The government organization that oversees the integrity of voting machines and election administration databases was hacked, according to a report released Thursday.
Recorded Future, a Boston-based cybersecurity company, identified a hacker by the pseudonym Rasputin who stole login information from the US Election Assistance Commission (EAC) and offered it for sale.
According to the report, Rasputin was in ongoing negotiations to sell 100 login credentials, some with the most powerful administrative privileges over the EAC’s databases, to a Middle Eastern government broker for several thousand dollars. Recorded Future does not believe Rasputin was sponsored by a foreign government. (Yeah being named after a famous Russian mystic is NO indication that the Russian government is involved or anything.)
Whether the hack could delegitimize the results of the election is difficult to say. Levi Gundert, a researcher with Recorded Future, told BuzzFeed News, “We don’t know when the initial compromise occurred or how long the hacker had access, but it wouldn’t appear that those credentials would have the ability to materially impact the election.”
That last part is not exactly comforting since it is followed by this statement:
The EAC’s database also includes the specifications of electronic voting like where and which companies manufacture them or where they are in the process of security certification, Gundert said. US adversaries could use as advance knowledge to interfere with US elections.
Because of other vulnerabilities in the EAC’s system, it is possible that the full extent of the hack is not fully known, according to the report.
So is there proof that this hack might have undermined our election?
Oh, we don't know.
Did the hack give them access to information that MIGHT have undermined our election?
Oh hell yeah!
Yeah, that puts my mind right at ease.