Rubio says Russian hackers targeted his presidential campaign
Florida elections officials were caught off-guard by Robert Mueller’s vague suggestion that the FBI believes Russian hackers gained access in 2016 to a county voter-registration network because federal investigators kept the information hidden from them, Florida’s senior senator told the New York Times.
U.S. Sen. Marco Rubio told The Times Friday that an intelligence operation uncovered the breach some time ago. But he said national security officials chose to protect intelligence methods by issuing a broad warning to Florida’s 67 elections offices instead of informing the state or the local office that had been hacked.
“Everybody has been told what it is they need to do to protect themselves from the intrusion,” Rubio said. “I don’t believe the specific victims of the intrusion have been notified.”
The confirmation by Rubio, a Republican member of the Senate Intelligence Committee, elevates concerns about the security of elections in a state of 13 million voters. It also sheds a new light on why there has been so much confusion around whether Florida was, in fact, hacked during the 2016 campaign.
“They won’t tell us which county it was. Are you kidding me? Why would you not have said something immediately?” Gov. Ron DeSantis said Thursday in Miami after his secretary of state contacted the FBI for more information following the Mueller report’s release and was brushed off. “I was very disappointed that you would not pick up the phone, call my law enforcement agency, call the county that was involved in that and say, ‘Hey. We have an issue here.’”
Florida Democrats in Congress also want to get more specifics about the hack, possibly in future hearings with Mueller or Attorney General William Barr.
“I don’t know why that is a secret, why the name of the county isn’t in that document,” Rep. Donna Shalala said. “It’s not protecting anyone’s privacy, so that’s one of the questions I want to ask [House Judiciary Chairman Jerry] Nadler.”
The FBI’s press office did not immediately respond to a request for comment Saturday.
Florida’s election supervisors first began to learn of efforts to hack into Florida’s voter network during the home stretch of the 2016 election. And in the days before the vote, a Tallahassee-based vendor that handles registration software for most of the state’s 67 counties, VR Systems, warned supervisors that someone had created an gmail account meant to look like it was coming from the company and was sending elections offices malware-laced attachments — a scheme known as spear-phishing.
A few months later, the FBI, CIA and NSA released an unclassified intelligence report that said “Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards,” but didn’t compromise vote tallying. And then in June of 2017, The Intercept published a classified NSA document that said Russian hackers involved with the state intelligence agency GRU had targeted VR Systems in August of 2016 and then sent spoof company emails to 122 email addresses associated with elections offices around the country, including in Florida. The classified report said it was unknown if those efforts had succeeded.
In response to inquiries, state and local elections officials said there was no evidence to suggest that hackers had indeed accessed any of Florida’s entry points into the voter registration database, and that the state’s elections remained secure. Supervisors said they either didn’t received the phishing emails or, if they had, they hadn’t opened them. In Volusia County, the elections office said one email was opened, but not the attachment.
That’s been their story, and they’ve stuck to it ever since. But now the evidence seems overwhelming that elections administrators falsely believed it to be true because that’s how Washington’s intelligence apparatus wanted it.
“When someone you know had a problem, but you can’t tell them they had a problem, it becomes tense,” Rubio told the Times.
The apparently successful hacking in an unnamed county or counties isn’t believed to have altered the 2016 election results. Vote tabulation hardware and software remain on separate networks from elections office intranets, and the Department of Homeland Security told Florida Secretary of State Laurel Lee that vote totals in 2016 remained pure.
But it’s unclear if — and if so, to what extent — Russian hackers fiddled with any voter registration database. Rubio noted Saturday morning in a tweet that the U.S. Senate Intelligence Committee issued a report last May that said “Russian actors scanned databases for vulnerabilities, attempted intrusions, and in a small number of cases successfully penetrated a voter registration database.”
And it’s certain that the FBI’s decision not to share information with Florida officials did at the very least alter events and debates during Florida’s 2018 U.S. Senate campaign between Sen. Bill Nelson and then-Gov. Rick Scott.
Nelson was criticized last summer when he said in August that hackers had indeed gotten into the voter registration system and had “free rein” to move about. Nelson said at the time that he’d been asked by the Select Committee on Intelligence to help spread concerns about Russian hacking in the state’s elections system.
But Florida’s Division of Elections, following Nelson’s comments, explained that it had contacted the intelligence committee, FBI and Department of Homeland Security and found no evidence to back up Nelson’s claims. Scott called Nelson “confused” and said he was “making things up.” Nelson never did elaborate, consistently saying that the information was classified.
Rubio’s office said the full extent of information was classified at the time and only available to Rubio because he was a member of the Intelligence Committee. Nelson wouldn’t have had access to the classified intelligence. There were also differences of opinion over what “penetrating” an elections system meant, though Rubio and Nelson signed a joint letter urging local election officials to seek help from the Department of Homeland Security in July 2018.
NBC News and McClatchy reported information from anonymous sources last year that Nelson was correct that hackers had “penetrated” Florida’s registration network. But a McClatchy source said Nelson’s claims that hackers had “free rein” to move about in Florida’s network were overstated.
Uncertainty lingered. And Rubio, even though he spent plenty of time warning about elections security, also declined to confirm what Nelson had said until now. Rubio tweeted Saturday that his comments were “not entirely new information,” referencing the Intel Committee’s report from May.
But the lack of direct notification about a specific hack between the Intel Committee and the affected county in Florida is new. County election officials asked last year for security clearances so they can access the information or for the federal government to declassify enough material that makes it possible for local officials to pursue contingency plans. Rubio tried to provide security clearances for local election officials in 2018, though the provision never became law, and he’s pushing a bill that would auto-sanction Russia if they engage in future election hacking attempts.
“The Senate Intelligence Committee Chairman and Vice Chairman asked Sen. Rubio and me in June 2018 to send a letter to the 67 county Supervisors of Election to warn them of Russian intrusion in Florida,” Nelson explained after Mueller’s report was made public by the U.S. Department of Justice. “The Mueller Report makes clear why we had to take that important step as well as my verbal warnings thereafter.”
A spokesperson for Nelson did not immediately respond to a request for comment on Saturday.
Only now, it appears, is the FBI willing to discuss the issue. Scott and DeSantis say the agency has made contact and they expect to be briefed on the Mueller report’s hacking revelations next month.
In the meantime, Florida’s elections supervisors stress that their networks are safe, and that they’ve spent $17 million in 2018 to protect their system. On Friday, Paul Lux, president of the Florida State Association of Supervisor of Elections, issued a memo expressing “deep concern” that the current discussion about voter security in Florida is undermining faith in the elections process.
“We recognize that the threat is not only real,” Lux wrote of hacking attempts, “but also ever-changing.”