mro-hirise-mars-dune-seasons-frost-pia18114-full

About that Russian Hacker Story

This story is going viral on social media. The CNN article, dated October 12, describes a compromise of a FL contractor they don’t situate in time.

Federal investigators believe Russian hackers were behind cyberattacks on a contractor for Florida’s election system that may have exposed the personal data of Florida voters, according to US officials briefed on the probe.

The hack of the Florida contractor comes on the heels of hacks in Illinois, in which personal data of tens of thousands of voters may have been stolen, and one in Arizona, in which investigators now believe the data of voters was likely exposed.
Later in the article, CNN makes it clear this is the same hack as described in this earlier ABC reporting, which expands on a story from several days earlier. ABC’s reporting doesn’t date the compromise either. Rather, it explains that FL was one of four states in which hackers had succeeded in compromising data, whereas hackers had scanned voting related systems — tried to hack systems — in half the states.

As ABC News first reported Thursday, hackers have recently tried to infiltrate voter registration systems in nearly half of the states across the country –- a significantly larger cyber-assault than U.S. officials have been willing to concede.

And while officials have publicly admitted Illinois and Arizona had their systems compromised, officials have yet to acknowledge that information related to at least two other states’ voters has also been exposed.

Hackers working on behalf of the Russian government are suspected in the onslaught against election-related systems, according to sources with knowledge of the matter.

And ABC’s source at least claimed that all hackers did was copy voter data.

The voter information was exposed after cyber-operatives gained entry to at least one computer associated with a private company hired to administer voter information, the sources said.

A simple “phishing” scheme –- with a malicious link or attachment sent in an email –- is likely how it all started, one source said.

“The attack was successful only in the sense that they gained access to the database, but they didn’t manipulate any of the voter [information] in the database,” the source said.

So, in spite of what people might think given the fact that the CNN is going viral right now, it doesn’t refer to a hack in conjunction with the election. It refers to a hack that happened well over a month ago. It refers to a hack that — at least according to people who have an incentive to say so — resulted only in the theft of data, not its alteration.

Both CNN and ABC use language that suggests the Russian government was behind this hack. Here’s CNN:

FBI investigators believe the the hacks and attempted intrusions of state election sites were carried out by hackers working for Russian intelligence.

And here’s ABC:

Hackers working on behalf of the Russian government are suspected in the onslaught against election-related systems, according to sources with knowledge of the matter.

But (as CNN points out) the October 7 joint DNI/DHS statement on Russian hacking doesn’t attribute the voting rolls part to the Russian state.

Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government.

An earlier DHS one explicitly attributes them to cybercriminals.

(U//FOUO) DHS has no indication that adversaries or criminals are planning cyber operations against US election infrastructure that would change the outcome of the coming US election. Multiple checks and redundancies in US election infrastructure—including diversity of systems, non-Internet connected voting machines, pre-election testing, and processes for media, campaign, and election officials to check, audit, and validate results—make it likely that cyber manipulation of US election systems intended to change the outcome of a national election would be detected.

(U//FOUO) We judge cybercriminals and criminal hackers are likely to continue to target personally identifiable information (PII), such as that available in voter registration databases. We have no indication, however, that criminals are planning theft of voter information to disrupt or alter US computer-enabled election infrastructure.

There were known instances of identity thieves hacking voting rolls going back some time, so it is possible that’s all this was about.

We learned recently that FBI Director Comey pointedly did not want to be included on the joint DNI/DHS statement, because it was too close to the election. So it’s possible there was disagreement about that part of it (which might explain the FBI-sourced leak to CNN).

Also note, I believe the known hackers used different methods, including both SQL injection and phishing. If in response to the earlier ones, DHS did a review of voting systems and found a number of phishes using the same methods as GRU, that may explain why FBI would say it was Russian.

In any case, we don’t know what happened, and at least public claims say the hackers didn’t alter any data.

But the CNN story, at least, is not about something that just happened.

Update: Fixed some typos and clarity problems.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

9 replies
  1. @bitcoinbuddhist says:

    Cherry picking factoids & twisting them to create a compelling narrative. Yeah lying is age old government journalism industry. It all Sounds familiar. The little vile Colin Powell held up at the UN, some yellow-cake,et voilà, a plate piled with propaganda a little parsley leaf on the top off center.

  2. Ian says:

    Here’s a paranoid thought: what if the hacking of the rolls was not to alter them, but to find the subset of all voters who are least likely to actually vote then “vote on their behalf”. So it goes like this. Pull voter records and do a look back on whether they have voted previously. Filter out likely voters, dead people, stale records. You could be left with a list of registered voters who will in all likelihood not vote. If someone coordinated enough could vote (fraudulently) for these people you *could* sway a district. #tinfoilhat

  3. bevin says:

    If that was being done one would expect a higher turnout.
    I’m beginning to think that one reason why the simple and obvious steps needed to make the voting systems secure are never taken is that having these ramshackle, clearly vulnerable and unconstitutional systems, which make recounts and audits impossible, is an unfailing source of rumour and faermongering.
    I was amazed that after the shameful sagas of 2000, chads et al, nothing was done to clean up the mess.
    As to the CNN ‘story’ it is as credible as one of their panels of experts.

    • rugger9 says:

      I agree with you on this, and in CA we have paper ballots for audit purposes after experimenting with the Sequoia system of black-box voting.  As you probably saw we had no problem getting our results done on time on Tuesday.  Greg Palast has done lots of research on this, occasionally channeling through Thom Hartmann’s show for updates.

      The fact that the OH Secretary of State turned off the audit software on their voting machines for this election, four years after trying to “patch” the voting system at the last second without any transparency means Ohio’s results will always be suspect.  It’s why Rove went bonkers in 2012 when Ohio went for Obama, because he’d already engineered the fix for Romney before (allegedly) it was undone by Anonymous.  And, the guy who did the dirty work on the 2004 GOP theft of OH was strangely killed in a plane crash shortly before being forced to testify, and the OH SoS then (Blackwell) destroyed all of the records in violation of the law and a court order, but IOKIYAR prevented anything being done about it.

      Stalin was fine with elections as long as he got to count the votes.  This year the rolls were slashed using Crosscheck data found to be grossly inaccurate to get rid of all minority-sounding names without adequate warning or notice.  People were told when they got to the precinct.  The reduction of voting hours and Voter ID laws (WI’s law had DMV hours on the 5th Wednesday of the month set aside for the paperwork) made it clear that the game was depression of net turnout for Ds.  When a concealed carry permit is OK but not a picture student ID from the state university system (in TX) who is being targeted is very clear, as were the students denied the right to vote because their dorm was reclassified quietly as a hotel without any notice to them.  It all adds up in a tight race, and in 2008 it didn’t work because Shrub was so bad the wave just rolled over.  However, in 2010 it did work and that is how we have gerrymandered districts now for the GOP.

    • rugger9 says:

      It’s making the Facebook rounds.  Never mind HRC’s popular vote lead is over a half million and still growing.

      Mandate, my tush.

  4. Cheryl Rofer says:

    Thanks, Marcy. The recycling of old news seems to be a pattern with election-related Russia stories. I’ve been following the stories on Trump connections more closely than the hacking stories. If you see a story about connections between the Trump camp and Russia, chances are that it is made up of factoids that were available last July, when I collected them.  There has been a little reporting since then, but not much.

    • rugger9 says:

      I do not understand why the Putin apologists here don’t grasp that when a government official says Russia meddled in our election he does so with Vlad’s blessing.  The Russians admitted to it, not just a buddy of Vlad’s but one of the senior officials as well.

       

Comments are closed.