The U.S. agency charged with ensuring that voting machines meet security standards was itself penetrated by a hacker after the November elections, according to a security firm working with law enforcement on the matter. The security firm, Recorded Future, was monitoring underground electronic markets where hackers buy and sell wares and discovered someone offering log-on credentials for access to computers at the U.S. Election Assistance Commission, company executives said. Posing as a potential buyer, the researchers engaged in a conversation with the hacker, said Levi Gundert, vice president of intelligence at the company, and Andrei Barysevich, director of advanced collection. Eventually they discovered that the Russian-speaking hacker had obtained the credentials of more than 100 people at the election commission after exploiting a common database vulnerability, the researchers said.
The hacker was trying to sell information about the vulnerability to a Middle Eastern government for several thousand dollars, but the researchers alerted law enforcement and said Thursday that the hole had been patched.
The Election Assistance Commission said in a statement late Thursday that it had become aware of a “potential intrusion” and was “working with federal law enforcement agencies to investigate the potential breach and its effects.”
“The FBI is currently conducting an ongoing criminal investigation,” the statement added.
Full Article: U.S. Election Assistance Commission breached by hackers after November vote | Reuters.