Russian hacking groups played a larger role in the 2016 election than anyone realized, according to a top secret NSA report published today in The Intercept. That campaign includes targeting a supplier of US voting software, as well as sending spear-phishing emails to more than 100 local election officials just days before Election Day. The result is a troubling new turn in Russian hacking efforts, although there’s no indication the group had access to voting totals or election results.
The Intercept report comes after a string of hacks in the run-up to the 2016 Election, when hackers stole and published emails from the Democratic National Committee and Hillary Clinton campaign. In January, the Director of National Intelligence attributed those leaks to a Russian influence campaign ordered directly by Russian president Vladimir Putin. Putin himself has denied directly ordering the campaign, saying instead that it may have been carried out by “patriots” sympathetic to Russian interests.
But while those hacks focused on influence operations, The Intercept report reveals a hacking group linked to Russia was also directly targeting US voting infrastructure. In one campaign, the group sent attempted phishing emails to seven different employees at an unnamed voting system company. Three of the emails went to non-existent email addresses, but at least one is believed to have successfully compromised its target. According to the NSA’s assessment, the group was “probably trying to obtain information associated with election-related hardware and software applications.”
In another case, the group sent test emails to two “absentee request” accounts for the election office for American Samoa. The emails bounced and did not contain any malicious links or attachments. As a result, analysts believed the emails were research for a separate absentee ballot spoof to be deployed at a later time.
Nothing in the report indicates the group had any direct access to vote totals or the ability to directly alter election results. Still, the report indicates the Russian government was working to compromise the organizations and individuals providing election equipment and maintaining voter rolls. That’s a significant step beyond simply influencing public opinion by publishing stolen information, which had been the focus of previously attributed attacks.
The report itself is still classified, and NSA may have already located the source of the leak. Shortly after the Intercept’s report was published, the Justice Department announced the prosecution of 25-year-old contractor Reality Leigh Winner, who is charged removed classified material from a secure facility and mailing it to an unnamed online news outlet. Winner was arrested at her home on Saturday, and appeared in federal court in Georgia this afternoon.
Update 5:52PM ET: Updated with information on the charges against Reality Leigh Winner.