The hack appeared to include a breach of the EAC’s administrative-access credentials as well as access to nonpublic reports on flaws in voting machines, according to Andrei Barysevich, an analyst with cybersecurity firm Recorded Future.
Access to the reports could have allowed someone to exploit flaws in voting machines, Mr. Barysevich said. The stolen credentials could have been used to install malicious code on the EAC site, thus potentially infecting any user of it. The users could include state election officials, who might then use a thumb memory stick to interact with other machines, such as ballot machines not connected to the internet.
The security firm, which assessed the hack as having likely occurred in November, turned the information over to law enforcement in December, and Mr. Barysevich has been cooperating with the FBI on its probe.
As far as the House Republicans trying to shut the EAC, it is hard to imagine a worse Idea. As I wrote Sunday:
Meanwhile, House Republicans are moving to abolish the United States Election Assistance Commission, a bipartisan federal agency that serves as a clearinghouse for information about best voting practices and certifies the security of voting machines. Does that sound like a good idea right now?