The FBI concluded that Russian efforts to influence the 2016 presidential election included attempts to infiltrate Florida elections offices, an operation that “gain[ed] access to the network of at least one Florida county government.”
Information about the FBI’s findings came out on Thursday, as part of the public release of Special Counsel Robert Muller’s report on Russian attempts to influence the presidential election.
The attempt to infiltrate Florida’s elections system has been reported previously; the Mueller report provided a few more details.
State and local elections officials on Thursday repeated what they’ve said before: that they have no evidence that Florida elections systems were infiltrated by the Russians, and the presidential election wasn’t compromised.
“The 2016 elections in Florida were not hacked. The Florida Voter Registration System was and remains secure, and official results or vote tallies were not changed,” said a statement from the Florida Department of State, which is responsible for overseeing elections.
Paul Lux, the Okaloosa County supervisor of elections and president of the Florida State Association of Supervisors of Elections, said the Mueller report’s description of the FBI’s conclusion — which refers to a county government — doesn’t mean an elections office was affected.
“In the Mueller report, the ambiguity of that statement is not specific to an elections office. It says a county government office,” Lux said. He said he does not know of any Florida elections offices that was compromised. “I have not heard that from any county in Florida.”
The Florida Department of State added that it “has no knowledge or evidence of any successful hacking attempt at the county level during the 2016 elections. Upon learning of the new information released in the Mueller report, the Department immediately reached out to the FBI to inquire which county may have been accessed, and they declined to share this information with us.”
The Mueller report said that the GRU, the Russian Military intelligence agency, attempted to gain access to election systems.
In November 2016, the Mueller report said, “the GRU sent spearphishing emails to over 120 email accounts used by Florida county officials responsible for administering the 2016 U.S. election. The spearphishing emails contained an attached Word document coded with malicious software [commonly referred to as a Trojan] that permitted the GRU to access the infected computer.
“The FBI was separately responsible for this investigation. We understand the FBI believes that this operation enabled the GRU to gain access to the network of at least one Florida county government,” the report said. The Special Counsel’s Office “did not independently verify” the FBI’s belief and “did not undertake the investigative steps that would have been necessary to do so.”
An indictment as part of Mueller’s investigation alleged that an officer in the Russian military who worked in Russian intelligence and his co-conspirators relied on an email account designed to look as if it came from a vendor used by election officials.
The Mueller report said that in August 2016, “GRU officers targeted employees of [redacted], a voting technology companies that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.”
An elections system vendor, VR Systems, which wasn’t named in the Mueller report, repeatedly denied accounts in 2017 that information was stolen from it and used to send phishing emails to local elections officials. A VR Systems executive repeated those denials at a May 2018 convention of the Florida State Association of Supervisors of Elections in Fort Lauderdale. Benjamin Martin, chief operating officer of VR, couldn’t be immediately reached by phone or email on Thursday.
VR is a dominant provider of VR Systems software. Orange County Elections Supervisor Bill Cowles said 65 of 67 Florida counties now use the company’s software, up from 52 in 2016, and the last two counties, Palm Beach and Sarasota, are in negotiations to do so as well.
Lux said someone clicking on a pfishing email does not mean access to the actual elections systems that are used for tabulating votes and programming voting machines. He said any attempts to meddle in voter registration systems would have become obvious during the 2016 sand 2018 elections because people would have shown up to vote and their registrations would be altered or gone. Voter registration problems would also have become known when elections offices filled requests for vote by mail ballots.
Lux, whose background is in information technology, said the wording in the report – “gaining access to a county network versus being poised to act on a county network are two different things.”
Orlando Sentinel staff writer Steven Lemongello contributed to this report.
aman@sunsentinel.com, 954-356-4550 or Twitter @browardpolitics