Voters cast their ballots in the Illinois primary in Hinsdale, Ill. I
M. Spencer Green / AP
The government organization that oversees the integrity of voting machines and voter registration databases was hacked in the weeks following the election, according to a report released Thursday.
Recorded Future, a Boston-based cybersecurity company, identified a hacker by the pseudonym Rasputin who stole login information from the US Election Assistance Commission (EAC) and offered it for sale. As of Thursday, the database vulnerability had been patched, Recorded Future researchers told Reuters.
Prior to this incident, no cybercriminal activity involving the EAC had been found.
According to the report, Rasputin was in ongoing negotiations to sell 100 login credentials, some with the most powerful administrative privileges over the EAC's databases, to a Middle Eastern government broker for several thousand dollars. Recorded Future does not believe Rasputin was sponsored by a foreign government.
As for what a potential buyer could have done with the credentials, the company wrote, "These administrative accounts could potentially be used to access sensitive information as well as surreptitiously modify or plant malware on the EAC site, effectively staging a watering hole attack utilizing an official government resource."
A watering hole attack involves hackers targeting a specific group by infecting sites members of that group often visit.
Because of other vulnerabilities in the EAC's system, it is possible that the full extent of the hack is not fully known, according to the report. Recorded Future has sent information on the hack to federal law enforcement.
The commission and Recorded Future did not immediately respond to requests for comment.
LINK: White House Suggests Putin Directed US Election Hacking
from BuzzFeed - USNews http://ift.tt/2hCNp3Y
No comments:
Post a Comment