Some states review election systems for signs of intrusion

RALEIGH, N.C. — Officials in some states are trying to figure out whether local election offices were targeted in an apparent effort by Russian military intelligence to hack into election software last fall.

The efforts were detailed in a recently leaked report attributed to the U.S. National Security Agency.

North Carolina is checking on whether any local systems were breached, while the revelation prompted an election security review in Virginia. Both are considered presidential battleground states.

In Illinois, officials are trying to determine which election offices used software from the contractor that the report said was compromised.

The three are among eight states where election offices had contracts with VR Systems, a Florida-based company that provided software to manage voter registrations. The others are Florida, California, Indiana, New York and West Virginia.

The report, dated last month, asserts that hackers obtained information from company employees and used that to send phishing emails to 122 local election officials just before the election last November in an attempt to break into their systems.

So far, there is no indication that voting or ballot counting in any states were affected. Officials in at least five counties in Florida — a key political swing state — received the emails, the Miami Herald reported. It’s not clear where else the emails may have been sent.

But the revelation, published by the online news outlet The Intercept, set off questions in the states where VR provides software.

North Carolina state elections board director Kim Westbrook Strach said her office had not been contacted by any federal officials about whether any of the 21 county election offices that use VR software were targeted. Still, her office was contacting county boards about potential breaches.

The news of a reported Russian hacking attempt surprised Bill Brian, elections board chairman in Durham County, which experienced problems with VR Systems’ electronic poll books on Election Day. The issue forced officials to abandon the system, issue paper ballots and extend voting hours, but officials there said that trouble did not appear to have been caused by hacking.

“We have not had any big, ‘Uh oh, we’ve got a problem with computers,'” said Brian, a Republican.

In Virginia, state Elections Commissioner Edgardo Cortes, said he could not comment on whether any local officials were targeted by the phishing emails, but he said he was not aware of any breaches. Still, the disclosure of the NSA document has prompted a review of election security, he said.

There also is no indication to date of the reported Russian attempt “resulting in any contact with local election officials in West Virginia,” said Steven Adams, spokesman for the secretary of state.

In some states, VR software was used in only a handful of voting jurisdictions.

New York election officials said just four counties used the software last year and that federal authorities had not contacted the state about any of them being targeted.

California officials said only Humboldt County, in the far northern part of the state, used VR software during last year’s election. Sam Mahood, a spokesman for Secretary of State Alex Padilla, declined to say if the office was investigating whether the county was targeted.

So far, Humboldt County has found no evidence that anyone in the elections office received the phishing emails, County Clerk Kelly Sanders said. The county used the software to sign in voters.