Experts Warned About Voting Vulnerability At Center Of NSA Leak
Election management company VR Systems has acknowledged phishing attempts
The leaked NSA document published by The Intercept on Monday revealed a report that Russian military actors attacked one of the most especially vulnerable aspects of the American voting system: online voting registration databases.
The classified document was leaked to the press by a 25-year-old intelligence contractor who has been arrested by the Department of Justice. The five-page report, which the AP has yet to authenticate, details a cyberattack that began in August 2016.
The document does not reveal whether or not the Russian attempts at were successful, nor does it address if it could have affected voting outcomes in the presidential election. It does, however, validate the concerns of cybersecurity experts who have long considered the possibility of this type of attack as a potential threat to our voting process’ security.
The report states that Russian military hackers ran a phishing scam targeting employees at an American company that provides election offices with voter registration systems. This would enable them to scam government employees who work on state and local elections. It would appear that at least one employee took the bait, resulting in another attack that targeted 122 election officials.
The elections management company that has been implicated in the NSA report through a mention of one of its products is the Florida-based VR Systems. It has since released a statement that acknowledges a fraudulent email purporting to be from one of its employees.
“We are only aware of a handful of our customers who actually received the fraudulent email and of those, we have no indication that any of them clicked on the attachment or were compromised as a result,” it reads.
According to an AP analysis of the document’s contents by University of Michigan computer scientist J. Alex Halderman, the actions taken by the Russian hackers could have theoretically enabled them to “steal” votes by directly targeting electronic voting machines. Other potential attacks could have included more subtle meddling that would result in inconvenient delays. An example of this would be database deletions or errors that would require large numbers of registered voters to have to fill out absentee ballots.
Halderman has been among several experts warning of the potential for election meddling of this nature for years. They claim internet-connected voter registration databases are the most obvious vulnerability, as evidenced by targeted attacks on voter databases in at least 20 states last year.
As recently as last week, Russian President Vladimir Putin has categorically denied Russian involvement in U.S. elections on a state level. President Donald Trump has yet to acknowledge the findings of the leaked documents.