Here Are the Florida Counties That Were Sent a Russian Phishing Attack. Two of Them Were Hacked

May 17, 2019by Dan Sweeney and Aric Chokey
Florida Gov. Ron DeSantis speaks during the bill signing ceremony on Education Achievements at William J. Kirlew Junior Academy in Miami Gardens, Fla., on Thursday, May 9, 2019. (David Santiago/Miami Herald/TNS)

FORT LAUDERDALE, Fla. — The search is on to determine which two Florida counties’ voter data was accessed by Russian hackers.

A South Florida Sun Sentinel investigation found that at least 13, and as many as 20, elections offices in Florida were sent an email by GRU, a Russian military intelligence agency. According to an FBI investigation, that email included an attachment that appeared to be a harmless Word document, but contained software that allowed the sender to access the computer files of anyone who opened the attachment.

The emails came from a Gmail account that appeared at a glance to come from VR Systems, a Florida-based elections software company that serves many elections offices throughout Florida. The practice of disguising a malicious email to appear as though it comes from a trusted source is known as spear phishing.

The malicious email address has since stopped accepting emails, suggesting it has been shut down.

Gov. Ron DeSantis announced Tuesday that the FBI informed him the spear phishing attempt was successful in two Florida counties, but he added that he could not say which counties because he had signed a nondisclosure agreement with the FBI.

The Sun Sentinel filed a public records request for the agreement but was told DeSantis did not have a copy. A Freedom of Information Act request has been filed with the FBI, but getting the results of an FOIA request can take a long time.

Prior to DeSantis’ announcement, the Sun Sentinel filed a public records request to all 67 Florida county supervisors of elections offices for all emails sent from the email address used by the Russian hackers to their offices in a date range that included several weeks before and after the 2016 election, when the FBI reported the attack had taken place.

Of the 67 county elections offices contacted, 47 replied that they did not receive the email. That could mean they didn’t receive it, or that it was immediately quarantined and didn’t turn up in a search of email records. The other option is that employees of these elections offices destroyed the email or lied and refused to turn it over, both of which would be a violation of the state’s public records law.

Thirteen counties confirmed they were sent the email from Russian hackers but say they did not open it: Alachua, Broward, Citrus, Clay, Duval, Gulf, Lee, Leon, Pasco, Putnam, Taylor, Volusia and Wakulla. The political makeup of these counties is all over the map. For example, Wakulla is closely balanced between registered Democrats and Republicans, while Clay has a more than 2-to-1 Republican advantage and Broward has a more than 2-to-1 advantage in favor of Democrats.

Of the seven remaining counties, four acknowledged receiving the public records request but never responded with a follow-up offering either the requested email or a statement that a search of their records hadn’t turned it up. Those counties were Charlotte, Escambia, Highlands and Hillsborough.

Three others never acknowledged receiving the public records request: Calhoun, Jefferson and Washington counties.

The Sun Sentinel sent the records requests to elections offices on April 24, a few days after the release of the redacted report on Russian interference in the 2016 election produced by special counsel Robert Mueller. The Mueller report noted an FBI investigation had found that “in November 2016, the GRU sent spear phishing emails to over 120 email accounts used by Florida county officials responsible for administering the 2016 U.S. election. The spear phishing emails contained an attached Word document coded with malicious software (commonly referred to as a Trojan) that permitted the GRU to access the infected computer.”

According to the report, the spear phishing attempt “enabled the GRU to gain access to the network of at least one Florida county government,” though Mueller’s office did not independently verify the FBI’s findings.

Further, as part of a 2017 report on a leaked National Security Agency document detailing the spear fishing attempt, the online news publication The Intercept printed the email address Russian intelligence used in sending the emails to Florida elections office officials. This email address became the subject of the Sun Sentinel’s public records request.

It’s still unclear just which two counties opened the attachment in the email sent by agents of a Russian intelligence agency.

Florida members of Congress were given a classified briefing Thursday morning, after which a source familiar with what was discussed told the Sun Sentinel that neither Broward nor Palm Beach counties were among the two hacking victims.

Broward Supervisor of Elections Peter Antonacci has stated unequivocally that the spear phishing attempt was not successful in his office.

On Wednesday, the Miami Herald published the results of its own survey, in which the paper’s reporters asked each county supervisor of elections whether their offices were one of the two that was hacked. All said they were not, except those in Gadsden and Hardee counties, which did not respond to reporters’ questions. But Gadsden and Hardee elections officials responded to the Sun Sentinel’s public records request, saying they had not received the spear phishing email.

Something doesn’t add up, and Florida’s elected officials are demanding that the FBI release the identities of the counties that were hacked.

———

Sun Sentinel staff writer Skyler Swisher contributed to this report.

———

©2019 Sun Sentinel (Fort Lauderdale, Fla.)

Visit the Sun Sentinel (Fort Lauderdale, Fla.) at www.sun-sentinel.com

Distributed by Tribune Content Agency, LLC.

Cybersecurity

Hospital Hackers Seize Upon Coronavirus Pandemic
Cybercrime
Hospital Hackers Seize Upon Coronavirus Pandemic

WASHINGTON — In the midst of the coronavirus pandemic, staffers at the Champaign-Urbana Public Health District in Illinois got an unwelcome surprise when they arrived at work one morning last month: Cybercriminals had hijacked their computer network and were holding it hostage. The hackers were demanding... Read More

New Election Security Funds Won’t Come Easy for Hard-Hit States
Elections
New Election Security Funds Won’t Come Easy for Hard-Hit States

WASHINGTON — Cash-strapped states, which Congress just pumped $150 billion into, will nonetheless have to pony up in order to access new election security grants in the massive new coronavirus aid package signed by President Donald Trump. The $2.3 trillion aid bill contains $400 million to... Read More

State AGs Crack Down on Coronavirus Scams
State News
State AGs Crack Down on Coronavirus Scams

WASHINGTON — From disgraced televangelist Jim Bakker in Missouri to a convenience store operator in New Jersey, suspected fraudsters are trying to take advantage of the coronavirus panic to trick consumers into buying useless or harmful products, triggering state anti-gouging laws and anti-fraud efforts by state... Read More

Cybercriminals Seek Profit in Coronavirus
Cybercrime
Cybercriminals Seek Profit in Coronavirus

WASHINGTON — An email seemingly from the U.S. Centers for Disease Control and Prevention warns of new coronavirus infections and urges readers to click on a link to see a list of infections in their community. But the email actually comes from cybercriminals looking to use... Read More

Ransomware Attacks Prompt Tough Question for Local Officials: To Pay or Not To Pay?
Cybercrime
Ransomware Attacks Prompt Tough Question for Local Officials: To Pay or Not To Pay?

WASHINGTON — When cybercriminals struck Lake City, Fla., last June, city officials had to make a tough choice: Pay the hackers or restore systems on their own. A ransomware attack had hijacked the government’s computer network and held it hostage for several weeks. While the attack... Read More

Assange Lawyers Say Trump Offered a Pardon If He ‘Played Ball’
In The News
Assange Lawyers Say Trump Offered a Pardon If He ‘Played Ball’

LONDON — Julian Assange’s lawyers told a London court that they will provide evidence that U.S. President Donald Trump was prepared to offer the WikiLeaks founder a pardon if he “played ball” about leaks of Democratic National Committee emails. At a preliminary hearing Wednesday, Assange’s lawyer... Read More

Straight From The Well
scroll top