1. Florida Politics

Phishing expedition: At least 5 Florida counties targeted by Russian election hack

Russian President Vladimir Putin gestures as he speaks at the St. Petersburg International Economic Forum in St. Petersburg, Russia, on June 2. Putin is dismissing claims about Russian involvement in the U.S. elections. [Associated Press]
Published Jun. 7, 2017

TALLAHASSEE — Russian hackers tried to break into the computer systems of at least five Florida county elections offices days before the 2016 presidential election, according to five county officials who say they received malicious emails described in a leaked intelligence report.

Election supervisors in Hillsborough, Pasco, Citrus and Clay counties separately told the Times/Herald their offices got the emails, which contained attachments that could have taken over their computers. But all four said their staffers did not open them. Volusia County said it opened one of the infected emails, but not the attachment that could have compromised its systems.

There's been no evidence disclosed publicly that any counties were breached. It's not clear how many counties were targeted, in Florida or across the country. The Times/Herald sent requests for the emails to all 67 elections offices in the state. Nineteen replied back that they searched for them and couldn't find any.

The intelligence report, written by the National Security Agency, was published Monday by the Intercept, an online news outlet, and verified by other national media sources. It described two efforts by a Russian military intelligence unit, the G.R.U., to disrupt the presidential election.

RELATED: Intelligence contractor is charged in first criminal leak case of Trump era

The first attempt, in August, targeted VR Systems, a Tallahassee-based vendor that sells voter registration software to all but three of Florida's 67 counties, according to the report. The second attempt was aimed at 122 election management officials across the country, just days before the election, and was disguised as a routine message from VR Systems, the report said.

RELATED: Russian hackers pretended to be Florida company in phishing expedition

VR Systems' software helps check in voters at the polls and doesn't tabulate ballots. Still, the attack could have infected election workers' computers, VR Systems warned in a Nov. 1 email, which many supervisors credited with helping them avoid opening the files.

Sending fake emails — called "phishing" — is a common way to attack a large organization, said Joe Partlow, the chief technology officer of ReliaQuest, a national IT security firm based in Florida. In many cases, but not all, it would take a forensic review of the system to determine if a hack has been successful, Partlow said.

"It's easy to slip past the controls in place," he said.

The Intercept report was not the first evidence that Russian intelligence sources were attacking local election systems. A federal intelligence assessment released in January reported that "Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards."

But the disclosures cast new light on the scale of the Russians' effort to compromise systems across Florida — involving a random-seeming assortment of some of the state's largest and smallest counties.

While Pinellas officials said a search for the suspect email turned up nothing, Hillsborough officials said in November they immediately noticed that the suspect email came from a strange VR systems email address and that it was blocked.

Pasco County Supervisor of Elections Brian Corley said the malicious message was in his agency's inbox on Oct. 31. "I didn't open it," Corley said. "Phishing emails? We get them all the time."

In Daytona Beach, Volusia Supervisor of Elections Lisa Lewis said three of her staffers got the email on Nov. 7, the day before election day.

The email was opened but all three staffers say they didn't open the attachment, she said.

"There's no way to know for sure. Other than the word of everybody remembered getting the warning, not to open the attachment, so that's what we're going with," she said.

She said the state hadn't contacted her to investigate, and she heard nothing about the email between November and Monday.

"Never ever, I promise you, did it ever cross my mind that it would be a Russian e-mail," she said. "That they were behind it. Never."

Clay County Supervisor of Elections Chris Chambless said his office got a copy of the phishing e-mail but it was stopped by an anti-virus filter. He said his office gets 3,500 phishing or spam messages daily that get blocked.

Miami-Dade County said it didn't get an email. "We have no indication at this time that a Miami-Dade County system, or one of our valued partners, has been breached," a spokesman for county Mayor Carlos Gimenez said.

Broward Supervisor of Elections Brenda Snipes said her office didn't get it either, though digital data attached to the copy sent to Clay — reviewed by the Times/Herald ­— appeared to show the hackers attempting to send one to an email address in her office.

"We haven't had any to my knowledge," Snipes said. "Honestly we just have gotten nothing on this, nothing."

"To our knowledge, there has been no Florida county that executed this phishing attempt," said Chambless, president of the Florida State Association of Supervisors of Elections.

"It's so hard to know what they were trying to do," said Lawrence Norden, a voting expert with the Brennan Center for Justice. "But the thing about doing something like this over the internet is it doesn't take a lot of extra effort to send it to every single county, so it doesn't really surprise me. And this is what makes cyberattacks so much more dangerous than an individual attack that involves physically getting a person to a particular place."

Citrus Supervisor of Elections Susan Gill said she recalled receiving it at her Inverness offices.

"Yes, we did receive it, and we immediately received an email from VR Systems telling us not to open it," Gill said.

Gov. Rick Scott's chief elections official, Secretary of State Ken Detzner, declined to field questions Tuesday.

Detzner's spokeswoman, Sarah Revell, said the state voter registration database is secure.

"We have no indication that any unauthorized access occurred. Steps taken to secure databases include implementing software, hardware and firewalls to protect information," she said.

VR Systems chief executive officer Mindy Perkins issued a statement in response to the Intercept's report that said in part: "When a customer alerted us to an obviously fraudulent email purporting to come from VR Systems, we immediately notified all our customers and advised them not to click on the attachment. We are only aware of a handful of our customers who actually received the fraudulent email and of those, we have no indication that any of them clicked on the attachment or were compromised as a result."

After the first suspicious email was sent last August, the FBI's Jacksonville office held a conference call on Sept. 30 with county supervisors of elections to alert them to "a malicious act found in a jurisdiction" in Florida, according to Ion Sancho, the former Leon County elections supervisor who was on the call.

Sancho and other election officials who spoke to the Times/Herald Tuesday said they had not heard any more about the federal investigation until the Intercept's report appeared Monday.

A 25-year-old intelligence contractor from Augusta, Ga., Reality Leigh Winner, was charged Monday with leaking the NSA report to the Intercept.

Times/Herald staff writers Michael Van Sickler and Mary Ellen Klas and Herald staff writers Doug Hanks and Amy Sherman contributed to this report, which also used information from The New York Times. Contact Steve Bousquet at Follow @stevebousquet.


  1. Rep. Geraldine Thompson, D-Orlando, urges the Florida Board of Education to hold schools accountable for teaching the Holocaust and African-American history, as required by lawmakers in 1994. The board was considering a rule on the matter at its Sept. 20, 2019, meeting in Jacksonville. The Florida Channel
    School districts will have to report how they are providing the instruction required in Florida law.
  2. The Mar-a-Lago Resort in Palm Beach. JOE RAEDLE  |  Getty Images
    It wasn’t immediately clear how much Mar-a-Lago would charge to host the Marine Corps Birthday Ball — or even if it might do so for free.
  3. In this March 24, 2018, file photo, crowds of people participate in the March for Our Lives rally in support of gun control in San Francisco. JOSH EDELSON  |  AP
    ‘Guns are always a volatile topic in the halls of the legislature,’ one Republican said.
  4. Pasco County school superintendent Kurt Browning says Fortify Florida, the new state-sponsored app that allows students to report potential threats, is "disrupting the education day" because the callers are anonymous, many of the tips are vague and there's no opportunity to get more information from tipsters. "I have an obligation to provide kids with a great education," Browning said. "I cannot do it with this tool, because kids are hiding behind Fortify Florida." JEFFREY SOLOCHEK  |
    Vague and anonymous tips often waste law enforcement’s time and disrupt the school day, says Kurt Browning, president of Florida’s superintendents association.
  5. Tonight's LGBTQ Presidential Forum is hosted by Angelica Ross of FX's Pose. Twitter
    A live stream of the event and what to watch for as 10 candidates meet on stage in Iowa.
  6. In this April 11, 2018, file photo, a high school student uses a vaping device near a school campus in Cambridge, Mass.  [AP Photo | Steven Senne] STEVEN SENNE  |  AP
    "The department does not appear to have the authority to do anything.”
  7. Clearwater Mayor George Cretekos listens to a speaker share an opinion about a city matter during a city council meeting at Clearwater City Hall in Clearwater, Fla. on Thursday, April 20, 2017.  On Thursday, the Clearwater City Council rejected the mayor's resolution urging lawmakers to ban assault weapons.  [Times files] TIMES FILES  |  Tampa Bay Times
    However, the city did pass a resolution calling for more modest gun control measures.
  8. Maurice A. Ferré at his Miami home earlier this year. JOSE A. IGLESIAS  |  Miami Herald
    He served as mayor for 12 years and set the stage for Miami to become an international city.
  9. Rep. Susan Valdes, D-Tampa, during a Feb. 7, 2019, meeting of the House PreK-12 Appropriations subcommittee. [The Florida Channel]
    ‘One test should not determine the rest of your life,’ Rep. Susan Valdes says.
  10. Vice President Joe Biden, right, talks to supporters as former Florida Gov. Charlie Crist, left, stands near during a campaign stop at at Century Village in Boca Raton, Fla., Monday, Oct. 13, 2014. Crist is locked in a tight race against Gov. Rick Scott in one of the most negative gubernatorial campaigns in Florida history. The two disagree on most major issues, including health care, the minimum wage, Cuba policy, gay marriage and medical marijuana. (AP Photo/Alan Diaz) ORG XMIT: FLAD102 ALAN DIAZ  |  AP
    The Florida Republican-turned-Democrat said Biden’s ‘record of getting things done speaks for itself.’