Threat intelligence company Recorded Future yesterday announced that it has identified a Russian-speaking hacker trying to sell access to the U.S. Election Assistance Commission (EAC).
The EAC, which was created by the Help America Vote Act of 2002 (HAVA), is charged with developing guidance to meet HAVA requirements, adopting voluntary voting system guidelines, and serving as a national clearinghouse of information on election administration.
The commission also certifies voting systems.
On December 1st, Recorded Future detected chatter related to a suspected breach of the EAC. Further research then identified a Russian hacker, which the researchers are calling Rasputin, seeking a buyer for access credentials the EAC database.
“Recognizing the significant implications of such a compromise, Recorded Future provided law enforcement with the necessary data to further assess the potential damage,” Recorded Future director of advanced collection Andrei Barysevich wrote in a blog post. “The breach appeared to include more than 100 access credentials, including some with the highest administrative privileges. These administrative accounts could potentially be used to access sensitive information as well as surreptitiously modify or plan malware on the EAC site, effectively staging a watering hole attack utilizing an official government resource.”
Rasputin claimed to be accessing the system via an unpatched SQL injection flaw. “It’s not uncommon for this type of vulnerability to lead to broader system level access, however, in this case the full extent of the EAC compromise remains unknown,” Barysevich wrote.
The hacker appeared to be in ongoing negotiations with a potential buyer on behalf of a Middle Eastern government.
Barysevich added the following disclaimer to the announcement; “Recently, there has been intense reporting about potential Russian efforts to influence the U.S. presidential election. While this blog post may be relevant to informing some of those discussions, we make no claims whatsoever regarding operations run by any Russian intelligence service. Such operations are out of scope for this research and blog post.”
A recent Tripwire survey of more than 500 IT security professionals found that just one in four respondents said their organizations have the technology needed to effectively detect and respond to a serious data breach.
The survey also found that just 21 percent of respondents said their security teams are able to correlate data and security alerts from their security tools in near real time, and just 20 percent said more than half of the security tools in their organizations are integrated enough to exchange data.
“Opportunities for automation are key to maintaining operational effectiveness when organizations are faced with a skills shortage that won’t be alleviated quickly. … Putting the right contextual data at the analyst’s fingertips can allow one person to simply get more done in a shorter period of time,” Tripwire senior director of IT security and risk strategy Tim Erlin said in a statement.