Senators Question FBI on Russian Hack of Voting Firm

Two U.S. senators asked the FBI on Wednesday to explain what it has done to investigate the suspected hack by Russian intelligence of a Florida-based voting software company before the 2016 election.

In a letter sent to FBI Director Christopher Wray, Democratic Sens. Ron Wyden of Oregon and Amy Klobuchar of Minnesota, who is the ranking member of the committee with jurisdiction over federal elections, asked for answers by July 12 regarding steps the agency has taken in response to the breach of VR Systems’ computer servers.

Robert Mueller’s report on Russia’s interference in the 2016 election describes how Kremlin-backed spies installed malware on the network of an unnamed company that “developed software used by numerous U.S. counties to manage voter rolls.”

VR Systems has said it believes it is the company referred to in the report. The Tallahassee, Florida-based company has maintained, however, that its system was never penetrated. It told Wyden in a letter last month that the cybersecurity firm Fire Eye conducted a security audit and found no evidence of a breach. The audit was conducted more than seven months after the election.

The Department of Homeland Security said last week that its computer experts will examine North Carolina polling equipment supplied by VR Systems , at the state’s request. The forensic analysis will look at laptops and replicas of computer hard drives that were used in heavily Democratic Durham County to determine whether hacking was responsible for malfunctions on election day in 2016.

State and local officials said previously they found no indication that the software system, used for voter registration and check-in, had been targeted by hackers, but they never did a forensic examination. VR Systems has blamed the trouble on poorly trained poll workers and inadequate computer maintenance. A report by a security consultant hired by Durham County’s elections board supported that claim.

Wyden and Klobuchar asked whether the FBI has examined VR Systems’ servers and the equipment that malfunctioned in Durham County. They also asked if the agency has reviewed the conclusions of Fire Eye’s audit and for details on its key findings. VR Systems has refused to release even redacted versions of the report, citing client confidentiality.

Lastly, the senators want to know how the FBI planned to work with local and state election officials ahead of the 2020 election to ensure that they felt comfortable reporting cybersecurity incidents and had the information necessary to be aware of threats.

VR Systems, the Homeland Security Department and FBI did not immediately respond to requests for comment.