Despite NSA Claim, Elections Vendor Denies System Was Compromised In Hack Attempt | KUOW News and Information

Despite NSA Claim, Elections Vendor Denies System Was Compromised In Hack Attempt

Jun 20, 2017
Originally published on June 20, 2017 10:22 am

The Florida elections vendor that was targeted in Russian cyberattacks last year has denied a recent report based on a leaked National Security Agency document that the company's computer system was compromised.

The hackers tried to break into employee email accounts last August but were unsuccessful, said Ben Martin, the chief operating officer of VR Systems, in an interview with NPR. Martin said the hackers appeared to be trying to steal employee credentials in order to launch a spear-phishing campaign aimed at the company's customers.

VR Systems, based in Tallahassee, Fla., provides voter registration software and hardware to elections offices in eight states.

"Some emails came into our email account that we did not open. Even though NSA says it's likely that we opened them, we did not," Martin says. "We know for a fact they were never opened. They did not get into our domain."

Instead, Martin said, the company isolated the suspicious emails and alerted law enforcement authorities, who it was already working with because of two attempts to break into state voter registration databases earlier last summer.

The NSA document said that at least one of the company's email accounts was "likely" compromised based on information uncovered later in the spear-phishing campaign. That attack took place days before the November election and involved fake emails sent to as many as 122 local election officials in an apparent effort to trick them into opening attachments containing malicious software.

"They tried to pretend to be us to leverage our relationship with our customers," said Martin.

But Martin noted that while the NSA says the emails were made to look as if they came from VR Systems, they were sent from a phony email address — vr.elections@gmail.com. He said his company does not use Gmail and never sends its customers documents in the form of email attachments. He added that no elections vendor would send customers software updates once voting had begun, which in this case it had.

"That's why I believe most of our customers knew immediately that this was bogus," said Martin. The company was alerted to the fake emails by one of its customers, and Martin said it immediately warned its other customers. So far, there is no evidence that any of the recipients opened the attachments or had their systems infected with the malicious software.

Still, cybersecurity experts say the attempted attacks are a clear sign of Russian interest in interfering with U.S. elections — either by manipulating votes or causing chaos at the polls. Some have warned that vendors might be exploited to gain access to local or state voting systems.

In this case, the NSA report concluded that the purpose of the malicious software was "to establish persistent access or survey the victim for items of interest to the threat actors." While last year's attacks appeared to only involve voter registration systems, some experts say such systems can be used as a gateway to actual voting machines.

The Senate and House intelligence committees will explore Russia's efforts to interfere in U.S. elections last year — and how to prevent future attacks — at two hearings on Wednesday. Former Secretary of Homeland Security Jeh Johnson will appear before the House committee. The Senate panel will hear from current U.S. intelligence officials and state election experts.

Copyright 2017 NPR. To see more, visit http://www.npr.org/.