whoever57 writes: The commission that is responsible for ensuring the integrity of voting machines was itself hacked. The hacker gained access to non-public reports on weaknesses in voting machines. The hack occurred after the election, so it is unlikely that this hack resulted in changing the result. However, if one hacker can break in, how does anyone know that there was not a prior hack? The hack used an SQL injection flaw to gain access to usernames and passwords which were then cracked.

wiredmikey adds: Researchers have discovered that a Russian-speaking hacker broke into the U.S. Election Assistance Commission (EAC) systems, and has been trying to sell stolen access credentials — including admin-level — on the underground. On December 1, researchers with Recorded Future discovered internet chatter that appeared to relate to an EAC breach. A hacker, called “Rasputin” by Recorded Future, was discussing the sale of more than 100 EAC access credentials to a middle-eastern government broker. The hacker claimed to have accessed the systems via an SQLi vulnerability, which Recorded Future was able to locate and report. EAC said Thursday that was aware of the “potential intrusion” and was investigating the incident.

Read more of this story at Slashdot.

Source: Slashdot – Election Assistance Commission Hacked Using SQL Injection