Hacker breaches the US agency that certifies voting machines

The US EAC does not administer elections itself, but it does certify the machines used.

Sponsored Links

Andy Sacks via Getty Images
Andy Sacks via Getty Images

In the year of "rigged" election claims, security firm Recorded Future says it identified a Russian-speaking hacker attempting to sell accounts that have access to the US Election Assistance Commission. While may not be familiar with the EAC, it's the agency in charge of certifying voting machines and providing best practices used in elections. In a statement, the EAC confirmed it's aware of a "potential intrusion" and says it's working with law enforcement.

Screenshot of EAC internal site, obtained by Recorded Future

According to Recorded Future, a hacker going by the name Rasputin was trying to sell an unpatched system vulnerability, and it identified more than one hundred logins that were compromised. The hacker apparently used an SQL injection to obtain the list of logins and passwords that were eventually cracked. With that kind of access, someone could access testing plans and results for various voting machines. The EAC does not store voter's personal information or vote totals.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget