Leaker named Reality confirms NSA report that Russia attempted actual election hack

A gift has arrived for the left, which has been salivating for evidence that confirms its belief that Donald Trump's election was illegitimate because Vladimir Putin corrupted our voting.  Trump is Putin's puppet, you see.

Cue the hysteria.

The case is far from closed, but according to a leaked top-secret NSA report, Russian hackers did get at least partway to actual tabulators of votes in a few locales in the week before the election.  This is not a Hillaryesque Macedonian content farms fantasy; this is genuine hacking that apparently succeeded part of the way – at a level of "medium sophistication," according to one expert cited by The Intercept.  The Russkies were probing.

This will fuel more accusations.  It is important to agree from the start that there should be a serious inquiry into all of the results reported in the limited number of sites reportedly targeted by the Russians.  Voting system security always is a bipartisan cause for Republicans, even if Democrats remain indifferent to vote fraud by conventional low-tech means.

There is every reason to be suspicious of a setup here, as the leaker is a confirmed lefty with a social media history of vulgar resentment of President Trump.  By now, you probably have heard the big story of the day: that a 25-year-old NSA contractor with the name Reality Winner has been arrested and charged with leaking classified material to The Intercept, which published an article based on the classified report she printed and mailed to it, redacting some information.  It is long and worth a read.

Here is the money quote from the NSA report, contained in the Intercept article:

Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards.

The actual details The Intercept reveals are of a specific attempt to penetrate a supplier to election officials that worked.  Based on that success, a second hack was launched days before the election, at "122 email addresses 'associated with named local government organizations,' probably to officials 'involved in the management of voter registration systems.'"

It is unknown if this second attack succeeded.  Also unknown is if it led to any access at all to vote tabulations.  But it would seem to be readily subject to investigation, since the 122 email addresses must be known.

There's a nifty detailed chart that is far more opaque than the article itself, which is quite readable and rewarding.

The explanations offered for what went down, according to the report, are far more lucid:

The NSA has now learned, however, that Russian government hackers, part of a team with a "cyber espionage mandate specifically directed at U.S. and foreign elections," focused on parts of the system directly connected to the voter registration process, including a private sector manufacturer of devices that maintain and verify the voter rolls. Some of the company's devices are advertised as having wireless internet and Bluetooth connectivity, which could have provided an ideal staging point for further malicious actions.

They were after credentials:

Although the NSA report indicates that VR Systems was targeted only with login-stealing trickery, rather than computer-controlling malware, this isn't necessarily a reassuring sign. Jake Williams, founder of computer security firm Rendition Infosec and formerly of the NSA's Tailored Access Operations hacking team, said stolen logins can be even more dangerous than an infected computer. "I'll take credentials most days over malware," he said, since an employee's login information can be used to penetrate "corporate VPNs, email, or cloud services," allowing access to internal corporate data. The risk is particularly heightened given how common it is to use the same password for multiple services. Phishing, as the name implies, doesn't require everyone to take the bait in order to be a success — though Williams stressed that hackers "never want just one" set of stolen credentials.

They were successful.  And that enabled a second hack attempt that was much more worrisome, and came days before the election:

[T]he hackers apparently got what they needed. Two months later, on October 27, they set up an "operational" Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents obtained from the previous operation to launch a second spear-phishing operation "targeting U.S. local government organizations." These emails contained a Microsoft Word document that had been "trojanized" so that when it was opened it would send out a beacon to the "malicious infrastructure" set up by the hackers.

The NSA assessed that this phase of the spear-fishing operation was likely launched on either October 31 or November 1 and sent spear-fishing emails to 122 email addresses "associated with named local government organizations," probably to officials "involved in the management of voter registration systems." The emails contained Microsoft Word attachments purporting to be benign documentation for VR Systems' EViD voter database product line, but which were in reality maliciously embedded with automated software commands that are triggered instantly and invisibly when the user opens the document. These particular weaponized files used PowerShell, a Microsoft scripting language designed for system administrators and installed by default on Windows co mputers, allowing vast control over a system's settings and functions. If opened, the files "very likely" would have instructed the infected computer to begin downloading in the background a second package of malware from a remote server also controlled by the hackers, which the secret report says could have provided attackers with "persistent access" to the computer or the ability to "survey the victims for items of interest." Essentially, the weaponized Word document quietly unlocks and opens a target's back door, allowing virtually any cocktail of malware to be subsequently delivered automatically.

According to Williams, if this type of attack were successful, the perpetrator would possess "unlimited" capacity for siphoning away items of interest. "Once the user opens up that email [attachment]," Williams explained, "the attacker has all the same capabilities that the user does." Vikram Thakur, a senior research manager at Symantec's Security Response Team, told The Intercept that in cases like this the "quantity of exfiltrated data is only limited by the controls put in place by network administrators." Data theft of this variety is typically encrypted, meaning anyone observing an infected network wouldn't be able to see what exactly was being removed but should certainly be able to tell something was afoot, Williams added. Overall, the method is one of "medium sophistication," Williams said, one that "practically any hacker can pull off."

We are still some steps away from having any ability to affect the reporting of vote totals.  But even the ability to siphon away data is worrisome.  If it is the case that this has taken place, that we are so vulnerable that "practically any hacker can pull it off," we need to rethink paper ballots.

A gift has arrived for the left, which has been salivating for evidence that confirms its belief that Donald Trump's election was illegitimate because Vladimir Putin corrupted our voting.  Trump is Putin's puppet, you see.

Cue the hysteria.

The case is far from closed, but according to a leaked top-secret NSA report, Russian hackers did get at least partway to actual tabulators of votes in a few locales in the week before the election.  This is not a Hillaryesque Macedonian content farms fantasy; this is genuine hacking that apparently succeeded part of the way – at a level of "medium sophistication," according to one expert cited by The Intercept.  The Russkies were probing.

This will fuel more accusations.  It is important to agree from the start that there should be a serious inquiry into all of the results reported in the limited number of sites reportedly targeted by the Russians.  Voting system security always is a bipartisan cause for Republicans, even if Democrats remain indifferent to vote fraud by conventional low-tech means.

There is every reason to be suspicious of a setup here, as the leaker is a confirmed lefty with a social media history of vulgar resentment of President Trump.  By now, you probably have heard the big story of the day: that a 25-year-old NSA contractor with the name Reality Winner has been arrested and charged with leaking classified material to The Intercept, which published an article based on the classified report she printed and mailed to it, redacting some information.  It is long and worth a read.

Here is the money quote from the NSA report, contained in the Intercept article:

Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards.

The actual details The Intercept reveals are of a specific attempt to penetrate a supplier to election officials that worked.  Based on that success, a second hack was launched days before the election, at "122 email addresses 'associated with named local government organizations,' probably to officials 'involved in the management of voter registration systems.'"

It is unknown if this second attack succeeded.  Also unknown is if it led to any access at all to vote tabulations.  But it would seem to be readily subject to investigation, since the 122 email addresses must be known.

There's a nifty detailed chart that is far more opaque than the article itself, which is quite readable and rewarding.

The explanations offered for what went down, according to the report, are far more lucid:

The NSA has now learned, however, that Russian government hackers, part of a team with a "cyber espionage mandate specifically directed at U.S. and foreign elections," focused on parts of the system directly connected to the voter registration process, including a private sector manufacturer of devices that maintain and verify the voter rolls. Some of the company's devices are advertised as having wireless internet and Bluetooth connectivity, which could have provided an ideal staging point for further malicious actions.

They were after credentials:

Although the NSA report indicates that VR Systems was targeted only with login-stealing trickery, rather than computer-controlling malware, this isn't necessarily a reassuring sign. Jake Williams, founder of computer security firm Rendition Infosec and formerly of the NSA's Tailored Access Operations hacking team, said stolen logins can be even more dangerous than an infected computer. "I'll take credentials most days over malware," he said, since an employee's login information can be used to penetrate "corporate VPNs, email, or cloud services," allowing access to internal corporate data. The risk is particularly heightened given how common it is to use the same password for multiple services. Phishing, as the name implies, doesn't require everyone to take the bait in order to be a success — though Williams stressed that hackers "never want just one" set of stolen credentials.

They were successful.  And that enabled a second hack attempt that was much more worrisome, and came days before the election:

[T]he hackers apparently got what they needed. Two months later, on October 27, they set up an "operational" Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents obtained from the previous operation to launch a second spear-phishing operation "targeting U.S. local government organizations." These emails contained a Microsoft Word document that had been "trojanized" so that when it was opened it would send out a beacon to the "malicious infrastructure" set up by the hackers.

The NSA assessed that this phase of the spear-fishing operation was likely launched on either October 31 or November 1 and sent spear-fishing emails to 122 email addresses "associated with named local government organizations," probably to officials "involved in the management of voter registration systems." The emails contained Microsoft Word attachments purporting to be benign documentation for VR Systems' EViD voter database product line, but which were in reality maliciously embedded with automated software commands that are triggered instantly and invisibly when the user opens the document. These particular weaponized files used PowerShell, a Microsoft scripting language designed for system administrators and installed by default on Windows co mputers, allowing vast control over a system's settings and functions. If opened, the files "very likely" would have instructed the infected computer to begin downloading in the background a second package of malware from a remote server also controlled by the hackers, which the secret report says could have provided attackers with "persistent access" to the computer or the ability to "survey the victims for items of interest." Essentially, the weaponized Word document quietly unlocks and opens a target's back door, allowing virtually any cocktail of malware to be subsequently delivered automatically.

According to Williams, if this type of attack were successful, the perpetrator would possess "unlimited" capacity for siphoning away items of interest. "Once the user opens up that email [attachment]," Williams explained, "the attacker has all the same capabilities that the user does." Vikram Thakur, a senior research manager at Symantec's Security Response Team, told The Intercept that in cases like this the "quantity of exfiltrated data is only limited by the controls put in place by network administrators." Data theft of this variety is typically encrypted, meaning anyone observing an infected network wouldn't be able to see what exactly was being removed but should certainly be able to tell something was afoot, Williams added. Overall, the method is one of "medium sophistication," Williams said, one that "practically any hacker can pull off."

We are still some steps away from having any ability to affect the reporting of vote totals.  But even the ability to siphon away data is worrisome.  If it is the case that this has taken place, that we are so vulnerable that "practically any hacker can pull it off," we need to rethink paper ballots.

RECENT VIDEOS