Wyden wants answers on hack of voting tech firm

Sen. Ron Wyden (D-Ore.) wants info on whether the penetration of an American voting tech firm referenced in Special Counsel Robert Mueller's report is related to a 2016 election day breakdown of e-poll book systems in North Carolina.

election security (Shutterstock.com)
 

Sen. Ron Wyden (D-Ore.) is questioning whether an intrusion by Russian hackers into the network of an American voting technology company referenced in Special Counsel Robert Mueller's report is related to a breakdown of electronic pollbook systems in North Carolina on election day in 2016.

In a May 8 letter to the CEO of VR Systems, Wyden raised concerns about whether the company was forthcoming during a 2017 and 2018 legal battle with the state of North Carolina, when it denied in court filings that its e-pollbook system had ever experienced a breach in the past.

"The Mueller Report's revelation that Russia infected your network with malware raises serious questions about your March 2018 claim your company had not experienced a security breach," Wyden wrote.

The company acknowledged in April 2019 that it was the entity mentioned in the Mueller report. The company was cited in documents leaked by a former National Security Agency contractor to the Intercept.

Wyden is concerned because e-pollbook software made by VR Systems "catastrophically" failed on Election Day 2016 in a number of Durham County, N.C., voting precincts. While e-pollbooks do not count or tally vote totals, they help election officials check voter eligibility.

The Mueller report claims that Russian hackers successfully installed malware inside the company's network, using it as a foothold to launch more phishing attacks against state and local governments in the weeks leading up to the 2016 elections.

Lawyers for VR Systems have claimed the attackers never got further than a failed phishing attempt.

The NSA documents leaked by Reality Winner indicate that it is likely at least one of seven identified phishing targets may have clicked on a compromised hyperlink, but they are not conclusive about whether the hackers succeeded or later installed malware.

As recently as April, the company had denied that its systems were successfully hacked and claimed the 2016 e-pollbook failures in North Carolina were due to user error.

Wyden is seeking information on whether any government agency has ever forensically examined the computers used in Durham County in 2016, the evidentiary basis for the company's claim that it hasn't experienced a security breach and other details about the firm's security posture.

"Given the voting problems caused by the failure of e-pollbooks manufactured by your company in November 2016, the American people have a right to know if there was any connection to the Russian cyberattack against your company three months earlier," Wyden wrote.