By Dani Graham
Russian Military Intelligence, Russian General Staff Main Intelligence Directorate (GRU) succeeded in carrying out a “cyber espionage operations against a named U.S company in August 2016” according to a classified NSA report that was leaked to The Intercept. The person believed to have leaked the classified information has been arrested and charged.
The NSA’s top secret document was obtained by The Intercept anonymously. They then shared the report with the NSA for authenticity and for comment which led the intelligence agency to the federal worker, Reality Leigh Winner who is presumed to be the source of the leak.
Upon examination of the document shared by the news agency, the NSA was able to determine that it had been copied and carried out of a secure location. This information prompted an internal audit to help them determine who had access to the report in the month since it had been published. The audit revealed that six individuals had printed the report. A subsequent audit of the desk computers of these people revealed that Winner was the only one who had contacted the news organization via email.
Reality Leigh Winner, 25, received top secret security clearance when hired as a federal contractor for Pluribus International Corporation in February. The companies list of clients includes U.S. intelligence and military agencies such as the DIA and U.S. Army.
According to Deputy Attorney General Rod Rosenstein,
“Releasing classified material without authorization threatens our nation’s security and undermines public faith in government. People who are trusted with classified information and pledge to protect it must be held accountable when they violate that obligation.”
The FBI affidavit states that Winner
“admitted removing the classified intelligence reporting from her office space, retaining it, and mailing it from Augusta Georgia, to the News Outlet, which she knew was not authorized to receive or possess the documents.”
The top secret report contradicts Russian President Vladimir Putin‘s persistent claims that Russia did not attempt to interfere in our elections. In fact, the report confidently claims that the cyberattack was indeed orchestrated by Russia Military Intelligence.
The cyberattack began back in August 2016 when GRU first targeted a U.S. voting systems manufacturer. Although the company’s identity was masked in the report, other details revealed the company to be VR Systems.
The first line of attack by the Russian hackers was to gain access to the internal system of this U.S. election software company. They targeted seven “potential victims” with a mock Google website requesting their login credentials. Gaining access to credentials is far more menacing than malicious malware. This allows hackers to infiltrate internal corporate data, which in turn gives them the ability to appear as that company when corresponding with others. In other words, the hackers steal their identity.
The NSA report did not determine how many of the victims had been compromised or what information the hackers were able to extract. However, it’s clear that the hackers were able to get the information they needed to conduct another cyberattack. This secondary spear-fishing operation which was launched on October 31 or November 1 was aimed at U.S. local government organizations.
The hackers were able to create an email account which appeared to come from VR Systems and even included documents they had obtained from their previous cyberattack. These authentic looking emails were sent to 122 local government organizations which were probably “involved in the management of voter registration systems.” They contained invisible software commands which give the hackers full access to the person’s computer allowing them to siphon any wanted information.
It’s still unknown the extent of what the hackers were able to accomplish, and the NRA was unable to conclude what effect these Russian cyberattacks had on the outcome of the election. Yet, one U.S. intelligence official has acknowledged the possibility that the voting process could have been disruptive on November 8.