U.S. spy agencies probe another flank in Russian hacking

Reality Leigh Winner, 25, a federal contractor charged by the U.S. Department of Justice for sending classified material to a news organization, poses in a picture posted to her Instagram account. Reality Winner/Social Media via REUTERS

By Joseph Menn

SAN FRANCISCO (Reuters) – Russian hacking of the 2016 U.S. election included sophisticated targeting of state officials responsible for voter rolls and voting procedures, according to a top secret U.S. intelligence document that was leaked and published this week, revealing another potential method of attempted interference in the vote.

The month-old National Security Agency document outlined activities including impersonating an election software vendor to send trick emails to more than 100 state election officials. Analysts at the NSA believed the hackers were working for the Russian military’s General Staff Main Intelligence Directorate, or GRU, according to the document.

The document’s publication on Monday by The Intercept, a news outlet that focuses on security issues, received particular attention because an intelligence contractor, Reality Leigh Winner, was charged the same day with leaking it.

U.S. intelligence agencies have previously said the Kremlin tried to influence the election outcome in favor of Republican candidate Donald Trump through leaks during the campaign of hacked emails from Democratic Party officials, aimed at discrediting Democratic candidate Hillary Clinton.

The new revelations suggest that U.S. investigators are also still probing a more direct attempt to attack the election itself, and a federal official confirmed that is the case. However, there is no evidence that hackers were able to manipulate votes, or the vote tally.

The document says at least one employee of the software vendor had an account compromised but does not cover whether any of the elections officials were also successfully compromised.

If they did compromise the officials, hackers could have planted malicious software, then captured proof of the infection to suggest that there had been fraud on Clinton’s behalf, had she won the Nov. 8 election, experts said.

“If your goal is to disrupt an election, you don’t need to pick the winner or actually tamper with tally result,” said Matt Blaze, a University of Pennsylvania computer science professor who has written on the security of voting machines. Simply casting doubt on the legitimacy of the results could achieve the goals of a government-sponsored hacking campaign, he said.

U.S. intelligence officials had previously stated that Russian intelligence had won access to “multiple” election officials but had said that compromised machines were not involved with vote tallies. But they had not said how sophisticated and extensive the effort was or how it worked.

Russian President Vladimir Putin has strongly denied Russian government involvement in election hacking, though he said last week that “patriotic” Russians could have been involved. Trump has denied any collusion.

SPEAR-PHISHING ON ELECTIONS OFFICIALS

The newly leaked NSA report said the hackers used so-called “spear-phishing” techniques on election officials, trying to convince targets to click on links in emails that seemed to come from legitimate correspondents.

The report describes just one phishing campaign, which hit state officials a week before the election, but does not give any locations or say if it was successful. Although there may have been many others, security experts said one coming so late in the game would be more likely to be about sowing chaos than trying to alter vote counts.

The report did not say what the hackers were trying to accomplish, and any investigation of the computers of people who were targeted would be the jurisdiction of the FBI.

An FBI spokeswoman declined to comment Tuesday, as did the office of the special counsel Robert Mueller, who is investigating possible collusion between Trump campaign officials and the Russian government.

ATTACKING VOTER ROLLS

The “bait” used in the spear-phishing campaign involved software for managing voter registration rolls. The hackers might have been considering deleting some records and forcing officials to turn legitimate voters away, said elections technology security expert Alex Halderman, of the University of Michigan.

There were no wide reports of mass rejections of voters, so perhaps that plan was abandoned or proved too hard to execute, he said.

It is also possible that the idea was to get onto the machines of officials who oversaw both registration and voting software. Elections are run by counties in the United States.

“Depending on the county’s configuration and security practices and what is separated from what, they could have access to potentially every aspect, from lists of registered voters, to voting machines, to firmware on those machines, to the ballots that are presented, to the software that controls the final tally,” Blaze said.

“This is the holy grail of what an attacker would want to compromise.”

Members of Congress said they hoped to learn more about the hacking attempts.

“It’s important that the American people understand that the Russian attempts to break into a number of our state voting processes – we talked about this in the fall – was broad-based,” Democrat Mark Warner, vice chairman of the Senate Intelligence committee, told reporters.

“It’s my hope in the coming days that we can get more information out about that.”

(Reporting by Joseph Menn in San Francisco; Additonal reporting by Dustin Volz, Jim Finkle and Mark Hosenball in Washington; Editing by Jonathan Weber and Frances Kerry)

U.S. lawmakers to press intel chiefs on Russia ahead of Comey hearing

FILE PHOTO - FBI Director James Comey waits to testify to the Senate Select Committee on Intelligence hearing on "Russia's intelligence activities" on Capitol Hill in Washington, U.S. January 10, 2017. REUTERS/Joshua Roberts/File Photo

By Patricia Zengerle and Dustin Volz

WASHINGTON (Reuters) – Top U.S. intelligence officials will face questions on the Federal Bureau of Investigation’s probe into Russian involvement in the 2016 U.S. election and fallout from the firing of former FBI director James Comey when they appear at a Senate hearing on Wednesday.

The U.S. Senate Intelligence Committee’s open hearing will feature officials closely tied to President Donald Trump’s abrupt firing last month of Comey, which sparked accusations that the Republican president had dismissed him to hinder the FBI probe and stifle questions about possible collusion between Trump’s campaign and Russia.

Deputy Attorney General Rod Rosenstein, the second-ranking official at the Department of Justice who signed a letter recommending Comey’s dismissal, will testify, a day ahead of Comey’s own hotly anticipated testimony in the investigation of Russian involvement in the 2016 U.S. election.

Rosenstein’s public testimony will be the first since he appointed – in the face of rising pressure from Congress – former FBI Director Robert Mueller as special counsel investigating possible links between Russia and the election.

Acting FBI Director Andrew McCabe, who took over after Comey was fired, will also be at the hearing.

The probe has hung over Trump’s presidency since he took office in January and threatens to overwhelm his policy priorities.

The Kremlin denies U.S. intelligence agencies’ conclusion that Moscow tried to tilt the election campaign in Trump’s favor, including by hacking into the emails of senior Democrats. Trump has denied any collusion.

“I know that there are going to be members who want to hear from Deputy Attorney General Rosenstein about his involvement in the (Comey) firing,” Senator Mark Warner, the top Democrat on the Intelligence Committee, told Reuters.

National Security Agency Director Admiral Mike Rogers and Director of National Intelligence Dan Coats will also be present at the hearing originally set to discuss a foreign surveillance law.

“My hope will be that Admiral Rogers and Director Coats won’t try to hide behind executive privilege … about the press reports about the president asking them to downplay the Russia investigation,” Warner said.

The Washington Post reported on May 22 that Trump had asked the officials to help push back against the FBI investigation into possible coordination between his campaign and Moscow, citing current and former officials.

The two refused to comply with the request, which they regarded as inappropriate, the Post report said.

The Washington Post separately reported on Tuesday that Coats told associates in March that Trump asked him if he could intervene with then FBI Director Comey to get the FBI to back off its focus on Michael Flynn, the former national security adviser, in its Russia probe, according to officials.

The intelligence officials are also expected to defend Section 702 of the Foreign Intelligence Surveillance Act, or FISA — the stated topic of the hearing — which will expire on Dec. 31 unless Congress votes to reauthorize it.

Section 702 allows the NSA to collect digital communications of foreigners believed to be living overseas whose communications pass through U.S. telephone or Internet providers. Information about Americans is also sometimes incidentally gathered, such as when someone is communicating to a foreign target which privacy advocates have long argued evades Constitutional protections against warrantless searches.

U.S. surveillance practices have come under increased scrutiny amid unsubstantiated assertions by Trump and other Republicans that the White House under former President Barack Obama, a Democrat, improperly spied on Trump or his associates.

There is no evidence that political motives drove Obama administration officials to request the names of Trump associates in any intercepts. The requests underwent every required evaluation, and they produced nothing out of the ordinary, according to four current and former officials who have reviewed the materials.

(Additional reporting by John Walcott; Editing by Yara Bayoumy and Lisa Shumaker)