Leaked NSA intel highlights deep flaws in decentralized US election systems

Adjust Comment Print

But it adds significant new detail to previous USA intelligence assessments that alleged Russia-backed hackers had compromised elements of America's electoral machinery.

The new revelations suggest that US investigators are also still probing a more direct attempt to attack the election itself, and a federal official confirmed that is the case.

The operation described in the document could have given attackers "a foothold into the IT systems of elections offices around the country that they could use to infect machines and launch a vote-stealing attack", said J. Alex Halderman, a University of MI computer scientist.

Bruce Schneier, chief technology officer of IBM Resilient and a fellow at Harvard's Berkman Klein Center for Internet & Society, said the report shows the weaknesses of USA election systems.

Computer scientists have proven in the lab that once sophisticated attackers are inside an election network, they could manipulate pre-election programming of its systems and alter results without leaving a trace.

Attempts by Russian Federation to "break into a number of our state voting processes" was "broad-based", he said, without offering details.

But he pointed out that even if hackers were able to break into voting results, the US vote-tallying process is so decentralized that it would be nearly impossible to swing an election.

Multiple law enforcement sources tell CBS News homeland security correspondent Jeff Pegues that more USA state election databases have been hacked than previously thought. The Associated Press has not independently verified the authenticity of the report, although its apparent leaker, an NSA contract worker, was arrested last weekend in Georgia. If it had not been leaked, the public would still have nearly no inkling about how diligently Russian hackers worked to penetrate United States voting systems in the view of the U.S. intelligence community.

Russia's military intelligence agency launched an attack days before the November 8, 2016 General Election on a Florida-based company that provides election services and systems, including voter registration, according to a leaked NSA report.

It was part of an attempt to hack a Florida company, VR Systems, based in Tallahassee, which is involved in voter registration for much of the state.

For those who may question the election results, Sanders said that the Humboldt Transparency Project scans ballots after the end of every election to look for anomalies or issues with the voting system. "A startling 58 percent of Democratic voters believe Russian Federation actually tampered with vote totals in order to get Trump elected - an outlandish conspiracy theory that remains unsupported by evidence". - We now know the Clay County elections office was at least one of the state's offices targeted by Russian hackers. The attack sketched out in the NSA document appears designed specifically to cope with that sprawl.

The document states the phishing attempt was seeking to obtain VR Systems' employees email credentials by "enticing the victims to click on an embedded link within a spoofed Google Alert email".

"The Department [of State] participated in an informational call with the Federal Bureau of Investigation related to elections security at the end of September 2016 where they alerted officials for the need to maintain security measures, but there was no indication of a Florida-specific issue".

Seminole County Supervisor of Elections Michael Ertel said his office did receive the phishing email and took measures to make sure they were not impacted.

Former Duval County Supervisor of Elections Jerry Holland said he made a call to VR Systems after he learned of the attempted hack.

"We immediately notified all our customers and advised them not to click on the attachment", VR Systems said in a statement.

The county has contracted with Hart InterCivic since 2013 to provide e-poll book technology, which Sanders said is used on election day to check voter registration statuses and voter history.

Most US states now use optical scanners with paper ballots that can be audited, but a handful employ paperless systems with no paper trail to verify the count.

North Carolina's state elections director said Tuesday that officials would investigate to see if officials in Durham County were targeted and possibly compromised.

Someone trying to cause chaos and discredit an election could delete names from registration rolls prior to voting — or request absentee ballots en masse. In late August of a year ago they sent emails meant to look like they came from Google to workers at an unnamed election software company.

Satter reported from Paris.