A top-secret NSA report claims that Russian military intelligence carried out a cyber attack on a US voting software supplier and sent phishing emails to 100 local election officials shortly before the US presidential elections in 2016.
The Intercept said that it had obtained the report, dated 5 May, through an independent, anonymous source and said it was the most detailed claim of Russian interference by any US government body.
But the five-page report does not provide the underlying data on which it is based. Additionally, an anonymous US intelligence officer cautioned against leaping to conclusions because a single analysis could not be definitive.
The Intercept made some redactions in the document it published after speaking to the NSA and the Office of the Director of National Intelligence.
{loadposition sam08}The report begins by stating: "Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organisations."
The report contains much more detail than the unclassified report that former president Barack Obama released in January in which it was claimed that Russia meddled in the US election process.
In the report, the NSA concluded that a Russian team which was focused on US and foreign elections took aim at an unnamed private company that makes devices which maintain and verify voter rosters.
While the company was not directly identified, there are numerous references in the report to the Florida-based VR Systems which sells electronic voting services and equipment used in eight US states.
The Russians are claimed to have used phishing tactics by including Visual Basic scripts in Microsoft Word documents sent to election offices, and thus gained entry to voting systems.