The Intercept just published a bombshell report based upon a leak of a classified report by the NSA, indicating that Russians had attempted to hack into voter databases using phishing schemes against vendors of software used for electronic polling books.
The Intercept based their reporting on a leaked NSA document created in May, 2017, which was more specific about the methods and targets used by the Russians than anything previously known. There was no doubt in the mind of the analysts that the Russian government was behind the hacks.
The NSA has now learned, however, that Russian government hackers, part of a team with a “cyber espionage mandate specifically directed at U.S. and foreign elections,” focused on parts of the system directly connected to the voter registration process, including a private sector manufacturer of devices that maintain and verify the voter rolls. Some of the company’s devices are advertised as having wireless internet and Bluetooth connectivity, which could have provided an ideal staging point for further malicious actions.
VR Systems, a vendor to several states -- some of which were swing states -- was a specific target.
So on August 24, 2016, the Russian hackers sent spoofed emails purporting to be from Google to employees of an unnamed U.S. election software company, according to the NSA report. Although the document does not directly identify the company in question, it contains references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states.
While there's no evidence that any machines were breached, there are still major concerns about the complicated efforts to access the voter database and possibly other systems.
Although the NSA report indicates that VR Systems was targeted only with login-stealing trickery, rather than computer-controlling malware, this isn’t necessarily a reassuring sign. Jake Williams, founder of computer security firm Rendition Infosec and formerly of the NSA’s Tailored Access Operations hacking team, said stolen logins can be even more dangerous than an infected computer. “I’ll take credentials most days over malware,” he said, since an employee’s login information can be used to penetrate “corporate VPNs, email, or cloud services,” allowing access to internal corporate data. The risk is particularly heightened given how common it is to use the same password for multiple services. Phishing, as the name implies, doesn’t require everyone to take the bait in order to be a success — though Williams stressed that hackers “never want just one” set of stolen credentials.
There's much more in the report, which you can read here.
Just after the report was published, the FBI announced they arrested the woman they believe leaked it to The Intercept.
Apparently they found a trail which included email communication from Ms. Winner to The Intercept, which led to an arrest. Via the DOJ release:
Winner is a contractor with Pluribus International Corporation assigned to a U.S. government agency facility in Georgia. She has been employed at the facility since on or about February 13, and has held a Top Secret clearance during that time. On or about May 9, Winner printed and improperly removed classified intelligence reporting, which contained classified national defense information from an intelligence community agency, and unlawfully retained it. Approximately a few days later, Winner unlawfully transmitted by mail the intelligence reporting to an online news outlet.
Once investigative efforts identified Winner as a suspect, the FBI obtained and executed a search warrant at her residence. According to the complaint, Winner agreed to talk with agents during the execution of the warrant. During that conversation, Winner admitted intentionally identifying and printing the classified intelligence reporting at issue despite not having a "need to know," and with knowledge that the intelligence reporting was classified. Winner further admitted removing the classified intelligence reporting from her office space, retaining it, and mailing it from Augusta, Georgia, to the news outlet, which she knew was not authorized to receive or possess the documents.
The arrest confirms the validity of the NSA report. At the same time, it seems strange and bizarre that the leaker of the report is arrested within minutes of the publication of key parts of it in The Intercept, because she emailed them from her work computer.
Still, take this NSA report and combine it with the possibility of collusion between the Trump campaign and Russia. Winner's arrest confirms the report is authentic and true. If the campaign is shown to have been colluding with Russia, there are a lot more folks in need of arrest, trials, and long prison sentences, including the guy who occupies the White House.