New Woodward book says Russians hacked elections systems in St. Lucie, Washington counties

St. Lucie County has not previously been identified as one of the Florida counties hacked by Russians.
FILE - In this Jan. 3, 2017, file photo The Washington Post associate editor Bob Woodward arrives at Trump Tower in New York.
FILE - In this Jan. 3, 2017, file photo The Washington Post associate editor Bob Woodward arrives at Trump Tower in New York. [ ANDREW HARNIK | AP ]
Published Sept. 9, 2020

A new book by veteran journalist Bob Woodward names St. Lucie and Washington counties as among at least two Florida counties whose voter registration systems were hacked by Russians ahead of the 2016 election, according to CNN, which received an advance copy of Woodward’s book.

The penetration of some of Florida county’s elections offices by Russians in 2016 has previously been reported, but St. Lucie County has not previously been named as one of the counties to be hacked.

Woodward’s book, “Rage,” said that the National Security Agency and CIA have evidence that the Russians had placed malware in at least those two counties but that there was no evidence the malware had been activated, according to CNN’s reporting on the book. The book says that the malware “was sophisticated and could erase voters in specific districts,” the network reported.

Gov. Ron DeSantis, following the revelation last year in special counsel Robert Mueller’s report that at least one Florida county had had its election information breached by Russian hackers, said the FBI told him that hackers had actually gained access in two Florida counties. But he said he signed an agreement with the FBI not to disclose the names of the counties.

The Washington Post later reported that hackers had gained access to the voter registration database in Washington County, a rural county in the Panhandle. But the other county reported to have been hacked has not previously been reported.

Gertrude Walker, the supervisor of elections in St. Lucie County, which is on Florida’s eastern Treasure Coast, did not respond to two messages left for her by the Tampa Bay Times on Wednesday. She told TCPalm in 2019 that she wasn’t aware of any hacking attempts that could have impacted voter registration.

Carol Rudd, Washington County’s supervisor of elections, also did not immediately return a phone call on Wednesday afternoon. In 2019, she told the Tampa Bay Times that she could not answer whether her office had been hacked because it could directly or indirectly allow people to “ascertain details harmful to national security.”

Related: Which Florida counties were hacked? Maybe these non-denial denials give a clue

Information about Russian interference in Florida in 2016 has dribbled out over the years. In 2017, a leaked classified National Security Agency document said hackers had penetrated Tallahassee–based software vendor VR Systems and spoofed company emails. VR Systems, based in Tallahassee, now handles the voter registration database for every Florida county except Sarasota. The company has denied that it was hacked.

“We take elections security very seriously and we will continue to work tirelessly to protect every aspect of our voter registration software and related systems,” Ben Martin, chief operating officer of VR Systems, said in a statement. He said that “elections security has evolved significantly over the last four years and VR Systems and the entire elections community continue to prepare for potential threats."

A few months after the Mueller report came out in 2019, a Senate intelligence report was released that suggested that Russians had penetrated up to four supervisor of elections offices.

Officials have stressed that the 2016 breaches didn’t affect vote tallies or the result of the election.

Voter registration systems are different than the systems that count votes.

Elections officials in recent years have worked to beef up their cybersecurity measures. Among other initiatives, Florida’s counties now have what is known as an Albert network monitoring sensor, which is supposed to alert county officials of abnormal network activity.

Elections officials say they have been working with the state and federal partners, including the U.S. Department of Homeland Security, to set up better security measures and best practices, and spending money to upgrade outdated technology and train staff to better ward against suspicious emails or other cybersecurity weaknesses.

In a briefing last month with reporters nationwide, federal officials from the Department of Homeland Security, the FBI and the Office of the Director of National Intelligence said they had been getting reports of “scanning and probing” of elections infrastructure this year but that the “vast majority” of activity has been blocked and unsuccessful. A senior Department of Homeland Security official said that foreign actors like Russia targeting election infrastructure is part of the “playbook” but said there is now better coordination among agencies than there was in 2016.