Skip To Content
BuzzFeed News Home Reporting To You

Utilizamos cookies, próprios e de terceiros, que o reconhecem e identificam como um usuário único, para garantir a melhor experiência de navegação, personalizar conteúdo e anúncios, e melhorar o desempenho do nosso site e serviços. Esses Cookies nos permitem coletar alguns dados pessoais sobre você, como sua ID exclusiva atribuída ao seu dispositivo, endereço de IP, tipo de dispositivo e navegador, conteúdos visualizados ou outras ações realizadas usando nossos serviços, país e idioma selecionados, entre outros. Para saber mais sobre nossa política de cookies, acesse link.

Caso não concorde com o uso cookies dessa forma, você deverá ajustar as configurações de seu navegador ou deixar de acessar o nosso site e serviços. Ao continuar com a navegação em nosso site, você aceita o uso de cookies.

US Agency That Certifies Voting Machines Was Hacked, Firm Says

A hacker was in the process of selling login credentials to the government organization that certifies the security of voting technology, according to a new report.

Last updated on December 15, 2016, at 8:50 p.m. ET

Posted on December 15, 2016, at 8:18 p.m. ET

M. Spencer Green / AP / Via

Voters cast their ballots in the Illinois primary in Hinsdale, Ill. I

The government organization that oversees the integrity of voting machines and election administration databases was hacked, according to a report released Thursday.

Recorded Future, a Boston-based cybersecurity company, identified a hacker by the pseudonym Rasputin who stole login information from the US Election Assistance Commission (EAC) and offered it for sale.

Recorded Future / Via

Systems status report page from the EAC

Prior to this incident, no cybercriminal activity involving the EAC had been found.

According to the report, Rasputin was in ongoing negotiations to sell 100 login credentials, some with the most powerful administrative privileges over the EAC's databases, to a Middle Eastern government broker for several thousand dollars. Recorded Future does not believe Rasputin was sponsored by a foreign government.

Recorded Future / Via

Election and software systems test reports

Whether the hack could delegitimize the results of the election is difficult to say. Levi Gundert, a researcher with Recorded Future, told BuzzFeed News, "We don't know when the initial compromise occurred or how long the hacker had access, but it wouldn't appear that those credentials would have the ability to materially impact the election."

As for what a potential buyer could have done with the credentials, the company wrote, "These administrative accounts could potentially be used to access sensitive information as well as surreptitiously modify or plant malware on the EAC site, effectively staging a watering hole attack utilizing an official government resource."

Recorded Future / Via

The EAC's projects reports page.

A watering hole attack involves hackers targeting a specific group by infecting sites members of that group often visit.

The EAC's database also includes the specifications of electronic voting like where and which companies manufacture them or where they are in the process of security certification, Gundert said. US adversaries could use as advance knowledge to interfere with US elections.

Because of other vulnerabilities in the EAC's system, it is possible that the full extent of the hack is not fully known, according to the report. Recorded Future has sent information on the hack to federal law enforcement.

Recorded Future / Via

Rasputin's activity on the Dark Web since the beginning of 2015, as monitored by Recorded Future.

According to Gundert, the difficulty of securing government databases makes it unlikely that this was Rasputin's only trove of sensitive information.

The commission did not immediately respond to requests for comment.

A BuzzFeed News investigation, in partnership with the International Consortium of Investigative Journalists, based on thousands of documents the government didn't want you to see.