A federal contract worker appeared in court Monday after her arrest for leaking a top-secret NSA report, which detailed how Russian military hackers targeted U.S. voting systems.
The top-secret intelligence document describes procedures Russia used to infiltrate the U.S. infrastructure by use of a spear-phishing email scheme targeting local government officials and employees.
Upon the release of the Intercept story report published Monday, the Justice Department was expedient in announcing the arrest of the 25-year-old federal contractor from Georgia in connection with the disclosure.
Reality Leigh Winner, a contractor with Pluribus International Corp., made her first federal court appearance in Augusta, Ga., Monday afternoon. Winner was charged with removing and mailing classified materials to a news outlet, as reported by the DOJ.
Deputy Attorney General Rod Rosenstein credited federal law enforcement agents with acting quickly to identify and arrest the defendant.
“Releasing classified material without authorization threatens our nation’s security and undermines public faith in government,” Rosenstein said.
Winner printed and improperly removed classified intelligence reporting, which contained classified national defense information from an intelligence community agency and unlawfully retained it, according to data recorded in court documents.
Reality Winner, Photo Credit: NBC News
The intelligence document published by the online news organization Intercept, describes more detailed information about Russian efforts to hack voting systems in the U.S., a week before the 2016 presidential election. Although the document doesn’t necessarily confirm hacking changed any votes, it raises the possibility that Russian hacking may have breached some elements of the voting system, with disconcertingly uncertain results.
Information noted in the top-secret document, pointed to the Russian military intelligence as perpetrators responsible for conducting a cyber-attack on at least one supplier of voting software and sent phishing emails containing malicious software to more than 100 local election official days before the 2016 election, The Intercept reported
The top-secret NSA report notes that findings are based on information obtained in April. The document does not reveal the “raw” intelligence that may have led to the report’s conclusions.
Information specified in the NSA document:
Russian intelligence “executed cyber espionage operation against a named U.S. Company in August 2016, for the sole purpose of obtaining information on elections-related software and hardware solutions.”
The Russian General Staff Main Intelligence Directorate, or GRU, was behind the operation according information gathering in the report.
The Russian “spear-fishing” attack involved sending local government employees emails that appeared to be from e-voting vendors containing Microsoft Word documents loaded with malware. Once the recipient opened one of the documents, the hackers would gain control of the infected computer.
To make the emails appear legitimate, the Russians tried to hack an election software company’s email system, The Intercept reported.
“Although the document does not directly identify the company in question, it contains references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states,” The Intercept reported.
In late October, the hackers began to send emails that appeared to be from a VR system employee, the document says. The emails were sent to 122 addresses tied to local government organizations. Officials involved in the management of voter registration systems, were reported as the likely targets. The emails contained “trojanized” attachments that would allow the hackers to gain access to the infected computer.
It is unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data could have been accessed by the cyber actor. The report published Monday is based on a “top-secret National Security Agency document” provided by an anonymous source. The report was “independently authenticated,” according to The Intercept.
An unnamed U.S. intelligence officer told The Intercept not to read too much into the document because, “a single analysis is not necessarily definitive.”
In response to the report, VR Systems’ Chief Operating Officer Ben Martin told the Intercept: “Phishing and spear-phishing are not uncommon in our industry. We regularly participate in cyber alliances with state officials and members of the law enforcement community in an effort to address these types of threats. We have policies and procedures in effect to protect our customers and our company.”