Threat Intelligence
12:35 PM

NSA Report: Russian Military Hackers Targeted US Voting Software, Election Officials

Top-secret NSA report leaked by now-arrested federal contractor to journalists shows levels to which Russian hacking machine targeted US election.

A federal contractor was arrested by federal officials last weekend after watermarks on printouts of top-secret NSA information on Russia's hacking activities in the US election were traced to her after she anonymously shared the stolen files with The Intercept.

Reality Winning's arrest came even before The Intercept published its report yesterday that is based on the May 5 NSA intelligence she sent them via hard-copy. The top-secret NSA analysis report says Russian military hackers launched a cyberattack on a US voting software supplier as well as waged a spear-phishing campaign against 100 local US election officials just before the November 2016 presidential election. 

The report basically indicates possible deeper election-hacking activity by Russia than was publicly known. 

The Intercept received the files anonymously, and the publication's efforts to validate their autenthicity with the US government ultimately led to Winning's unmasking. The US Department of Justice yesterday announced that the 25-year-old Winner had been arrested on June 3, in her Augusta, Georgia, home and charged with "removing classified material from a government facility and mailing it to a news outlet, in violation of 18 U.S.C. Section 793(e)."

DoJ did not mention The Intercept article, which published yesterday as well, nor the contents of the document.

According to The Intercept's article, the NSA report says:

"Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations."

Read The Intercept report here, and the DoJ announcement here.



Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
6/7/2017 | 8:58:44 AM
Understanding the implications
Understanding the implications for the individual of bringing government information to the press for the individual, I don't know why the government would not want to disclose this information themselves around Russia's malicious involvment.
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.