Tech Services Provider Was Weak Link in Russian Hack of U.S. Election June 2017

A leaked report from the National Security Agency describes how Russian military hackers spear phished employees of a Florida IT services firm to gain access to voter rolls and other parts of elections networks.

Aldrin Brown, Editor-in-Chief

June 6, 2017

4 Min Read
Tech Services Provider Was Weak Link in Russian Hack of US Election

A provider of voting software and related technology services appears to have been a main entrance by which Russian military hackers burrowed their way into an unknown number of local government networks in an effort to influence the 2016 U.S. Presidential election.

The revelation is contained in an explosive report published today by British news website The Intercept, which relied on a top-secret memo allegedly stolen by a National Security Agency (NSA) contractor and sent anonymously to the journalists.

That contractor has since been charged with espionage, authorities announced today.

Still, the report – dated May 5, 2017 – outlines how Kremlin hackers in August of 2016 used phishing scams to target at least seven employees at VR Systems Inc., of Tallahassee, Fla., in an effort to gain access to the workers’ login credentials.

“Two months later, on October 27, they set up an ‘operational’ Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents obtained from the previous operation to launch a second spear-phishing operation ‘targeting U.S. local government organizations,’” The Intercept article states, quoting from the NSA report. “These emails contained a Microsoft Word document that had been ‘trojanized’ so that when it was opened it would send out a beacon to the ‘malicious infrastructure’ set up by the hackers.”

“The NSA assessed that this phase of the spear-phishing operation was likely launched on either October 31 or November 1 and sent spear-fishing emails to 122 email addresses ‘associated with named local government organizations,’ probably to officials ‘involved in the management of voter registration systems,’” the NSA report states.

IT services providers are increasingly being targeted by hacking operations, which see the managed services providers as an ideal entry point for accessing client networks.

In April, a well-known Chinese hacking group, APT10, was found to be specifically targeting MSPs in an effort to steal sensitive data and intellectual property from enterprise customers.   

VR Systems sells and supports software for management of elections, including voter registration data and worker training; website publishing and hosting; and the EViD electronic poll book for onsite management of polling places.

VR Systems was hired by numerous government elections organizations, across eight states.

“Available as a tablet, an all-in-one station or customized for an existing device, more than 14,000 EViDs were in use during this past election season,” the company’s website states.

An official at VR Systems declined to comment specifically to The Intercept about the NSA document, but acknowledged in a statement that phishing and spear-phishing are common in that vertical.

“We regularly participate in cyber alliances with state officials and members of the law enforcement community in an effort to address these types of threats,” Ben Martin, the firm’s chief operating officer, is quoted as saying. “We have policies and procedures in effect to protect our customers and our company.”  

While U.S. intelligence officials have said they can point to no evidence proving that the Russian hacking campaign affected actual vote counts, the leaked NSA report suggests the potential exists that the campaign was more successful than has previously been publicized.

Though VR Systems doesn’t provide or manage the actual touchscreen voting machines, the company’s tools do have wireless Internet connectivity and Bluetooth functionality, which could have enabled hackers to infiltrate disparately protected, local elections networks.

According to the NSA document, NSA investigators found that the second spear-phishing campaign involved emails that appear to have introduced malware into networks of local elections groups.

“The emails contained Microsoft Word attachments purporting to be benign documentation for VR Systems’ EViD voter database product line, but which were in reality maliciously embedded with automated software commands that are triggered instantly and invisibly when the user opens the document,” The Intercept reported. “These particular weaponized files used PowerShell…allowing vast control over a system’s settings and functions.” 

“It is unknown,” the NSA notes, according to the report, “whether the aforementioned spear-phishing deployment successfully compromised the intended victims, and what potential data could have been accessed by the cyber actor.”

VR Systems – identified in the NSA report only through references to its products – was one of at least two election technology services providers targeted in the Russian campaign.

The second company was not identified in the document.

 

Send tips and news to [email protected].

Read more about:

AgentsMSPsVARs/SIs

About the Author

Aldrin Brown

Editor-in-Chief, Penton

Veteran journalist Aldrin Brown comes to Penton Technology from Empire Digital Strategies, a business-to-business consulting firm that he founded that provides e-commerce, content and social media solutions to businesses, nonprofits and other organizations seeking to create or grow their digital presence.

Previously, Brown served as the Desert Bureau Chief for City News Service in Southern California and Regional Editor for Patch, AOL's network of local news sites. At Patch, he managed a staff of journalists and more than 30 hyper-local and business news and information websites throughout California. In addition to his work in technology and business, Brown was the city editor for The Sun, a daily newspaper based in San Bernardino, CA; the college sports editor at The Tennessean, Nashville, TN; and an investigative reporter at the Orange County Register, Santa Ana, CA.

 

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like