Intercept Posts NSA Docs On Russian Election Hacking, DOJ Announces Arrest Of Leaker Hours Later

The Intercept has just published an NSA document [PDF] (mailed to it by a government contractor [more on that in a bit]) detailing Russian interference in the US election.

Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November's presidential election, according to a highly classified intelligence report obtained by The Intercept.

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.

The document doesn't exactly offer anything that hasn't already been hinted at or suspected, but it does at least confirm a lot of the election hacking speculation. It also contradicts Putin's claim the Russian government was uninvolved in the election hacking.

While there is no evidence the breached voting software supplier resulted in compromised votes, what's suggested by the NSA document is something just as disruptive: an IRL denial-of-service attack that would affect American voters.

Pamela Smith, president of election integrity watchdog Verified Voting, agreed that even if VR Systems doesn't facilitate the actual casting of votes, it could make an alluring target for anyone hoping to disrupt the vote.

"If someone has access to a state voter database, they can take malicious action by modifying or removing information," she said. "This could affect whether someone has the ability to cast a regular ballot, or be required to cast a 'provisional' ballot - which would mean it has to be checked for their eligibility before it is included in the vote, and it may mean the voter has to jump through certain hoops such as proving their information to the election official before their eligibility is affirmed."

That being said, the US election process is somewhat hack-proof, though certainly not by design or as the result of security enhancements. Election hacking can apparently be somewhat mitigated by operational inefficiencies and this nation's democratic process bottleneck. Voting databases are decentralized, with very little coordination/connection between county, state, and federal systems. To make things even more unpredictable, the Electoral College decides who gets to become president, rather than millions of votes cast through a vast variety of voting machines.

Perhaps the most astonishing aspect of this leak is how quickly the government tracked the leaker down. The Intercept asked the government for comment on May 30th. By June 3rd, the government's investigation had narrowed to one suspect: government contractor Reality Winner [emoji combining WTF/irony].

Although the government's press release and affidavit [PDF] only refer to The Intercept as "News Outlet," the dates of the document cited match up to those in the published document. How did the NSA track down Winner so quickly? Internal printer audits and email records.

The U.S. Government Agency conducted an internal audit to determine who accessed the intelligence reporting since its publication. The U.S. Government Agency determined that six individuals printed this reporting. WINNER was one of these six individuals. A further audit of the six individuals' desk computers revealed that WINNER had e-mail contact with the News Outlet. The audit did not reveal that any of the other individuals had e-mail contact with the News Outlet.

In short, bad opsec and worse opsec. There's more:

The U.S. Government Agency examined the document shared by the News Outlet and determined the pages of the intelligence reporting appeared to be folded and/or creased, suggesting they had been printed and hand-carried out of a secured space.

These creases can plainly be seen in the document published by The Intercept.

According to the FBI, Winner has already confessed to these actions. And it's tough to see this information as being of the whistleblower variety as it doesn't expose any sort of surveillance overreach, but rather the sort of work we actually expect the NSA to be engaged in. The only possible motive for Winner's decision to hand this document over to journalists is the (somewhat justifiable) fear the Trump Administration would do its best to ensure this information was never made public.

On the other hand, the document is clearly of public interest, seeing as it details apparently ongoing efforts by a foreign country to disrupt the election process. It also highlights just how many security holes remain unaddressed, despite years of warning by security researchers. Even if the Russian government never performs another election hack, it has already planted several seeds of doubt in the legitimacy of the system -- something that will cause every election result going forward to be questioned by those who come out on the losing end.