Wednesday I wrote about Sen. Bill Nelson’s recent comment that the Russians “have already penetrated certain counties in the state and they now have free rein to move about.” Nelson’s rival in the Florida Senate race, Governor Rick Scott said at the time, “Did Nelson illegally release some classified information? Or did he make this charge of Russian penetration up?” Today, NBC News reports the answer is the former, i.e. Nelson leaked some classified information:
Three people familiar with the intelligence tell NBC News that there is a classified basis for Nelson’s assertion, which he made at a public event after being given information from the leaders of the Senate Intelligence Committee…
NBC’s sources declined to provide the exact details of what Nelson was attempting to describe, because they remain classified. They said Nelson was talking about intelligence related to ongoing repercussions stemming from a 2016 hack of a Florida elections vendor, VR Systems, based in Tallahassee…
The sources say Nelson was not supposed to speak publicly about the matter, and he erred by suggesting that the information was new. Still, Nelson and Florida’s other senator, Republican Marco Rubio, were asked to warn local officials about the ongoing threat to election systems by Russian state-sponsored hackers, two sources told NBC News.
So the bottom line here is that while Nelson did not make this story up, he did completely botch the handling of it. First and foremost, he was not supposed to reveal this because it was classified. Second, this apparently has to do with potential, ongoing threats from the 2016 penetration of Florida’s election system, not with any new penetration of the system.
The actual threat seems to involve a spear phishing campaign run in 2016 against Florida election officials. An NSA report leaked to the Intercept last year concluded the success of that campaign was unknown:
The report described a scheme in which Russian hackers tricked local government voter systems officials into clicking on bogus links that would allow the hackers to access credentials for voting systems.
The report said it was unknown to what extent the campaign had been successful, and what data on “election-related hardware and software applications” may have been obtained.
“The threat from that breach seems to be ongoing,” a cyber security expert briefed on the matter told NBC News.
So it seems there was enough concern that Senate Intelligence Committee chairman Richard Burr warned Senators Nelson and Rubio to put out the word that people should be on guard. Maybe that was just meant as a warning not to click on any phishing links. But, again, the story wasn’t new information and was classified.