Angry Florida members of Congress demand FBI reveal hacked counties
By STEVEN LEMONGELLO | Orlando Sentinel | Published: May 16, 2019
(Tribune News Service) — Angry members of the Florida congressional delegation demanded the FBI tell the public which two counties were successfully infiltrated by Russian hackers in 2016, with U.S. Rep. Matt Gaetz calling the given reason that the counties were considered "victims" under FBI protocol "ludicrous."
Members also revealed that while the FBI said there was "no evidence" that voter rolls were changed, "they couldn't say with certainty [the hackers] did not manipulate data," U.S. Rep. Debbie Murcasel-Powell said Thursday.
The press conference followed a classified FBI briefing in Washington, D.C., of the state's 27 members of Congress requested by U.S. Rep. Stephanie Murphy, D-Winter Park, and U.S. Rep. Michael Waltz, R-St. Augustine. In April, the redacted Mueller Report revealed that "at least one Florida county" was successfully infiltrated in 2016.
Gov. Ron DeSantis, following a similar briefing this week, was able to reveal that two counties were accessed, but he said he had to sign a non-disclosure agreement that he would not reveal which ones.
The Congress members said the fact they or their predecessors weren't briefed on the intrusions until Murphy and Waltz asked for it years later was unacceptable, adding that the real victims in the intrusion were the voters in the two counties.
"It is untenable to continue to hold this information as classified and not let the public know," Murphy said. "Especially those voters in the counties affected. This chaotic, drip-drab of information coming out is doing more harm for voters' faith in the electoral system than just coming out and providing information, appropriately declassified."
Murphy said when a person's credit card or social media is breached, they are notified immediately. "And voters have the same right," she said.
Waltz said Russians attempted to penetrate local elections systems "in all 50 states," adding that the FBI had also investigated a potential intrusion in Illinois.
Murphy said the request to declassify the information was going back up the chain of command, but that protocols that considered the counties as victims — requiring their permission to release information about the crimes committed against them — as well as concerns about strategies and methods are why the FBI would not publicly announce the names.
Waltz and Gaetz said there was no ongoing investigation of the 2016 election and no good reason to be concerned about methods.
The members also said it was the two counties who first notified the FBI about the breaches, countering the previous notion that the counties themselves were unaware. They said the FBI had briefed the counties before the election about potential attacks, and that 11 counties had reported back that they had not been attacked before the two affected counties reported their breaches.
The members said they were not told which other counties had received what the Mueller Report described as "spearphishing" attempts on 120 local elections officials.
"I don't know who the hell they think they are not sharing it with us," said Gaetz, R-Pensacola.
Gaetz also questioned why the military was not informed about the intrusions.
"A foreign military attacked our elections systems, and our own military doesn't know the locations of those attacks," Gaetz said.
Murcasel-Powell, D-Miami-Dade, said she was concerned that the FBI couldn't say with certainty that there was no manipulation of voter data, only that there was no evidence of it.
"They were able to enter the garage, but not the house," is how she described the FBI's description of the attacks.
The members said that 66 of Florida's 67 counties are now participating in a system to use sensors to detect any spearphishing intrusion, but not Palm Beach County.
"We have a lot of questions with ... why currently, the current [Palm Beach] election supervisor regime has not participated," Waltz said, "because this is an ongoing issue and discussion between DHS, state officials and the county officials. We need to ensure our elections are safe heading into 2020 and that every American that votes is confident that that that vote [counts]."
Volusia County elections supervisor Lisa Lewis has said the office opened one of the infected emails in 2016, pretending to be from elections vendor VR Systems, but not the attachment needed for the malicious software to compromise its systems.
VR Systems said in a tweet Thursday that they "stand by our assessment that a spearphishing email impersonating our company was the likely source."
Orange, Osceola and Seminole counties did not contract with VR Systems, while Miami-Dade used VR systems for voter check-in and registration and Broward's virus protection software quarantined the email before it could reach inboxes, its supervisor said.
Of the 67 counties asked via a South Florida Sun Sentinel records request whether they received the counterfeit VR Systems email, 12 acknowledged they had received it, 47 replied they had no record of receiving it -- though it still could have been blocked from their inboxes due to spam filters — and another eight have not yet responded to the request made April 24.
U.S. Rep. Darren Soto, D-Kissimmee, said the House has passed legislation "to provide grants and beef up security in the cyber security area before our next election, and it's absolutely critical that we work together on both sides of the aisle to have that program."
©2019 The Orlando Sentinel (Orlando, Fla.)
Visit The Orlando Sentinel (Orlando, Fla.) at www.OrlandoSentinel.com
Distributed by Tribune Content Agency, LLC.