Russia Attacked Voting Machines & Officials. Success?

By PeraclesPlease on Mon, 06/05/2017 - 6:03pm |

URL:

https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/

5228 reads

Comments

And the 25 year-old leaker was rather promptly arrested.

by barefooted on Mon, 06/05/2017 - 7:13pm

oh my, that's big, going to take a lot of air out of the news rooms...

by artappraiser on Mon, 06/05/2017 - 7:19pm

Takes some of the drama out of the assumption that all leaks come from high places and important folks, anyway.

by barefooted on Mon, 06/05/2017 - 7:22pm

Watch The Guardian. Jon Swain of The Guardian tweeted this

Reality Winner, arrested for alleged classified leak, is a former US Air Force linguist who speaks Pashto, Farsi & Dari, her mother tells me pic.twitter.com/SQjt13wRw6
— Jon Swaine (@jonswaine) June 5, 2017

and The Guardian has got this up so far as the top U.S. site story:

Russian agents hacked US voting system manufacturer before US election – report

Monday 5 June 2017 18.47 EDT, by David Smith in Washington and Jon Swaine in NY

Federal contractor arrested and charged with removing classified material

NSA report: cyber-attack on software supplier and phishing emails hit officials

"Reality Winner" is trending on Twitter but so far it is mostlyTrump-supporting trolls attacking her with various conspiracy theories as related to the Obama admin...

by artappraiser on Mon, 06/05/2017 - 8:31pm

The Intercept failed to shield its confidential source. Now it’s making amends.

In the Trump era’s first leak arrest, the news site has adopted some reforms and its parent company will help fund Reality Winner’s defense.

By Margaret Sullivan @ WashingtonPost.com, July 11

[.....] A month later, the Intercept and its parent company, First Look (both are funded by Omidyar), are taking steps to fix their mistakes and help defend Winner.

“As the news outlet Winner is accused of leaking to, the Intercept has a unique perspective on her case and a passionate desire to see her receive a fair trial — even though we had no idea who our source was and still have no independent knowledge of the source’s identity,” Reed said in a statement Tuesday.

Helping Winner’s case will take two forms, she said.

First Look’s Press Freedom Defense Fund will pay for a law firm to support her current defense lawyers. And it will give $50,000 in matching funds to Stand With Reality, a grass-roots crowdfunding campaign intended to increase public awareness and support legal work for the young whistleblower.

Winner has been charged under the 100-year-old Espionage Act, the same arcane law that the Obama administration began using to charge leakers, including Snowden.

“The First Amendment, not the Espionage Act, should be the framework for viewing the act of whistleblowing,” Reed said.

Reed said the Intercept has been examining its practices for source protection and, in this case, found them wanting.

“At several points in the editorial process, our practices fell short of the standards to which we hold ourselves” for keeping risks to sources at a minimum, Reed said. “We should have taken greater precautions to protect the identity of a source who was anonymous even to us.” [....]

by artappraiser on Wed, 07/12/2017 - 4:04am

Re: Success?

Remains to be figured out: at what?

NYTimes report by Charlie Savage points out that this incident could only have to do with jurisdictions in California, Florida, Illinois, Indiana, New York, North Carolina, Virginia and West Virginia, as that is where the company's products are used. In addition, the company has stated that "none of its products dealt with vote marking or tabulation."

The report masked the name of the software vendor, referring to it as “U.S. Company 1,” in keeping with standard minimization rules for intelligence reports based on surveillance. However, the report contained references to an electronic voter identification system used by poll workers and sold by VR Systems, a Florida company.

VR Systems’ website said its products were used by jurisdictions in California, Florida, Illinois, Indiana, New York, North Carolina, Virginia and West Virginia. In a statement, VR acknowledged that there had been a problem, while stressing that none of its products dealt with vote marking or tabulation.

“When a customer alerted us to an obviously fraudulent email purporting to come from VR Systems, we immediately notified all our customers and advised them not to click on the attachment,” it said. “We are only aware of a handful of our customers who actually received the fraudulent email and of those, we have no indication that any of them clicked on the attachment or were compromised as a result.”

I find Savage's description of the hack to be much easier to understand than The Intercept's, maybe others will too:

Both attacks described in the report relied on so-called spear phishing, a tactic that uses spoof emails to trick users into clicking links or opening attachments that then install malicious software on their computers. The G.R.U. sent the emails from two free American web-based email providers, Google’s Gmail and Microsoft’s Outlook.com, it said.

The first attack, on Aug. 24, involved an attack on an American company “evidently to obtain information on elections-related software and hardware solutions.”

That attack was most likely successful. The report said the G.R.U. used data most likely obtained from it to conduct the second set of attacks, a “voter registration themed spear-phishing campaign targeting U.S. local government organizations.”

Specifically, it said, in late October or early November, the G.R.U. sent to 122 local elections officials emails designed to look like they were from that company and containing attachments designed to look like an updated system manual and checklist. Opening the attachment would download malicious software from a remote server, the report said.

So the first was to get info on the systems. in order to make up plausible-sounding fishing emails used in the second.

by artappraiser on Tue, 06/06/2017 - 12:38am

I don't expect this to be the silver bullet, to suddenly reveal everything. I expect to hear about other attacks with various results in various locations, looking for exploits, clues, more info. They needed to exploit a few machines in a few swing states, preferably with Republican control, which was largely the case. Besides electronic hacking, they needed to exploit HUMINT. But humans are so easy to compromise and buy off for even $5k-$10k, much less serious money like the millions Manafort gets.

by PeraclesPlease on Tue, 06/06/2017 - 12:39am

This article may confirm opinions for those predisposed to dislike anything from The Intercept. I believe they have done a lot of valuable reporting but appear to have fucked up royally in this case. The result is that an apparently naively principled Hillary-supporting young woman, maybe pumped up with the idea of doing something heroic, will no doubt pay a big price for a long time for sloppily leaking what is apparently nothing-news. I hope she doesn’t get the Manning treatment but I expect that it will somehow be played to make a scary example of her to warn off other potential leakers. It will be interesting to see if The Intercept feels the need to defend their actions in this case and how they do so.

On the other hand, this analysis may be totally rejected [and maybe the story will play out to show that it should be] because the source was rejected years ago, or for any number of other reasons, especially if it contradicts or alternatively fails to confirm a bias. Regardless, I think it worth a read to anyone following this news.

by A Guy Called LULU on Tue, 06/06/2017 - 8:46am

WikiLeaks Declares War on The Intercept

by A Guy Called LULU on Tue, 06/06/2017 - 9:29pm

Just too much, Lulu!!! Thanks for sharing the catch. What will we think of these times ten years down the road?

Question of the day comes to mind: What kinda leakers does Trump like today? What kind will he like tomorrow?

by artappraiser on Tue, 06/06/2017 - 10:47pm

It depends on where we are ten years down the road. Will we see it as a period of temporary insanity or the time when the terrible troubles began.

by ocean-kat on Tue, 06/06/2017 - 11:18pm

I'm usually critical (these days) of Wikileaks and Moon, but yes, this looks even intentional, some kind of war on the press and any leakers starting?

I imagine Trump's inspired by how Erdogan cleared out thousands of enemies, and maybe Putin's whispering how to clear out the rat's nest.

by PeraclesPlease on Wed, 06/07/2017 - 12:52am

For now I am accepting as probably correct Moon's description of how sloppy verification of a story by a news organization, one that asks for leeks and has published detailed information on how to protect your anonymity when leaking to them, could use verification procedures that would make it so easy for the government to identify the leaker. If things are as Moon of A described them and I was the "investigative reporter" who had screwed up so badly, I would be puking my guts out every time I thought about that young woman's future.

by A Guy Called LULU on Wed, 06/07/2017 - 1:18am

But is someone at Inquisitor working with Trump?

by PeraclesPlease on Wed, 06/07/2017 - 1:50am

I doubt it.

by A Guy Called LULU on Wed, 06/07/2017 - 2:23am

Schindler's take on the leak. Still quite strange.

by PeraclesPlease on Thu, 06/08/2017 - 1:35am

Russia Attacked Voting Machines & Officials. Success?

Comments

Sections

Bloggers