By the summer of 2016, Russia's foreign intelligence agency GRU sought access to state and local computer networks by "exploiting known software vulnerabilities on websites of state and local governmental entities." Their efforts included sending spearphishing emails to public elections officials and employees at companies involved in voting technology. According to the report:
"In November 2016, the GRU sent spearphishing emails to over 120 email accounts used by Florida county officials responsible for administering the 2016 U.S. election. The spearphishing emails contained an attached Word document coded with malicious software (commonly referred to as a Trojan) that permitted the GRU to access the infected computer.Last year, former U.S. Sen. Bill Nelson faced criticism from then Gov. Rick Scott and other Florida officials for saying that the Russians "already penetrated certain counties in the state and they now have free rein to move about."
The FBI was separately responsible for this investigation. We understand the FBI believes that this operation enabled the GRU to gain access to the network of at least one Florida county government. The Office did not independently verify that belief and, as explained above, did not undertake the investigative steps that would have been necessary to do so."
Back then, the Department of Homeland Security told the Tampa Bay Times that it had not seen "any new compromises by Russian actors of election infrastructure." Scott demanded that Nelson provide proof, but Nelson declined to speak further about his claim.
In a statement, the Florida Department of State, which oversees elections, says it has "no knowledge or evidence of any successful hacking attempt at the county level during the 2016 elections." DOS spokesperson Sarah Revell says:
"Upon learning of the new information released in the Mueller report, the Department immediately reached out to the FBI to inquire which county may have been accessed, and they declined to share this information with us.
The Department maintains that the 2016 elections in Florida were not hacked. The Florida Voter Registration System was and remains secure, and official results or vote tallies were not changed.
In 2017, the Department of Homeland Security (DHS) notified the Department that Florida was unsuccessfully targeted by hackers in 2016. Since 2016 when elections were designated as critical infrastructure, state and local election officials in Florida have invested millions of dollars in election security. These investments, coupled with our strong partnerships with federal and state agencies, has made Florida one of the leading states in the country on election cybersecurity.
In 2018, former DHS Secretary Kirstjen Nielsen and FBI Director Christopher Wray said in a letter to the Florida Secretary of State that '…we have not seen new or ongoing compromises of state or local election infrastructure in Florida.'
The Department of State and local election officials will continue our efforts to ensure Florida’s elections in 2020 and beyond are secure."
This story is breaking news. Check back here for updates.
Stay on top of Orlando news and views. Sign up for our weekly Headlines newsletter.