By Joseph Menn
SAN FRANCISCO (Reuters) - Russian hacking of the 2016 U.S. election included sophisticated targeting of state officials responsible for voter rolls and voting procedures, according to a top secret U.S. intelligence document that was leaked and published this week, revealing another potential method of attempted interference in the vote.
The month-old National Security Agency document outlined activities including impersonating an election software vendor to send trick emails to more than 100 state election officials. Analysts at the NSA believed the hackers were working for the Russian military's General Staff Main Intelligence Directorate, or GRU, according to the document.
The document's publication on Monday by The Intercept, a news outlet that focuses on security issues, received particular attention because an intelligence contractor, Reality Leigh Winner, was charged the same day with leaking it.
U.S. intelligence agencies have previously said the Kremlin tried to influence the election outcome in favor of Republican candidate Donald Trump through leaks during the campaign of hacked emails from Democratic Party officials, aimed at discrediting Democratic candidate Hillary Clinton.
The new revelations suggest that U.S. investigators are also still probing a more direct attempt to attack the election itself, and a federal official confirmed that is the case. However, there is no evidence that hackers were able to manipulate votes, or the vote tally.
The document says at least one employee of the software vendor had an account compromised but does not cover whether any of the elections officials were also successfully compromised.
If they did compromise the officials, hackers could have planted malicious software, then captured proof of the infection to suggest that there had been fraud on Clinton's behalf, had she won the Nov. 8 election, experts said.
“If your goal is to disrupt an election, you don’t need to pick the winner or actually tamper with tally result," said Matt Blaze, a University of Pennsylvania computer science professor who has written on the security of voting machines. Simply casting doubt on the legitimacy of the results could achieve the goals of a government-sponsored hacking campaign, he said.
U.S. intelligence officials had previously stated that Russian intelligence had won access to "multiple" election officials but had said that compromised machines were not involved with vote tallies. But they had not said how sophisticated and extensive the effort was or how it worked.
Russian President Vladimir Putin has strongly denied Russian government involvement in election hacking, though he said last week that "patriotic" Russians could have been involved. Trump has denied any collusion.
SPEAR-PHISHING ON ELECTIONS OFFICIALS
The newly leaked NSA report said the hackers used so-called "spear-phishing" techniques on election officials, trying to convince targets to click on links in emails that seemed to come from legitimate correspondents.
The report describes just one phishing campaign, which hit state officials a week before the election, but does not give any locations or say if it was successful. Although there may have been many others, security experts said one coming so late in the game would be more likely to be about sowing chaos than trying to alter vote counts.
The report did not say what the hackers were trying to accomplish, and any investigation of the computers of people who were targeted would be the jurisdiction of the FBI.
An FBI spokeswoman declined to comment Tuesday, as did the office of the special counsel Robert Mueller, who is investigating possible collusion between Trump campaign officials and the Russian government.
ATTACKING VOTER ROLLS
The "bait" used in the spear-phishing campaign involved software for managing voter registration rolls. The hackers might have been considering deleting some records and forcing officials to turn legitimate voters away, said elections technology security expert Alex Halderman, of the University of Michigan.
There were no wide reports of mass rejections of voters, so perhaps that plan was abandoned or proved too hard to execute, he said.
It is also possible that the idea was to get onto the machines of officials who oversaw both registration and voting software. Elections are run by counties in the United States.
“Depending on the county’s configuration and security practices and what is separated from what, they could have access to potentially every aspect, from lists of registered voters, to voting machines, to firmware on those machines, to the ballots that are presented, to the software that controls the final tally,” Blaze said.
“This is the holy grail of what an attacker would want to compromise.”
Members of Congress said they hoped to learn more about the hacking attempts.
“It’s important that the American people understand that the Russian attempts to break into a number of our state voting processes - we talked about this in the fall - was broad-based,” Democrat Mark Warner, vice chairman of the Senate Intelligence committee, told reporters.
"It’s my hope in the coming days that we can get more information out about that.”
(Reporting by Joseph Menn in San Francisco; Additonal reporting by Dustin Volz, Jim Finkle and Mark Hosenball in Washington; Editing by Jonathan Weber and Frances Kerry)