The New Yorker
April 18, 2018
Last month, when Congress authorized three hundred and eighty million dollars to help states protect their voting systems from hacking, it was a public acknowledgement that, seven months out from the midterm elections, those systems remain vulnerable to attack.
America’s voting systems are hackable in all kinds of ways. As a case in point, in 2016, the Election Assistance Commission, the bipartisan federal agency that certifies the integrity of voting machines, and that will now be tasked with administering Congress’s three hundred and eighty million dollars, was itself hacked. The stolen data—log-in credentials of E.A.C. staff members—were discovered, by chance, by employees of the cybersecurity firm Recorded Future, whose computers one night happened upon an informal auction of the stolen passwords. “This guy—we randomly called him Rasputin—was in a high-profile forum in the darkest of the darkest of the darkest corner of the dark Web, where hackers and reverse engineers, ninety-nine per cent of them Russian, hang out,” Christopher Ahlberg, the C.E.O. of Recorded Future, told me. “There was someone from another country in the forum who implied he had a government background, and he wanted to get his hands on this stuff. That’s when we decided we would just buy it. So we did, and took it to the government”—the U.S. government—“and the sale ended up being thwarted.” (Ahlberg wouldn’t identify which government agency his company had turned the data over to. The E.A.C., in a statement, referred questions about “the investigation or information shared with the government by Recorded Future” to the F.B.I. The F.B.I., through a Justice Department spokesperson, declined to comment.)