Classified leak concerned hacking of Florida company

Tallahassee-based VR Systems provides services for Duval, other counties

JACKSONVILLE, Fla. – A leaked report on Russian hacking of American voting systems that prompted the arrest of a government contractor in Georgia came from Tallahassee-based VR Systems, a company that provides voting services to Duval County and across Florida.

Within hours of The Intercept posting the report online late Monday, the Justice Department announced that it had charged Reality Leigh Winner, of Augusta, Georgia, with leaking a classified report containing "Top Secret level." The report that the contractor allegedly leaked is dated May 5, the same date as the document The Intercept posted online.

The report suggests that election-related hacking penetrated further into U.S. voting systems than previously known. A Kremlin spokesman denied the report and U.S. intelligence agencies declined to comment.

The classified National Security Agency report does not say whether the hacking had any effect on election results, but it says Russian military intelligence attacked a U.S. voting software company and sent spear-phishing emails to more than 100 local election officials at the end of October or the beginning of November.

The document said Russian military intelligence "executed cyber espionage operations against a VR Systems in August 2016, evidently to obtain information on elections-related software and hardware solutions, according to information that became available in April 2017."

VR Systems, which describes its business as providing "elections management services focused on the integrity of the registration and reporting processes," was founded in 1992, and expanded across Florida during the voting-system overhaul after the 2000 presidential election.

The company's web page includes a photo of Jerry Holland, who was Duval County's supervisor of elections until 2015, praising the company's services.

Holland, now the county's property appraiser, was not aware of the hacking until Tuesday.

"I really do believe they are the best system out there," Holland said. "I think they do most of the voter registration systems in the state of Florida as well as other states. I think they are a very good company and I still have confidence in them."

Duval County's current elections supervisor, Mike Hogan, said VR Systems handles the programming for the EVIDs, the election voter ID system that scans voters' driver's licenses at polling places. A glitch in that system during the March 2016 presidential primary forced poll workers to verify voters' status by hand.

Hogan said that problem was with local data and he doesn't believe that glitch could have been caused by hacking.

"They were 52  counties using EVIDs in the state of Florida. We were the only county having problems with EVID," Hogan said.

Hogan said Florida's supervisor of elections were told to be on the lookout for hacking, and representatives of VR Systems were included in those discussions.

"We had meetings with law enforcement -- a lot of folks didn't know this -- Homeland Security, the FBI, the FDLE had direct contact with me and all the other big county supervisors," Hogan said.

VR Systems told News4Jax that a customer notified it of the phishing emails that appeared to come from the company, and noted that the company handles only voter registration, not election tabulation.

Hogan said the worst it could have done is to question someone's voting eligibility, but anyone flagged could still vote with a provisional ballot and it would have been counted by the elections canvassing board after an investigation of the voter's status.

VR Systems provided a statement about the hacking:

When a customer alerted us to an obviously fraudulent email purporting to come from VR Systems, we immediately notified all our customers and advised them not to click on the attachment. We are only aware of a handful of our customers who actually received the fraudulent email and of those, we have no indication that any of them clicked on the attachment or were compromised as a result.

"Phishing and spear-phishing are not uncommon in our society. We regularly participate in cyber alliances with state officials and members of the law enforcement community in an effort to address these types of threats.

"We have policies and procedures in effect to protect our customers and our company.

"It is also important to note that none of our products perform the function of ballot marking, or tabulation of marked ballots."

Dmitry Peskov, a spokesman for Russian President Vladimir Putin, denied the allegations on Tuesday, saying that the Kremlin did not see "any evidence to prove this information is true." He said Moscow categorically denies "the possibility" of the Russian government being behind it.

The hackers are believed to have used data from that operation to create a new email account to launch a spear-phishing campaign targeting U.S. local government organizations, the document said: "Lastly, the actors send test emails to two nonexistent accounts ostensibly associated with absentee balloting, presumably with the purpose of creating those accounts to mimic legitimate services."

The information in the leaked document seems to go further than the U.S. intelligence agencies' January assessment of the hacking.

"Russian intelligence obtained and maintained access to elements of multiple U.S. state or local electoral boards," the assessment said. The Department of Homeland Security "assesses that the types of systems Russian actors targeted or compromised were not involved in vote tallying."

The Intercept contacted NSA and the national intelligence director's office about the document, and both agencies asked that it not be published. U.S. intelligence officials asked The Intercept to redact certain sections.

The Intercept, a digital magazine founded by journalists involved in the release of documents leaked by NSA contractor Edward Snowden, said some material was withheld at U.S. intelligence agencies' request because it wasn't "clearly in the public interest."

The Associated Press could not confirm the authenticity of the May 5 NSA document, which The Intercept said it obtained anonymously.

In its announcement of the arrest, the Justice Department said Winner, 25, is charged in U.S. District Court with copying classified documents and mailing them to a reporter from an unnamed news organization. Prosecutors did not identify for which federal agency Winner worked, but FBI agent Justin Garrick said in an affidavit filed with the court that she previously served in the Air Force and held a top-secret security clearance.

Winner's attorney, Titus Thomas Nichols, declined to confirm whether she is accused of leaking the NSA report received by The Intercept. He also declined to name the federal agency for which Winner worked.

"My client has no (criminal) history, so it's not as if she has a pattern of having done anything like this before," Nichols said Monday in a phone interview. "She is a very good person. All this craziness has happened all of a sudden."

In affidavits filed with the court, FBI's Garrick said the government was notified of the leaked report by the news outlet that received it. He said the agency that housed the report determined that only six employees had made physical copies, one of them Winner. Garrick said investigators found that Winner had exchanged email with the news outlet using her work computer.

Garrick's affidavit said he interviewed Winner at her home on Saturday and she "admitted intentionally identifying and printing the classified intelligence reporting at issue" and mailing it to the news outlet.

Asked if Winner had confessed, Nichols said: "If there is a confession, the government has not shown it to me."

About the Authors: