Whistleblower Exposes The Russian Attempt To Hack 2016 Election

Just as we are having a discussion about Interstate CrossCheck and voter suppression, an NSA whistleblower named of Reality Winner (yes, that's her name apparently) leaked a top-secret internal NSA report to The Intercept that detailed an aspect of their investigation into Russia's involvement in the 2016 election. The internal report is dated May 5, 2017...so it's very new and according to The Intercept, "is the most detailed U.S. government account of Russian interference in the election that has yet come to light."

Reality Winner in Facebook photo

Reality Winner in Facebook photo

It's important to also note that the "raw data" that the report is based on was not leaked and there are still a ton of questions that remain unanswered. However, given the source of the document and the fact that it came via a whistleblower who now faces many years in prison, I'd say the information in it can be trusted. They caution that people shouldn't jump to conclusions, but we can now say for certain that there was indeed an attempt by Russian intelligence to "hack" the 2016 vote. Hack in the sense that they could influence the appearance of voter registrations to force particularly targeted people to use a provisional ballot (that may or may not be counted) instead of a normal ballot - essentially voter suppression.

So what does the report expose? It exposes that Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election!

The U.S. voting software supplier was a company by the name of VR Systems. Now VR Systems doesn't actually manufacture or control the voting machines used to cast votes, however, it is very important to note that they do sell the software and devices that verify and list who's permitted to vote when they show up on election day or to early vote. That should raise suspicion for anyone paying attention. VR Systems has contracts in 8 states, 3 of them were swing states - California, North Carolina, Florida, Virginia, West Virginia, New York, Indiana, and Illinois.

As I was reading the article from The Intercept, I wondered if VR Systems was the only target of Russian intelligence? We don't know because that would be information that is still classified, before the leaking of this NSA report, it was believed that Russia was involved in the various DNC email scandals. However, most were quick to knock down any discussion about whether or not the vote itself was impacted. That can now be legitimately argued after this leak. While this is not proof that votes were tampered with via voting machines, it is proof that an attempt was made at voter registrations.

But the story doesn't end there...

How was this pulled off and what could've been the possible end goal? According to the leaked report, the Russian plan was to pose as an e-voting vendor and trick local government employees into opening the Microsoft Word documents they sent them that were invisibly tainted with malware that could give hackers control over the infected computers.

This is where VR Systems comes in because before the hackers could send the fraudulent Word documents to local officials, they needed to get inside the servers of an election software vendor that they could pose as. So they sent spear-phishing emails to at least 7 people at VR Systems with the ultimate purpose of gaining their login credentials. The leaked NSA report, however, is unclear as to whether or not the attempt was fully successful, but at least one person we know took the bait. When it comes to phishing hacks, you don't necessarily need everyone you attack to take the bait. In this case, the seven VR Systems employees who were targeted were all likely people high enough up the chain of command to have whatever the hackers were needing to make their plot work properly with the local election officials.

In any event, the hackers apparently got what they needed. Two months later, on October 27, they set up an “operational” Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents obtained from the previous operation to launch a second spear-phishing operation “targeting U.S. local government organizations.” These emails contained a Microsoft Word document that had been “trojanized” so that when it was opened it would send out a beacon to the “malicious infrastructure” set up by the hackers.
— The Intercept

This was a two-part operation. Part 1 was successful enough to launch part 2 which took advantage of the fact that America's electoral system is decentralized.

The report states that hackers sent more spear-phishing emails to over 120 county officials involved in the management of voter registration systems. If opened, it would give the hackers a virtual backdoor to that computer that the user would be completely unaware of. They could trick the computer into downloading all sorts of malware that could impact voter registrations.

Now the article states that this hack itself wasn't that complicated and of "medium sophistication" that "practically any hacker can pull off." Don't think that just because the hack isn't complicated, then that somehow absolves any sort of connection to Russia. The NSA, however, is not sure if this step in the plot was actually successful and given the very recent age of the document itself...one can only assume this is what is currently still under investigation.

Mark Graff, a digital security consultant and former chief cybersecurity officer at Lawrence Livermore National Lab, described such a hypothetical tactic as “effectively a denial of service attack” against would-be voters. But a more worrying prospect, according to Graff, is that hackers would target a company like VR Systems to get closer to the actual tabulation of the vote. An attempt to directly break into or alter the actual voting machines would be more conspicuous and considerably riskier than compromising an adjacent, less visible part of the voting system, like voter registration databases, in the hope that one is networked to the other. Sure enough, VR Systems advertises the fact that its EViD computer polling station equipment line is connected to the internet, and that on Election Day “a voter’s voting history is transmitted immediately to the county database” on a continuous basis. A computer attack can thus spread quickly and invisibly through networked components of a system like germs through a handshake.

According to Alex Halderman, director of the University of Michigan Center for Computer Security and Society and an electronic voting expert, one of the main concerns in the scenario described by the NSA document is the likelihood that the officials setting up the electronic poll books are the same people doing the pre-programming of the voting machines. The actual voting machines aren’t going to be networked to something like VR Systems’ EViD, but they do receive manual updates and configuration from people at the local or state level who could be responsible for both. If those were the people targeted by the GRU malware, the implications are troubling.
— The Intercept

These two paragraphs are key if we're wondering why this was done and what the end goal could've been. You don't go through all of this unless your intention is to impact the vote some way. If this is true, and I believe it is, then what we have here is voter suppression by a foreign power. A foreign power with deep ties to the current administration. The multiple ways by which votes can be nullified in a so-called democracy should be extremely troubling to everyone, but especially people who come from historically marginalized groups who look to democracy as a way of evening the playing field.

It'll be interesting to see if this leak comes up on Thursday when James Comey is set to testify under oath in front of the Senate Intelligence Committee live on national television. Which is what makes the timing of this leak even more interesting. Perhaps Reality Winner wanted it this way knowing what was about to happen. There's no way of knowing right now.  I don't expect Comey to be able to speak much on it given the fact that he was Director of the FBI and this was an NSA document.

Americans have the ability to make political changes that can shape the world. As long as that is the case, various forms of voter suppression will continue to be used to nullify the voices of certain voters. There is still a lot left to uncover, but the Russia Connection just branched off in another direction.