It was a single phrase, offered without elaboration, in special counsel Robert S. Mueller III’s report: In August 2016, hackers working for Russian military intelligence “installed malware on the company network” of an unnamed voter registration technology vendor in the United States.
The claim amounts to one of the first indications that Russians successfully executed a cyberattack against a private company supporting American election infrastructure. And it has set off a scramble for answers in North Carolina, where officials have long been concerned about the security of a voting technology company called VR Systems — so much so that the state tried to halt the use of its electronic poll books, equipment used to check in voters.
Problems checking in voters on Election Day 2016 in Durham County made national headlines. Later, leaked documents revealed that Russians had tried to hack VR Systems shortly before the election. After the Mueller report, state officials wanted to know: Was VR Systems the company referenced? What effect, if any, did the malware have? And how could they prevent it from happening in 2020?
An examination of North Carolina’s struggle to answer those questions, detailed in court records and a dozen interviews, hints at the difficulties state officials face in shoring up security ahead of next year’s elections — a lack of technical expertise, poor communication between state and federal officials, and the apparent unwillingness, in this instance, of the federal agency involved to share information. Russian hackers targeted elections infrastructure in at least 21 states, and likely more, in 2016, federal officials have said.