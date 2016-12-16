President-elect Donald Trump vehemently denies such assertions, a team of cybersecurity experts at Recorded Future say they found an exploit on the Election Assistance Commission website that compromised administrative accounts and could have wider reaching effects. The EAC — established in 2002 by the Help America Vote Act — exists to help local election officials by creating voluntary voting system guidance, maintaining a database of pertinent election administration information and accrediting voting machine testing laboratories.

According to Recorded Future, hackers were able to set up a “watering hole” on the EAC site, leveraging an existing vulnerability to collect the login information of at least 100 EAC user accounts, “including some with administrative privileges.”

While such a breach would not directly compromise an election, it could act as the “beachhead” for a larger campaign, according to James Scott, senior fellow at the Institute for Critical Infrastructure Technology (ICIT).

“Due to the niche nature of the site, the vast majority of users accessing the portal would be doing so on local and state election PCs. The EAC is a central portal for all election officials, so, if the threat actor actually leveraged the portal as a watering hole, then malware could have spread onto any level of election official PCs used to access the portal,” he said. In order for that to have an effect, those hypothetically infected computers would have to be “connected to the tabulation systems, used to update or test election machines or used to input and transmit election results,” Scott explained. “Then the hypothetical malware could compromise the integrity of the election at the local or state” level.