Yes, Virginia, the Election was Hacked
People, we have a problem. A BIGLY problem. Facts are in danger of becoming extinct as we snip and snipe at each other.
A USURPER is about to be enthroned by the Electoral College and it seems there isn't a damn thing we can do about it.
*I am not here to argue how good or bad a candidate Hillary Clinton was/is, and I am not here to argue about which "group" is most responsible for the Trumpocalypse.
This compilation of words is in defense of "the elections were hacked". The elections WERE hacked, starting with the Election Commission's system.
In order to understand the how of it all, we have to understand more than a little about the underlying technologies. I know this isn't fun, and it isn't easly TWEETED or MEMED, but it is important that everybody understands that our elections were hacked.
- HACKING: illegally gaining access to and sometimes tampering with information in a computer system (#4 at Merrium-Webster)
- SQL Injection Attack: SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
- December 28, 2015: (Yes, 2015) Reuters reports. Database of 191 million U.S. voters exposed on Internet
- October 18, 2016: The EAC (via the Washington Post) assures Americans that our voting systems are safe
- October 2016: Recorded Future logs first attack against the Election Commission System (see graph below)
- December 1, 2016: Recorded Future's threat assessment technology identified the threat.
- December 15, 2016: EAC posted about the intrusion and Recorded Future released their report.
Here is a breif recap.
- Hackers had access to election systems via the EAC and could have planted malware..
- The threat was identified and reported to the appropriate authorities.
- The threat is traced to a Russian hacker named Rasputin. (Ties to Russian government are not confirmed).
- Nobody, with any clout, seems to give a shit.
I suspect both the Dem and Rep nominee were BOTH briefed on this situation, so it is rather puerile of Trumplethinskin to deny the Russian involvement.
What can we do?
It is important to take positive action. Links to the pertinent information and snips are available below. I encourage everybody to read thru the material below the dotted line. Our democracy is at stake.
- Get more facts. Whether you like DailyKos or not, this article contains some additional pertinent information on WHY it's important that we act to prevent the Trump Administration from ever taking office: Presidential Daily Brief: Trump determined to strike in U.S.
- Sign a petition! Asking President Obama to declassify all evidence of Russian interference and host intelligence briefing for electors before Electoral College votes on December 19. We are running out of time!
- Share this story and encourage everyone to demand that this breach is taken seriously and fully investigated before the inauguration.
Sources and Snips
Recorded Future is a Threat Intelligence Company. The summary and key findings are below, but I encourage everyone to click through and read the report.
On December 1, 2016, Recorded Future threat intelligence technology identified chatter related to a suspected breach of the U.S. Election Assistance Commission (EAC).
Further research identified a Russian hacker (Recorded Future refers to this actor as Rasputin) soliciting a buyer for EAC database access credentials.
- On December 1, 2016, Recorded Future identified chatter related to a suspected breach of the U.S. Election Assistance Commission (EAC).
- Recorded Future engaged the Russian-speaking actor (referred to as “Rasputin” in this research) to assess the full scope of the unauthorized access, and provided all relevant information to federal law enforcement.
- Further analysis identified more than 100 potentially compromised access credentials, including some with administrative privileges.
- Rasputin offered to sell an unpatched system vulnerability to a Middle Eastern government broker.
- Recorded Future successfully attributed the EAC breach to Rasputin.
This graph can be found in the Recorded Future reporting on the breach.
Two weeks later, Thursday, December 15, 2016: U.S. Election Assistance Commission posted the following notice on their website.
The U.S. Election Assistance Commission (EAC) has become aware of a potential intrusion into an EAC web-facing application. The EAC is currently working with Federal law enforcement agencies to investigate the potential breach and its effects.
The EAC’s mission is to provide a clearinghouse of election administration best practices, administer a voluntary voting machine certification system, and survey election administration practices.
Upon detecting the intrusion, the EAC terminated access to the application and began working with federal law enforcement agencies to determine the source of this criminal activity. The FBI is currently conducting an ongoing criminal investigation. As such, questions concerning the investigation should be directed to the FBI.
Tom Spring writing for ThreatPost.
SQL injections are among the most common techniques employed by hackers to steal valuable information from corporate databases. Recorded Future declined to share technical specifics of the SQL injection vulnerability or EAC’s compromised platform.
Again, I encourage you to click through and read the whole thing.
(with a little help from GreyHawk)
|SQL Injection Attack is Tied to Election Commission Breach||225.21 KB|
|EAC Reports Potential Breach||80.92 KB|