Florida Governor Says Russian Hackers Breached 2 Counties In 2016

PHOTO: South Florida voters wait in line to cast their ballots late in the day at a busy polling center in Miami on Nov. 6, 2018. CREDIT: Rhona Wise/AFP/Getty Images


Russian hackers breached the systems of two county elections systems in Florida in 2016, Florida Gov. Ron DeSantis said Tuesday at a news conference. DeSantis said no data were tampered with and vote tallies were not affected.

The intrusions, which had not ever been publicly confirmed, were first disclosed in special counsel Robert Mueller’s report about Russian interference in the 2016 election last month.

“I recently met with the FBI concerning the election issue mentioned in the Mueller report,” DeSantis said. “Two Florida counties experienced intrusion into the supervisor of election networks. There was no manipulation.”

DeSantis said he could not disclose which counties’ networks were compromised, but he said the voter data that the attackers gained access to was already public.

“Nothing that affected the vote count,” DeSantis said.

One sentence in the Mueller report prompted DeSantis’ meeting with the FBI: “We understand the FBI believes that this operation enabled [Russian military intelligence] to gain access to the network of at least one Florida county government” during the 2016 election.

The mention that Russian hackers had accessed Florida networks came as a surprise to many in the state.

“I haven’t heard even a whisper” about such a breach, said Paul Lux, president of the Florida State Association of Supervisors of Elections in an interview with NPR last month.

To break into the Florida elections systems, the Russian hackers used a spear-phishing campaign, where they used email addresses designed to look like a voting system vendor to trick the election officials into giving them access to their networks.

A leaked document from the National Security Agency in 2017 identified the company as Florida-based VR Systems.

The campaign was detailed in an indictment filed last summer by Mueller’s office:

In or around November 2016 and prior to the 2016 U.S. presidential election, KOVALEV and his co-conspirators used an email account designed to look like a Vendor 1 email address to send over 100 spearphishing emails to organizations and personnel involved in administering elections in numerous Florida counties. The spearphishing emails contained malware that the Conspirators embedded into Word documents bearing Vendor 1’s logo.

Last year, former Florida Sen. Bill Nelson warned that Russia had “penetrated” Florida’s voter registration systems, but election officials denied that vehemently at the time.

Then-Gov. Rick Scott, who defeated Nelson in the Senate race, decried Nelson’s claims and said they “only serve to erode public trust in our elections at a critical time.”

Copyright 2019 NPR. To see more, visit npr.org