A federal contract worker was charged on Monday for leaking a classified report to an online news website regarding Russian attempts to interfere with foreign elections last year. Specifically, the analyst report documented how the Russians launched various cyber attacks aimed at voting infrastructure via phishing schemes against local government officials who operate at the closest level to voting precincts.
The New York Post picks up the details:
The highly classified intelligence document, published Monday by The Intercept, describes how Russia managed to infiltrate America’s voting infrastructure using a spear-phishing email scheme that targeted local government officials and employees.
It claims the calculated cyberattack may have even been more far-reaching and devious than previously thought.
The report is believed to be the most detailed US government account of Russia’s interference to date.
It was allegedly provided to the Intercept by 25-year-old Reality Leigh Winner, of Augusta, who appeared in court Monday after being arrested at her home over the weekend.
She was charged with removing and mailing classified materials to a news outlet, DOJ officials said.
The article from The Intercept, which is where the document was leaked, is very extensive and lengthy, making it hard to summarize, but here are some excerpts:
The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document.
The NSA analysis does not draw conclusions about whether the interference had any effect on the election’s outcome and concedes that much remains unknown about the extent of the hackers’ accomplishments. However, the report raises the possibility that Russian hacking may have breached at least some elements of the voting system, with disconcertingly uncertain results.
That review did not attempt to assess what effect the Russian efforts had on the election, despite the fact that “Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards.” According to the Department of Homeland Security, the assessment reported reassuringly, “the types of systems we observed Russian actors targeting or compromising are not involved in vote tallying.”
This actual NSA report, much of which may or may not be correct since it’s considered “analysis,” not actionable intelligence, provides some further insight into how seriously US intelligence was taking the cyber-threat from Russia when it came to interference in the election last year. For example, if the Russians were able to infiltrate some local county or city level computer networks, then theoretically they could have somehow interfered with software which was being loaded onto voting machines or even with the recorded results being stored or transmitted from the county level to state election entities. Unfortunately there are thousands upon thousands of voting precincts within the United States, so without some more directed evidence leading to specific counties or states, it’s hard to tell if anything the Russians were trying had any effect.
Some could point to states like Pennsylvania and/or Wisconsin, for example, and that’s not entirely unreasonable to investigate if there is some evidence which leads state officials to believe the tallies were altered or the voting machines were compromised. The states and likely individual counties could take up this issue on their own without federal help since the states are the ones who actually run the election, even at the presidential level.
This story is still developing and I’m sure we haven’t gotten the full picture yet.