Here Are the Florida Counties That Were Sent a Russian Phishing Attack. Two of Them Were Hacked
FORT LAUDERDALE, Fla. — The search is on to determine which two Florida counties’ voter data was accessed by Russian hackers.
A South Florida Sun Sentinel investigation found that at least 13, and as many as 20, elections offices in Florida were sent an email by GRU, a Russian military intelligence agency. According to an FBI investigation, that email included an attachment that appeared to be a harmless Word document, but contained software that allowed the sender to access the computer files of anyone who opened the attachment.
The emails came from a Gmail account that appeared at a glance to come from VR Systems, a Florida-based elections software company that serves many elections offices throughout Florida. The practice of disguising a malicious email to appear as though it comes from a trusted source is known as spear phishing.
The malicious email address has since stopped accepting emails, suggesting it has been shut down.
Gov. Ron DeSantis announced Tuesday that the FBI informed him the spear phishing attempt was successful in two Florida counties, but he added that he could not say which counties because he had signed a nondisclosure agreement with the FBI.
The Sun Sentinel filed a public records request for the agreement but was told DeSantis did not have a copy. A Freedom of Information Act request has been filed with the FBI, but getting the results of an FOIA request can take a long time.
Prior to DeSantis’ announcement, the Sun Sentinel filed a public records request to all 67 Florida county supervisors of elections offices for all emails sent from the email address used by the Russian hackers to their offices in a date range that included several weeks before and after the 2016 election, when the FBI reported the attack had taken place.
Of the 67 county elections offices contacted, 47 replied that they did not receive the email. That could mean they didn’t receive it, or that it was immediately quarantined and didn’t turn up in a search of email records. The other option is that employees of these elections offices destroyed the email or lied and refused to turn it over, both of which would be a violation of the state’s public records law.
Thirteen counties confirmed they were sent the email from Russian hackers but say they did not open it: Alachua, Broward, Citrus, Clay, Duval, Gulf, Lee, Leon, Pasco, Putnam, Taylor, Volusia and Wakulla. The political makeup of these counties is all over the map. For example, Wakulla is closely balanced between registered Democrats and Republicans, while Clay has a more than 2-to-1 Republican advantage and Broward has a more than 2-to-1 advantage in favor of Democrats.
Of the seven remaining counties, four acknowledged receiving the public records request but never responded with a follow-up offering either the requested email or a statement that a search of their records hadn’t turned it up. Those counties were Charlotte, Escambia, Highlands and Hillsborough.
Three others never acknowledged receiving the public records request: Calhoun, Jefferson and Washington counties.
The Sun Sentinel sent the records requests to elections offices on April 24, a few days after the release of the redacted report on Russian interference in the 2016 election produced by special counsel Robert Mueller. The Mueller report noted an FBI investigation had found that “in November 2016, the GRU sent spear phishing emails to over 120 email accounts used by Florida county officials responsible for administering the 2016 U.S. election. The spear phishing emails contained an attached Word document coded with malicious software (commonly referred to as a Trojan) that permitted the GRU to access the infected computer.”
According to the report, the spear phishing attempt “enabled the GRU to gain access to the network of at least one Florida county government,” though Mueller’s office did not independently verify the FBI’s findings.
Further, as part of a 2017 report on a leaked National Security Agency document detailing the spear fishing attempt, the online news publication The Intercept printed the email address Russian intelligence used in sending the emails to Florida elections office officials. This email address became the subject of the Sun Sentinel’s public records request.
It’s still unclear just which two counties opened the attachment in the email sent by agents of a Russian intelligence agency.
Florida members of Congress were given a classified briefing Thursday morning, after which a source familiar with what was discussed told the Sun Sentinel that neither Broward nor Palm Beach counties were among the two hacking victims.
Broward Supervisor of Elections Peter Antonacci has stated unequivocally that the spear phishing attempt was not successful in his office.
On Wednesday, the Miami Herald published the results of its own survey, in which the paper’s reporters asked each county supervisor of elections whether their offices were one of the two that was hacked. All said they were not, except those in Gadsden and Hardee counties, which did not respond to reporters’ questions. But Gadsden and Hardee elections officials responded to the Sun Sentinel’s public records request, saying they had not received the spear phishing email.
Something doesn’t add up, and Florida’s elected officials are demanding that the FBI release the identities of the counties that were hacked.
Sun Sentinel staff writer Skyler Swisher contributed to this report.
©2019 Sun Sentinel (Fort Lauderdale, Fla.)
Visit the Sun Sentinel (Fort Lauderdale, Fla.) at www.sun-sentinel.com
Distributed by Tribune Content Agency, LLC.
In The News
WASHINGTON — War in cyberspace is fully on, and the United States is losing it, according to about two dozen national security experts. The U.S. military is increasingly adept at mounting cyberattacks in places like Russia and Iran, but America’s computers are almost completely defenseless. Without... Read More
WASHINGTON - The Federal Election Commission ruled Thursday that federal candidates and political committees can accept low-cost cybersecurity services from a Silicon Valley security company so long as the firm continues to offer the same rates to its non-political clients. The firm, Area 1 Security, Inc.,... Read More
BALTIMORE — Sen. Chris Van Hollen and Rep. C.A. Dutch Ruppersberger are seeking briefings from the National Security Agency after a report that a spying tool developed by the agency and then leaked online was used to spread the ransomware that has debilitated Baltimore’s computer systems.... Read More
ATLANTA — The U.S. Census Bureau is concerned the Russian government could hack into data collected in the 2020 Census, in a similar way to how it interfered in the 2016 presidential election, a top bureau official said. “Most of the agencies of the federal government... Read More
BALTIMORE — Officials in the eastern North Carolina city of Greenville arrived to work one morning in early April to find the files on some 800 of their computers locked up. More than five weeks later, they’re still recovering from the debilitating cyberattack. The city of... Read More
FORT LAUDERDALE, Fla. — The search is on to determine which two Florida counties’ voter data was accessed by Russian hackers. A South Florida Sun Sentinel investigation found that at least 13, and as many as 20, elections offices in Florida were sent an email by... Read More