Leaked NSA doc highlights deep flaws in US election system
A leaked intelligence document outlining alleged attempts by Russian military intelligence to hack into U.S. election systems is the latest evidence suggesting a broad and sophisticated foreign attack on the integrity of the nation's elections.
Source: FRANK BAJAK and RAPHAEL SATTER
And it underscores the contention of security experts and computer scientists that the highly decentralized, often ramshackle U.S. election system remains profoundly vulnerable to trickery or sabotage .
The document, purportedly produced by the U.S. National Security Agency, does not indicate whether actual vote-tampering occurred. But it adds significant new detail to previous U.S. intelligence assessments that alleged Russia-backed hackers had compromised elements of America's electoral machinery. It also suggests that attackers may also have been laying groundwork for future subversive activity.
The operation described in the document could have given attackers "a foothold into the IT systems of elections offices around the country that they could use to infect machines and launch a vote-stealing attack," said J. Alex Halderman, a University of Michigan computer scientist. "We don't have evidence that that happened," he said, "but that's a very real possibility."
Computer scientists have proven in the lab that once sophisticated attackers are inside an election network, they could manipulate pre-election programming of its systems and alter results without leaving a trace.
Sen. Mark Warner of Virginia, the ranking Democrat on the Senate intelligence committee, said Tuesday that hacking into state voting systems ahead of the Nov. 8 vote was more widespread than has been disclosed.
Attempts by Russia to "break into a number of our state voting processes" was "broad-based," he said, without offering details. In Moscow, a Kremlin spokesman categorically denied Tuesday that Moscow had tried to hack the U.S. elections.
Warner did not directly address the classified intelligence report published Monday by The Intercept, an online news outlet. The Associated Press has not independently verified the authenticity of the report, although its apparent leaker, an NSA contract worker, was arrested last weekend in Georgia.
The NSA document says Russian military intelligence first targeted employees of a Florida voting systems supplier in August. Apparently exploiting technical data obtained in that operation, the cyber spies later sent phishing emails to more than 100 local U.S. election officials just days ahead of the Nov. 8 vote, intent on stealing their login credentials and breaking into the their systems, the document says.
The emails packed malware into Microsoft Word documents and were forged to give the appearance of being sent by the system vendor, VR Systems of Tallahassee, Florida.
The Department of Homeland Security knew in September that hackers believed to be Russian agents had targeted the voter registration systems of more than 20 states. To date, no evidence of tampering with vote tallies or registration rolls has emerged.