A top secret NSA document obtained by The Intercept reveals that days before the 2016 election, Russian military intelligence launched a cyberattack on the U.S. that “raises the possibility that Russian hacking may have breached at least some elements of the voting system, with disconcertingly uncertain results.”
It’s important to stress that while alarming, the report does not draw conclusions about how or if this attack impacted the election, or even if it was successful. The gist of the report is the Russians instigated a cyberattack on “at least one U.S. voting software supplier” and engaged in sending “spear-phishing emails to more than 100 local election officials.”
While we knew that the voter registration rolls had been compromised by the Russians, this document suggests that the “hacking may have penetrated further into U.S. voting systems than was previously understood.”
No inferences are made about how or if this impacted the actual vote tallying. However, the possibility is there with this statement, “Some of the company’s devices are advertised as having wireless internet and Bluetooth connectivity, which could have provided an ideal staging point for further malicious actions.”
The plan may or may not have been successful, but here it is as described in the report as reported by the Intercept, “(T)he Russian plan was simple: pose as an e-voting vendor and trick local government employees into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.”
The money quote, “However, the report raises the possibility that Russian hacking may have breached at least some elements of the voting system, with disconcertingly uncertain results.”
The report dovetails the report last fall that the Russians hacked a Florida based election-systems vendor, which VR Systems is and while the NSA report doesn’t identify the company, it references a product the Intercept notes is made by VR Systems (used by eight states).
This is but one hypothesis of many offered of what could have happened or been the goal of the Russians (that may or may not have been successful), but I’m highlighting it because we saw election pockets that turned key swing states (many of which are NOT serviced by VR Systems):
Such a breach could also serve as its own base from which to launch disruptions. One U.S. intelligence official conceded that the Russian operation outlined by the NSA — targeting voter registration software — could potentially have disrupted voting in the locations where VR Systems’ products were being used. And a compromised election poll book system can do more than cause chaos on Election Day, said Halderman. “You could even do that preferentially in areas for voters that are likely to vote for a certain candidate and thereby have a partisan effect.”
Stay tuned, things are getting very interesting.