Russia's military intelligence agency infiltrated a US voting-software company and conducted a phishing campaign targeting more than 100 local elections officials, according to top-secret National Security Agency documents published by The Intercept. The cyberattacks occurred in the months and days before the US presidential election in November.
The US intelligence community concluded in January that top Russian authorities directed a hacking campaign against the US election infrastructure, including launching cyberattacks against the Democratic National Committee and the staff of candidate Hillary Clinton. The NSA documents published today offer a glimpse into how Russia actually attempted to infiltrate US elections systems, and what kind of information agents were interested in manipulating. The report does not state whether these attacks directly affected the results of the election.
The NSA said Russian hackers sent phishing emails in August to employees of a private US company that builds polling-place sign-in software. It was unclear whether this phishing attempt worked, though the agency concluded it likely compromised at least one account, considering there were subsequent attacks.
"The actors were probably trying to obtain information associated with election-related hardware and software applications," the NSA report reads.
The company isn't named, though as The Intercept notes, the report mentions EViD, a product used by Florida-based voting-software vendor VR Systems. EViD is "is a network of electronic devices at voting sites communicating with each other and with the county's voter registration system," the company says. EViD accesses information including voter registration status, name and address. VR Systems has contracts in California, Florida, Illinois, Indiana, New York, North Carolina, Virginia and West Virginia.
The hackers then set up an email account in the targeted company's name and sent two trojan-riddled Microsoft Word documents to 122 local government officials and organizations. This was likely around November 1st, the report reads.
"Given the content of the malicious email it was likely that the threat actor was targeting officials involved in the management of voter registration systems," the report says.
If someone opened one of the infected documents, it would trigger the invisible installation of additional malware that allows the hackers to constantly, quietly access the breached computer. The NSA says it's unclear whether this phishing campaign hooked anyone.
Russian intelligence agents toyed around with two additional hacking campaigns around the same time, one aimed at another US election company and the other targeting the American Samoa Election Office. These attacks appear to have stalled out and their associated email accounts deleted.
JUST IN: FBI has arrested and charged the woman they say leaked a Top Secret document to The Intercept, federal official tells NBC News.— NBC News (@NBCNews) June 5, 2017
As The Intercept's NSA documents made their way across the internet today, so did reports that the Federal Bureau of Investigation was bringing charges against the person who leaked the top-secret report. The FBI has arrested government contractor Reality Leigh Winner on charges she unlawfully printed and shared top-secret information with a news outlet.
"The US Government Agency examined the document shared by the News Outlet and determined the pages of the intelligence reporting appeared to be folded and/or creased, suggesting they had been printed and hand-carried out of a secured space," the affidavit reads. The agency noted six people had printed out the report at the office, and just one of them, Winner, had sent an email to the news outlet itself. Winner admitted to the leak, according to the affidavit.