Leaked NSA doc highlights deep flaws in US election system

Posted June 09, 2017

CNN reported Tuesday that an NSA memo, dated May 5, provides details of a 2016 Russian military intelligence cyberattack on a US voting software supplier.

"If you can manipulate that ballot programming you can often exploit the vulnerabilities", Halderman said, opening the door to vote tampering. "Never once did the thought cross my mind".

In Illinois, officials are trying to determine which election offices used software from the contractor that the report said was compromised. The document, leaked to The Intercept, is an NSA intelligence report dated May 5.

The classified document was leaked to the press by a 25-year-old intelligence contractor who has been arrested by the Department of Justice.

The NSA report does not say whether the cyberattack effort had any effect on the election results.

VR Systems provides voter check-in software and a program to show online election night results for Broward County.

More news: South Africa : West coast storm kills 8, causes chaos

Joe Canciamilla, the clerk-recorder and registrar of voters in Contra Costa County - which has no connection with VR Systems - said in an interview that the episode could encourage jurisdictions to spend more on technology to protect voting data.

"There is no evidence of any breach of elections systems in California", Padilla said in an email. The issue forced officials to abandon the system, issue paper ballots and extend voting hours, but officials there said that trouble did not appear to have been caused by hacking. Apparently exploiting technical data obtained in that operation, the cyber spies later sent phishing emails to more than 100 local USA election officials just days ahead of the November 8 vote, intent on stealing their login credentials and breaking into the their systems, the document says.

Leaked documents from the probe into Russia's interference in the 2016 USA election underscore some of the worst fears about electronic voting systems - that they may be vulnerable to hackers.

Election supervisors in Citrus, Clay and Pasco counties said they, too, got the emails, but also did not open them, the Tampa Bay Times reported Tuesday. "Phishing and spear-phishing are not uncommon in our society".

Amber Smith of the Osceola County Supervisor of Elections Office said her office did not receive the phishing email.

Seminole County uses paper ballots and "you can't hack paper", Ertel said.

More news: Millwall fan who tackled London terrorists a 'hero' - Carl Frampton

Seminole Supervisor of Elections Michael Ertel uses VR Systems software for voter registration but not the software for identifying voters at the polls, which was the target of the cyberattack attempt.

They are investigating reported attempts to compromise VR Systems, an electronic poll book software company used by 21 of North Carolina's 100 counties.

In a statement, NASS urged federal agencies to notify local election officials about the hacking attempts, which the newly leaked documents show the NSA knew about by April of this year. But he pointed out that even if hackers were able to break into voting results, the US vote-tallying process is so decentralized that it would be nearly impossible to swing an election. "It makes me feel like we're under attack a little bit", Mello said.

This information was included in a highly classified report by the National Security Agency.

The the complaint says victor mailed the intelligence reporting to an online news outlet a few days later. Prosecutors did not say which federal agency employed victor, but FBI agent Justin Garrick said in an affidavit filed with the court that she had previously served in the Air Force and held a top-secret security clearance.

More news: Apple reveals watchOS 4: Siri-powered updates, fitness syncing, and music playlists