Russian hackers targeted Florida counties

Key Takeaways

Special Counsel Robert Mueller’s reported findings of Russian interference in the 2016 presidential election were linked to at least two Florida counties.

In November 2016, the Russian Federation’s Main Intelligence Directorate (GRU) sent over 120 emails containing malicious software to email accounts used by Florida county officials who were responsible for administering the election, according to Mueller’s report. Each email had an attachment that if opened, would give the GRU access to the email recipient’s computer.

“The FBI was separately responsible for this investigation,” Mueller’s report said. “We understand the FBI believes that this operation enabled the GRU to gain access to the network of at least one Florida county government.”

The Florida county network accessed by the GRU has not been publicly identified.

In an interview with The New York Times, Sen. Marco Rubio (R-Fla.) said the senders of the emails containing the malicious attachments were “in a position” to change voter roll data, but it does not seem that they did.

Broward County, located in the Fort Lauderdale area, and Volusia County, located in east-central Florida, were two counties that received emails, according to county officials.

Three different email accounts in Broward County were targeted by two attempts of suspicious emails in 2016, according to Steve Vancore, the spokesperson for the Broward County Supervisor of Elections. The former Supervisor of Elections, Brenda Snipes, and her assistant, Patricia Santiago, both received emails on two separate occasions, he said. The general inbox also received the suspicious emails, he noted.

According to Vancore, both sets of emails were sent from the email address vrelections@gmail.com. He said the county’s virus checker first flagged the emails and recognized that the attachment was a virus. The virus checker then removed the emails, preventing them from being delivered to the intended recipients.

“The server took the attachment and quarantined it,” he said.

The recipients were notified that an email with a suspicious word document was sent to their email account, Vancore said. Therefore, he said, the recipients never obtained the emails and did not have the opportunity to open the attachments.

Vancore emphasized that on a large system, receiving suspicious emails is common.

“Normally, these things bounce off and nobody pays much attention to them and you’re glad the system worked,” he said.

Vancore said even if the attachment was opened, it could not have impacted the votes counted because the emails were not sent to the voter tabulation system, which cannot receive emails.

“Now, in theory, what could have happened is they could have gone in and messed up everybody’s voter registration if it got through multiple layers of security,” he said.

While the virus checker used in the 2016 presidential election “worked as it was supposed to,” Vancore said, the county continuously works to upgrade its systems, improve technologies and improve personnel training. He said the county does not want to specifically disclose what software and protocols they are using.

“That would give a clue to the enemy what we’re doing,” he said. 

Broward County’s Supervisor of Elections Peter Antonacci explained that the county’s tabulation system is a closed network and not connected to wany other network or the internet, which would prevent a suspicious email from impacting the outcome of an election.

“Based on what we now know, the emails were not opened by the recipients in our office,” Antonacci said in a statement. 

In Volusia County, suspicious emails were sent to the Volusia County Supervisor of Elections Lisa Lewis and two other election officials, as well as the generic email address, according to Lewis. She said the emails were received on Nov. 7, 2016, one day before the presidential election. The recipients who received the suspicious emails had their contact information posted on the county’s website.

The email was sent from vrelections@gmail.com as were the emails sent to Broward County, and appeared to be from a company named VR Systems, which provides software and hardware technology for elections. Lewis said the email stood out to her because it looked different than the usual emails sent from the company.

The email was signed on one line with “best regards, VR Systems,” when the company normally signs emails with the name of someone in their office, Lewis said.

“They had their logo on there so at first glance you would think it was from them, but then when you opened the email itself there was a misspelling in there,” Lewis said.

She said the email also had an attachment, which no one in the county opened.

“It makes you more mad than anything,” she said.

Lewis said each Florida county has its own voter registration database. If one county’s database was hacked, it would not affect the entire state. Additionally, the voter registration database has nothing to do with the tabulating or counting of the ballots, she said.

She added that the state of Florida uses paper ballots which can be used as a backup if needed to recreate the election. 

In Volusia County, the IT department has firewalls and procedures in place for cybersecurity and suspicious emails. Last year, the county started working with a third-party company that monitors and flags anything suspicious, Lewis said.

“I’d like to reiterate and reassure voters or anybody that the supervisors in Florida… are very sincere and on high alert for any suspicious activity,” she said. “They want everyone’s vote to be counted and to be open and transparent.”

Chief Operating Officer of VR Systems Ben Martin said the company first became aware of the suspicious emails on Nov. 1, 2016. The company notified law enforcement and told customers not to open the emails or click on the attachment.

“We were only aware of a small number of our customers who actually received the fraudulent email and of those, none of them notified us that they clicked on the attachment or were compromised as a result,” Martin said.

After this “spearphishing” attempt, the company implemented a comprehensive program to ensure the integrity of elections. According to Martin, the company was the first elections vendor to complete a Risk Vulnerability Assessment by the Department of Homeland Security.

“While we are proud of these efforts, we know that no system is ever completely secure and we work tirelessly every day to protect our systems and our customers,” Martin said in a statement.