Election 2016

Report: Russian Hacker Also Hit the Election Assistance Commission

Written by SK Ashby

According to a private security firm working with federal authorities, a Russian hacker breached the U.S. Election Assistance Commission just after the November election.

While "hack" has become a catch-all phrase that more commonly refers to phishing scams, in this case there was some actual hacking involved.

The security firm, Recorded Future, was monitoring underground electronic markets where hackers buy and sell wares and discovered someone offering log-on credentials for access to computers at the U.S. Election Assistance Commission, company executives said.

Eventually they discovered that the Russian-speaking hacker had obtained the credentials of more than 100 people at the election commission after exploiting a common database vulnerability, the researchers said.

The hacker reportedly gained access to information on flaws in voting machines, flaws that could potentially be exploited, but authorities do not believe the hacker exploited those flaws because the hack occurred after the election. Furthermore, this specific hacker is said to be more interested in selling access to information than selling the information itself.

The specific database vulnerability exposed by this hack has apparently been patched, but I would guess there are other vulnerabilities waiting to be discovered.

There are good reasons why your favorites apps and operating systems are frequently updated. They're updated to add new features and address holes in security.