Election Assistance Commission warns it may have been hacked

Election Assistance Commission warns it may have been hacked
© Greg Nash
A federal agency that helps states select voting systems may have been breached by a hacker.
 
The Election Assistance Commission (EAC) on Thursday said the FBI is looking into a possible attack on its web-facing systems.
 
ADVERTISEMENT
The agency certifies brands of voting machines and provides election-related data to voters. It does not run elections, count votes or store voter records.
 
The news comes as worries bubble over about Russian cyberattacks affecting the U.S. presidential election. The intelligence community has blamed Russia for the hacks of various Democrats and Democratic groups, and a secret CIA assessment reportedly determined that the Kremlin was interfering specifically to help Donald TrumpDonald John TrumpDACA recipient claims Trump is holding ‘immigrant youth hostage’ amid quest for wall Lady Gaga blasts Pence as ‘worst representation of what it means to be Christian’ We have a long history of disrespecting Native Americans and denying their humanity MORE win the election.
 
“Upon detecting the intrusion, the EAC terminated access to the application and began working with federal law enforcement agencies to determine the source of this criminal activity. The FBI is currently conducting an ongoing criminal investigation. As such, questions concerning the investigation should be directed to the FBI,” the EAC said in a press release

According to the EAC website, new brands of election machines were last certified in 2015, and most were certified well before this election cycle. 

Security website Recorded Future on Tuesday claimed it had identified a hacker selling credentials to the EAC web system. The EAC’s release did not specifically identify Recorded Future as the source informing them of the potential breach.

Recorded Future said the hacker, whom they called Rasputin, spoke Russian, but it said it found no evidence of government affiliation. They said the hacker was selling more than 100 sets of credentials to the website, some of which had high-level access.
 
“Recorded Future continues to assist federal law enforcement in the ongoing investigation, as they determine the full extent of the compromise,” the post said.