The government agency responsible for maintaining the security of voting machines was hacked by a “Russian-speaking actor” sometime around the election, a security firm is reporting. The U.S. Election Assistance Commission (EAC) has confirmed what it’s calling a “potential intrusion.”
The hack was first reported by Boston-based cybersecurity firm Recorded Future, which discovered a hacker selling log-in information for the EAC’s website on an underground marketplace. The firm, which turned over its findings to law enforcement, reports that the hacker had more than 100 log-ins that could “potentially be used to access sensitive information as well as surreptitiously modify or plant malware on the EAC site.” The hacker, whom Record Future believes acted alone, was in negotiations to sell the information to a Middle Eastern government when identified, the firm says.
Though it’s disconcerting to see the agency charged with voting-machine security leave itself vulnerable to a hack, there’s no reason to think this had anything to do with the election results. Even if hackers were able to get inside the EAC databases, that’s not the same as getting inside a voting machine, and it wouldn’t allow any votes to be changed. Still, this isn’t a great look.