A federal agency that helps states select voting systems may have been breached by a hacker.

The Election Assistance Commission (EAC) on Thursday said the FBI is looking into a possible attack on its web-facing systems.

ADVERTISEMENT

The agency certifies brands of voting machines and provides election-related data to voters. It does not run elections, count votes or store voter records.





“Upon detecting the intrusion, the EAC terminated access to the application and began working with federal law enforcement agencies to determine the source of this criminal activity. The FBI is currently conducting an ongoing criminal investigation. As such, questions concerning the investigation should be directed to the FBI,” the EAC said in a press release

According to the EAC website, new brands of election machines were last certified in 2015, and most were certified well before this election cycle. Security website Recorded Future on Tuesday claimed it had identified a hacker selling credentials to the EAC web system. The EAC’s release did not specifically identify Recorded Future as the source informing them of the potential breach.

Recorded Future said the hacker, whom they called Rasputin, spoke Russian, but it said it found no evidence of government affiliation. They said the hacker was selling more than 100 sets of credentials to the website, some of which had high-level access.

“Recorded Future continues to assist federal law enforcement in the ongoing investigation, as they determine the full extent of the compromise,” the post said.