Russia Intelligence Units Hacked Election Databases and Voting Technology
The Muller Report states that Russian military intelligence officially known as Main Intelligence Directorate of the General Staff of the Russian Army, but commonly known as GRU hacked the election process through malware attacks as well as spear phishing email campaigns. Hackers targeted U.S. election officials, election websites, and private manufacturers of voting machines.
In 2016, GRU Unit 26165 hacked the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC) using spear phishing emails. While GRU Unit 74455 hacked various state and local boards of elections, secretaries of state, and companies that provide voting technology. GRU exploited vulnerabilities on official election websites. Hackers used straightforward techniques including a tactic known as SQL injection to gain access to databases of voter information. The cyber attack vector was to inject malicious SQL code to allow hackers to run more SQL commands to download data.
The Mueller Report is officially titled, The Report On The Investigation Into Russian Interference In The 2016 Presidential Election, Volumes I and II, by Special Counsel Robert S Mueller, III. The report outlines the investigation into Russian interference with the 2016 US Presidential elections. It details how Russian hackers compromised election websites, hacked Clinton campaign email servers, and conducted email phishing campaigns.
According to the Mueller Report, in June 2016, a GRU unit hacked the IT system of the Illinois State Board of Elections by exploiting a vulnerability in its website. GRU gained access to millions of registered Illinois voters. They downloaded thousands of voter records before the malware was detected and access was shut down.
Malware was sent to over 120 Florida county election officials in November 2016. The malware was sent via spear phishing emails. Spear phishing emails are malicious emails purposefully targeted at individuals. The emails attempt to gain personal information about the recipient and encourage them to take some action. Recipients are tricked by spear phishing emails because they are personalized and appear to be legitimate. Sometimes only spelling mistakes or the suspicious intentions of the email text are the only clues that the email may be criminal. The spear phishing emails had a Trojan Word document attached which launched malware. Once infected, GRU was able to access infected machines.
How Does Trojan Malware Work?
Trojan is an umbrella term for a malware delivery strategy. Trojans are also considered a form of malware as they carry out unwanted activity on a computer or IT system. Trojans are used by hackers to gain access to computer systems and hardware. Targets are tricked into downloading an email attachment or clicking on a link that sends them to a spoofed website. The trojan loads files and executes malware on their computer systems.
In addition to hacking election related IT systems, GRU also hacked the computer systems of the DCCC and the DNC. Beginning in March 2016, GRU hacked the computers and email accounts belonging to Clinton campaign workers. This including the email breach of campaign chairman John Podesta, the Mueller report stated.
Both the DCCC and DNC IT systems were infected with two malwares, X-Agent and X-Tunnel according to the Mueller Report page 38. The X-Agent malware record the keystrokes of infected machines. It also took screenshots and recorded the files system. The X-Tunnel malware tunneled outside of the DCC and DNC networks and was used for large data transfers of stolen information.
What is Malware?
Malware is any unwanted application on a computer, IT network, or electronic device such as a smartphone. Malware can take control or a device or download files. Sometimes malware quietly uses an infected device to spread more malware waiting for some future purpose. Malware can be used spy on the activities of a device or to recruit computers to work together in a botnet.
The malware used by the Russian hackers was developed to infiltrate computer networks and infecting as many devices as possible.
Malware is called ransomware when it locks up a machine and takes control away from its legitimate owner promising to return control when a ransom is paid. Recipients’ machines are infected when they click on a link in an email or download malware that in turn downloads even more malware. Email can be accompanied by attachments that contain malicious executable files. Malware includes ransomware, computer viruses, adware, and trackers. Well-known, recent malwares include GandCrab, SamSam, Bad Rabbit, Petya, Not Petya, and WannaCry.
How Does Malware Work?
Malware works by gaining access to a computer or system. The malware generally attempts to gain administrative rights to a device by exploiting known security vulnerabilities. An SQL injection is a chunk of malicious commands that work on SQL databases. The hacker breaks a database allowing unauthorized access to the data. Once in, they extract information from the database. In the case of the Illinois Board of Election hack, the hackers downloaded thousands of voters records before they malware was detected.
Russian owned, Internet Research Agency (IRA), also carries out botnet activities on social media to cause political and social discord during election season.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers