RALEIGH, N.C. -- Officials in some states are trying to figure out whether local election offices were targeted in a reported effort by Russian military intelligence to hack into election software last fall.
The efforts were detailed in a recently leaked report attributed to the National Security Agency.
North Carolina is checking on whether any local systems were breached, while the revelation prompted an election security review in Virginia. Both are considered presidential battleground states.
In Illinois, officials are trying to determine which election offices used software from the contractor that the report said was compromised.
The three are among eight states where election offices had contracts with VR Systems, a Florida company that provided software to manage voter registrations. The others are Florida, California, Indiana, New York and West Virginia.
The report, dated last month, asserts that hackers obtained information from company employees and used that to send phishing emails to 122 local election officials just before the November election in an attempt to break into their systems.
So far, there is no indication that voting or ballot counting in any states were affected. Officials in at least five counties in Florida -- a key political swing state -- received the emails, The Miami Herald reported. It's not clear where else the emails may have been sent.
The revelation was published by the online news outlet The Intercept on Monday. That same day, Reality Leigh Winner, 25, was arrested, accused of leaking the documents.
Winner was indicted Thursday by a federal grand jury in Augusta, Ga., charging her with a single count of illegally retaining and transmitting national defense information.
The charge Winner faces carries a maximum sentence of 10 years in prison and a $250,000 fine.
Winner's attorney, Titus Nichols, did not immediately return a call seeking comment Thursday.
Prosecutors have not named the news outlet, but the documents reported by The Intercept were dated May 5, the same date court records cited for the documents Winner is accused of leaking.
The NSA documents set off questions in the states where VR provides software.
North Carolina elections board director Kim Westbrook Strach said her office had not been contacted by any federal officials about whether any of the 21 county election offices that use VR software were targeted. Still, her office was contacting county boards about potential breaches.
The news of a reported Russian hacking attempt surprised Bill Brian, elections board chairman in Durham County, which experienced problems with VR Systems' electronic poll books on Election Day. The issue forced officials to abandon the system, issue paper ballots and extend voting hours, but officials there said that trouble did not appear to have been caused by hacking.
"We have not had any big, 'Uh oh, we've got a problem with computers,'" said Brian, a Republican.
In Virginia, state Elections Commissioner Edgardo Cortes said he could not comment on whether any local officials were targeted by the phishing emails, but he said he was not aware of any breaches. Still, the disclosure of the NSA document has prompted a review of election security, he said.
There also is no indication to date of the reported Russian attempt "resulting in any contact with local election officials in West Virginia," said Steven Adams, spokesman for the secretary of state.
In some states, VR software was used in only a handful of voting jurisdictions.
New York election officials said just four counties used the software last year and that federal authorities had not contacted the state about any of them being targeted.
California officials said only Humboldt County, in the far northern part of the state, used VR software during last year's election. Sam Mahood, a spokesman for Secretary of State Alex Padilla, declined to say if the office was investigating whether the county was targeted.
So far, Humboldt County has found no evidence that anyone in the elections office received the phishing emails, County Clerk Kelly Sanders said. The county used the software to sign in voters.
Illinois officials have asked local elections offices whether they used VR's software in 2016. By midday Wednesday, only one county said it had.
Last September, the Department of Homeland Security said hackers believed to be Russian agents had targeted voter registration systems in more than 20 states. No evidence of tampering emerged in the worst-hit state, Illinois. Hackers who penetrated its network with a method called SQL injection spent three weeks rooting around before they were discovered in July. Officials said nothing was added, changed or deleted.
Kay Stimson, a spokesman for the National Association of Secretaries of State, whose members oversee elections in several states, said the group wants to know why federal officials did not warn potential victims at the time the attacks were allegedly happening.
Stimson said that with more specific information that breaches were possible, states could have offered help to local election officials and created firewalls to make sure any local problems would not have caused problems at the state level.
The Department of Homeland Security did not respond to a request for comment.
Information for this article was contributed by Frank Bajak, Sophia Bollag, Michael Virtanen, Alan Suderman, Sophia Tareen, Johnny Clark, Russ Bynum and Jeff Martin of The Associated Press.
A Section on 06/09/2017