Sen. Ron Wyden (D-Ore.) has questions that a lot of people are still asking three years after the 2016 presidential race — what exactly happened with VR Systems, the Florida voter-registration software maker that the FBI apparently believes Russia hacked. The redacted version of special counsel Robert Mueller’s report indicated that in 2016 Russian hackers infiltrated a US maker of voter-registration software and installed malware on its network — information that was based on an FBI investigation. Furthermore, the 2017 indictment of Russian military officers for hacking Democratic computer systems that was based on the FBI investigation as well also asserted that a company fitting VR Systems’ description was hacked in 2016 and had malware installed on its network.. VR Systems, however, has long insisted it wasn’t hacked, though the company has never produced evidence showing it wasn’t compromised. Wyden wants to know whether the company ever engaged a third party to conduct a forensic examination of its computer networks and systems since the hacking assertions first came to light after the 2016 election and has asked to see a copy of a report from any such investigation, according to a letter he sent last week to VR Systems that his office shared with POLITICO.Full Article: Wyden seeks answers in Florida election hacking allegations - POLITICO.
Florida: Ron DeSantis ‘not allowed’ to disclose which two Florida counties were hacked by Russians | Emily L. Mahoney/Tampa Bay Times
Gov. Ron DeSantis met with the FBI and the U.S. Department of Homeland Security last week to discuss the revelation in the Mueller report that “at least one” Florida county had its election information accessed by Russian hackers in 2016. On Tuesday, DeSantis told reporters that he had been briefed on that breach — which actually happened in two counties in Florida — but that he couldn’t share which counties had been the target. “I’m not allowed to name the counties. I signed a (non)disclosure agreement,” DeSantis said, emphasizing that he “would be willing to name it” but “they asked me to sign it so I’m going to respect their wishes.”Full Article: Ron DeSantis ‘not allowed’ to disclose which two Florida counties were hacked by Russians | Tampa Bay Times.
Florida: Even Without Russian Hacking, Florida’s Voting System Is ‘Not Secure,’ Says Election Expert | WJCT
The FBI will brief Florida’s congressional members this week on Russian attempts to hack the 2016 election, after the Mueller report revealed last month that the election system of at least one Florida county was compromised. But even before details emerge, a former supervisor of elections in Florida is saying he is not surprised that the state’s system was compromised. Ion Sancho, the longtime former supervisor of elections of Leon County, said Friday on The Florida Roundup that Florida’s election infrastructure is, frankly, “not secure.” “It’s been clear to me that the election infrastructure, not only in Florida but in the country, is not secure,” he said.Full Article: Even Without Russian Hacking, Florida's Voting System Is 'Not Secure,' Says Election Expert | WJCT NEWS.
Silent so far on new information that Russian hackers may have phished their way into a local elections office, the FBI has agreed to meet next month with Florida officials to brief them on the topic. Gov. Ron DeSantis and U.S. Sen. Rick Scott each said Thursday that the FBI has reached out about scheduling a meeting within the next few weeks to discuss elections hacking. Both the current and former governor have been critical of federal authorities for remaining silent in the weeks since Robert Mueller’s Russian elections interference report said the FBI believes Russian hackers were able to “gain access” to “at least one” Florida county government computer network. “They won’t tell us which county it was. Are you kidding me? Why would you not say something immediately?” DeSantis said Thursday in Miami, where he made an appearance to name two new members of the Third District Court of Appeal. “We’re looking for answers. I think finally next week we’re going to get somebody, or maybe the week after we’re going to have somebody come brief us on what happened.” DeSantis’ office did not provide additional details about the meeting, and the FBI did not immediately respond to a request for comment.Full Article: FBI to brief Ron DeSantis, Rick Scott on Russian hacking attempts | Tampa Bay Times.
North Carolina: Board of Elections asking if North Carolina voting software company was hacked in 2016 | WSOC
The North Carolina State Board of Elections is asking a voting software company if it was hacked by Russian cyber attackers in 2016. The NCSBE wants to know if VR Systems is “Vendor 1” in the Mueller report. The report indicates that russian intelligence successfully “installed malware on the company network.” The letter from NCSBE asks VR Systems for “immediate, written assurance regarding the security” of its network. Nearly two dozen counties in the state used VR Systems in 2016, including Mecklenburg. “What we use it for on is the back end so that we can record provisional ballots, transfers, that sort of stuff that allows us to do it uniformly through 195 different precincts,” Mecklenburg County Board of Election Director Michael Dickerson said. VR Systems is based in Tallahassee and used to have an office in Matthews. Emails to the company were not returned.Full Article: MUELLER REPORT NC VOTING COMPANY: Mueller Report: NCSBE asking if NC voting software company was hacked in 2016 | WSOC-TV.
North Carolina: In wake of Mueller report, North Carolina elections officials want answers from electronic pollbook vendor | WRAL
North Carolina elections officials want to know whether an unnamed voting technology company that Robert Mueller’s report says was compromised by Russian hackers is the same firm that supplies poll book software to more than a dozen counties across the state. In a letter to VR Systems sent Thursday afternoon, State Board of Elections General Counsel Josh Lawson asked the company to provide “immediate, written assurance” about the security of its products, which came under fire two years ago when a leaked intelligence report named the company as the target of a Russian hacking attempt known as “spearphishing.” Mueller’s report, released in a redacted form Thursday morning, notes that, in August 2016, Russian intelligence officers targeted a “voting technology company that developed software used by numerous U.S. counties to manage voter rolls,” installing malicious code on the company’s network. The name of the firm is blacked out due to “personal privacy” exemptions. Lawson said, based on the leaked intelligence report and a separate 2017 federal indictment, that VR Systems was a target of the GRU, the Russian military intelligence agency.Full Article: In wake of Mueller report, NC elections officials want answers from electronic pollbook vendor :: WRAL.com.
National: State election boards’ hands are sometimes tied when it comes to voting machine security. | Slate
Voting in the United States is highly decentralized—and in many ways that’s a good thing when it comes to security. Having different regions operate their own elections and count their own votes makes it harder for someone to forge, compromise, or change a large number of votes all at once. But that decentralization also means that individual states, counties, or districts are also often free to make bad decisions about what kind of voting technology to use—and it’s surprisingly hard to stop them. Earlier this week, North Carolina’s state elections board made a last-ditch attempt to convince a judge to prohibit counties in the state from using voting software manufactured by VR Systems on the grounds that the board hadn’t officially certified the software since 2009. On Monday—the day before Election Day—that attempt failed when Superior Court Judge Paul Ridgeway declined to intervene.
With only hours to go before Tuesday’s municipal elections, a trial judge has turned away North Carolina’s effort to avoid using the polling-place software of a company targeted by Russian hackers last year. Lawyers for the state elections board said the Election Day poll book software that VR Systems provides to nearly 30 of North Carolina’s 100 counties hasn’t been officially certified. VR Systems persuaded an administrative law judge last Friday to side with the Florida-based company, which says the software remains approved under the original certification it obtained eight years ago, in October 2009. Superior Court Judge Paul Ridgeway declined to intervene, deferring to Administrative Law Judge Don Overby’s ongoing oversight of the case, including a proposed hearing set for next spring. The elections board formally asked the state Court of Appeals late Monday to delay the enforcement of Overby’s restraining order and preliminary injunction.Full Article: Judge denies North Carolina's challenge of election software | News & Observer.
When people in several North Carolina precincts showed up to vote last November, weird things started to happen with the electronic systems used to check them in. “Voters were going in and being told that they had already voted — and they hadn’t,” recalls Allison Riggs, an attorney with the Southern Coalition for Social Justice. The electronic systems — known as poll books — also indicated that some voters had to show identification, even though they did not. Investigators later discovered the company that provided those poll books had been the target of a Russian cyberattack. There is no evidence the two incidents are linked, but the episode has revealed serious gaps in U.S. efforts to secure elections. Nine months later, officials are still trying to sort out the details. … At first, the county decided to switch to paper poll books in just those precincts to be safe. But Bowens says the State Board of Elections & Ethics Enforcement got involved “and determined that it would be better to have uniformity across all of our 57 precincts and we went paper poll books across the county.”Full Article: Russian Cyberattack Targeted Elections Vendor Tied To Voting Day Disruptions : NPR.
Editorials: Transparency is Solution to Shameful Lack of Security For U.S. Voting Systems Revealed by NSA Leak | Leah Rosenbloom/ACLU
Elections belong to the public. Just as we have the right to understand our overall election process, we have a right to understand the underlying hardware and software involved in electronic voting. We have a right to understand where our votes and voter registrations go, who checks them, and which institutions have access to that information. The NSA document allegedly leaked by Reality Leigh Winner and recently published by The Intercept suggests that the government is no longer confident about that critical information. The report details a Russian spear-phishing campaign that introduced malware into election contractors’ and officials’ machines, causing them to run “an unknown payload from malicious infrastructure.” According to the report, “It is unknown…what potential data could have been accessed” by Russian hackers. The malicious code was implanted into instructions for EViD, a piece of software that allows poll workers to verify voters’ sensitive personal information, including name, address, registration status, and voting history. The verification is done entirely over the Internet, and all data is communicated to and from EViD’s “secure website.”Full Article: Transparency is Solution to Shameful Lack of Security For U.S. Voting Systems Revealed by NSA Leak | American Civil Liberties Union.
Local officials consistently play down suspicions about the long lines at polling places on Election Day 2016 that led some discouraged voters in heavily Democratic Durham County, N.C., to leave without casting a ballot. Minor glitches in the way new electronic poll books were put to use had simply gummed things up, according to local elections officials there. Elections Board Chairman William Brian Jr. assured Durham residents that “an extensive investigation” showed there was nothing to worry about with the county’s new registration software. He was wrong. What Brian and other election officials across eight states didn’t know until the leak of a classified intelligence is that Russian operatives hacked into the Florida headquarters of VR Systems, Inc., the vendor that sold them digital products to manage voter registrations. … David Jefferson, a computer scientist at the Lawrence Livermore National Laboratory in California who has acted in his personal capacity in trying to safeguard election integrity, said he believes it is “absolutely possible” that the Russians affected last year’s election. “And we have done almost nothing to seriously examine that,” he said. “The Russians really were engaged in a pattern of attacks against the machinery of the election, and not merely a pattern of propaganda or information warfare and selective leaking,” said Alex Halderman, a University of Michigan computer science professor. “The question is, how far did they get in that pattern of attacks, and were they successful?”Full Article: State and local election systems easy prey for Russians hackers | McClatchy Washington Bureau.
The Florida elections vendor that was targeted in Russian cyberattacks last year has denied a recent report based on a leaked National Security Agency document that the company’s computer system was compromised. The hackers tried to break into employee email accounts last August but were unsuccessful, said Ben Martin, the chief operating officer of VR Systems, in an interview with NPR. Martin said the hackers appeared to be trying to steal employee credentials in order to launch a spear-phishing campaign aimed at the company’s customers. VR Systems, based in Tallahassee, Fla., provides voter registration software and hardware to elections offices in eight states. “Some emails came into our email account that we did not open. Even though NSA says it’s likely that we opened them, we did not,” Martin says. “We know for a fact they were never opened. They did not get into our domain.”Full Article: Despite NSA Claim, Elections Vendor Denies System Was Compromised In Hack Attempt : NPR.
Election officials in Humboldt County are checking their voter data after a leaked National Security Agency document alleged that Russian operatives hacked one of the county’s voting software contractors. According to a NSA memo published Monday by the news website The Intercept, Russia’s military intelligence unit, the G.R.U., successfully hacked a Florida voting software company, VR Systems, last summer. That hack then led to a broader hacking attempt of local election boards around the country just days before the November election. Humboldt County, population 136,000, might not seem like a top target for the Russians. The far-north county, which includes the city of Eureka, is more famous for its redwoods, coastline and marijuana crop than its politics. But the county Office of Elections had a contract with elections company Hart InterCivic, and Hart used VR Systems for its electronic poll books — the devices poll workers use to check in voters at the ballot.Full Article: Humboldt County shores up voting systems after Russian hack.
New York: Onondaga among 4 New York counties to use voting software targeted by Russian hackers | syracuse.com
Onondaga County is among four New York counties that used voting software provided by a U.S. company targeted in a cyber-attack by Russia before the 2016 presidential election, election officials said Wednesday. Onondaga, Cayuga, Cortland and Orange counties used the EVid software from a vendor that partnered with U.S. supplier VR Systems of Florida, said Thomas Connolly, speaking for the New York State Board of Elections. The company’s devices were used by the New York counties as electronic poll books to check voter registration, supplementing existing paper books at selected voting precincts in November as part of a state pilot program, Connolly said. The devices were never linked to live voter registration databases, and state elections officials have found no indication hackers compromised the state’s voting system, Connolly said.Full Article: Onondaga among 4 NY counties to use voting software targeted by Russian hackers | syracuse.com.
Florida: Phishing expedition: At least 5 Florida counties targeted by Russian election hack | Tampa Bay Times
Russian hackers tried to break into the computer systems of at least five Florida county elections offices days before the 2016 presidential election, according to five county officials who say they received malicious emails described in a leaked intelligence report. Election supervisors in Hillsborough, Pasco, Citrus and Clay counties separately told the Times/Herald their offices got the emails, which contained attachments that could have taken over their computers. But all four said their staffers did not open them. Volusia County said it opened one of the infected emails, but not the attachment that could have compromised its systems. There’s been no evidence disclosed publicly that any counties were breached. It’s not clear how many counties were targeted, in Florida or across the country. The Times/Herald sent requests for the emails to all 67 elections offices in the state. Nineteen replied back that they searched for them and couldn’t find any.Full Article: Phishing expedition: At least 5 Florida counties targeted by Russian election hack | Tampa Bay Times.
Florida: E-pollbook Vendor takes responsibility for delaying St. Lucie County election results | TC Palm
A server malfunction — in equipment operated by a private company — resulted in the delay posting primary-election results Tuesday night, the company’s CEO said Thursday. Totals for early and absentee voting didn’t appear on the supervisor of elections website until nearly an hour after the polls closed at 7 p.m. St. Lucie’s problem was part of a domino effect, according to Mindy Perkins, CEO of VR Systems, an online election system-reporting company used by the St. Lucie County Supervisor of Elections Office and about 50 other Florida counties. A VR Systems technician used an incorrect link to allow Broward County Supervisor of Elections to preview results, according to affidavit from Perkins.Full Article: Vendor takes responsibility for delaying St. Lucie County election results.
Florida: Broward state attorney reviewing how elections office posted results before polls closed | Miami Herald
When Broward County posted election results online before the polls closed Tuesday night, it was the election night screw-up seen around Florida. It is a felony to release results while voters are still casting ballots. Within a couple of hours, a vendor took full responsibility, but a chain of events was already in motion: On Tuesday night, the state elections chief, Ken Detzner, criticized the slip-up as “unacceptable” and called for an investigation — prompting the Broward state attorney to launch a review Wednesday. As the drama was unfolding in a warehouse at the Lauderhill Mall where Broward tabulates results, Supervisor of Elections Brenda Snipes coasted to a landslide victory over her Democratic primary opponent and deferred to the vendor to explain what went down. Despite the election website problems, experts say it’s unlikely that anyone will get charged with a crime.