The report published Thursday by Robert Mueller, the special counsel who investigated Russia’s interference in the 2016 presidential election, sheds new light on operations against election officials in multiple states, including the FBI’s belief that Kremlin-backed hackers successfully gained access to the computer network of “at least one” county government in Florida using a spearphishing campaign.
Mueller’s investigation also found that officers from the Main Intelligence Directorate, or GRU, targeted state boards of elections, secretaries of state offices and county governments, along with individuals working for those agencies. Among the 448-page report’s findings is confirmation that the GRU successfully compromised the Illinois State Board of Election’s computer network in June 2016, gaining access to a database of registered voters containing the names and personal information of millions of people. The Russian agents were also able to extract data on several thousand voters before the intrusion was identified.
The Department of Homeland Security notified 21 states in 2017 that Russian hackers had attempted to break into their voter registration files, but did not previously identify the one state where those operations succeeded. An indictment of 12 GRU officers by Mueller’s office last July described a cyberattack that Illinois officials said likely referred to their elections board.
“In one instance in approximately June 2016, the GRU compromised the computer network of the Illinois State Board of Elections by exploiting a vulnerability in the SBOE’s website,” the report reads. “The GRU then gained access to a database containing information on millions of registered Illinois voters, and extracted data related to thousands of U.S. voters before the malicious activity was identified.”
The GRU used an SQL injection, in which malicious code is used to run commands on a vulnerable website, to infiltrate state and local election authorities’ databases, the Mueller report reads. The document goes on to explain that the GRU continued to scan state and local election sites for vulnerabilities, including a two-day period in July 2016 when officers probed sites belonging to more than two dozen states.
GRU operations against state and local election authorities continued up through the end of the presidential race. The GRU waged a spearphishing campaign against a software company that designs electronic pollbooks used by county election officials across the country, using targeted emails that successfully install malware on the firm’s computer network. While the redacted version of the Mueller report does not name the company, previous reporting has identified it as VR Systems, company based in Tallahassee, Florida, with clients in at least eight states.
The Russians executed another spearphishing operation in early November 2016, when the GRU sent malicious emails to more than 120 county election officials across Florida. The emails included a Microsoft Word file encoded with malware that would’ve permitted the GRU to access infected computers.
The FBI investigated the Florida hacking incident separately from the special counsel’s office and came to the conclusion that the GRU succeeded in accessing the network of at least one county, Mueller’s team wrote.
“We understand the FBI believes that this operation enabled the GRU to gain access to the network of at least one Florida county government,” the document reads.
The initial reports of Russian attempts to hack into states’ election authorities prompted DHS’s January 2017 order designating election systems part of the nation’s critical infrastructure. The two years since have seen new collaborations between federal, state and local authorities on election security, including the distribution of $380 million by the U.S. Election Assistance Commission that states are using to replace their voting equipment and add new cybersecurity tools and personnel.