58ºF

FBI: Russians hacked into at least 1 Florida county's elections database

FBI agents won't disclose which county was compromised

The Russian election interference report released last week by the Department of Justice revealed that the FBI believes the Russian Military Intelligence Service, known as the GRU, hacked into at least one Florida election's system using a virus attached to a phishing email.

"The F.B.I. believes that this operation enabled the GRU to gain access to the network of at least one Florida county government," according to a line in the redacted report.

Volusia County Supervisor of Elections Lisa Lewis said her office received a similar phishing email and did not take the bait. She showed the fake email to News 6 in 2016 after the election.

"We did not open the attachment," Lewis said. "We caught it and put procedures in place. We have a third-party vendor looking for things like this."

The email purported to be from VR Elections, the vendor that provides elections services to Volusia County and many other elections offices around Florida.

"Dear customers, please take a look at the instructions for our modernised products," the email read.

The email originated from a Gmail account and the word "modernised" was spelled with an "s" as it is in the U.K.

"It went to four emails here - myself, my assistant, my deputy, and my elections email - and nobody opened the attachment," Lewis said. 

Lewis said she sent it to her IT department which determined it came from a Russian IP address.

The FBI did not say which Florida county elections office did open the infected attachment.

The Florida secretary of state was not told and neither was Florida Gov. Ron DeSantis.

DeSantis said he would soon find out when he meets with the FBI over the next few weeks.

Seminole, Orange, Lake and Flagler counties' elections supervisors said Monday they did not receive the phishing emails in 2016.

Lewis said even if hackers did gain access to an elections system, they wouldn't have been able to alter elections results.

 "This absolutely has nothing to do with tabulating the ballots, this is a totally separate system," Lewis said. "So when you count ballots and they're recorded and results are presented that is separate from the voter registration database. It could create a little havoc with voter registration, when they went in to check into vote, they could have maybe changed a party."

Lewis said each county's voter registration database is kept by that county, not by Tallahassee, so even if a single database were tampered with it wouldn't affect other databases.

"Security and your vote is what we take seriously," Lewis said. "We want it to be open and honest and transparent and also to let everyone know it is secure within our office. And to have someone try and undermine that is very very disturbing."

Lewis said she and her staff are constantly training to recognize cyberthreats.

The Florida State Association of Supervisors of Elections said Tuesday it has taken extensive steps to protect Florida's elections systems.

"We are deeply concerned about recent public statements about the state of our readiness that continues to erode voter confidence and undermine our ability to conduct free and fair elections," the Florida State Association of Supervisors of Elections said in a statement.

Since 2016 all Florida counties have installed or contracted to install threat detection and reporting systems and implemented training, according to the statement.

Nearly $17 million has been spent to "harden" the election infrastructure prior to the 2018 election.

"We remain active and engaged with the Department of Homeland Security, the Center for Internet Security, and our other partners to ensure Florida has done everything to prepare," the statement read.


About the Author: