Virginia, other states reviewing election systems for signs of intrusion

Adjust Comment Print

In a statement, NASS urged federal agencies to notify local election officials about the hacking attempts, which the newly leaked documents show the NSA knew about by April of this year.

David McManus, a Republican chairman of Maryland's State Board of Elections, said while no hacking attempts were identified in his state, he's concerned enough about the NSA report's findings to have state election systems reviewed for security.

CNN reported Tuesday that an NSA memo, dated May 5, provides details of a 2016 Russian military intelligence cyberattack on a USA voting software supplier.

A leaked National Security Agency report reveals that IL, along with seven other states, is investigating the possibility that Russian Federation hacked into its elections. It also suggests that attackers may also have been laying groundwork for future subversive activity.

According to an AP analysis of the document's contents by University of MI computer scientist J. Alex Halderman, the actions taken by the Russian hackers could have theoretically enabled them to "steal" votes by directly targeting electronic voting machines.

"We did receive an email on November 7, 2016, however, (we) did not open the attachment", Lewis said.

Computer scientists have proven in the lab that once sophisticated attackers are inside an election network, they could manipulate pre-election programming of its systems and alter results without leaving a trace.

Homeland Security Secretary John Kelly said Tuesday that his predecessor's designation of voting systems in 8,000 jurisdictions across the country as a vital industry - like banking, telecommunications or the power grid - is getting so much pushback, he might reconsider his original decision to go along with it.

Attempts by Russian Federation to "break into a number of our state voting processes" was "broad-based", he said, without offering details.

A national intelligence report said Russian military agents tried to hack the Collier County computers along with Hillsborough, Pasco, Citrus, Clay, and Volusia counties.

Soon after the report was published on The Intercept, the Trump administration announced the arrest of intelligence contractor Reality Leigh Winner, 25, on charges of violating the espionage act. While the company is unnamed, there are references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment. Apparently exploiting technical data obtained in that operation, the cyber spies later sent phishing emails to more than 100 local US election officials just days ahead of the November 8 vote, intent on stealing their login credentials and breaking into the their systems, the document says. The emails included an attached Microsoft Word document infected with malware that appeared to be a user manual but if opened could give hackers wide access to a computer. No evidence of tampering emerged in the worst-hit state, Illinois.

As recently as last week, Russian President Vladimir Putin has categorically denied Russian involvement in US elections on a state level.

In Virginia, state Elections Commissioner Edgardo Cortes, said he could not comment on whether any local officials were targeted by the phishing emails, but he said he was not aware of any breaches. Ion Sancho, who retired as Leon County supervisor in December, said he later learned from industry contacts that it was VR Systems. The NSA document says at least one account was likely compromised.

VR Systems provides electronic voter check-in software to 64 of Florida's 67 counties. The issue forced officials to abandon the system, issue paper ballots and extend voting hours. They claim internet-connected voter registration databases are the most obvious vulnerability, as evidenced by targeted attacks on voter databases in at least 20 states a year ago.

Someone trying to cause chaos and discredit an election could delete names from registration rolls prior to voting - or request absentee ballots en masse. That could force voters to file provisional ballots, and provoke long lines. Sanders said in initial checks, elections officials haven't discovered any evidence that employees received an email with the infected Word document, and they've discovered no irregularities in their data.

Satter reported from Paris.