"For the United States to stop future attacks on our democracy, we need to know exactly how our election was attacked in 2016,” Sen. Ron Wyden told POLITICO. | Win McNamee/Getty Images cybersecurity Wyden seeks answers in Florida election hacking allegations

Sen. Ron Wyden (D-Ore.) has questions that a lot of people are still asking three years after the 2016 presidential race — what exactly happened with VR Systems, the Florida voter-registration software maker that the FBI apparently believes Russia hacked.

The redacted version of special counsel Robert Mueller’s report indicated that in 2016 Russian hackers infiltrated a US maker of voter-registration software and installed malware on its network — information that was based on an FBI investigation.


Furthermore, the 2017 indictment of Russian military officers for hacking Democratic computer systems that was based on the FBI investigation as well also asserted that a company fitting VR Systems’ description was hacked in 2016 and had malware installed on its network.

VR Systems, however, has long insisted it wasn’t hacked, though the company has never produced evidence showing it wasn’t compromised.

Wyden wants to know whether the company ever engaged a third party to conduct a forensic examination of its computer networks and systems since the hacking assertions first came to light after the 2016 election and has asked to see a copy of a report from any such investigation, according to a letter he sent last week to VR Systems that his office shared with POLITICO.

Morning Cybersecurity A daily briefing on politics and cybersecurity — weekday mornings, in your inbox. Email Sign Up By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

“There are troubling inconsistencies between the special counsel’s report and statements by VR Systems. For the United States to stop future attacks on our democracy, we need to know exactly how our election was attacked in 2016,” Wyden told POLITICO.

In the letter, he also asked whether the company had a chief information security officer at the time of the alleged breach and whether VR Systems had implemented basic security standards as proposed by the National Institute of Standards and Technology’s cybersecurity framework or has done so since 2016.

The company told POLITICO that in 2017, after The Intercept published an NSA document that suggested it had been targeted by the Russian hackers, it engaged top security firm FireEye to conduct a forensic examination of its own systems and network.

“Based on analysis by Fire Eye, there was never an intrusion in our EVID servers or network,” Ben Martin, chief operating officer for VR Systems, told POLITICO. “We disagree with the Special Counsel report because top cyber security experts, along with the Department of Homeland Security, have tested our network multiple times since 2016 and they found no indication of a breach or installation of malware on our company network.”

The company, however, declined to provide a copy of that report or an executive summary of the findings to POLITICO.

The security of VR Systems is important because the company’s EViD software application runs on electronic poll books in at least eight states. Election workers use the poll books to determine whether voters who arrive at precincts are registered to vote and eligible to cast a ballot.

If the company was compromised, it raises the possibility that software supplied to its customers was altered in a way that might have caused electronic poll books to either malfunction or change voter records stored in the poll books in order to make it difficult for voters to cast ballots.

The problem isn’t theoretical. On Election Day in November 2016, some electronic poll books in Durham County, N.C., that used VR Systems software froze or crashed. Others displayed incorrect information indicating that some voters had already cast ballots when they hadn’t or the devices displayed a message telling poll workers incorrectly that voters were required to show a photo ID.

The problems led the county to issue an order to precincts to stop using the electronic poll books several hours into the election and to instead use a paper backup of the voter rolls. The move created long lines at precincts, causing some voters to leave without casting a ballot.

Wyden asked in his letter to VR Systems whether the poll books that experienced problems in Durham have ever been forensically examined by computer security experts or a government agency to determine what went wrong.

Durham County election officials did engage on their own a forensic examination of the poll books. The company that conducted the investigation found that the EViD application on the electronic poll books “did not fail during the election.” Instead, the report said that workers unfamiliar with the application likely “caused a false positive” to incorrectly report some voters had already voted.

The report also indicated that county election staff had failed to install updated software on some of the devices, causing the photo ID alert to appear. There have been questions, however, about the thoroughness of the county’s investigation and report.

The North Carolina state Board of Elections had previously indicated it would conduct its own forensic investigation of the electronic poll books, but that never happened. Instead, the board recently stated it “lacks the necessary technical expertise to forensically analyze the computers used in Durham County, and other government agencies declined the agency’s requests to evaluate them.”

VR Systems told POLITICO that it had offered to pay for the state to do a forensic examination of the electronic poll books but the state declined the offer.