Overnight, there has been a flurry of media activity in relation to one person with an unusual name: Reality Winner. Reality Winner is the first NSA leaker to be caught by the Trump administration and now stands charged with leaking classified information to a media outlet. With U.S. President contradictorily maintaining the position that the leaks undermining his administration are simultaneously " fabricated lies made up by the #FakeNew media" and yet wants the FBI to prosecute these "leakers" to the fullest extent of their abilities (which implies the information they are giving is indeed real), it is likely that Reality Winner may face the 10 year maximum jail time for this offence. In the past, jail time for leaking has ultimately been rare, but the amount of publicity a leaker gets tends to contribute to larger jail sentences (see Chelsea Manning, who was sentenced to 35 years in prison for leaking classified documents, only to be released after 7 years).

While many news outlets have been focusing on how ridiculous Reality Winner's name is (see The Daily Show), what her motives for leaking might have ultimately been (see The Atlantic and the Guardian) or how sloppy clues lead to her getting caught (see NY Times), many outlets gloss over the serious allegations the documents reveal: Russian operatives may have been able to hack into the electronic system that manages voter registration in the U.S. election. Should these allegations appear to be true, it is uncertain what the remedy would be because the Trump administration has been determined to fight any allegation no matter how minor (including disputes about crowd size refuted by photographic evidence and insisting that the President intentionally Tweeted the misspelt word "Covfefe").

Ironically, it was President Trump who started his Presidency with heavy allegations of voter fraud without any evidence. Now, the turnout of the election may be put into disrepute for another reason.

According to Reality Winner's redacted documents posted on The Intercept, the NSA has internal evidence that Russian hacking penetrated further into U.S. voting systems than had previously been publicly disclosed. For example, in September 2016 Obama directly spoke to Putin and told him to stop the tampering in the election. While Obama disclosed that the hacking had stopped, this NSA report indicated that the hacking continued in October and potentially later. The NSA also has evidence that the hacking was directly perpetrated by the Russian General Staff Main Intelligence Directorate, or GRU, despite Putin's many statements that the Russian government was not behind the hacking.

While the document does not reach any conclusions about whether the interference had any impact on the election, the report does raise some red flags about the legitimacy of electronic voting systems. Russian hackers allegedly sent emails purporting to be from Google to employees of VR Systems, a private-contract Florida-based vendor of electronic voting services and equipment whose products are used in eight states: California, Florida, Illinois, Indiana, New York, North Carolina, Virginia and West Virginia. The employees would be redirected to a faux-Google website that would request their login credentials and then transfer them to the hackers. Seven "potential victims" were targeted, and the NSA concluded that one employee account was likely compromised.

Using these credentials, hackers then sent emails from a Gmail account designed to appear as if it belonged to the compromised official to the contacts they had already obtained from the breach. These emails contained malicious Trojan malware, which can automatically record a computer's complete activity and send it back to the hackers without the individual being aware of it. The hacker would gain all the same abilities as the computer user, without being traced.

The report noted three found tests to use the faux account. Interestingly, one test was against the American Samoa Election Office, the U.S. territory which does not actually have electoral votes in the U.S. mainland election. It is likely that this test was to see if the Russians could effectively appear as a legitimate absentee ballot-related service provider.

Whether further attempts to undermine electoral voting systems were successful is uncertain. VR Systems did not control the actual touchscreens on which individuals voted on, however they provided the data on which individuals were registered to vote and were the sole IT provider for issues with that information. If VR Systems' software was compromised, a hacker could have removed certain voters from the eligible voting list. Combined with public indicators of likely political party affiliation as well as political party's own registration list, this could have easily become a partisan attack.

With that being said, compromising VR Systems, a less visible part of the voting system, is less noticeable than an attack on the machines who actually tabulate the votes. Many voting machines worked off wireless transmissions and continuous syncing which, while generally seen as insecure, is unlikely to be compromised by VR Systems because they do not sync with them. However, had a local or state level individual compromised by VR Systems installed a manual update or configuration, the machine could have become compromised.

The U.S. uses a decentralized election voting system where there is no strong central government oversight of the election process or the acquisition of voting hardware or software. Voter registration, maintenance of voter rolls and vote counting lack national oversight. Unlike Canada, which has Elections Canada, the U.S. does not have a single authority responsible for safeguarding elections.

The U.S. is desperately in need of a full investigation into the results of the election, just not in the way that Trump imagined.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.