US election agency breached by suspected Russian hacker

A security firm discovers more than 100 login credentials for computers at the US Election Assistance Commission on the internet black market.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

Login credentials for the US Election Assistance Commission, the agency that certifies voting machines, were discovered on the black market.

Moment Editorial/Getty Images

The US agency responsible for certifying the security of voting machines reportedly fell victim to a hacker believed to be Russian.

Security firm Recorded Future said Thursday that it discovered login credentials for computers at the US Election Assistance Commission for sale on the internet black market. The firm said its analysis identified the hacker as Russian.

"The breach appeared to include more than one hundred access credentials, including some with the highest administrative privileges," Andrei Barysevich, director of advanced collection at Recorded Future, wrote in a blog post. "These administrative accounts could potentially be used to access sensitive information as well as surreptitiously modify or plant malware on the EAC site."

The report comes amid heightened concern that the Russian government hacked the US presidential election in November to ensure a victory for Republican Donald Trump. An anonymous senior US official told The Washington Post last week that "Russia's goal here was to favor one candidate over the other, to help Trump get elected."

Posing as a potential buyer, Recorded Future engaged a "Russian-speaking actor" who was offering the credentials for sale. The hacker said he had accessed the system through an unpatched vulnerability, which he was attempting to sell information about to a Middle Eastern government, the company said.

It wasn't immediately clear when the hack occurred. Recorded Future said it turned over its findings to federal law enforcement officials. The Justice Department did not immediately respond to a request for comment.

Created by the Help America Vote Act of 2002, the EAC is a government agency that certifies voting machines and serves as a clearinghouse for information regarding election administration.

The US Election Assistance Commission did not immediately respond to a request for comment.