By Chris Perez
Photo: Reality Winner
A 25-year-old Federal contractor was charged Monday with leaking a top
secret NSA report — detailing how Russian military hackers targeted US voting
systems just days before the election.
The highly classified intelligence document, published
Monday by The Intercept, describes how Russia managed to infiltrate
America’s voting infrastructure using a spear-phishing email scheme that
targeted local government officials and employees.
It claims the calculated cyberattack may have even been more far-reaching
and devious than previously thought.
The report is believed to be the most detailed US government account of
Russia’s interference to date.
It was allegedly provided to the Intercept by 25-year-old Reality Leigh Winner,
of Augusta, who appeared in court Monday after being arrested at her home over
the weekend.
She was charged with removing and mailing classified materials to a news
outlet, DOJ
officials said.
“Releasing classified material without authorization threatens our nation’s
security and undermines public faith in government,” Deputy Attorney General
Rod J. Rosenstein explained in a statement. “People who are trusted with
classified information and pledge to protect it must be held accountable when
they violate that obligation.”
Winner, who works as contractor at Pluribus International Corporation,
allegedly leaked the report in early May. A federal official told NBC News that
she had, in fact, given it to the Intercept.
According to the document, it was the Russian military intelligence that
conducted the cyber attacks last year.
Specifically, operatives from the Russian General Staff Main Intelligence
Directorate, or GRU, are said to have targeted employees at a US election
software company last August and then again in October.
While the name of the company is unclear, the report refers to an
undisclosed product made by VR Systems — an electronic voting services and
equipment vendor in Florida that has contracts in eight states, including New
York.
The hackers were given a “cyber espionage mandate specifically directed at
U.S. and foreign elections,” the report says.
On August 24, 2016, the group sent the employees fake emails, which were
disguised as messages from Google. At least one of the workers was believed to
be compromised.
In late October, the group established an “operational” Gmail account and
posed as an employee from VR Systems — using previously obtained documents to
launch another spear-phishing attack “targeting US local government
organizations,” the report says.
According to the NSA, the hackers struck on either October 31 or November
1, sending spear-fishing emails to at least 122 different email addresses
“associated with named local government organizations.”
They were also likely
sent to officials “involved in the management of voter registration systems,”
the report says.
The emails were said to
have contained weaponized Microsoft Word attachments, which were set up to
appear as unharmful documentation for the VR Systems’ EViD voter database — but
were actually embedded with automated software commands that are secretly
turned on as soon as the user opens the document.
The hack ultimately gave
the Russians a back door and the ability to deliver any sort of malware or
malicious software they wanted, the report says.
In addition, the NSA
document also describes two other incidents of Russian meddling prior to the
election.
In one, the hackers posed
as a different voting company, referred to as “US company 2,” from which they
sent phony test emails — offering “election-related products and services.”
The other operation was
said to be conducted by the same group of operatives, and involved sending
emails to addresses at the American Samoa Election Office, in the attempt to
uncover more existing accounts before striking again.
It is ultimately unclear
what came of the cyberattack, but the NSA report firmly states that the
Russians had been intent on “mimicking a legitimate absentee ballot-related
service provider.”
“It is unknown, whether
the aforementioned spear-phishing deployment successfully compromised the
intended victims, and what potential data could have been accessed by the cyber
actor,” the NSA states of the result of the hacking.
While the government
employees were only hit with simple login-stealing tactics, experts told the
Intercept that such operations could prove even more dangerous than malware
attacks in some instances.
VR Systems doesn’t sell
voting machines, but holds contracts in New York, California, Florida,
Illinois, Indiana, North Carolina, Virginia, and West Virginia — making it a
prime target for those who want to disrupt the vote and cause chaos come
election day.
“If someone has access to
a state voter database, they can take malicious action by modifying or removing
information,” Pamela Smith, president of election integrity watchdog Verified
Voting, told the Intercept.
“This could affect
whether someone has the ability to cast a regular ballot, or be required to
cast a ‘provisional’ ballot — which would mean it has to be checked for their
eligibility before it is included in the vote,” she said. “And it may mean the
voter has to jump through certain hoops such as proving their information to
the election official before their eligibility is affirmed.”
At least one US
intelligence official admitted to the Intercept that the Russian hackers
described in the NSA report could have disrupted the voting process on November
8, by specifically targeting locations where VR Systems’ products were in use.
They cited the simple possibility of compromising an election poll book system,
which could cause widespread damage in certain places.
“You could even do that
preferentially in areas for voters that are likely to vote for a certain
candidate and thereby have a partisan effect,” explained Alex Halderman,
director of the University of Michigan Center for Computer Security and
Society.
In response to the
report, VR Systems’ Chief Operating Officer Ben Martin told the Intercept:
“Phishing and spear-phishing are not uncommon in our industry. We regularly
participate in cyber alliances with state officials and members of the law
enforcement community in an effort to address these types of threats. We have
policies and procedures in effect to protect our customers and our company.”
_____________________
Who is Reality Winner?
Accused leaker wanted to ‘resist’ Trump
By Brooke Singman 
Reality Winner, a
25-year-old Air Force veteran, is a contractor with Pluribus International
Corporation assigned to a federal facility in Georgia, where she allegedly
leaked a classified intelligence report containing “Top Secret Level” information. The
report, according to the Department of Justice, contained classified defense
information from an intelligence community agency.
While the DOJ did not
say which site published the information, the charges were announced just as
The Intercept published details of a National Security Agency report
on Russian hacking efforts during the 2016 presidential election.
According to the Justice
Department, Winner admitted to printing a classified intelligence document
despite not having a “need to know,” and with knowledge the report was
classified. Winner further admitted removing the report from her office space
and mailing it to the news outlet, according to the criminal complaint.
Why go through all the
trouble and risk?
The Justice Department
does not speak to motivation, but Winner’s social media pages indicate she was
a passionate environmentalist who shared Bernie Sanders material online and
held some anti-Trump views. She shared numerous articles and comments against
the Dakota Access and Keystone XL pipelines (which Trump has moved to revive)
on her Facebook page, even posting a letter she sent to the office of Sen.
David Perdue, R-Ga.
“Repeat after me: In the
United States of America, in the year 2017, access to clean, fresh water is not
a right, but a privilege based off of one’s socio-economic status,” Winner
wrote in a Facebook posting about four months ago.
Winner also posted using
the hashtag #F---ingWall, in an entry about Trump “silencing” the Environment
Protection Agency.
Winner also posted in
February, before Trump revived construction on the Dakota Access Pipeline: “You
have got to be s---ting me right now. No one has called? The White House shut
down their phone lines. There have been protests for months, at both the
drilling site and outside the White House. I’m losing my mind. If you voted for
this piece of s---, explain this. He’s lying. He’s blatantly lying and the
second largest supply of freshwater in the country is now at risk. #NoDAPL
#NeverMyPresident #Resist.”
And in one telling post
before the general election, she wrote, "On a positive note, this Tuesday
when we become the United States of the Russian Federation, Olympic lifting
will be the national sport."
As for non-political
interests, her social accounts also suggest she's a workout buff and donates to
veterans' and children's charities.
Air Force officials
confirmed that Winner served active duty from December of 2010 to last
December. It was not immediately clear if she was ever deployed. Winner was a
cryptologic language analyst, requiring fluency in at least one foreign
language which was not divulged. Winner attained the rank of senior airmen, E4,
and was last stationed at Ft. Mead in Maryland.
The Justice Department
did not specify whether Winner is being charged in connection with the
Intercept’s report, but the site noted the NSA report cited in its story was
dated May 5 of this year -- the affidavit released by the DOJ supporting
Winner’s arrest also said the report was dated “on or about” May 5.
“Exceptional law
enforcement efforts allowed us to quickly identify and arrest the defendant,”
Deputy Attorney General Rod Rosenstein said on Monday. “Releasing classified
material without authorization threatens our nation’s security and undermines
public faith in government.”
Rosenstein added:
“People who are trusted with classified information and pledge to protect it
must be held accountable when they violate that obligation.”
Winner has held a top
secret clearance during her employment at Pluribus International Corporation.
She has been employed at the facility since mid-February.
Late Monday night,
WikiLeaks founder Julian Assange tweeted his support for Winner.
“Alleged NSA
whistle-blower Reality Leigh winner must be supported. She is a young woman
accused of courage in trying to help us know,” Assange posted on Twitter.
On Tuesday, The
Intercept released a statement saying they had no knowledge of the identity of
the person who provided them with the classified documents.
_______________
POWERLINE
Did Obama
tell the truth about Russia’s election meddling?
By Paul Mirengoff
During a news conference
last December, President Obama claimed that Russian interference in the 2016
election ended after he told Russian President Vladimir Putin to “cut it out”
in early September. In Obama’s telling, he warned Putin of “serious
consequences” if Russian interference continued. As a result the interference
ceased.
Here is what Obama told
the American public:
What I was concerned
about in particular was making sure [the DNC hack] wasn’t compounded by
potential hacking that could hamper vote counting, affect the actual
election process itself. So in early September when I saw President Putin
in China, I felt that the most effective way to ensure that that didn’t happen
was to talk to him directly and tell him to cut it out and there were going to
be serious consequences if he didn’t.
And in fact we did not
see further tampering of the election process. But the leaks through WikiLeaks
had already occurred.
(Emphasis added)
However, Peter Hasson of the Daily Caller
points out that Obama’s self-serving claim is contradicted by leaked documents.
These documents indicate that Russia attempted to interfere in the election
just days before it occurred: Hasson writes:
NSA documents published by The
Intercept on Monday revealed that as late as October 31 or November
1, hackers launched an election-related spearfishing operation “targeting U.S.
local government organizations.”
In other words, Russia
was still tampering with the American electoral process after Obama said they
ceased doing so. The documents’ authenticity has been confirmed by U.S.
officials, and the U.S. Department of Justice charged on Monday the
woman who leaked the Top Secret documents to The Intercept.
“The NSA assessed that
this phase of the spear-fishing operation was likely launched on either October
31 or November 1 and sent spear-fishing emails to 122 email addresses
‘associated with named local government organizations,’ probably to officials
‘involved in the management of voter registration systems,’” The Intercept reported.
And that’s not all:
The leaked documents reveal
that two other election-related hacking efforts were launched in October — one
month after Putin supposedly “cut it out.”
There’s no reason to
believe that the Russian efforts to “hack” the voting process succeeded. But
it’s noteworthy that Russia went after the exact target — “actual election
process itself — that Obama says he was determined to stopping them, and did
stop them, from targeting.
It was always difficult
to believe that Putin would take seriously a directive by Obama to “cut it out”
(“it” being anything Putin wanted to do). As I reported in 2009, the
Russians concluded, based on what they witnessed during Obama’s visit to
Moscow, that the president was a lightweight. As one source told me, they felt
they could “steal his pants.”
Obama repeatedly
confirmed this assessment. He did so most egregiously when he turned to Russia
to bail him out after Assad crossed the “red line” by using chemical weapons on
civilians. But this wasn’t the only example.
Obama’s assertion that he
caused Putin to back away from interfering in the 2016 election is best viewed
as an attempt to reclaim his trousers, or at least to substitute a fig leaf.
But now we know that Obama’s assertion was false.
