Feds Reviewing Previously Unreported Cyber Attack on Florida Elections Office

February 14, 2020by David Smiley and Nicholas Nehamas, Miami Herald (TNS)
Palm Beach County will no longer be the only county in the state that deviates from the standard ballot style, said Supervisor of Elections Wendy Sartory Link, pictured right. (Mike Stocker/South Florida Sun Sentinel/TNS)

MIAMI — Less than five weeks before Florida’s March presidential primary, the Department of Homeland Security is investigating a previously unreported cyber attack on Palm Beach County’s elections office, according to Supervisor of Elections Wendy Sartory Link.

Link, who was appointed last year by the governor to oversee the county’s beleaguered elections department, said she contacted the FBI in November after a veteran IT employee told her that the office had been infected by a ransomware virus only a few weeks before the 2016 election. The virus was not publicly disclosed in 2016.

Link said the FBI referred her to DHS, which sent a team of a half-dozen employees to her office late last month to do a “deep dive” into her department’s network. She said a report of their findings and recommendations is expected shortly.

“We’ve had the top experts in the country here and they spent a lot of time with our system. When we get the report, we’ll be able to take care of everything we can take care of,” Link said in an interview Thursday. “I wanted this done before March if at all possible.”

Florida’s presidential primary is March 17. Hundreds of thousands of mail ballots have already been sent to voters.

Link says she’s “confident” that Palm Beach County’s elections are secure given months of work with state and federal cybersecurity experts in efforts unrelated to the 2016 infection. But the revelation that the office had been infected by a virus — and that no one was told about it for three years — is raising alarms in a state that was heavily targeted in 2016 by Russian hackers attempting to tamper with U.S. elections.

U.S. Rep. Ted Deutch, D-Fla., tweeted Thursday that he’s reached out to the FBI about the reported intrusion. U.S. Rep. Stephanie Murphy, D-Fla., who has filed a bill that would create greater transparency around election-related cyber attacks, said Link’s “troubling” story reinforces the need for government to quickly alert the public to hacking attempts.

“It should not have taken the public this long to find out about this intrusion,” she said.

Link said she first became aware last fall that the Palm Beach County Supervisor of Elections office had been hit with a ransomware attack. She says she learned of the incident from a top technology employee while interviewing him to see if he was capable of filling in for her former IT director, who’d been fired following a scuffle with investigators looking into whether he’d possessed child pornography.

Link said the employee, Ed Sacerio, mentioned that he was unsure what ever came of a ransomware attack around Sept. 14, 2016, that had alarmed elections office workers and sent them scrambling to unplug computers. According to Link, multiple employees, including fired former IT director Jeff Darter, confirmed that a virus either began encrypting files or changing file names, and that text boxes began popping up demanding cash payments in exchange for the release of files.

She said she was told the compromised files were mostly Microsoft Word and Excel files. “Nobody has reported it had anything to do with voter files,” she said.

Sacerio told her that employees had printed out reams of code to try to document the attack. She said he later found the box full of paper in her former IT director’s office. She said she doesn’t believe anyone reported the incident or documented it internally.

“When I learned about it and I called the state Division of Elections and I called the FBI and my contact at Homeland Security, none of them were aware of it,” Link said. “And, in my conversation with our IT director, he did indicate, to his knowledge, that it hadn’t been reported.”

Susan Bucher, the former supervisor of elections in Palm Beach County who was suspended by Florida Gov. Ron DeSantis following a problem-plagued 2018 election recount, told The South Florida Sun-Sentinel that she would “swear on a stack of Bibles” that her office was not the subject of a cyber attack.

But Link said she sent the box of printed-out code to the FBI, which informed her office that it appeared they’d been infected by a ZEPTO virus. The virus, deployed by hackers seeking a ransom, scrambles files and renames them “.zepto” until a decryption key is deployed.

The town of Palm Beach was infected with ransomware in 2016. Other municipalities, including Key Biscayne, were hit in 2019.

Florida Secretary of State Laurel Lee said Thursday that her office had not been told of the ransomware attack in Palm Beach County in 2016.

The FBI declined to comment. The Department of Homeland Security referred The Miami Herald to Palm Beach County.

Tammy Jones, the head of the Florida State Association of Supervisors of Elections, said it’s not that surprising that a cyber attack would have gone unreported in 2016. The state’s local elections officials became aware that summer that hackers were attempting to gain access into elections networks, but protocols for what to do and who to alert in case of a breach were less clear than they are today, she said.

“It’s just a known fact (now) that you report it” Jones said. “There was nobody to report it to in 2016.”

But Ion Sancho, a former Leon County elections supervisor who has been brought in as an expert witness in recent elections-related court cases, said the apparent decision not to report the ransomware attack threatens the credibility of elections. He noted that the FBI kept confidential that two of Florida’s elections offices had been breached until Special Counsel Robert Mueller detailed that information in his report last year into elections interference.

The FBI has since confirmed the breaches, but did not publicly disclose which two Florida elections offices were hit in 2016 — a lingering issue that Sancho said is “causing unease and uncertainty.”

“In order to not start a panic, you need accurate and truthful information,” Sancho said. “We need to make the information public and explain what safeguards were taken and what the ramifications might or might not be. Honesty is always the best policy. If the supervisor of elections loses credibility … it could contribute to loss of faith in the process.”

Lee, the secretary of state, said through a spokesman that the state is committed to secure elections and noted the hiring of five cybersecurity navigators to help the state’s 67 elections departments. She said an elections-specific risk assessment has been conducted in every office, and the state has previously touted the widespread use of a new system that detects attempted cyber attacks.

“The department is working with each supervisor of elections to address any weaknesses or vulnerabilities that are identified in their county prior to the 2020 elections,” she said.

Link, who revealed the cyber attack Wednesday during an interview with the Palm Beach Post editorial board, said she’s positive that her office is not compromised as a result of the ransomware. She said the elections department has been working for months with the state’s cyber navigators, and there have been no indications that her office is compromised.

She said her office had also worked with the FBI and DHS before the ransomware attack was disclosed to her.

“We wanted to really be very secure. Understanding that sometimes viruses are attached to different types of things and can live in your system and hide there and be reactivated, we wanted to have somebody who really understood what they were doing come do this for us,” she said. “That’s what this last step is.”

———

©2020 Miami Herald

Visit Miami Herald at www.miamiherald.com

Distributed by Tribune Content Agency, LLC.

State News

New Jersey Declared White Supremacists a Major Threat. Here’s Why That’s Groundbreaking
State News
New Jersey Declared White Supremacists a Major Threat. Here’s Why That’s Groundbreaking

PHILADELPHIA — New Jersey says white supremacist extremism is one of the state’s greatest terrorism threats — higher than al-Qaida and the Islamic State — and in doing so has positioned itself as a national leader in countering domestic terrorism inspired by racism, experts say. Last... Read More

Jim Clyburn, 'Kingmaker of South Carolina Politics,' Endorses Biden Ahead of Primary
2020 Elections
Jim Clyburn, 'Kingmaker of South Carolina Politics,' Endorses Biden Ahead of Primary
February 26, 2020
by Dan McCue

House Majority Whip Jim Clyburn, widely considered to be the political kingmaker in South Carolina, endorsed former Vice President Joe Biden Wednesday, just three days ahead of the nation's First in the South primary. The endorsement was announced minutes after the two men shared the stage... Read More

Could the S.C. Primary Be A Harbinger of a Very Bad Year for Lindsey Graham?
Political News
Could the S.C. Primary Be A Harbinger of a Very Bad Year for Lindsey Graham?
February 25, 2020
by Dan McCue

It is the kind of assertion that brings a reporter up short, temporarily. To hear it twice, in two completely separate conversations, was astounding. It was the idea that as result of changing demographics and highly successful voter registration drives across the state, Sen. Lindsey Graham,... Read More

llinois’ Recreational Marijuana Sales Brought $10 Million in Tax Revenue in January
State News
llinois’ Recreational Marijuana Sales Brought $10 Million in Tax Revenue in January

CHICAGO — Recreational marijuana sales in Illinois generated more than $10 million in tax revenue in January, according to the Illinois Department of Revenue. The state collects sales tax and a cannabis excise tax on recreational marijuana sales. January sales generated more than $7.3 million in... Read More

Governors Oppose Billion-Dollar Cuts to National Guard Funding
Federal Budget
Governors Oppose Billion-Dollar Cuts to National Guard Funding
February 24, 2020
by Dan McCue

The National Governors Association is joining with the National Guard Association of the United States to oppose the Department of Defense’s planned reprogramming, which would cut nearly $1.7 billion from the National Guard and Reserve. At the request of the nation’s governors, Congress, on a bipartisan... Read More

RNC, Michigan GOP File Motion to Intervene in Battleground Voting Rights Case
Elections
RNC, Michigan GOP File Motion to Intervene in Battleground Voting Rights Case
February 24, 2020
by Dan McCue

The Republican National Committee and Michigan Republican Party last week filed a motion to intervene in a lawsuit over the right of organizers to participate in elections. The underlying lawsuit was filed by Priorities USA, a Democratic super PAC, in November. It challenges Michigan state laws... Read More

Straight From The Well
scroll top