Attribution is not an easy thing to do in the case of cyberattacks, especially if the actors have been careful. But the NSA seemed confident enough regarding certain pre-election hacks that it has directly named Russian intelligence as the perpetrators — an accusation rather at odds with President Putin’s claims that the country “never engaged” in that type of activity.
The information comes courtesy of The Intercept, which obtained a top secret report from the NSA, issued in May and subsequently confirmed as genuine. The 5-page report can be read in its (redacted) entirety here.
Update: NBC News reports that the FBI on Saturday arrested Reality Leigh Winner, a 25-year-old government contractor, on charges of “gathering, transmitting or losing defense information.” She reportedly admitted to printing out the report discussed here and mailing it to The Intercept.
The report describes activity dating to just before the election in which Russian intelligence attempted to get access to “elections-related software and hardware solutions” and then flip that access into a spear-phishing campaign against government targets. Russia’s GRU is specifically named as being behind the attacks, not merely suggested as a candidate.
Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. Company in August 2016, evidently to obtain information on elections-related software and hardware solutions, according to information that became available in April 2017. The actors likely used data obtained from that operation to create a new email account and launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.
According to the report, the attacks first targeted a private company in August, possibly Florida’s VR Systems, that provides services relating to electronic voting systems. Once inside the company’s server, the attackers began sending spear-phishing emails that would appear to come from the company itself, lending them authenticity. This latter activity occurred only days before the election.
Two more attacks attributed to the Russian government in the report also targeted elections infrastructure.
Just how successful these attacks were is difficult to say, and by now whatever hooks the actors had in government contractors and elections systems have probably been prised out. It is not suggested by the report that the outcome of the election itself was affected.
We knew that bad actors were “poking around” voter registration and election boards, and Russia was always suspected — or at the very least, “patriotic” (as Putin put it) hackers acting in Russian interests.
It’s not the first time the U.S. has officially suggested Russia had its finger in the election pie, but it is the most detailed and uncompromising of those suggestions — and clearly contradicts Putin’s recent and unequivocal statements otherwise.
The U.S. government is put in an awkward position itself; it would be odd to accuse Putin now using information leaked involuntarily from its own secret sources. Yet now that it’s obvious that this evidence exists, it would be equally odd for officials not to act. We’ll know soon how U.S. intelligence and elected officials extricate themselves from between this rock and hard place.