Menu
Hacker allegedly stole logins from a US election agency

Hacker allegedly stole logins from a US election agency

A Russian-speaking hacker was found trying to sell the allegedly stolen login credentials

A Russian-speaking hacker has been found selling stolen login credentials for a U.S. agency that tests and certifies voting equipment, according to a security firm.

The hacker was attempting to sell more than 100 allegedly compromised login credentials belonging to the U.S. Election Assistance Commission (EAC), the security firm Record Future said in a Thursday blog post. The company said it discovered online chatter about the breach on Dec. 1.

Some of these credentials included the highest administrative privileges. With such access, an intruder could steal sensitive information from the commission, which the hacker claimed to have done, Recorded Future said.

According to screenshots obtained by Recorded Future, the hacker had access to details about tests of election systems and software.

The EAC said it has terminated access to the affected application and is working with federal law enforcement to determine the source of the criminal activity.

The EAC was formed in 2002. In addition to certifying voting systems, it develops best practices for administering elections.

In a statement, the commission said that it was aware of a “potential intrusion” involving a web-facing EAC application.   

The possible breach comes after weeks of allegations that the Russian government attempted to influence last month's U.S. election through several high-profile hacks.

The commission does not directly administer U.S. elections. They are carried out by states and local jurisdictions.

“The EAC does not maintain voter databases. The EAC does not tabulate or store vote totals,” the commission said.

rasputin eac breach 1 Recorded Future

A systems status report page on the commission's application.

Record Future also said the hacker it identified doesn’t appear to be sponsored by any foreign government. The security firm’s blog post didn’t cite any evidence that the hack had resulted in vote-tampering in the election.

To pull off the breach, the hacker exploited an unpatched SQL injection vulnerability, a common attack point found in websites. The hacker may also have tried to sell details about this vulnerability to a broker working on behalf of a Middle Eastern government, Recorded Future said.

“It’s not uncommon for this type of vulnerability to lead to broader system level access, however, in this case the full extent of the EAC compromise remains unknown,” Recorded Future said.

The stolen login credentials could have also allowed a hacker to modify or plant malware on the commission’s web-facing application, the company said.

It’s unclear how long the vulnerability remained unpatched, so it’s possible other bad actors may have exploited it, Recorded Future said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Meet the winners of the 2020 Reseller News Innovation Awards

Meet the winners of the 2020 Reseller News Innovation Awards

Reseller News honoured the standout players of the New Zealand channel in front of more than 500 technology leaders in Auckland on 21 October, recognising the achievements of top partners, start-ups, vendors, distributors and individuals.

Meet the winners of the 2020 Reseller News Innovation Awards
Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Show Comments