A federal contractor was arrested in Georgia Monday in connection with a classified NSA report on Russian election interference published by the online publication The Intercept.
According to the top secret document, Russian military intelligence conducted a cyberattack on at least one supplier of voting software and sent phishing emails containing malicious software to more than 100 local election official days before the 2016 election, The Intercept reported.
After the Intercept story was published Monday, the Justice Department announced the arrest of a 25-year-old federal contractor from Georgia in connection with the disclosure.
Reality Leigh Winner, a contractor with Pluribus International Corp., who has held a top secret security clearance since at least February, made her first federal court appearance in Augusta, Ga., Monday afternoon.
“Winner printed and improperly removed classified intelligence reporting, which contained classified national defense information from an intelligence community agency and unlawfully retained it,’’ court documents stated, adding that material was taken May 9. “Approximately a few days later, Winner unlawfully transmitted by mail the intelligence reporting to an online news outlet.’’
Deputy Attorney General Rod Rosenstein credited federal law enforcement agents with acting “quickly to identify and arrest the defendant.’’
“Releasing classified material without authorization threatens our nation’s security and undermines public faith in government,’’ Rosenstein said.
According to The Intercept, the classified May 5 intelligence report “is the most detailed U.S. government account of Russian interference in the election that has yet come to light." The NSA report says it is based on information it obtained in April, but the document does not reveal the “raw” intelligence that led to the report’s conclusions.
According to the purported NSA document, Russian intelligence “executed cyber espionage operation against a named U.S. Company in August 2016, evidently to obtain information on elections-related software and hardware solutions.” The report's authors have no doubt the Russian General Staff Main Intelligence Directorate, or GRU, was behind the operation.
The Russian "spear-fishing" attack involved sending local government employees emails that appeared to be from e-voting vendors containing Microsoft Word documents loaded with malware. Once the recipient opened one of the documents, the hackers would gain control of the infected computer.
In order for the emails to seem legitimate, the Russians tried to hack an election software company's email system, The Intercept reported. At least one employee's account was likely hacked, according to the report.
"Although the document does not directly identify the company in question, it contains references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states," The Intercept reported.
In late October, the hackers began to send emails that appeared to be from a VR system employee, the document says. The emails were sent to 122 addresses tied to "local government organizations," the document says, adding that "officials involved in the management of voter registration systems" were the likely targets. The emails contained "trojanized" attachments that would allow the hackers to gain access to the infected computer.
"It is unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data could have been accessed by the cyber actor," the alleged NSA document says. "However, based upon subsequent targeting, it was likely that at least one account was compromised."
The Intercept is an online publication started in 2013 by journalists Glenn Greenwald, Laura Poitras and Jeremy Scahill in the wake of Edward Snowden’s revelations about NSA surveillance.
The report published Monday is based on a “top-secret National Security Agency document” provided by an anonymous source. The report was “independently authenticated,” according to The Intercept.
An unnamed U.S. intelligence officer told The Intercept not to read too much into the document because, “a single analysis is not necessarily definitive.”