Advertisement

Hacker breaches the US agency that certifies voting machines

The US EAC does not administer elections itself, but it does certify the machines used.

Andy Sacks via Getty Images

In the year of "rigged" election claims, security firm Recorded Future says it identified a Russian-speaking hacker attempting to sell accounts that have access to the US Election Assistance Commission. While may not be familiar with the EAC, it's the agency in charge of certifying voting machines and providing best practices used in elections. In a statement, the EAC confirmed it's aware of a "potential intrusion" and says it's working with law enforcement.

Screenshot of EAC internal site, obtained by Recorded Future
According to Recorded Future, a hacker going by the name Rasputin was trying to sell an unpatched system vulnerability, and it identified more than one hundred logins that were compromised. The hacker apparently used an SQL injection to obtain the list of logins and passwords that were eventually cracked. With that kind of access, someone could access testing plans and results for various voting machines. The EAC does not store voter's personal information or vote totals.