Secret NSA report: Russian military intelligence hacked U.S. voting software supplier

Hotair ^ | 06/06/2017 | AllahPundit

[SeekAndFind]

Let’s start with a caveat from one of the authors of The Intercept’s story, just so we’re clear on what *isn’t* being alleged.

very very important: there’s nothing in the NSA report indicating the actual voting machines or vote tabulations were compromised

— Sam Biddle (@samfbiddle) June 5, 2017

Was that the goal, though? The piece is long and difficult to excerpt so I’ll try to summarize. According to the NSA (CBS has confirmed that this is indeed a real NSA report), last August Russia’s military intelligence unit — the GRU — hacked into a software company, likely VR Systems in Florida, that tracks voter registration for eight U.S. states. They used a spear-phishing attack, the same M.O. used to hack the DNC in 2015, to gain access to the login credentials for VR Systems employees. Then, on October 27th, just 12 days before the election, they used information they gleaned from those accounts to launch a second spear-phishing attack, this time aimed at email addresses for more than 100 local government officials “involved in the management of voter registration systems.” The spear-phishing email was made to look like it was coming from VR Systems, knowing that the officials would be more likely to trust it and to open it. It also contained a fake Microsoft Word document which, if opened by the unsuspecting target, would then infect their computer with virtually any malware the hackers wanted to deploy. “It is unknown whether the aforementioned spear-phishing deployment successfully compromised the intended victims,” according to the NSA.

Why did Russian military intelligence want to access local government officials’ computers? Good question. VR Systems doesn’t sell vote-counting software. They sell voter-registration software, to “verify and catalogue who’s permitted to vote when they show up on Election Day or for early voting.” In theory the hackers could have wreaked havoc with the voting process by mass-deleting voters from the registration database, introducing glitches to slow down the voting process, and so on. As best anyone can tell, they didn’t do that — certainly not on a scale large enough that people would have noticed. (There was a malfunction in the voter-registration system — operated by VR Systems — at some polling locations in Durham, North Carolina, on Election Day but officials there insist there’s no evidence of tampering.) So what did they do, or what could they have done if in fact this was just an experiment by Russia to probe what sort of chaos is technologically possible the next time the U.S. has an election? The Intercept speculates:

[A] more worrying prospect, according to Graff, is that hackers would target a company like VR Systems to get closer to the actual tabulation of the vote. An attempt to directly break into or alter the actual voting machines would be more conspicuous and considerably riskier than compromising an adjacent, less visible part of the voting system, like voter registration databases, in the hope that one is networked to the other. Sure enough, VR Systems advertises the fact that its EViD computer polling station equipment line is connected to the internet, and that on Election Day “a voter’s voting history is transmitted immediately to the county database” on a continuous basis. A computer attack can thus spread quickly and invisibly through networked components of a system like germs through a handshake.

According to Alex Halderman, director of the University of Michigan Center for Computer Security and Society and an electronic voting expert, one of the main concerns in the scenario described by the NSA document is the likelihood that the officials setting up the electronic poll books are the same people doing the pre-programming of the voting machines. The actual voting machines aren’t going to be networked to something like VR Systems’ EViD, but they do receive manual updates and configuration from people at the local or state level who could be responsible for both. If those were the people targeted by the GRU malware, the implications are troubling.

Use information from VR Systems to get into the local officials’ computers, then use information from the local officials’ computers to get into the all-important voting-machine software. There’s no hard evidence that Russia actually did that, and it’s hard to see why they would have waited until as late as October 27th to try to screw with vote tabulation if that was the big plan, but you can understand why the NSA is concerned about an enemy power being that close to potentially fiddling with vote totals. (“The NSA analysis does not draw conclusions about whether the interference had any effect on the election’s outcome and concedes that much remains unknown about the extent of the hackers’ accomplishments.”) Incidentally, of the eight states that use VR Systems software, two are Florida and North Carolina — both crucial swing states last year won narrowly by Trump (FL by 1.2 points, NC by 3.6). If they had gone the other way, Clinton would have won the election narrowly. So, yeah: Democrats who were already high on the theory that Russia “hacked the election” by changing vote totals, despite various officials like Barack Obama assuring them that didn’t happen, will be even higher after today.

The Intercept, by the way, is the same site that employs Snowden buddy Glenn Greenwald, who’s castigated Russia critics in the past for their “increasingly unhinged” rhetoric about Moscow’s role in the campaign. Makes me wonder if this report was leaked to the site not just because they have some degree of expertise in analyzing natsec documents but because the leaker knew that the allegations against Russia would seem that much more damning being leveled by Greenwald’s own outlet. One other thing that occurs to me: If Russia’s ultimate goal in messing with the U.S. election campaign, even above and beyond aiding Trump, was to sow distrust in western institutions, why didn’t they take steps themselves to leak the fact that they made this mischief with VR Systems and local election officials before the election? Or did they take steps somehow to be found out? That is, was the VR Systems hacking designed to actually damage U.S. election infrastructure or was it designed to show U.S. intelligence what Russia was capable of, knowing/hoping that it would leak — as it has — and further undermine the American public’s faith in democracy?

Update: Interesting coincidence. Within about an hour of The Intercept report being published, the DOJ is out with an announcement that it’s arrested and charged a federal government contractor with the unlikely name of Reality Winner with removing classified material from a government facility. “On or about May 9, Winner printed and improperly removed classified intelligence reporting, which contained classified national defense information from an intelligence community agency, and unlawfully retained it. Approximately a few days later, Winner unlawfully transmitted by mail the intelligence reporting to an online news outlet.” The Intercept is, of course, an online news outlet. The NSA report was dated May 5, just four days before Winner’s arrest. It’s a top secret document; Winner held a top secret security clearance. Hmmmmmmm.

[Rapscallion]

I doubt NSA is talking to the author. Further if the author has seen the alleged report somebody has broken the law by leaking a classified report. OR THIS IS FAKE NEWS MADE UP TO MAKE A PHONY DEMOCRAT CASE SO THEY CAN DISCREDIT TRUMP OR THE ELECTION.

[MGG]

It was actually the Chinese. I saw that episode of Scorpion too.....

[TheConservativeBanker]

Evidently the report isn’t very secret. (:-)

[Honorary Serb]

Anyone who believes the ultra-leftist “The Intercept” will believe anything!!!!

[ImJustAnotherOkie]

Considering all the different kinds of voting machines this doesn’t hold much water.

They’ll need to be a little more specific.

[Hang'emAll]

What I worry about is the Soros voting machines.

Seems to me it could be possible to have these machines get a factory update just before an election and another right after the election to eliminate the evidence.

http://www.freerepublic.com/focus/f-chat/3484756/posts

Smartmatic, a U.K.-based voting technology company with deep ties to George Soros, has provided voting technology in 16 states
including battleground zones like Arizona, Colorado, Florida, Michigan, Nevada, Pennsylvania and Virginia.
Other jurisdictions affected are California, District of Columbia, Illinois, Louisiana, Missouri, New Jersey, Oregon, Washington and Wisconsin.

[DoughtyOne]

Thanks so much for your support to this point... I personally apprecaite it...
FReepers, it's time to wrap up this FReep-a-thon.  Lets do it...

President Donald J. Trump and the Free Republic of the United States of America

Ramirez political cartoon: Lack of Assimilation / Political Correctness LARGE VERSION 06/06/2017: LINK  LINK to regular sized versions of his political cartoons (archive).

Please join the monthlies, an automated and the best way to help support Free Republic.  If you opt not to join the automated monthly support program, please consider joining the One One Done project.  LINK

FReepers, 85.23% of the Second Quarter FReep-a-thon goal has been met.  Click above and pencil in your donation now.  Please folks, lets end this FReepathon.  Thank you!
...this is a general all-purpose message, and should not be seen as targeting any individual I am responding to...

Just $679.00 to 86.00%

[silverleaf]

So - maybe Trump actually won more states!
Lets recount Virginia for starters

/sarc

[bgill]

Why did Russian military intelligence want to access local government officials’ computers? Good question.

Gee, I dunno but maybe for the same reason the US military tries to gain access to Russia's, China's, England's, Australia's, Greenland's, Japan's, India's, Saudi Arabia's, and every other country on the planet.

you can understand why the NSA is concerned about an enemy power being that close to potentially fiddling with vote totals

They didn't raise an eyebrow during the two previous elections when over 100% of some precincts voted for the Terrorist in Chief.

[Rapscallion]

Seems to me it could be possible to have these machines get a factory update just before an election and another right after the election to eliminate the evidence.

Theoretically correct.

[plain talk]

Even if all this is true ... it has nothing to do with Trump.

[homegroan]

I remember that the CIA was touted as having the ability to hack as a Russian actor; to make any hack or email etc appear as if it came from Russia. Hmmmm.

[Terry Mross]

Maybe Russia just wanted to make sure Hillary wasn’t able to cheat.

[SeekAndFind]

re: Even if all this is true ... it has nothing to do with Trump.

The point is to CAST DOUBT on the legitimacy of Trump’s election victory.

If the Russians MIGHT HAVE successfully hacked into KEY voting places, so their logic goes, there is the chance that Hillary might have lost when she should have won.

[VanShuyten]

“...last August Russia’s military intelligence unit — the GRU — hacked into a software company, likely VR System...”

A report I heard this morning said that in the intelligence report, the connection to the GRU was assumed by analysts, not through direct evidence. That makes this report as reliable as previous reports on actions assigned to the GRU, due to the NSA’s ability to digitally forge sources.

Remember that attempted hacks of Georgia’s election system were attributed to US government agencies.

[Mr Radical]

Perhaps the Russians, or whoever it is, are trying not to change the outcome but simply to get a handle on how valid the election outcome is i.e. whether / by how much the result could have been affected by fraudulent registrations.

[Yulee]

Russia........Actually it was Soros. Didn't have to try that hard since he already controlled most voting machines.

Remember the machines switching votes to Hillary. Soros in action.

It's not the Russians, but it is the Socialists (Dems and Liberals), who have corrupted our voting process. Fortunately they didn't succeed this time.

The MSM has to keep people staring at those bright shiny balls they've flung in the air. Everything to keep the public from realizing the complicity of the MSM, Liberals, Socialists, Communist, BLM, OWS, and Soros, and their efforts to destroy our Republic and establish a socialist dictatorship.

[HollyB]

Exactly. It was DHS that hacked into Georgia’s voter registration last year.

[SubMareener]

It’s entirely possible that the CIA was spoofing a hack that the NSA picked up.