By Kim Zetter for Politico:
Public confidence in the integrity of the 2016 election outcome rests largely on the belief that the Russian hackers—who did, in fact, attempt to meddle in the election, according to the U.S. intelligence community—were blocked before they could alter votes or have a direct effect on the results by manipulating voter records. It has been publicly reported, for example, that those hackers superficially probed election-related websites in 21 statesand breached a few voter-registration databases, but did not alter or delete voter records. And accounts of the Russian interference laid out in a recent Senate Intelligence Committee report and in Robert Mueller’s lengthy investigative summary released earlier this year assert that there’s no evidence the Russian actors altered vote tallies or even attempted to do so.
But the government has also suggested in one report and asserted outright in others—among them a 2017 National Security Agency document leaked to the press, a 2018 indictment of Russian intelligence officers, and the Senate Intelligence Committee report and Mueller report—that the hackers successfully breached (or very likely breached) at least one company that makes software for managing voter rolls, and installed malware on that company’s network. Furthermore, an October 2016 email obtained recently by POLITICO, sent by the head of the National Association of Secretaries of State to its members around the country two weeks before the election, states that the Department of Homeland Security “confirmed” to NASS at the time that a “third-party vendor” in Florida that worked with local jurisdictions on their voter registration systems “experienced a breach.
None of the public versions of the government reports, nor the NASS email, identify the hacked company by name. But based on details describing the affected firm in some of the documents, they appear to be referencing VR Systems. VR Systems itself has acknowledged that it appears to be the company mentioned in the government reports but says the FBI has never told it that it was breached by the Russians, which the bureau would be expected to do as part of the victim notification process if VR Systems had been hacked. (The FBI won’t discuss VR Systems, saying any interactions between it and the bureau are part of an ongoing investigation into the Russian election interference efforts.)