Connectivity

Latest NSA Leak Reveals Exactly the Kind of Cyberattack Experts Had Warned About

The Russian-backed assault, outlined in a newly public NSA analysis, targeted a particularly vulnerable component of the U.S. voting system.

The details of an apparent Russian state-sponsored cyberattack on local election officials and a vendor of U.S. voting software are shocking—but they shouldn’t be surprising. In fact, experts had been warning for months before the 2016 election about exactly the type of attack that was revealed Monday in leaked NSA documents.

According to the documents, the purpose of the attack, which occurred last August, was “to obtain information on elections-related software and hardware solutions.” The attackers “likely used data obtained from that operation to create a new email account and launch a voter-registration themed spear-phishing campaign targeting U.S. local government organizations.”

The NSA’s analysis does not draw any conclusions about whether the attack affected voting outcomes in the presidential election in November, or any other national or local races. But targeting voter registration systems is widely seen as one of the most effective ways to use a cyberattack to disrupt the electoral process. An adversary with access to voter registration information could, for example, delete names from the voter roll or make other modifications to the data that could cause chaos on Election Day. (See “How Hackers Could Send Your Polling Station Into Chaos.”)

Before the election, Rice University computer science professor Dan Wallach told MIT Technology Review that poorly secured voter registration databases were the biggest cybersecurity threat facing the U.S. voting system, since many states put them online. In September, the Associated Press reported that hackers had targeted voter registration systems in 20 states.

Also among potential targets, experts warned at the time, were electronic poll books—computerized versions of the paper lists that poll workers often use to check voters in. Most offer the option to connect to the Internet.

Though the NSA’s leaked analysis did not name the target of the attack it describes, it does make references to a Florida-based company called VR Systems, which makes electronic poll books. In a statement, the company appeared to confirm that it had been targeted, saying that “a handful” of customers had received fraudulent e-mails, but that there was “no indication that any of them clicked on the attachment or were compromised as a result.”

In October, CNN reported that federal investigators thought Russian hackers had compromised an unnamed vendor of voting software that supplied technology for Florida’s voting system. Some have now speculated that that vendor was VR Systems. Products made by VR Systems are used by eight states: California, Florida, Illinois, Indiana, New York, North Carolina, Virginia, and West Virginia.

One of those states—North Carolina, which was seen as a key swing state in the race for the presidency—did experience the type of voter-registration-related issues on Election Day that security experts warned might happen in the event of a cyberattack. In Durham County check-in systems malfunctioned in a number of precincts, leading to long lines and delays and forcing election officials to switch to slower, paper-based processes.

A spokesman for the Durham County Board of Elections told The Intercept that VR Systems’ software was not to blame for these issues, and a spokesperson for the North Carolina Board of Elections told the website that the state “did not experience any suspicious activity during the election outside of what this agency experiences at other times.”

Even so, on Tuesday Senator Mark Warner, the top Democratic member of the Senate Intelligence Committee, told USA Today that Russia’s hacking efforts are more widespread than any previous unclassified reports or the newly leaked NSA document indicate.

And the threat is ongoing. “None of these actions from the Russians stopped on Election Day,” he said.

(Read more: The Intercept, Politico, USA Today, “How Hackers Could Send Your Polling Station Into Chaos”)

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Premium.
  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look: exclusive early access to important stories, before they’re available to anyone else

    Insider Conversations: listen in on in-depth calls between our editors and today’s thought leaders

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.