Cyber Incident Victim: Election Assistance Commission
Date:
Dec 2016
Location:
United States of America
Summary
A U.S. federal agency responsible for voting machine security standards was breached by a hacker exploiting a common database vulnerability, resulting in compromised credentials for over 100 personnel. The Russian-speaking attacker utilized SQL injection to access non-public reports detailing voting machine vulnerabilities, which could theoretically enable targeted attacks on specific systems. The hacker attempted to sell this access to a Middle Eastern government before being detected by security researchers, who alerted law enforcement and confirmed the vulnerability was subsequently patched. While the intrusion exposed sensitive technical information, investigators determined the breach occurred after the election and found no evidence of pre-election system access or impact on the decentralized voting process, which reported no widespread fraud. The agency collaborated with federal authorities on the ongoing criminal investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In December 2016, the U.S. Election Assistance Commission (EAC) experienced a cybersecurity breach discovered by security firm Recorded Future during routine monitoring of underground hacker forums. Researchers identified a Russian-speaking individual offering login credentials for EAC computer systems, obtained through exploitation of a common database vulnerability. The hacker had compromised credentials for more than 100 commission personnel using SQL injection techniques, a preventable attack vector targeting database weaknesses. Recorded Future investigators posed as potential buyers to engage the threat actor, revealing that the compromised data included usernames and obfuscated passwords subsequently cracked by the attacker. The hacker attempted to sell this access and vulnerability information to a Middle Eastern government for several thousand dollars, prompting Recorded Future to alert federal law enforcement agencies. The EAC confirmed awareness of a "potential intrusion" and collaborated with investigators while the FBI initiated a criminal probe. Security patches were applied to address the vulnerability following the discovery.
The breach enabled unauthorized access to non-public EAC reports detailing vulnerabilities in voting machine systems, though no evidence indicated pre-election system access or data theft. The hacker operated with a business model focused on scanning organizations for vulnerabilities and rapidly selling access rather than conducting data exfiltration. Security analysts assessed the actor as non-state affiliated and lacking advanced sophistication despite the successful compromise. While accessed voting machine flaw reports could theoretically enable targeted attacks, the decentralized U.S. election infrastructure and absence of widespread fraud reports mitigated operational impacts. The EAC maintained its statutory functions of voting system certification and election administration standards development throughout the investigation. Federal authorities continued criminal investigations into the breach as the commission reinforced its cybersecurity posture in response to the incident.