Report suggests Russia hackers breached Illinois voting software firm

SHARE Report suggests Russia hackers breached Illinois voting software firm
passwordfatigue_2.jpg

AP photo illustration. | AP file photo

WASHINGTON — A new published report suggests a vendor for the Illinois elections board might have been compromised by Russian hackers seeking to attack voting systems here and in other states.

Russian hackers attacked the voting-software supplier days before last year’s presidential election, according to the classified National Security Agency report.

The report, published online by The Intercept, does not say whether the hacking had any effect on election results. But it says Russian military intelligence attacked a U.S. voting software company and sent spear-phishing emails to more than 100 local election officials at the end of October or beginning of November.

The company involved has contracts in eight states: Illinois, California, Florida, Indiana, New York, North Carolina, Virginia, and West Virginia, according to The Intercept. It was unclear whether any officials in Illinois might have received spear-phishing emails.

Illinois election officials acknowledged to The Washington Post last year that they discovered “an intrusion” into the state’s election system in July, months before the November election. From the Post story:

Although the hackers did not alter any data, the intrusion marks the first successful compromise of a state voter registration database, federal officials said. This was a highly sophisticated attack most likely from a foreign (international) entity, said Kyle Thomas, director of voting and registration systems for the Illinois State Board of Elections, in a message that was sent to all election authorities in the state. The Illinois hackers were able to retrieve voter records, but the number accessed was a fairly small percentage of the total, said Ken Menzel, general counsel for the Illinois election board. State officials alerted the FBI, he said, and the Department of Homeland Security also was involved. The intrusion in Illinois led to a week-long shutdown of the voter registration system. The FBI has told Illinois officials that it is looking at foreign government agencies and criminal hackers as potential culprits, Menzel said.

In the wake of the elections board issue, Gov. Bruce Rauner in mid-March released a new “strategic vision for cybersecurity” aimed at protecting all Illinois computer systems from hackers.

U.S. intelligence agencies declined to comment Monday on The Intercept report.

However, the Justice Department announced it had charged a government contractor in Georgia with leaking a classified report containing “Top Secret level” information to an online news organization.

The report the contractor allegedly leaked is dated May 5, the same date as the document The Intercept posted online.

The document said Russian military intelligence “executed cyber espionage operations against a named U.S. company in August 2016 evidently to obtain information on elections-related software and hardware solutions, according to information that became available in April 2017.”

The hackers are believed to have then used data from that operation to create a new email account to launch a spear-phishing campaign targeting U.S. local government organizations, the document said.

“Lastly, the actors send test emails to two non-existent accounts ostensibly associated with absentee balloting, presumably with the purpose of creating those accounts to mimic legitimate services.”

The document did not name any state.

The information in the leaked document seems to go further than the U.S. intelligence agencies’ January assessment of the hacking that occurred.

“Russian intelligence obtained and maintained access to elements of multiple U.S. state or local electoral boards,” the assessment said. The Department of Homeland Security “assesses that the types of systems Russian actors targeted or compromised were not involved in vote tallying.”

The Intercept contacted NSA and the national intelligence director’s office about the document, and both agencies asked that it not be published. U.S. intelligence officials then asked The Intercept to redact certain sections. The Intercept said some material was withheld at U.S. intelligence agencies’ request because it wasn’t “clearly in the public interest.”

The Associated Press could not confirm the authenticity of the May 5 NSA document, which The Intercept said it obtained anonymously.

Also on Monday, Reality Leigh Winner, 25, of Augusta, Georgia, was charged in U.S. District Court with copying classified documents and mailing them to a reporter with an unnamed news organization. Prosecutors did not say which federal agency Winner worked for, but FBI agent Justin Garrick said in an affidavit filed with the court that she had previously served in the Air Force and held a top-secret security clearance.

Winner’s attorney, Titus Thomas Nichols, declined to confirm whether she is accused of leaking the NSA report received by The Intercept. He also declined to name the federal agency for which Winner worked.

“My client has no (criminal) history, so it’s not as if she has a pattern of having done anything like this before,” Nichols said in a phone interview Monday. “She is a very good person. All this craziness has happened all of a sudden.”

In affidavits filed with the court, Garrick of the FBI said the government was notified of the leaked report by the news outlet that received it. He said the agency that housed the report determined only six employees had made physical copies. Winner was one of them. Garrick said investigators found Winner had exchanged email with the news outlet using her work computer.

Garrick’s affidavit said he interviewed Winner at her home Saturday and she “admitted intentionally identifying and printing the classified intelligence reporting at issue” and mailing it to the news outlet.

Asked if Winner had confessed, Nichols said, “If there is a confession, the government has not shown it to me.”

Contributing: Sun-Times staff

The Latest
The man was shot in the left eye area in the 5700 block of South Christiana Avenue on the city’s Southwest Side.
Most women who seek abortions are women of color, especially Black women. Restricting access to mifepristone, as a case now before the Supreme Court seeks to do, would worsen racial health disparities.
The Bears have spent months studying the draft. They’ll spend the next one plotting what could happen.
Woman is getting anxious about how often she has to host her husband’s hunting buddy and his wife, who don’t contribute at all to mealtimes.
He launched a campaign against a proposed neo-Nazis march at a time the suburb was home to many Holocaust survivors. His rabbi at Skokie Central Congregation urged Jews to ignore the Nazis. “I jumped up and said, ‘No, Rabbi. We will not stay home and close the windows.’ ”