Earlier this afternoon, the Intercept reported that according to a “top secret NSA document”, Russian Military Intelligence “executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials days before election.”
The NSA document, reportedly dated May 5, analyzes recently acquired intelligence about “a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure.” The document notes that investigation only began in the last few months. The document claims the investigation was spurred by “information that became available in April 2017.”
According to the Intercept, the report is “the most detailed U.S. government account of Russian interference in the election that has yet come to light. It is said to reveal that that Russian hacking may have penetrated further into U.S. voting systems than was previously understood” and “states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document.” This is what the document alleges:
Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.
While the manufacturer victimized by the attack has its name masked throughout the report, the Hill suggests that it might be VR Systems. The email account used to spear-phish customers is listed as firstname.lastname@example.org, and the attack made use of malware-infected files with titles that reference to the EViD poll book system. The report makes reference to voter-registration themed phishing attacks against third parties possibly using information from the account, making it likely the company is somehow related to registration or voter roles. VR’s website says EViD products were used in California, Florida, Illinois, Indiana, North Carolina, New York and Virginia. The company is based in Florida.
The NSA document alleges the GRU hacked the voting systems company using a false Google alert requiring a target to enter login credentials. According to the report, it also attempted a parallel campaign using a false email account meant to be confused with a second company. And yet, despite all that “sophistication”, Russia’s smartest, government hackers somehow left a trail so obvious that it would allow the NSA to conclude in under a month, that Russia’s GRU was behind it. Which is also where the story become questionable because at roughly the same time, another set of alleged Russian hackers, the Shadow Brokers, was in possession (and trying to sell) weaponized CIA methods, allowing any potential hacker to adopt the identity of anyone else, even the CIA or NSA.
Lack of coherent narrative aside, according to the official report, on one hand the NSA summary judgment conflicts with Vladimir Putin’s ongoing denials that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” The NSA report, the Intercept claims, “displays no doubt that the cyber assault was carried out by the GRU.”
That said, the report does not claim that voting machines were hacked, a once-popular post-election theory from Democrats, nor does it state whether the information pertaining to the voting systems could be used to hack those systems.
On the other hand, the same Intercept article notes that “a U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.” Still, the assessment concluded with high confidence that the Kremlin ordered an extensive, multi-pronged propaganda effort “to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.”
It is not immediately clear how Russian GRU hackers would make the leap between a spear-phishing campaign of election officials to successfully “denigrating Secretary Clinton, and her electability and potential presidency” unless of course that is merely the biased assessment of the original report’s author, in which case it is no different, or “useful”, than the intel report released in January which “found” Russian involvement (much like this one allegedly did).
Since the document is confidential, and is only held by the Intercept, and since it will not be unclassified, nothing that is contained inside it can be verified, aside from the Intercept’s own summary take. Furthermore, according to the author, not even the leaked document “shows the underlying “raw” intelligence on which the analysis is based.” In other words, just like the January Russian hacking report, it is yet another allegation. At that point, it once again devolves to “he said, she said” mutual allegations.
Where the story gets more interesting, however, is that just hours after the Intercept reported on the top secret document, the FBI arrested and charged the woman (with the peculiar name Reality Leigh Winner) they say leaked a Top Secret document to The Intercept.
This is what the DOJ released moments ago:
Federal Government Contractor in Georgia Charged With Removing and Mailing Classified Materials to a News Outlet
A criminal complaint was filed in the Southern District of Georgia today charging Reality Leigh Winner, 25, a federal contractor from Augusta, Georgia, with removing classified material from a government facility and mailing it to a news outlet, in violation of 18 U.S.C. Section 793(e).
Winner was arrested by the FBI at her home on Saturday, June 3, and appeared in federal court in Augusta this afternoon.
“Exceptional law enforcement efforts allowed us quickly to identify and arrest the defendant,” said Deputy Attorney General Rod J. Rosenstein. “Releasing classified material without authorization threatens our nation’s security and undermines public faith in government. People who are trusted with classified information and pledge to protect it must be held accountable when they violate that obligation.”
According to the allegations contained in the criminal complaint:
Winner is a contractor with Pluribus International Corporation assigned to a U.S. government agency facility in Georgia. She has been employed at the facility since on or about February 13, and has held a Top Secret clearance during that time. On or about May 9, Winner printed and improperly removed classified intelligence reporting, which contained classified national defense information from an intelligence community agency, and unlawfully retained it. Approximately a few days later, Winner unlawfully transmitted by mail the intelligence reporting to an online news outlet.
Once investigative efforts identified Winner as a suspect, the FBI obtained and executed a search warrant at her residence. According to the complaint, Winner agreed to talk with ag
nts during the execution of the warrant. During that conversation, Winner admitted intentionally identifying and printing the classified intelligence reporting at issue despite not having a “need to know,” and with knowledge that the intelligence reporting was classified. Winner further admitted removing the classified intelligence reporting from her office space, retaining it, and mailing it from Augusta, Georgia, to the news outlet, which she knew was not authorized to receive or possess the documents.
An individual charged by criminal complaint is presumed innocent unless and until proven guilty at some later criminal proceedings.
The prosecution is being handled by Trial Attorney Julie A. Edelstein of the U.S. Department of Justice’s National Security Division’s Counterintelligence and Export Control Section, and Assistant U.S. Attorney Jennifer Solari of the U.S. Attorney’s Office for the Southern District of Georgia. The investigation is being conducted by the FBI.
o another “Snowden”-type NSA contractor who went rogue, only this one wasn’t smart enough to cover her tracks, and instead of seeking asylum in Russia, Reality Winner will now spend years in US Federal Prison. Also, perhaps notable, is that instead of approaching Wikileaks, the leaker decided to go with The Intercept this time.
As for the underlying allegation, that Putin lied not only in St Petersburg and to Megyn Kelly most recently, and that Russia somehow did try to hack a “named US company to obtain information on elections-related software and hardware solutions”, even though the report does not reveal the underlying “raw” intelligence – i.e., evidence – on which the analysis is based, we look forward to this stirring up yet another round of media frenzy just as the Russian hacking narrative was slowly taking a back seat to the the upcoming featured spectacle, this Thursday’s James Comey testimony about being strongarmed by Trump to stop investigating Mike Flynn, which among other things will hopefully explain how nearly a year after these alleged hacks, aside from the occasional leaked report without evidence, there is still no actual evidence – leaked or otherwise – confirming that Russia’s GRU did indeed “hack” the election.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.