Election 2016

Report: Russian Hacker Also Hit the Election Assistance Commission

JM Ashby
Written by JM Ashby

According to a private security firm working with federal authorities, a Russian hacker breached the U.S. Election Assistance Commission just after the November election.

While "hack" has become a catch-all phrase that more commonly refers to phishing scams, in this case there was some actual hacking involved.

The security firm, Recorded Future, was monitoring underground electronic markets where hackers buy and sell wares and discovered someone offering log-on credentials for access to computers at the U.S. Election Assistance Commission, company executives said.

Eventually they discovered that the Russian-speaking hacker had obtained the credentials of more than 100 people at the election commission after exploiting a common database vulnerability, the researchers said.

The hacker reportedly gained access to information on flaws in voting machines, flaws that could potentially be exploited, but authorities do not believe the hacker exploited those flaws because the hack occurred after the election. Furthermore, this specific hacker is said to be more interested in selling access to information than selling the information itself.

The specific database vulnerability exposed by this hack has apparently been patched, but I would guess there are other vulnerabilities waiting to be discovered.

There are good reasons why your favorites apps and operating systems are frequently updated. They're updated to add new features and address holes in security.

  • Qahir Makhani

    Guys, greeting from the UK. Can any of you use this information to form a lawsuit? I mean, you have the evidence and have lawyers listed on your site. Can you please do humanity a favour? Also, for those having difficulty understanding whether Julian Assange is a liar or not, it’s a bit more complicated than that. Below is a video explanation of what Wikileaks do. Imagine them taking the role of Dooku, while the western world is Obi-Wan

  • muselet

    The hacker, who—contra anything Donald Trump may say in coming days—is not a 400-pound guy sitting in his parents’ basement in New Jersey, seems not to have been aware that the Election Assistance Commission doesn’t run elections, but rather works to help states run their elections more securely and efficiently.

    Still, this should be getting far more attention than it is in our glorious news media.

    –alopecia

  • Badgerite

    Well this is all very reassuring. This is why I was never on board the Snowden bandwagon. There are bad actors in the world and they will, given the opportunity, tamper with our most cherished institutions. I have always viewed the NSA as a line of defense against this. Now? Who knows, now.

  • Dread_Pirate_Mathius

    There are good reasons why your favorites apps and operating systems are frequently updated. They’re updated to add new features and address holes in security.

    Bulletproof code is very, very, very hard to write.

    Even something tiny like a small iPhone game. It is stupendously hard to make sure that it “just work,” without bugs.

    Something bigger, like an OS… forget about it.

    And if multiple people are working on different aspects? Forget about it.