A top-secret NSA analysis of a Russian spy operation, recently published by the news website The Intercept, claims that members of Russia’s foreign military intelligence agency launched a cyberespionage campaign against a voting machine company.
Much of the five-page report is analysis on what the hackers may have intended to do. But it does detail activities of email accounts allegedly tied to the Russian General Staff Main Intelligence Directorate (GRU) and shows some of the spearphishing attempts they have run.
Spearphishing is a type of basic cyberattack that often includes sending a spoofed email that appears legitimate to a chosen target, attempting to trick the target into clicking on an infected link or opening an infected document attached to the email that will compromise the target’s computer.
The analysis states that in August 2016, the hackers “executed cyber espionage operations” against a U.S. voting machine company. It notes that information on the operation became available in April, and the analyst says the GRU may have intended to “obtain information on elections-related software and hardware solution.”
In October 2016, the hackers created a Gmail email address, “email@example.com,” which the analyst said was “potentially used” to offer products and services related to elections, “presumably to U.S.-based targets.”
The hackers then contacted anywhere between one and 122 email addresses “associated with named local government organizations.” The analyst is uncertain about the intentions, but says the hackers were “likely” targeting officials “involved in the management of voter registration systems.” It adds, however, that it is unknown what data they could have accessed, and whether any of the attempts succeeded.
At the same time, they registered an Outlook email account, “firstname.lastname@example.org,” and used this to send test messages to one of their own email accounts.
It says the hackers also “sent test emails to two nonexistent accounts” which the analyst presumes would be associated with absentee balloting, “presumably with the purpose of creating those accounts to mimic legitimate services.”
The report notes that since the hackers sent the emails to accounts that didn’t exist, they received replies from the mail servers on Oct. 18, 2016, “stating that the message failed to send, indicating that the two accounts did not exist.”
The nonexistent email accounts were called “email@example.com” and “firstname.lastname@example.org.” The analyst believes they did this to create the email accounts—although this is something they could have done directly by just registering the accounts.
According to The Intercept, the U.S. intelligence officer who provided them with the report “cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.”
The report does not show evidence that Russia managed to cause any interference with voting machines, which aligns with federal testimony. During a House Intelligence Committee hearing on March 20, both then-FBI Director James Comey and National Security Agency Director Mike Rogers said there had been no intelligence or evidence that suggested any votes were changed as a result of Russian interference.
The alleged source of the leak, Reality Leigh Winner, 25, was charged on June 5, making her the first person charged for leaking classified information to the media.
According to a Justice Department press release, Winner was a federal contractor from Augusta, Georgia, and was charged by the Southern District of Georgia for “removing classified material from a government facility and mailing it to a news outlet.”
Based on her social media activity, Winner was allegedly a fan of Bernie Sanders and held strongly negative views toward President Donald Trump.
If convicted, Winner faces 10 years in prison for “gathering, transmitting or losing defense information,” under a law passed in February 2010 on espionage and censorship.