Feds reviewing previously unreported cyber attack on Florida elections office

David Smiley and Nicholas Nehamas, Miami Herald on

Published in Political News

She said she was told the compromised files were mostly Microsoft Word and Excel files. "Nobody has reported it had anything to do with voter files," she said.

Sacerio told her that employees had printed out reams of code to try to document the attack. She said he later found the box full of paper in her former IT director's office. She said she doesn't believe anyone reported the incident or documented it internally.

"When I learned about it and I called the state Division of Elections and I called the FBI and my contact at Homeland Security, none of them were aware of it," Link said. "And, in my conversation with our IT director, he did indicate, to his knowledge, that it hadn't been reported."

Susan Bucher, the former supervisor of elections in Palm Beach County who was suspended by Florida Gov. Ron DeSantis following a problem-plagued 2018 election recount, told The South Florida Sun-Sentinel that she would "swear on a stack of Bibles" that her office was not the subject of a cyber attack.

But Link said she sent the box of printed-out code to the FBI, which informed her office that it appeared they'd been infected by a ZEPTO virus. The virus, deployed by hackers seeking a ransom, scrambles files and renames them ".zepto" until a decryption key is deployed.

The town of Palm Beach was infected with ransomware in 2016. Other municipalities, including Key Biscayne, were hit in 2019.


Florida Secretary of State Laurel Lee said Thursday that her office had not been told of the ransomware attack in Palm Beach County in 2016.

The FBI declined to comment. The Department of Homeland Security referred The Miami Herald to Palm Beach County.

Tammy Jones, the head of the Florida State Association of Supervisors of Elections, said it's not that surprising that a cyber attack would have gone unreported in 2016. The state's local elections officials became aware that summer that hackers were attempting to gain access into elections networks, but protocols for what to do and who to alert in case of a breach were less clear than they are today, she said.

"It's just a known fact (now) that you report it" Jones said. "There was nobody to report it to in 2016."


swipe to next page


blog comments powered by Disqus