A top-secret NSA report obtained by The Intercept has revealed that Russian military intelligence launched a hacking campaign against at least one US voting software supplier and sent spear-phishing emails to over 100 local election officials. The cyberattacks took place just days before last November’s presidential election.
Back in January, the Director of National Intelligence said the Democratic National Committee (DNC) hack, which saw emails stolen from the DNC and Hilary Clinton campaign leaked online, was ordered by the Russian government. Following the release of a declassified joint report from the FBI and DHS in December, the Obama Administration announced sanctions against the country, including the expulsion of 35 Russian diplomats.
Today’s NSA report suggests the Russian hacks went deeper than previously realized, though it doesn’t reveal if they successfully affected the results of the election directly, as opposed to just influencing it through the DNC/Clinton leaks.
The report reveals that the hackers, posing as Google employees, sent spoofed emails to employees of a US election software company. While the firm isn’t identified, there are references to EViD, a product made by Florida-based VR Systems.
Seven employees received the emails, and while three were rejected by an email server, at least one account was likely compromised. Two months later, the hackers used the stolen information to set up a Gmail account designed to appear as if it came from an employee at VR Systems. They then sent 122 local government officials and organizations two Microsoft Word documents booby-trapped with trojans, which would allow the hackers to access the computers of anyone who opened them. The NSA said it’s unclear how successful this secondary attack proved.
Another operation saw test emails sent to addresses at the American Samoa Election Office. It’s thought these were to determine whether the accounts existed before launching another phishing attack. The NSA believes the Russians were intent on“mimicking a legitimate absentee ballot-related service provider.”
While the report indicates the Russian General Staff Main Intelligence Directorate, or GRU, was behind the attacks, Vladimir Putin continues to deny his government’s involvement. The Russian President recently said “patriotic hackers” may have meddled in the US election.
It appears that the source of the leak has been identified. Not long after The Intercept’s report was published, the Department of Justice announced that 25-year-old federal contractor Reality Leigh Winner had been charged with removing classified material from a government facility and mailing it to a news outlet.
"The US Government Agency examined the document shared by the News Outlet and determined the pages of the intelligence reporting appeared to be folded and/or creased, suggesting they had been printed and hand-carried out of a secured space," the affidavit reads. Six people printed the report, but only Winner mailed the news outlet. She has admitted to the leak.