(2017-06-05) Top Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election

Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election. Russian military intelligence executed a cyberattack on at least one U.S. voting machine software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept. (This led to Reality Winner arrest.)

The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.

The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document:

The NSA analysis does not draw conclusions about whether the interference had any effect on the election’s outcome and concedes that much remains unknown about the extent of the hackers’ accomplishments.

The report adds significant new detail to the picture that emerged from the unclassified intelligence assessment about Russian election meddling released by the Obama administration in January. The January assessment presented the U.S. intelligence community’s conclusions but omitted many specifics, citing concerns about disclosing sensitive sources and methods. The assessment concluded with high confidence that the Kremlin ordered an extensive, multi-pronged propaganda effort “to undermine public faith in the US democratic process, denigrate Secretary Hillary Clinton, and harm her electability and potential presidency.” (vs Donald Trump)

According to the Department of Homeland Security, the assessment reported reassuringly, “the types of systems we observed Russian actors targeting or compromising are not involved in vote tallying.”

The NSA has now learned, however, that Russian government hackers, part of a team with a “cyber espionage mandate specifically directed at U.S. and foreign elections,” focused on parts of the system directly connected to the voter registration process

references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states.

The emails contained Microsoft Word attachments purporting to be benign documentation for VR Systems’ EViD voter database product line, but which were in reality maliciously embedded with automated software commands that are triggered instantly and invisibly when the user opens the document. These particular weaponized files used PowerShell.

According to its website, VR Systems has contracts in eight states: California, Florida, Illinois, Indiana, New York, North Carolina, Virginia, and West Virginia.

Companies like VR are “very important” because “a functioning registration system is central to American elections

described such a hypothetical tactic as “effectively a denial of service attack” against would-be voters.

VR Systems advertises the fact that its EViD computer polling station equipment line is connected to the internet, and that on Election Day “a voter’s voting history is transmitted immediately to the county database” on a continuous basis. A computer attack can thus spread quickly and invisibly through networked components of a system like germs through a handshake.

And a compromised election poll book system can do more than cause chaos on Election Day, said Halderman. “You could even do that preferentially in areas for voters that are likely to vote for a certain candidate and thereby have a partisan effect.”

If there were a central U.S. election authority, it might have launched an investigation into what happened in Durham, North Carolina, on Election Day. The registration system malfunctioned at a number of polling locations, causing chaos and long lines, which triggered election officials to switch to paper ballots and extend voting later into the evening

Durham’s voter rolls were run by VR Systems — the same firm that was compromised by the Russian hack, according to the NSA document. Local officials said that a hack was not the cause of the disruption.

It appears to be user errors at different points in the process, between the setup of the computers and the poll workers using them.”

“It’s not just that [an election] has to be fair, it has to be demonstrably fair, so that the loser says, ‘Yep, I lost fair and square.’ If you can’t do that, you’re screwed,” said Bruce Schneier. “They’ll tear themselves apart if they’re convinced it’s not accurate.”