1. Florida Politics

Phishing expedition: At least 5 Florida counties targeted by Russian election hack

Russian President Vladimir Putin gestures as he speaks at the St. Petersburg International Economic Forum in St. Petersburg, Russia, on June 2. Putin is dismissing claims about Russian involvement in the U.S. elections. [Associated Press]
Published Jun. 7, 2017

TALLAHASSEE — Russian hackers tried to break into the computer systems of at least five Florida county elections offices days before the 2016 presidential election, according to five county officials who say they received malicious emails described in a leaked intelligence report.

Election supervisors in Hillsborough, Pasco, Citrus and Clay counties separately told the Times/Herald their offices got the emails, which contained attachments that could have taken over their computers. But all four said their staffers did not open them. Volusia County said it opened one of the infected emails, but not the attachment that could have compromised its systems.

There's been no evidence disclosed publicly that any counties were breached. It's not clear how many counties were targeted, in Florida or across the country. The Times/Herald sent requests for the emails to all 67 elections offices in the state. Nineteen replied back that they searched for them and couldn't find any.

The intelligence report, written by the National Security Agency, was published Monday by the Intercept, an online news outlet, and verified by other national media sources. It described two efforts by a Russian military intelligence unit, the G.R.U., to disrupt the presidential election.

RELATED: Intelligence contractor is charged in first criminal leak case of Trump era

The first attempt, in August, targeted VR Systems, a Tallahassee-based vendor that sells voter registration software to all but three of Florida's 67 counties, according to the report. The second attempt was aimed at 122 election management officials across the country, just days before the election, and was disguised as a routine message from VR Systems, the report said.

RELATED: Russian hackers pretended to be Florida company in phishing expedition

VR Systems' software helps check in voters at the polls and doesn't tabulate ballots. Still, the attack could have infected election workers' computers, VR Systems warned in a Nov. 1 email, which many supervisors credited with helping them avoid opening the files.

Sending fake emails — called "phishing" — is a common way to attack a large organization, said Joe Partlow, the chief technology officer of ReliaQuest, a national IT security firm based in Florida. In many cases, but not all, it would take a forensic review of the system to determine if a hack has been successful, Partlow said.

"It's easy to slip past the controls in place," he said.

The Intercept report was not the first evidence that Russian intelligence sources were attacking local election systems. A federal intelligence assessment released in January reported that "Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards."

But the disclosures cast new light on the scale of the Russians' effort to compromise systems across Florida — involving a random-seeming assortment of some of the state's largest and smallest counties.

While Pinellas officials said a search for the suspect email turned up nothing, Hillsborough officials said in November they immediately noticed that the suspect email came from a strange VR systems email address and that it was blocked.

Pasco County Supervisor of Elections Brian Corley said the malicious message was in his agency's inbox on Oct. 31. "I didn't open it," Corley said. "Phishing emails? We get them all the time."

In Daytona Beach, Volusia Supervisor of Elections Lisa Lewis said three of her staffers got the email on Nov. 7, the day before election day.

The email was opened but all three staffers say they didn't open the attachment, she said.

"There's no way to know for sure. Other than the word of everybody remembered getting the warning, not to open the attachment, so that's what we're going with," she said.

She said the state hadn't contacted her to investigate, and she heard nothing about the email between November and Monday.

"Never ever, I promise you, did it ever cross my mind that it would be a Russian e-mail," she said. "That they were behind it. Never."

Clay County Supervisor of Elections Chris Chambless said his office got a copy of the phishing e-mail but it was stopped by an anti-virus filter. He said his office gets 3,500 phishing or spam messages daily that get blocked.

Miami-Dade County said it didn't get an email. "We have no indication at this time that a Miami-Dade County system, or one of our valued partners, has been breached," a spokesman for county Mayor Carlos Gimenez said.

Broward Supervisor of Elections Brenda Snipes said her office didn't get it either, though digital data attached to the copy sent to Clay — reviewed by the Times/Herald ­— appeared to show the hackers attempting to send one to an email address in her office.

"We haven't had any to my knowledge," Snipes said. "Honestly we just have gotten nothing on this, nothing."

"To our knowledge, there has been no Florida county that executed this phishing attempt," said Chambless, president of the Florida State Association of Supervisors of Elections.

"It's so hard to know what they were trying to do," said Lawrence Norden, a voting expert with the Brennan Center for Justice. "But the thing about doing something like this over the internet is it doesn't take a lot of extra effort to send it to every single county, so it doesn't really surprise me. And this is what makes cyberattacks so much more dangerous than an individual attack that involves physically getting a person to a particular place."

Citrus Supervisor of Elections Susan Gill said she recalled receiving it at her Inverness offices.

"Yes, we did receive it, and we immediately received an email from VR Systems telling us not to open it," Gill said.

Gov. Rick Scott's chief elections official, Secretary of State Ken Detzner, declined to field questions Tuesday.

Detzner's spokeswoman, Sarah Revell, said the state voter registration database is secure.

"We have no indication that any unauthorized access occurred. Steps taken to secure databases include implementing software, hardware and firewalls to protect information," she said.

VR Systems chief executive officer Mindy Perkins issued a statement in response to the Intercept's report that said in part: "When a customer alerted us to an obviously fraudulent email purporting to come from VR Systems, we immediately notified all our customers and advised them not to click on the attachment. We are only aware of a handful of our customers who actually received the fraudulent email and of those, we have no indication that any of them clicked on the attachment or were compromised as a result."

After the first suspicious email was sent last August, the FBI's Jacksonville office held a conference call on Sept. 30 with county supervisors of elections to alert them to "a malicious act found in a jurisdiction" in Florida, according to Ion Sancho, the former Leon County elections supervisor who was on the call.

Sancho and other election officials who spoke to the Times/Herald Tuesday said they had not heard any more about the federal investigation until the Intercept's report appeared Monday.

A 25-year-old intelligence contractor from Augusta, Ga., Reality Leigh Winner, was charged Monday with leaking the NSA report to the Intercept.

Times/Herald staff writers Michael Van Sickler and Mary Ellen Klas and Herald staff writers Doug Hanks and Amy Sherman contributed to this report, which also used information from The New York Times. Contact Steve Bousquet at Follow @stevebousquet.


  1. Protesters gathered outside the federal courthouse in Tallahassee on Monday, Oct. 7, 2019, while a federal judge heard arguments for an against the the Legislature's bill implementing Amendment 4. LAWRENCE MOWER  |  Lawrence Mower
    It’s unclear how state and county officials plan on complying with the judge’s order, however. The “poll tax” issued wasn’t addressed, either.
  2. The Florida Capitol. [SCOTT KEELER   |   Times] SCOTT KEELER  |  Tampa Bay Times
    The job entails being a part-time lobbyist, part-time expert on the Florida Sunshine Law.
  3. Florida K-12 Chancellor Jacob Oliva presents the state's second draft of academic standards revisions during an Oct. 17, 2017, session at Jefferson High School in Tampa. Gov. Ron DeSantis called for the effort in an executive order to remove the Common Core from Florida schools. JEFFREY SOLOCHEK  |  Times staff
    ‘Our third draft will look different from our second,’ the chancellor explains.
  4. Igor Fruman, hugs Florida Governor elect Ron DeSantis, right, as Lev Parnas looks on Tuesday, Nov. 6, 2018 in Orlando at the watch party for DeSantis. Fruman and Parnas were arrested last week on campaign finance violations. CHRIS URSO  |  Times
    Florida’s governor has shrugged off past donor controversies. This time, there were photos. Now it’s not going away.
  5. The sun sets over a slab which once served as a foundation for a home on Mexico Beach in May. DOUGLAS R. CLIFFORD  |  Tampa Bay Times
    Area leaders fear lower population numbers will lead to reduced federal funding and political representation.
  6. Senador de Florida, Rick Scott.  Foto: AP
    “The FBI has failed to give me or these families an acceptable answer, but I’m not going to allow that,” Scott said, adding that the FBI didn’t share pertinent information on shootings at Pulse, the...
  7. Courtney Wild, 30, was a victim of serial sexual offender Jeffrey Epstein beginning at the age of 14. Epstein paid Wild, and many other underage girls, to give him massages, often having them undress and perform sexual acts. Epstein also used the girls as recruiters, paying them to bring him other underage girls. Courtesy of Royal Caribbean
    Courtney Wild’s relentless quest for justice has led to a bipartisan push for sweeping reforms.
  8. Scott Israel, former Broward County Sheriff speaks during a news conference on Sept. 25, in Davie. A Florida Senate official is recommending that the sheriff, suspended over his handling of shootings at a Parkland high school and the Fort Lauderdale airport, should be reinstated. BRYNN ANDERSON  |  AP
    Naples lawyer Dudley Goodlette was threatened shortly after he made his recommendation last month.
  9. Rep. Jamie Grant, R- Tampa and Senator Jeff Brandes, R- St. Petersburg listen to Amendment 4 debate in the Florida Senate on Thursday. [SCOTT KEELER   |   Times] SCOTT KEELER  |  Tampa Bay Times
    “I think some of the points of the judge were well-made," Sen. Jeff Brandes said.
  10. Tiffany Carr — shown during a 2004 visit to a Hollywood nail salon, where she spoke on domestic violence — did not respond this past week to requests from the Miami Herald to address her $761,560 annual salary. She is head of the Florida Coalition Against Domestic Violence. [Bob Eighmie Miami Herald file photo]
    The Florida Department of Children and Families started a review of a domestic violence nonprofit’s finances last summer after it was reported that its CEO Tiffany Carr was paid $761,000. The state...