Tuesday, June 06, 2017

Top-Secret NSA Report Details Russian Hacking Efforts on Eve of Election


Another day, another breaking story on Russiagate.  This time the story was broken by The Intercept and has now been picked up by numerous media outlets.  The story involves a leaked top secret NSA document that looks at the hacking efforts of Russian intelligence to hack voting machines and state and local voting authorities.  The leaker, a 25 year old government contractor employee, has been arrested (see the Washington Post here) with the Trump Justice Department - I am beginning to think that Deputy Attorney General Rod J. Rosenstein needs to be added to the list of individuals targeted by the special prosecutor - and FBI focusing more on punishing the leaker than the frightening revelations that the American public has a right to know about. Most of all, the newly disclosed information underscores (i) that both Donald Trump and Vladimir Putin are outright liars, (ii) that Russia might have in fact influenced the election outcome, and (iii) how much more we need to know about the foregoing.  Here are highlights from the piece in The Intercept:
RUSSIAN MILITARY INTELLIGENCE executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.
The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.
The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document:
Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.
This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU.
The NSA analysis does not draw conclusions about whether the interference had any effect on the election’s outcome and concedes that much remains unknown about the extent of the hackers’ accomplishments. However, the report raises the possibility that Russian hacking may have breached at least some elements of the voting system, with disconcertingly uncertain results.
The NSA and the Office of the Director of National Intelligence were both contacted for this article. Officials requested that we not publish or report on the top secret document and declined to comment on it. When informed that we intended to go ahead with this story, the NSA requested a number of redactions. The Intercept agreed to some of the redaction requests after determining that the disclosure of that material was not clearly in the public interest.
The assessment concluded with high confidence that the Kremlin ordered an extensive, multi-pronged propaganda effort “to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.”
That review did not attempt to assess what effect the Russian efforts had on the election, despite the fact that “Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards.”
The NSA has now learned, however, that Russian government hackers, part of a team with a “cyber espionage mandate specifically directed at U.S. and foreign elections,” focused on parts of the system directly connected to the voter registration process, including a private sector manufacturer of devices that maintain and verify the voter rolls. Some of the company’s devices are advertised as having wireless internet and Bluetooth connectivity, which could have provided an ideal staging point for further malicious actions.
As described by the classified NSA report, the Russian plan was simple: pose as an e-voting vendor and trick local government employees into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.
But in order to dupe the local officials, the hackers needed access to an election software vendor’s internal systems to put together a convincing disguise. So on August 24, 2016, the Russian hackers sent spoofed emails purporting to be from Google to employees of an unnamed U.S. election software company, according to the NSA report. Although the document does not directly identify the company in question, it contains references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states.
[T]he hackers apparently got what they needed. Two months later, on October 27, they set up an “operational” Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents obtained from the previous operation to launch a second spear-phishing operation “targeting U.S. local government organizations.” These emails contained a Microsoft Word document that had been “trojanized” so that when it was opened it would send out a beacon to the “malicious infrastructure” set up by the hackers.
The NSA assessed that this phase of the spear-fishing operation was likely launched on either October 31 or November 1 and sent spear-fishing emails to 122 email addresses “associated with named local government organizations,” probably to officials “involved in the management of voter registration systems.” 
If opened, the files “very likely” would have instructed the infected computer to begin downloading in the background a second package of malware from a remote server also controlled by the hackers, which the secret report says could have provided attackers with “persistent access” to the computer or the ability to “survey the victims for items of interest.” Essentially, the weaponized Word document quietly unlocks and opens a target’s back door, allowing virtually any cocktail of malware to be subsequently delivered automatically.
The NSA, however, is uncertain about the results of the attack, according to the report. “It is unknown,” the NSA notes, “whether the aforementioned spear-phishing deployment successfully compromised the intended victims, and what potential data could have been accessed by the cyber actor.”
VR Systems doesn’t sell the actual touchscreen machines used to cast a vote, but rather the software and devices that verify and catalogue who’s permitted to vote when they show up on Election Day or for early voting. Companies like VR are “very important” because “a functioning registration system is central to American elections,” explained Lawrence Norden, deputy director of the Brennan Center for Justice at the NYU School of Law. Vendors like VR are also particularly sensitive, according to Norden, because local election offices “are often unlikely to have many or even any IT staff,” meaning “a vendor like this will also provide most of the IT assistance, including the work related to programming and cyber security”—not the kind of people you want unwittingly compromised by a hostile nation state. Whatever the investigation into the Trump campaign concludes, however, it pales in comparison to the threat posed to the legitimacy of U.S. elections if the infrastructure itself can’t be secured. The NSA conclusion “demonstrates that countries are looking at specific tactics for election manipulation, and we need to be vigilant in defense,” said Schneier. “Elections do two things: one choose the winner, and two, they convince the loser. To the extent the elections are vulnerable to hacking, we risk the legitimacy of the voting process, even if there is no actual hacking at the time.” 

No comments: