Senators Question FBI’s Response to 2016 Russian Hack of Florida Election Tech

Diebold voting machine in El Paso, Texas, on February 25, 2008. Voting machines are increasingly popular in US elections, although concerns about accuracy and hacking persist.

Diebold voting machine in El Paso, Texas, on February 25, 2008. Voting machines are increasingly popular in US elections, although concerns about accuracy and hacking persist. Frontpage/Shutterstock

Featured eBooks

The Government's Artificial Intelligence Reality
What’s Next for Federal Customer Experience
Cloud Smarter

The lawmakers also want to know how the agency is working to ensure election officials can adequately report cyber threats in 2020.

A pair of Democratic lawmakers penned a letter this week grilling the Federal Bureau of Investigations on the steps it’s taking to investigate and protect American election technology vendors from potential Russian-led cyber-hacking.

In a correspondence addressed to FBI director Christopher Wray, Sens. Ron Wyden, D-Ore., and Amy Klobuchar, D-Minn., questioned the bureau’s response to the Russian government’s potential hack of the Florida-based manufacturer of voter-registration software and election pollbooks, VR Systems, during the November 2016 election.

The senators reference Special Counsel Robert Mueller’s Report on the Investigation into Russian Interference in the 2016 Presidential Election, highlighting that about three months ahead of the election, Russian GRU officers “targeted employees of [redacted], a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.”

According to the lawmakers, VR Systems confirmed that it is the redacted company mentioned in the Mueller Report. In May, the company sent a letter to Sen. Wyden describing a call it joined in August of 2016, in which the FBI prompted participants to “‘be on the lookout for certain suspicious IP addresses.’”  After conducting a review of its website logs, VR Systems confirmed that several of the IP addresses had visited its site and notified the FBI as it was directed to do.

“VR Systems indicates they did not know that these IP addresses were part of a larger pattern until 2017, which suggests that the FBI may not have followed up with VR Systems in 2016 about the nature of the threat they faced,” the senators wrote. “While the Mueller Report revealed several new details about Russia’s attempts to interfere with our election in 2016, Congress and the American people still do not have a complete picture of the federal government’s efforts to detect and defend against this attack against our democracy.”

They asked the FBI to explain the steps it took to examine the companies servers for evidence of a cyber breach following the company's alert and to explain its reasoning if it did not.

The senators also note that the company’s equipment malfunctioned in several North Carolina precincts during the election on November 8, which led to long delays at the polls. They asked if the FBI has requested access to that equipment to examine it for hacking evidence in the two and a half years since it occurred.

Wyden and Klobuchar also asked if the agency reviewed the cybersecurity company FireEye’s forensic examination of VR Systems from the summer of 2017 and how the FBI is working to improve the information it shares with election officials so that they are prepared to protect the nation against cyber threats ahead of the 2020 election.

The senators asked for the FBI director’s answers to be submitted by July 12.