NSA report discloses Russian hacking days before US election

More than 100 local government organizations and a voting software company were targeted by Russian hackers before the 2016 election, says an NSA report.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
3 min read
USA - National Security Agency

Russian hackers used phishing emails in an attempt to compromise US election officials, says an NSA report.

Brooks Kraft LLC/Corbis via Getty Images

Russian hackers tried to compromise more than 100 US election officials and a voting software company right before Election Day, according to a top secret report from the National Security Agency.

In the NSA's classified report from May 5, the agency detailed how Russian military hackers tried to phish US election officials and VR Systems, a technology company that creates election software for eight states: California, Florida, Illinois, New York, North Carolina, Indiana, Virginia and West Virginia. Multiple efforts to hack these targets occurred in late October.

The report was published by The Intercept on Monday. CNET sister site CBS News confirmed the authenticity of the NSA report.

Russia's cyberattacks and influence on the 2016 presidential election continue to dog the White House. Multiple investigations are focused on possible ties between President Donald Trump's campaign and the Russian government, and the FBI launched a formal probe into ties between his campaign and foreign cyberattacks. Trump has denied reports of Russian hackers meddling on his behalf. Russian President Vladimir Putin denies any Russian government hackers interfered with the US election, insisting that it could have been the work of patriotic Russians and most recently, a child

The leaked report comes just three days before fired FBI director James Comey is expected to testify to the Senate Intelligence Committee about the investigation

The NSA's report said hackers on behalf of the Russian government tried to fool US elections workers into opening emails that appeared to be from an e-voting company. The emails were packed with hidden malware in Microsoft Word documents that could give hackers full control of the infected computers. 

In order to trick election officials, the hackers first targeted employees at VR Systems. The hackers sent emails that appeared to be from Google using the address "noreplyautomaticservice@gmail.com," which they registered on August 24, 2016, according to the NSA report. The emails contained links to a fake Google website that would request their login credentials. The NSA's report identified seven potential victims.

On October 27, 2016, just 12 days before the election, the hackers used the email address vr.elections@gmail.com, sending fake user guides on how to configure Windows machines meant for voting to VR Systems customers. The fake guides also contained viruses. The hackers sent the malicious files to 122 email addresses "associated with named local government organizations," according to the NSA report, probably to officials "involved in the management of voter registration systems." 

"It is unknown whether the aforementioned spear-phishing deployment successfully compromised the intended victims, and what potential data could have been accessed," the NSA wrote in its report.

In a statement, VR Systems said it notified all of its customers after being informed of an "obviously fraudulent" email designed to look like it came from the company.

"We are only aware of a handful of our customers who actually received the fraudulent email and of those, we have no indication that any of them clicked on the attachment or were compromised as a result," VR Systems said, adding that its products aren't used for ballot marking or tabulation of marked ballots.

On Tuesday, the NSA declined to comment on the report, referring all requests for comment to the Department of Justice.

First published June 5 at 3:14 p.m. PT
Update at 5:47 p.m.: Adds comment from VR Systems.
Update on June 6 at 5:37 a.m. PT: Adds response from NSA.

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.

Batteries Not Included: The CNET team reminds us why tech is cool.