Russian military hackers said to have infiltrated the U.S. election system would have had several potential avenues to influence U.S. elections — including by tampering with voting rolls, interference that could have had an important impact in swing states. Whether or not this happened isn’t outlined in a leaked National Security Agency report that led to the arrest Monday of a federal contractor with top-secret security clearance. There has been no evidence votes were changed in the 2016 presidential election, though officials in North Carolina are actively investigating attempts to compromise the state’s electronic poll book software. Online news site The Intercept said the report it obtained said Russian military intelligence executed a cyber attack on VR Systems, a Florida-based U.S. supplier of voting software. Hackers used the VR Systems account to send deceptive emails to more than 100 local election officials in the days leading up to the November presidential election, according to The Intercept.
What was the end game of hackers — and did they influence the election? Cyber security experts say the hacks could simply have been aimed at sowing distrust among the public about the outcome of the 2016 presidential race, a fear that was top of mind among secretaries of state and voting fairness organizations leading up to the November 8. Other possible scenarios include trying to keep voters off registrations lists or planting Trojan software programs in election networks to be used at a future date, say cyber security experts.
None of the techniques required for these hacks would be especially hard for a reasonably sophisticated nation state, said Alex Halderman, a nationally known expert on electronic voting and voting system security at the University of Michigan.
In this case, the Russians identified staff at VR Systems that provided consulting and support services to local election entities across the United States, The Intercept reported. Posing as staff at those vendors, local election workers were sent carefully-faked phishing emails that contained malware hidden in a Microsoft Word document. When the worker opened the document, that allowed the attackers to gain a beachhead in multiple election jurisdiction networks.
VR Systems did not respond to a USA TODAY request for comment Tuesday.