Global Weekly Executive Summary, June 9, 2017

US Voter Registration Process was Target of Russian Cyberespionage Operation, Says Leaked NSA Report

A leaked top secret National Security Agency (NSA) report described cyberattack attempts on US election officials and companies that provided election-related software and hardware in the weeks and days leading up to the 2016 US elections.

The report, dated May 5, 2017, attributes these operations to the Russian military intelligence agency known as GRU.

The cyberespionage tactics used included sending spoofed spear phishing emails, redirecting targets to false webpages to steal login credentials, and sending infected Word documents to gain control of a target’s computer.

The people targeted were: 1) workers at companies that provide software and the devices used to verify voter rolls and voter registration, and 2) 122 local election board officials. According to the report, while the voter registration process was specifically targeted, there is no mention of voting machines or the vote tallying process being targeted or affected.

The leaked NSA document appears to be an analysis of gathered findings and does not include the raw intelligence or evidence that the analysis was based on. This single report leaves many questions unanswered. Was this mainly a cyberespionage campaign, or was the intent to interfere or alter the course of the election? Was these efforts widely successful? Were election results affected in a meaningful way? This single report cannot and does not attempt to answer these questions.

This report is only the most recent episode in a long line of leaked classified documents and files originating from federal intelligence agencies. In recent months, stolen and leaked exploit tools purportedly created by the NSA contributed to the WannaCry ransomware attacks that affected 300,000 computers in hundreds of countries around the world.

Sources: The Intercept, TOP-SECRET NSA REPORT DETAILS RUSSIAN HACKING EFFORT DAYS BEFORE 2016 ELECTION. SecurityWeek, Leaked Documents Show US Vote Hacking Risks. SC Magazine, Russians allegedly hacked voting software prior to 2016 election, leaked NSA docs

Federal Contractor Charged in Leaking Classified NSA Report to News Agency

Reality Leigh Winner was arrested and charged with improperly removing classified material from a government facility and mailing it to a news outlet, in violation of 18 U.S.C. Section 793(e) which relates to espionage and “gathering, transmitting or losing defense information.”

Winner, 25, a federal intelligence contractor with Pluribus International Corporation and assigned to a government facility in Georgia, admitted to printing the top secret NSA report, removing it from her workplace, and later mailing it to The Intercept, an online news agency. The Intercept was founded by Glenn Greenwald, the journalist who worked with Edward Snowden to disclose classified NSA documents in 2013.

Sources: Department of Justice, Federal Government Contractor in Georgia Charged With Removing and Mailing Classified Materials to a News Outlet. Reuters, Contractor charged with leaking classified document about U.S. election hacking: sources. US Code, House.gov, CHAPTER 37—ESPIONAGE AND CENSORSHIP

Putin Suggests US Election Breaches were the work of “Patriotically minded” Russian Hackers

Russian President Vladimir Putin continues to deny that the Russian government played a role in the breaches associated with the 2016 US election, but in a shift from previous statements, he recently proposed that “patriotically minded” Russian hackers may have been the perpetrators. The Kremlin has previously suggested that patriotic hackers sympathetic to Russian interests were also behind the cyberattacks that coincided with Russian invasions into Ukraine and Estonia.

Sources: BBC, Russian President Vladimir Putin has suggested “patriotic” Russian citizens might be engaged in hacking. CNN, Putin: ‘Patriotic’ Russian hackers may have targeted US election