Hacker allegedly stole logins from a US election agency

A Russian-speaking hacker was found trying to sell the allegedly stolen login credentials

A Russian-speaking hacker has been found selling stolen login credentials for a U.S. agency that tests and certifies voting equipment, according to a security firm.

The hacker was attempting to sell more than 100 allegedly compromised login credentials belonging to the U.S. Election Assistance Commission (EAC), the security firm Record Future said in a Thursday blog post. The company said it discovered online chatter about the breach on Dec. 1.

Some of these credentials included the highest administrative privileges. With such access, an intruder could steal sensitive information from the commission, which the hacker claimed to have done, Recorded Future said.

According to screenshots obtained by Recorded Future, the hacker had access to details about tests of election systems and software.

The EAC said it has terminated access to the affected application and is working with federal law enforcement to determine the source of the criminal activity.

The EAC was formed in 2002. In addition to certifying voting systems, it develops best practices for administering elections.

In a statement, the commission said that it was aware of a “potential intrusion” involving a web-facing EAC application.   

The possible breach comes after weeks of allegations that the Russian government attempted to influence last month's U.S. election through several high-profile hacks.

The commission does not directly administer U.S. elections. They are carried out by states and local jurisdictions.

“The EAC does not maintain voter databases. The EAC does not tabulate or store vote totals,” the commission said.

rasputin eac breach 1 Recorded Future

A systems status report page on the commission's application.

Record Future also said the hacker it identified doesn’t appear to be sponsored by any foreign government. The security firm’s blog post didn’t cite any evidence that the hack had resulted in vote-tampering in the election.

To pull off the breach, the hacker exploited an unpatched SQL injection vulnerability, a common attack point found in websites. The hacker may also have tried to sell details about this vulnerability to a broker working on behalf of a Middle Eastern government, Recorded Future said.

“It’s not uncommon for this type of vulnerability to lead to broader system level access, however, in this case the full extent of the EAC compromise remains unknown,” Recorded Future said.

The stolen login credentials could have also allowed a hacker to modify or plant malware on the commission’s web-facing application, the company said.

It’s unclear how long the vulnerability remained unpatched, so it’s possible other bad actors may have exploited it, Recorded Future said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?