Leaked Report Suggests Russian Hackers Breached Voting Software Firm

(CN) — Russian hackers attacked at least one U.S. voting software supplier days before last year’s presidential election, according to a classified government intelligence report leaked Monday.

The National Security Agency report, which was published online by The Intercept, suggests election-related hacking penetrated further into U.S. voting systems than previously known.

It says Russian military intelligence attacked a U.S. voting software company and sent spear-phishing emails to more than 100 local election officials in late October and early November.

According to the five-age document, Russian military intelligence “executed cyber espionage operations against a named U.S. company in August 2016 evidently to obtain information on elections-related software and hardware solutions, according to information that became available in April 2017.”

The hackers then used data from that operation to create a new email account to launch a spear-phishing campaign targeting U.S. local government organizations, the report said.

“Lastly, the actors send test emails to two non-existent accounts ostensibly associated with absentee balloting, presumably with the purpose of creating those accounts to mimic legitimate services,” it said.

“Russian intelligence obtained and maintained access to elements of multiple U.S. state or local electoral boards,” it continued. The Department of Homeland Security “assesses that the types of systems Russian actors targeted or compromised were not involved in vote tallying.”

The Intercept contacted NSA and the national intelligence director’s office about the document and both agencies asked that it not be published. U.S. intelligence officials then asked The Intercept to redact certain sections. The Intercept said some material was withheld at U.S. intelligence agencies’ request because it wasn’t “clearly in the public interest.”

The authenticity of the document could not be independently verified Monday evening, but shortly after 6 p.m. Monday night the Justice Department announced it had filed a criminal complaint against Reality Leigh Winner, 25, a federal contractor from Augusta, Georgia, charging her with removing classified material from a government facility and mailing it to a news outlet,.

Winner was arrested by the FBI at her home on Saturday, June 3, and appeared in federal court in Augusta this afternoon, the Justice Department said.

“Exceptional law enforcement efforts allowed us quickly to identify and arrest the defendant,” said Deputy Attorney General Rod J. Rosenstein. “Releasing classified material without authorization threatens our nation’s security and undermines public faith in government. People who are trusted with classified information and pledge to protect it must be held accountable when they violate that obligation.”

According to the riminal complaint, Winner was a contractor with Pluribus International Corporation assigned to a U.S. government agency facility in Georgia. She has been employed at the facility since on or about February 13, and has held a Top Secret clearance during that time.

The Justice Department says that on or about May 9, Winner printed and improperly removed classified intelligence reporting, which contained classified national defense information from an intelligence community agency, and unlawfully retained it. A few days later, the government says, Winner unlawfully transmitted by mail the intelligence reporting to an online news outlet.

Winner’s attorney, Titus Thomas Nichols, declined to confirm whether she is accused of leaking the NSA report received by The Intercept when contacted by the Associated Press. He also declined to name the federal agency for which Winner worked.

“My client has no (criminal) history, so it’s not as if she has a pattern of having done anything like this before,” Nichols told the AP. “She is a very good person. All this craziness has happened all of a sudden.”


%d bloggers like this: