Russian government agents hacked a U.S. voting systems manufacturer last August, three months before the November 2016 presidential election, a highly classified NSA report details.
The document was given to the Intercept, by Reality Leigh Winner, 25, who has worked for Pluribus International Corporation in Augusta, Georgia, since 13 February. Pluribus has been a contractor for the NSA for a while, and in 2012 the NSA has opened a branch facility near August.
Winner was arrested and charged with removing classified material from a government facility and mailing it to a media outlet.
The Intercept writes: “The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.”
Vladimir Putin wanted to see his preferred candidate, Donald Trump, win the November election because he viewed Trump as more likely than Hillary Clinton to pursue policies which would be helpful to Russian interests: Weaken NATO, encourage the dismantling of the EU, undermine the post-WWII international economic order, and accommodate Russia’s preferences in central Europe and the Middle East.
Moreover, Trump’s political style and personal idiosyncrasies, the Russian leadership concluded, would further contribute to eroding the U.S. global leadership role.
The U.S. intelligence community says that it was this analysis by Putin of the choice he was facing – either Clinton or Trump as the next U.S. president – which led him to instruct the GRU and FSB, two or Russia’s intelligence agencies, to work to help Trump win.
The two organizations launched a two-track campaign:
One track was the creation of more than 1,000 websites dedicated to manufacturing and spreading damaging fake stories about Hilary Clinton, stories which were then repeated and amplified by the informal network of alt-right’s websites and radio talk shows (one such story cost Michael Flynn’s son his security clearance and future job at the NSC: Flynn junior retweeted to his followers the fake story about how Clinton was running a pedophile sex ring out of a Washington, D.C. pizzeria).
The second track was the hacking of the Democratic National Committee (DNC) and the Hillary Clinton campaign, and then publishing a mix of authentic and doctored documents on Wikileaks, coordinating the publication schedule with Julian Assange so as to inflict maximum damage on the Clinton campaign. Robert Mueller and several congressional committees are now investigating, among other things, whether operatives in the Trump campaign advised the Russian government hackers and Assange about which of the tens of thousands of documents stolen should be published on Wikileaks to hobble the Clinton campaign (see “Florida GOP operative asked for – and received — Russian hackers’ help in congressional race,” HSNW, 26 May 2017).
The NSA classified report now offers evidence that in addition to the massive disinformation campaign and the strategically tailored hacking campaign, Putin’s hackers were pursuing a third track: Interfering with the voting machines and vote counting.
The Intercept notes that the hacking of the DNC computers and the email accounts of senior Democrats during the campaign has been amply documented, but vote-tallying was believed to have been unaffected, despite the concerted effort exerted by the Russian government hackers.
The NSA report given to the Intercept offers details of one of possibly several cyberattacks by Russian military intelligence aiming to interfere with the process of voting and vote counting, and a subsequent attack, just days before the 8 November election, on 122 local campaign officials in several key states.
The first attack took place on 24 August, targeting Florida-based VRSystems, a company which manufactures electronic voter identification systems used by poll workers.
This attack “evidently [aimed] to obtain information on electronics-related software and hardware solutions,” the NSA report says.
VR Systems’ voter identification machines were used by jurisdictions in states which are firmly Republican or Democratic, like California, Illinois, New York, Indiana, and West Virginia – but, importantly, also by jurisdictions in key swing states like Florida, North Carolina, and Virginia.
The New York Times reports that the NSA says that the 24 August attack on VR Systems was most likely successful, and that the GRUhackers used the data, which was most likely obtained from hacking VR Systems, to set up and conduct the second set of cyberattacks, a “voter registration themed spear-phishing campaign targeting U.S.local government organizations.”
The NSA said that in late October or early November, the GRUhackers sent 122 local officials emails which looked as if they were sent by VR Systems. The emails contained attachments which, the email said, were updates to the voter identification systems’ manual and checklist. Downloading the attachment, the NSA says, would have downloaded malware from a remote server.
The NSA, using the GRU’s full name, says: “Russian General Staff Main Intelligence Directorate [GRU] actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.”
The Intercept notes the NSA requested a number of redactions in its publication of the document, and that the editors agreed to some of the redactions which were not clearly in the public interest.
The NSA’s assessment says that there is still uncertainty over how successful the Russian government operatives were in their hacking. The NSA also does not offer a conclusion about whether this third track of the Russian government interference affected the outcome of the election.
Security experts say that the suggestion that Russian government hackers may have gained access – even if limited access — to electronic voting systems is likely to increase worries about Russian interference in the 2018 mid-term and 2020 presidential election, as well as worries about growing Russian meddling in the election processes in other countries.
The Justice Department, in a deposition in support of the Winner’s arrest warrant, said: “On or about May 9, Winner printed and improperly removed classified intelligence reporting, which contained classified national defense information from an intelligence community agency, and unlawfully retained it. Approximately a few days later, Winner unlawfully transmitted by mail the intelligence reporting to an online news outlet.”
The statement added: “Once investigative efforts identified Winner as a suspect, the FBI obtained and executed a search warrant at her residence. According to the complaint, Winner agreed to talk with agents during the execution of the warrant. During that conversation, Winner admitted intentionally identifying and printing the classified intelligence reporting at issue despite not having a ‘need to know’, and with knowledge that the intelligence reporting was classified.
“Winner further admitted removing the classified intelligence reporting from her office space, retaining it, and mailing it from Augusta, Georgia, to the news outlet, which she knew was not authorized to receive or possess the documents.”
This article is published courtesy of Homeland Security News Wire.