14 DAY TRIAL // Security company Recorded Future discovered what seems to be a Russian hacker who managed to breach the US Election Assistance Commission (EAC), which is the agency in charge of certificating voting machines that were used in America for elections.
Recorded Future, who calls the hacker “Rasputin,” says there’s not enough evidence to confirm that the attacker is indeed Russian, but he is speaking the language, so there’s a good chance that this is the case.
According to a report published by the firm, the hacker managed to breach EAC systems and access credentials, including some with administrative privileges.
“These administrative accounts could potentially be used to access sensitive information as well as surreptitiously modify or plant malware on the EAC site, effectively staging a watering hole attack utilizing an official government resource,” the company says.
The hacker was trying to sell vulnerabilities in EAC systems to Recorded Future engineers, explaining that he managed to break into computers using an SQL injection flaw that was still unpatched.
Furthermore, it appeared that the hacker was already involved in talks with a Middle Eastern government, but more specifics were not available.
“It’s unclear how long the EAC vulnerability has been active; however, it could have been potentially discovered and accessed by several parties independently,” Recorded Future says.
Not backed by a foreign government
What’s important to know, however, is that there’s no evidence that the hacker was sponsored by a foreign government, and the security company says that there’s a good chance he breached the systems on his own.
“Based on Rasputin’s historical criminal forum activity, Recorded Future believes it’s unlikely that Rasputin is sponsored by a foreign government. Recorded Future’s artificial intelligence technology is continuously scanning and analyzing the internet for updated threat indicators and tactics. Prior to this incident, no previous malicious activity related to EAC has been identified,” the firm explained.
The EAC has already confirmed the flaw in a public statement and said that it was working with law enforcement on an investigation and more details would be released at a later time. The agency emphasizes that this breach had no impact on elections, given that it does not administer elections, as this is the responsibility of state and local jurisdictions.
“Upon detecting the intrusion, the EAC terminated access to the application and began working with federal law enforcement agencies to determine the source of this criminal activity. The FBI is currently conducting an ongoing criminal investigation. As such, questions concerning the investigation should be directed to the FBI.”