Just when the cybersecurity world thinks it’s found the limits of how far Russian hackers will go to meddle in foreign elections, a new clue emerges that suggests another line has been crossed. Even now, nearly a year after news first broke that Russian hackers had breached the Democratic National Committee and published its internal files, a leaked NSA document pointing to Russian attempts to hack a voting-tech firm has again redefined the scope of the threat. Taken with the recent history of Russia’s digital fingerprints on foreign elections, it points to a disturbing trend: Moscow’s habit of hacking democratic processes has only gotten more aggressive and technically focused over time. … As revealed in the Intercept’s leaked NSA report, hackers believed to be working for Russia’s GRU military agency—the same agency tied to the group known as Fancy Bear or APT28—sent phishing emails to VR Systems, the makers of hardware and code used to handle voter sign-ins at polling places in eight US states. Senate Intelligence committee vice chairman Mark Warner followed up by telling USA Today on Tuesday that the extent of the attacks were in fact much broader than anyone has yet reported. And US intelligence agencies had already implicated the Kremlin for breaches of the websites of the boards of election for Arizona and Illinois.
The NSA report focused on the VR Systems attack, at least, includes no evidence that the phishing attempts were successful. And even if they had been, the disruption that might have ensued would likely have been more effective at casting doubt on the election results than measurably changing its outcome. Warner, too, has said that there’s no evidence the 2016 attacks changed actual vote counts.
VR Systems’ equipment, it’s worth noting, doesn’t actually count votes in the first place. Still, University of Pennsylvania computer science professor Matt Blaze has pointed out that the impacted devices could have ended up on the same network used to manage local polling places, leading to potential attacks on voting machines. Even then, America’s fragmented state-run voting infrastructure means that meaningfully changing election results would be an unpredictable, unlikely process.
The new leak nonetheless shows that Russian hackers have graduated from mere information and propaganda attacks to techniques designed to more directly tamper with election machinery. CSIS’s Lewis argues that other countries may be more vulnerable than the US to that kind of tampering—and the Kremlin may just be getting started. “Russia wants to disrupt and discredit elections in the West. But their long-shot goal is actually to manipulate the outcomes of elections,” Lewis says. “In this case, it doesn’t look like they succeeded. But it was just their first try.”