Three months after Florida’s state government was blindsided by the release of previously classified information that two local elections offices were hacked ahead of the 2016 presidential elections, Gov. Ron DeSantis and members of Congress have been caught off-guard once again by a newly released intelligence report on Russian elections interference.
On Thursday, the U.S. Senate Select Committee on Intelligence released a heavily redacted 67-page report that appears to include new information about efforts by Russian hackers to probe and target elections networks in Florida — including the FBI’s suspicions in 2018 that, in fact, four county elections systems had been hacked rather than two.
The report, which mentions that hackers may have carried out cyber reconnaissance missions across all 50 states, details attempts by the Russian intelligence GRU syndicate to probe elections systems in Illinois and 20 other unnamed states. It specifically discusses those efforts in Illinois and an unnamed “State 2,” where details about meetings and cybersecurity efforts appear to mostly jibe with what’s previously been disclosed about the election system hacking attempts in Florida.
But the report does not definitively name Florida. And nearly 24 hours after the release of the report, with the Senate Intelligence Committee apparently unwilling or unable to provide more information, Florida’s politicians and elections officials remained stuck in yet another guessing game about Russian hacking and the security of Florida’s elections networks.
“There was a lot that would hint that this would be Florida, but there’s no way for us to know for sure,” said Jonathan Uriarte, a spokesperson for Stephanie Murphy, D-Winter Park, who was among the members of Congress sworn to secrecy by the FBI in April about the identities of two hacked counties. “Senate Intel was very careful in not sharing for the same reason that we were bound not to share the names of the counties. We think it’s ridiculous.”
A spokesperson for intelligence committee Vice Chairman Mark Warner, D-Va., declined to comment.
Information about hacking efforts in Florida has been a subject of controversy and uncertainty for years, going back to June 2017, when The Intercept published a classified National Security Agency document that asserted that hackers had penetrated popular Tallahassee-based software vendor VR Systems and then spoofed company emails.
The company denied that it had been hacked, but many of Florida’s 67 local elections offices subsequently acknowledged that they had received so-called spear phishing emails carrying malware-laced attachments and made to look as if they came from VR Systems.
Still, no Florida elections supervisor has ever admitted being hacked. And until just a few months ago, Florida’s secretary of state insisted that none of the state’s elections networks had been breached. The state continued to hold that position when then-Florida Sen. Bill Nelson alleged last summer that hackers were actively inside the state’s voting networks, and even after U.S. special counsel Robert Mueller’s report on Russian elections interference publicly revealed for the first time in April that “at least one” Florida county had been hacked.
In May, following briefings with the FBI, members of Florida’s congressional delegation and Gov. DeSantis said in separate news conferences that hackers had indeed penetrated the voter registration networks of two local offices, though they said no data was altered. DeSantis, who does not have a security clearance, said he was forced to sign a non-disclosure agreement in order to receive the briefing and therefore unable to say which elections offices had been hacked.
Now, the Senate Intelligence Committee appears to reveal that FBI agents suspected as recently as May 2018 that hackers had penetrated four elections systems. The committee’s report also raises the possibility that former Secretary of State Ken Detzner — whose boss, then-Gov. Rick Scott, was running for Senate against Bill Nelson — wasn’t just denying the existence of a cyber attack to Florida voters.
According to the report, the secretary of state and director of elections for “State 2” participated in a Dec. 1, 2017, conference call with Senate Intelligence staffers, and insisted that the state had not been attacked by hackers. It’s not certain if that’s a reference to Detzner and Florida elections director Maria Matthews, but the Miami Herald has learned that they were among several officials across more than a half-dozen states to participate in a conference call that day with Senate Intelligence staffers.
“We did not see any unusual activities. I would have known about it personally,” the officials told committee staffers, according to the report. “State 2 did not want to share with the Committee its cybersecurity posture, but state officials communicated that they are highly confident in the security of their systems.”
There are other details in the report that suggest “State 2” is Florida, although doubt remains because some details conflict.
According to the Senate Intelligence Committee report released Thursday, the FBI issued an alert on Aug. 18, 2016, regarding IP addresses associated with hackers trying to probe State 2’s elections networks. Two weeks later, an unidentified county election supervisor in the state informed Homeland Security and FBI agents that a red-flagged IP address had “scanned” the office’s network looking for access points.
That, according to the report, led to a Sept. 30 conference call with “county election officials” to inform them about a systematic hacking effort in what is only identified as “County A.”
Ion Sancho, the former Leon County elections supervisor, said he was among the dozens of Florida elections supervisors to participate on a Sept. 30 call that same day with the FBI’s Jacksonville field office. He told the Miami Herald at the time that the call was about “a malicious act found in a jurisdiction” in Florida, and supervisors who participated have said the briefing did not include information about any election office having been hacked.
But Sancho thinks the information in the Senate Intelligence report points directly at Florida.
“This is Florida, for sure,” Sancho said in an interview Thursday evening. “There’s clearly more detail here, significantly more detail here than what was previously released by the Department of Homeland Security.”
Only vague details have been publicly shared about hacking attempts in Florida. The FBI has never disclosed exactly how many counties were targeted by hackers, or which Florida counties were hacked — information that was classified this year when federal agents briefed DeSantis and members of Congress.
In State 2, according to the Senate report, an information technology supervisor from a second election office reported a “potential intrusion” of a training network set up for employees. The intelligence report also shows that two more counties in the unnamed state reported “suspected compromises” over the first half of 2017, although the information about what they reported and exactly when they reported it is redacted.
The Department of Homeland Security praised the efforts by State 2 to improve its cyber security by last summer, according to the report. But even so, none of the four potentially compromised elections offices had accepted the help of DHS by June 2018 — nearly two years after hacking efforts were revealed.
“I hope today’s release of the first volume of [the] Senate Intel report on [the] 2016 election will now shed light on why I was so aggressive over a year ago warning that some #Florida election officials were overconfident,” Florida Sen. Marco Rubio, a member of the intelligence committee, tweeted Thursday.
The report does state that as of Aug. 9 — one day after then-Sen. Bill Nelson suggested that hackers were actively probing the state’s voter systems that summer — Homeland Security “was complimentary” about the millions that “State 2” elections officials had spent shoring up their cyber security. Among those efforts: adopting the ALBERT sensor program — a system of sensors designed to flag suspicious cyber activity — across almost the entire state.
“Florida is the first and only state in the country to have all county election offices using the ALBERT sensor,” Helen Ferré, a spokeswoman for DeSantis, wrote in a statement. “We are going to continue to remain vigilant on all matters regarding election security.”
Florida officials stressed Friday that they’ve spent millions shoring up their elections security, and that no hacking was reported during the 2018 midterm elections.
Still, Rubio did not explicitly state that “State 2” is Florida, and there was some disagreement among elections officials Thursday and Friday over whether the dates and details of the report match up with their own experiences.
Paul Lux, the supervisor in Okaloosa County and past president of the state’s association of election supervisors, said he remembers receiving red-flagged IP addresses directly from the FBI. But the report says the Secretary of State provided the information.
“We got the IP documents directly from the FBI and not the state, per my recollection,” said Lux, who nevertheless thought a line in the report about elections offices taking steps to beef up cyber security did sound like Florida. “None of the other stuff they mentioned [in the report] about ‘State 2’ really rings a bell with me. It really is just so vague.”
Uriarte, the spokesperson for U.S. Rep. Murphy, said the uncertainty over the new intelligence report may lead to additional oversight action from members of Congress into the FBI and DHS’s response to attacks on Florida’s election system.
“The Senate Intelligence Committee’s report underscores why voters in Florida and across the country need to be made aware whether they were the victims of an intrusion into their voting data by a foreign adversary and what the federal government is doing to prepare for another attack,” Murphy said in a statement. “That’s why I’ve introduced bipartisan legislation that requires the federal government to inform the public if there has been an unauthorized intrusion into an election system that resulted in voting information being altered.”