RALEIGH, N.C. — More than two years after North Carolina check-in software failed on Election Day, federal authorities will finally examine equipment from a company targeted by Russian military hackers to determine if intentional tampering aimed at disrupting voting occurred.
The U.S. Department of Homeland Security analysis of laptops used in Durham County is the first known federal investigation of equipment that malfunctioned during the 2016 election, when Russian hackers infiltrated several states.
The VR Systems electronic poll books malfunction forced officials in the heavily Democratic county to issue paper ballots and extend voting hours. How many voters may have been disenfranchised as a result is unknown.
VR Systems had been targeted the previous August by a Russian spear-phishing campaign, though Chief Operating Officer Ben Martin maintains the company was not hacked as a result. Martin said he believes the April report on Russian interference in the 2016 election from special counsel Robert Mueller was referring to his Tallahassee, Florida, company — the name was redacted — in describing how Russian spies installed malware on the network of a company that "developed software used by numerous U.S. counties to manage voter rolls."
Martin disputes that finding, however. He says a security audit by cybersecurity company FireEye found no sign of a breach — though that audit was done more than seven months after the election, the company told U.S. Sen. Ron Wyden of Oregon in a letter last month.
State and local officials did not conduct forensic investigations of the Durham County poll book software to determine if there was tampering. They did, however, securely store the 21 laptops that state elections board attorney Katelyn Love said would be turned over to DHS.
DHS spokeswoman Sara Sendek said the forensic examination, first reported by The Washington Post, and other support "may help to provide a better understanding of previous issues and help to secure the 2020 election."
She would not say why DHS, the lead federal agency on ensuring election security, didn't act sooner. North Carolina elections officials on Friday renewed a request initially made to DHS at least a year ago.
Hackers with access to electronic voter rolls could change names, addresses or polling places, sowing confusion that could undermine confidence in elections.
On Election Day in 2016, some Durham County voters complained that the electronic poll books registered them as having voted when they hadn't. The company blamed the trouble on poorly trained poll workers and inadequate computer maintenance. A report by a security consultant hired by Durham County's elections board supported that claim.
"We believed then and now that the cause of the problem was poll worker error, and that a forensic analysis would prove it," Martin said in an email. The company is confident the DHS review will prove its voting software "was not breached or compromised."
Russian-backed hackers probed several dozen state voter registration databases ahead of the 2016 elections, federal authorities say, and gained access to Illinois' voter rolls, though they say there is no indication anything was altered or deleted. Hackers also penetrated at least two county networks in Florida, though they have not been identified, officials say.
North Carolina's concerns were renewed by the Mueller report's mention of the electronic poll book company, Love said.
Election integrity activist Susan Greenhalgh welcomed the forensic exam but lamented that it took a combination of the Mueller report and the 2017 leaking of a classified National Security Agency report that named VR Systems to get here.
And it's entirely possible Russian tampering happened but the forensic exam will find nothing, she said.
"Its value is clearly going to be diminished because it took so long to do it," she said.
DHS tries to help state and local election authorities secure their voting systems but frequently encounters resistance, especially in states like Georgia where the current governor, Brian Kemp, even accused it of trying to hack his state when he was in charge of elections there.
"They have a disincentive to be too aggressive with states that are sensitive to being investigated," Greenhalgh said.
Ultimately, responsibility for securing election systems falls on state and local elections authorities because of the decentralized nature of U.S. voting — even though outgoing DHS Secretary Jeh Johnson declared voting systems critical national infrastructure in January 2017.
Across the nation, they continue to be short on resources for cybersecurity. And voting equipment vendors — in a cutthroat market dominated by three companies — have resisted exposing their black box voting systems to aggressive security audits.
North Carolina sought to decertify VR System poll books in the state after the 2017 NSA leak. But VR Systems fought it successfully in court. Durham County moved to a state-provided poll book after 2016.
A National Academies of Science report last year that called for an urgent overhaul of the rickety U.S. election system. That report called for all U.S. elections to be held on human readable paper ballots by 2020.