is on the EViD. To check in a voter, the poll worker swipes their photo ID on an EViD station or types their name and birthdate on the onscreen keyboard. Using the ID data, the EViD system verifies the voter’s eligibility. Then it requests the voter’s signature on the electronic sig pad, and checks them in to vote.
* From the Intercept…
But a more worrying prospect, according to [Mark Graff, a digital security consultant and former chief cybersecurity officer at Lawrence Livermore National Lab], is that hackers would target a company like VR Systems to get closer to the actual tabulation of the vote. An attempt to directly break into or alter the actual voting machines would be more conspicuous and considerably riskier than compromising an adjacent, less visible part of the voting system, like voter registration databases, in the hope that one is networked to the other. Sure enough, VR Systems advertises the fact that its EViD computer polling station equipment line is connected to the internet, and that on Election Day “a voter’s voting history is transmitted immediately to the county database” on a continuous basis. A computer attack can thus spread quickly and invisibly through networked components of a system like germs through a handshake.