June 12, 2019

Wyden, Klobuchar Question FBI Response to Hack of Florida Election Software Company

Washington, D.C. – Sen. Ron Wyden, D-Ore., a senior member of the Senate Intelligence Committee, and Sen. Amy Klobuchar, D-Minn., ranking member of the Senate Rules Committee, today asked the FBI to explain its response to the potential Russian hack of VR Systems, a Florida-based election software company.

Wyden and Klobuchar pressed the FBI to explain what steps it took to investigate a potential hack of VR Systems. The company provides election software, including electronic poll books.

The Mueller Report revealed that “[i]n August 2016, GRU officers targeted employees of [redacted], a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.” VR Systems has since confirmed to the media that it was the unnamed voting technology company in the Mueller Report.

In a May 2019 letter, VR Systems told Senator Wyden that the company alerted the FBI in 2016 after it discovered suspicious IP addresses in its website logs that the FBI had asked election technology companies to look for. Despite the fact that VR Systems equipment malfunctioned in several North Carolina precincts in November 2016, leading to long delays at the polls, it’s unclear what steps federal agencies took to investigate the extent of Russian hacking, and whether malware was responsible for the failure of VR Systems’ electronic poll books.

 Wyden and Klobuchar asked FBI Director Christopher Wray to answer the following questions by July 12:

  1. What steps, if any, did the FBI take to examine VR Systems’ servers for evidence of a successful cyber breach after the company alerted the FBI, in August of 2016, to the presence of suspicious IP addresses in its website logs? If the FBI did not examine VR Systems’ servers or request access to those servers, please explain why.
  2. Several months after VR Systems first contacted the FBI, electronic pollbooks made by the company malfunctioned during the November 8 general election in Durham County, North Carolina. In the two and a half years since that incident in Durham County, has the FBI requested access to the pollbooks that malfunctioned, and the computers used to configure them, in order to examine them for evidence of hacking? If not, please explain why.
  3. VR Systems contracted FireEye to perform a forensic examination of its systems in the summer of 2017. Has the FBI reviewed FireEye’s conclusions? If so, what were its key findings?
  4. Ahead of the 2020 elections, how is the FBI ensuring that local and state election officials feel comfortable reporting potential cybersecurity incidents? How will the FBI improve the speed and completeness of the information it shares with election officials, so they have the knowledge of the threats they need to do their job?

 Read the full letter here.