The American security company Recorded Future says it has been in contact with a Russian-speaking person who offered logins for the Election Assistance Commission for sale. The organization certifies voting machines, among other things.
The organization has now published a press release in which it states that it is aware of a possible hack on a ‘web-facing application’. The message does not state whether the information is from Recorded Future. That company previously wrote that it received communication on December 1 about a hack on the EAC. It was then able to contact a Russian-speaking person who calls it Rasputin.
That person offered more than a hundred logins to the EAC’s site, some of which gave access to accounts with the highest privileges. He would have obtained it using a sql leak. The security company reports that it is possible with the accounts to, for example, get secret information or to spread malware via the site. After the discovery of the leak, the company contacted the FBI. The EAC states in its message that it is working with the investigative service to investigate the hack.
The EAC says it does not organize elections itself and does not store information about eligible voters in its databases. The organization’s job is to disseminate information and test and certify voting machines. Recorded Future says it is deliberately not making any assumptions about the involvement of Russian security services, as this is beyond the scope of its investigation. In recent months there have been many reports of Russian involvement in political hacks on the US.
On Thursday, President Obama announced that action would be taken over the hacks allegedly carried out by Russia. Russian President Putin responded on Friday with the message that “the US must provide evidence, otherwise the allegations are very crude.”