The governing body responsible for testing and certifying voting systems has itself been hacked, according to a report from security company, Recorded Future. The report was further substantiated by TechCrunch, as the US Election Assistance Commission (EAC) confirmed a “possible intrusion” around the time of the election.
If you’re looking for the ‘gotcha’ moment that’s going to bring the entire 2016 election result to its knees, this isn’t it. The EAC was established in 2002 as part of the Help America Vote Act (HAVA). HAVA was a reactionary measure signed into law by President Bush to prevent the same debacle Florida experienced in the 2000 election. The hotly-contested state saw more than two million ballots disqualified because machines registered multiple votes or none at all.
Now the EAC handles the testing, maintenance, and certification of these machines, as well as detailing expenditures, ordering new machines, and maintaining the National Voter Registration form.
Hacking the EAC does not equate to hacking a voting machine, nor is this hack believed to have played any part in the election. But it’s still embarrassing, and could be another cog in a giant wheel powered by what the CIA believes to be Russian hackers.
Acting on intel from earlier this month, Recorded Future performed an independent investigation which led to finding a hacker going by the name ‘Rasputin’ trying to sell over a hundred logins to these systems. Rasputin also offered an un-patched exploit for the EAC’s international website. The open SQL injection vulnerability has since been patched.
Perhaps humorously, Rasputin speaks Russian, which doesn’t necessarily mean he’s from Russia or the hack was state-sponsored, but it offers a nice little bow on top of an op-ed the EAC penned for the Washington Post titled: ‘Don’t believe the hype. Foreign hackers will not choose the next president.’
Perhaps not, but both the Washington Post and CIA seems to think they could have had something to do with it.