* AP…
Russian hackers attacked at least one U.S. voting software supplier days before last year’s presidential election, according to a government intelligence report leaked Monday that suggests election-related hacking penetrated further into U.S. voting systems than previously known.
The classified National Security Agency report, which was published online by The Intercept, does not say whether the hacking had any effect on election results. But it says Russian military intelligence attacked a U.S. voting software company and sent spear-phishing emails to more than 100 local election officials at the end of October or beginning of November. […]
The document said Russian military intelligence “executed cyber espionage operations against a named U.S. company in August 2016 evidently to obtain information on elections-related software and hardware solutions, according to information that became available in April 2017.”
The hackers are believed to have then used data from that operation to create a new email account to launch a spear-phishing campaign targeting U.S. local government organizations, the document said. “Lastly, the actors send test emails to two non-existent accounts ostensibly associated with absentee balloting, presumably with the purpose of creating those accounts to mimic legitimate services.”
* On to the Illinois angle…
A new published report suggests a vendor for the Illinois elections board might have been compromised by Russian hackers seeking to attack voting systems here and in other states.
Russian hackers attacked the voting-software supplier days before last year’s presidential election, according to the classified National Security Agency report.
The report, published online by The Intercept, does not say whether the hacking had any effect on election results. But it says Russian military intelligence attacked a U.S. voting software company and sent spear-phishing emails to more than 100 local election officials at the end of October or beginning of November.
The company involved has contracts in eight states: Illinois, California, Florida, Indiana, New York, North Carolina, Virginia, and West Virginia, according to The Intercept. It was unclear whether any officials in Illinois might have received spear-phishing emails.
Illinois election officials acknowledged to The Washington Post last year that they discovered “an intrusion” into the state’s election system in July, months before the November election.
* The Hill…
Though the manufacturer victimized by the attack has its name masked throughout the report, contextual clues imply that it might be VR Systems.
The email account used to spearphish customers is listed as vr.elections@gmail.com, and the attack made use of malware-infected files with titles that reference to the EViD poll book system. The report makes reference to voter-registration themed phishing attacks against third parties possibly using information from the account, making it likely the company is somehow related to registration or voter roles.
VR’s website says EViD products were used in California, Florida, Illinois, Indiana, North Carolina, New York and Virginia. The company is based in Florida.
The NSA document alleges the GRU have hacked the voting systems company using a false Google alert requiring a target to enter login credentials. According to the report, it also attempted a parallel campaign using a false email account meant to be confused with a second company.
The report does not claim that voting machines were hacked, a once-popular post-election theory from Democrats, nor does it state whether the information pertaining to the voting systems could be used to hack those systems.
* What’s EViD?…
The EViD system is a network of electronic devices at voting sites communicating with each other and with the county’s voter registration system. The electronic devices—EViD stations—allow poll workers to quickly check in voters during early voting and on election day.
A voter’s voting history is transmitted immediately to the county database, eliminating the massive effort for post-election processing, and concerns about multiple votes.
With the EViD system, there’s no need for printed poll books: all the information you need is on the EViD. To check in a voter, the poll worker swipes their photo ID on an EViD station or types their name and birthdate on the onscreen keyboard. Using the ID data, the EViD system verifies the voter’s eligibility. Then it requests the voter’s signature on the electronic sig pad, and checks them in to vote.
* From the Intercept…
But a more worrying prospect, according to [Mark Graff, a digital security consultant and former chief cybersecurity officer at Lawrence Livermore National Lab], is that hackers would target a company like VR Systems to get closer to the actual tabulation of the vote. An attempt to directly break into or alter the actual voting machines would be more conspicuous and considerably riskier than compromising an adjacent, less visible part of the voting system, like voter registration databases, in the hope that one is networked to the other. Sure enough, VR Systems advertises the fact that its EViD computer polling station equipment line is connected to the internet, and that on Election Day “a voter’s voting history is transmitted immediately to the county database” on a continuous basis. A computer attack can thus spread quickly and invisibly through networked components of a system like germs through a handshake.
- 47th Ward - Tuesday, Jun 6, 17 @ 11:17 am:
I can’t believe the name of the leaker is really Reality L. Winner. She’s going to jail, for sure, but I mean, even Ian Flemming couldn’t come up with a name like that for one of his Bond characters.
You can’t make this stuff up.
- Last Bull Moose - Tuesday, Jun 6, 17 @ 11:34 am:
The possibilities of voter fraud now seem very real. This warrants a vigorous and thoughtful response. We need to make sure that our voting is free from foreign interference.
We are perfectly capable of electing fools without outside help.
- Put the fun in unfunded - Tuesday, Jun 6, 17 @ 11:48 am:
If true this is poll book software, which is NOT connected to the ballot counting, at least in DuPage where I have seen it used.
- Telly - Tuesday, Jun 6, 17 @ 11:49 am:
The senate held a subject matter hearing on this a month or two ago. It was actually pretty interesting and surprisingly, the state board of elections tech guys seemed to have a decent grasp of things.
The general consensus was the hackers were either engaged in identity theft or on an exploritory mission to see where they could go in the system. These latest reports, and the fact that no identity theft incidents have been reported, seem to indicate the latter is true.
- Archpundit - Tuesday, Jun 6, 17 @ 11:52 am:
The last paragraph is unclear. What is networked is the voter information not the actual vote counts. Hacking that can create big problems, but it still isn’t about tabulation which is not networked
- New McCarthyism - Tuesday, Jun 6, 17 @ 11:53 am:
Don’t blame the voters, it’s the Russians fault!
- Anotherretiree - Tuesday, Jun 6, 17 @ 11:53 am:
==47th==
Maybe Ian would’ve used Reality Galore and her accomplish Dirk Diggler ?
- Biker - Tuesday, Jun 6, 17 @ 11:54 am:
Let’s talk about North Carolina…
Cuz suddenly these voter registration verification laptop issues on election day seem interesting. And add to that the rest of the shenanigans, it’s worth the magnifying glass
http://www.businessinsider.com/north-carolina-voting-problems-2016-11
http://www.cleveland.com/politics/index.ssf/2016/11/with_broken_voting_machines_is.html
https://www.theatlantic.com/politics/archive/2016/11/north-carolina-early-voting/506963/
http://www.thedailybeast.com/north-carolina-gop-brags-racist-voter-suppression-is-workingand-theyre-right
https://www.theatlantic.com/politics/archive/2017/05/north-carolina-gerrymandering/527592/
https://www.washingtonpost.com/news/monkey-cage/wp/2017/05/08/why-did-trump-win-more-whites-and-fewer-blacks-than-normal-actually-voted/?utm_term=.454e8de6308c
- Rich Miller - Tuesday, Jun 6, 17 @ 11:55 am:
===Don’t blame the voters===
And that has what to do with what? Nobody says they changed the results here. It’s about how they’re poking around in our electoral software.
If you don’t care that the Russians appear to have hacked into our systems, then you’re just plain unAmerican. We used to call people like you traitors.
- titan - Tuesday, Jun 6, 17 @ 12:06 pm:
They seem to be mixing up the state board with one or more county/city election jurisdictions, and mixing up different incidents.
The EViD system is an electronic pollbook, and the state board doesn’t buy those. Some county or city election jurisdictions might have them, but not the state.
The state database problem that occurred last summer was not a spearphishing scam, it was an SQL injection through the state website -
http://www.elections.il.gov/Downloads/AboutTheBoard/PDF/08_26_16AgendaAmended.pdf
- Put the fun in unfunded - Tuesday, Jun 6, 17 @ 12:06 pm:
As a safeguards against hacking - from whatever source - our company uses two-factor authentication. Another reason to require voter id.
- Responsa - Tuesday, Jun 6, 17 @ 12:07 pm:
After Wikileaks President Obama told Putin in person in early September to “cut it out” and assured the public that Russian interference had been handled. This leak shows that Putin did not “cut it out.”
http://www.cnn.com/videos/politics/2016/12/16/obama-putin-cut-it-out-russia-hack-sot.cnn
- New McCarthyism - Tuesday, Jun 6, 17 @ 12:17 pm:
You’re horrible Rich. Whose fault is it that public policy allows election
software to be outsourced to unsecured vendor sites? Who makes these policy decisions?
We used to call people like you who pretend to be shocked by something that’s been going on for a long time on both sides dishonest.
- Anonymous - Tuesday, Jun 6, 17 @ 12:18 pm:
=We used to call people like you traitors.=
We still do
- FormerParatrooper - Tuesday, Jun 6, 17 @ 12:26 pm:
I understand why people are suddenly worried about Russian attempts to meddle in elections. This has been ongoing since the beginnings of the Cold War. The difference now is the new technology. We should have better safeguarded our systems from hacking because it doesn’t take much common sense to know enemies will exploit any weakness they find. We do the same type of cyber warfare as well.
And it looks like the weakest link was not the software, but people not trained well enough to recognize they were being targeted.
- Anonymous - Tuesday, Jun 6, 17 @ 12:27 pm:
=We used to call people like you traitors.=
We still do=
Anonymous McCarthyite coward must be the person who designed the security system for the IL software.
Sound like some serious projection with these traitor allegations.
- 51st ward - Tuesday, Jun 6, 17 @ 12:34 pm:
“If you don’t care that the Russians appear to have hacked into our systems, then you’re just plain unAmerican. We used to call people like you traitors”.
Careful Rich next thing you know the media and Democrat mouth pieces will be saying your living in the past. Remember : “The 1980s are now calling to ask for their foreign policy back because…the Cold War’s been over for 20 years.” that was Obama after Romney said Russia was our enemy. Hmmm was Romney right?
- cdog - Tuesday, Jun 6, 17 @ 12:35 pm:
We need a 21st Century Voting Act.
In the meantime,
remember that DHS has been proven to have hacked the Georgia election system*,
Vault 7 has proven that the CIA obfuscates IP addresses to appear Russian, Chinese, Iranian, etc., and
the US intelligence agencies are at the top of the list of entities that meddle with elections in other countries.
Concluding, with all that evidence to potentially falsify any claim of “knowing” who done it, why would a person not suspend belief?
Always best to know what you don’t know. Stay opened minded especially in current times.
Hopefully the “ruling party” can move past the current issues and tighten up things on this.
*http://www.pcworld.com/article/3148710/security/georgia-says-its-traced-an-attempted-voter-hack-to-dhs.html
- 47th Ward - Tuesday, Jun 6, 17 @ 12:36 pm:
===Democrat mouth pieces===
The proper word is “Democratic.” We prefer Democratic mouth pieces. Thanks.
Carry on.
- James Knell - Tuesday, Jun 6, 17 @ 12:48 pm:
Throughout history, outside threats like Napoleon, two world wars, and the cold war forced elites into national social contracts where power & wealth were shared. Ironic that Russian oligarchs and some American oligarchs have found common cause in undermining democracy. I wonder how this will end?
- @MisterJayEm - Tuesday, Jun 6, 17 @ 1:02 pm:
Anonymous commenters accusing anonymous commenters of cowardice for commenting anonymously is a compelling argument for ignoring anonymous commenters.
– MrJM
- Roman - Tuesday, Jun 6, 17 @ 2:06 pm:
- 47th Ward -
Silly you. Proper grammar, like science, is so overrated.
- CrazyHorse - Tuesday, Jun 6, 17 @ 2:21 pm:
==What is networked is the voter information not the actual vote counts. Hacking that can create big problems, but it still isn’t about tabulation which is not networked==
^^^This^^^
Still after months and months of investigations there is no evidence of a Trump-Russia collusion. This kind of story can confuse people into thinking Russian hackers somehow could have altered the vote counts. It’s just not the case. Our National Security Agency is already on the record saying there was absolutely no evidence that any actual votes were tampered with.
==If you don’t care that the Russians appear to have hacked into our systems, then you’re just plain unAmerican. We used to call people like you traitors.==
Personally, I don’t like Russian hacking AT ALL but we (not saying you here Rich) should be at least as outraged by the people leaking this classified info. If anyone deserves to be labeled traitors it is certainly them. Sadly, since the leaks are all designed to damage Trump and his administration, the vast majority of the heavily left-leaning MSM likely view the leakers as “Patriots” or “Whistleblowers”. They’re anything but. Well, at long last, at least one of these leakers has been arrested.
- Amalia - Tuesday, Jun 6, 17 @ 2:50 pm:
when your name is not in the system, it becomes difficult for you to vote. there are numerous stories of this in the Nov. election in key states. it may well be possible that the votes were tampered with by preventing people from voting. there is a persistent theme of erasure since Trump. stopping reporters from asking questions. taking voters names out of the system. the census to come could be an opportunity to erase people and take them from services due to less money available. if you prevent someone from doing something, you have done something. it’s just harder to track.
- CrazyHorse - Tuesday, Jun 6, 17 @ 3:35 pm:
==it may well be possible that the votes were tampered with by preventing people from voting.==
Again since the NSA has gone on record stating that they found absolutely ZERO evidence that any actual votes were tampered with that is the only foundation of facts we have to build on. Rather than unfounded theory about possible voter supression caused by Russian hackers, how about considering what some lifelong Democratic strategists like Axelrod and others have said about how the Russians didn’t stop Clinton from campaigning in Michigan and Wisconsin.
I mean Clinton lost to Bernie Sanders in Michigan and it was considered a monumental political upset. If that defeat didn’t raise a red flag to the Clinton team that there was work to be done in Michigan, then I guess it doesn’t surprise me that they would rather dabble in conspiracy theory than take a long, painful look in the mirror.
- A guy - Tuesday, Jun 6, 17 @ 4:41 pm:
This is no laughing matter and very serious. We need to know what was done and what effect it may have had in any instance, whether votes were affected or not. Though, there is consensus that votes were not tampered with.
Tough to see where Illinois was influenced. They’re either terrible at it or this race was closer than the blowout it was?? A milder blowout? From the article, Illinois (and California?) must’ve simply been collateral in a package of states where something might matter.
This is weird stuff and needs to be fleshed out.
- Mama - Tuesday, Jun 6, 17 @ 5:04 pm:
….But, but President Putin stated on TV that “Russia did not hack the U.S. election”, & there are people who believed him.
Why are we even asking him? If people don’t know that man is an enemy of the U.S. & a liar, there is no hope.
- Jeff Trigg - Tuesday, Jun 6, 17 @ 5:04 pm:
Stop whining about Russia Russia Russia and fix the biased election laws, that is IF you really care about the integrity of our elections.
Maybe the Russians will finally let independents get on the ballot in Illinois, unlike the Democrats. It wasn’t the Russians violating the 1st and 14th Amendments of the US Constitution for 25 years, illegally keeping competition off the Illinois ballot.
7th Circuit Court of Appeals
“In combination, the ballot access requirements for independent legislative candidates in Illinois–the early filing deadline, the 10% signature requirement, and the additional statutory restriction that disqualifies anyone who signs an independent candidate’s nominating petition from voting in the primary–operate to unconstitutionally burden the freedom of political association guaranteed by the First and Fourteenth Amendments. Ballot access barriers this high–they are the most restrictive in the nation and have effectively eliminated independent legislative candidacies from the Illinois political scene for a quarter of a century–are not sustainable based on the state’s asserted interest in deterring party splintering, factionalism, and frivolous candidacies”.
- Biker - Tuesday, Jun 6, 17 @ 5:38 pm:
Crazyhorse, wrong blog, this ain’t breitbart