Leaked NSA documents detail Russian efforts to hack into electronic voter booths in the days before the U.S. election, but there appears to be a limit to the impact that technological intrusion could have had.
According to the report, this is how the operation worked: Hackers planned to pose as representatives of a company selling the e-voting machines in emails sent to local government employees. In order to appear legitimate, the hackers breached the network of a tech firm selling electronic voting machines using a similar “spear-fishing” tactic to those used on John Podesta, Hillary Clinton’s campaign chairman.
The explosive report, obtained by The Intercept, asserts that hackers believed to be associated with Russian military intelligence, the GRU, infiltrated VR Systems, which manufactured voter registration machines used in eight states in the 2016 election.
Hackers then used e-mails harvested from the hacked accounts to send emails to 122 local election officials on October 31 and November 1 with attached documents that claimed to be instructions on how to use software to check a voter’s registration status. According to the NSA report dated May 5th, the attachments actually contained malware that would give the hackers full access to the election officials’ computer once the files were opened.
According to The Intercept, hackers could have attempted to prevent voters from registering on Election Day by taking advantage of the machines’ Wi-Fi and Bluetooth vulnerabilities, but there’s no indication that happened. To have an impact on the overall election, hackers would need incredibly precise information—nearing the point of foresight—as to which counties in the eight states were close enough to be tipped in either direction without it being traceable.
The NSA doesn’t draw any conclusions as to whether or not the cyber intrusions had any outcome in the election, acknowledging there’s much that remains unknown about the GRU operation to target the local officials and what information, if any, was gathered.
This article was featured in the InsideHook newsletter. Sign up now.