russian email hack (Bakhtiar Zein/Shutterstock.com)

Mueller indictment details hacks on state election systems

Special Counsel Robert Mueller's July 13 indictment  of 12 Russians for interfering with the 2016 elections contains new details on how state election sytems were targeted.  Mueller describes how two of the defendants conspired "to hack into the computers of U.S. persons and entities responsible for the administration of the 2016 elections, such as state boards of election, secretaries of state, and U.S. companies that supplied software and other technology related to the administration of U.S. elections … to steal voter data and other information."

The charges relating to the crime of conspiracy to commit an offense against the United States were filed against Aleksandr Vladimirovich Osadchuk and Anatoliy Sergeyevich Kovalev, who were both officers in Russia's Main Intelligence Directorate (known by its Russian-language acronym GRU).

According to the indictment, in June 2016 the conspirators researched websites used by elections officials for vulnerabilities and searched for email addresses of state political party representatives. A month later they hacked into the website of a state board of elections and stole information related to approximately 500,000 voters, including names, addresses, dates of birth, partial Social Security numbers and driver's license numbers. The hackers followed this up in August by hacking into the computers of a vendor that supplied software used to verify voter registration information, according to additional details in Deputy Attorney General Rod Rosenstein's announcement of the indictment.

In August 2016, when the FBI issued an alert about the hack into the state election board, the conspirators deleted their search histories as well as other records relating to their targeting of election infrastructure.

Nevertheless, the indictment charges, just prior to the November 2016 presidential election the conspirators spoofed the voting software vendor's email account and sent over 100 malware-bearing spearphishing emails to organizations and staff involved in administering elections in several Florida counties.

The majority of the 10 other counts in the indictment deal with the conspirators' plan  "to hack into the computers of U.S. persons and entities involved in the 2016 U.S. presidential election, steal documents from those computers and stage release of the stolen documents to interfere with the 2016 U.S. presidential election," according to the indictment.

Rosenstein said efforts to protect the U.S. election system are "ongoing," and he cited work being done by DOJ, the Department of Homeland Security and state election boards that are designed to protect the 2018 mid-term elections from similar attacks.

About the Author

Susan Miller is executive editor at GCN.

Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.

Miller has a BA from West Chester University and an MA in English from the University of Delaware.

Connect with Susan at smiller@gcn.com or @sjaymiller.

inside gcn

  • smart city (jamesteohart/Shutterstock.com)

    Toolkit for building a smart city plan

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group