Microsoft disclosed Thursday that it identified and helped thwart hacking attempts on three congressional candidates earlier this year, marking the first publicly known hacking efforts targeting candidates in the 2018 midterm elections. “Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” Tom Burt, Microsoft’s vice president for security and trust, said at the Aspen Security Forum. “And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections,” he added. Burt said that Microsoft and the government were able to take the domain down and block the phishing messages.
The Justice Department on Thursday issued a wide-ranging report describing the cyber threats facing the United States and the department’s tactics for investigating, disrupting and deterring those risks. Most significantly, the report contains the first public description of how the DOJ will assess and respond to foreign influence operations like Russia’s 2016 election meddling. “That policy reflects an effort to articulate neutral principles so that when the issue that the government confronted in 2016 arises again — as it surely will — there will be a framework to address it,” Deputy Attorney General Rod Rosenstein said in unveiling the report at the Aspen Security Forum.
National: How is it even possible that most state election offices are still security nightmares? | BGR
Well, this is reassuring. The midterms are almost upon us, the country is still reeling from the revelations associated with hackers meddling in the 2016 presidential election. And, somehow, most states still have glaring security holes in their election offices that will probably stay that way through the midterms. That’s according to a new report from Politico, which found via a survey of all 50 states that few are planning to shore up their systems before November. Even after getting their share of $380 million in funding Congress appropriated for election security in March. “Only 13 states said they intend to use the federal dollars to buy new voting machines,” Politico reports. “At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability.
Whatever President Trump says or un-says, it’s clear that election authorities in the U.S. and around the world have faced and will continue to face an onslaught of hacking attacks. While it’s unclear if hackers have been able to actually manipulate vote tallies, anyone from a Russian agent to a “400-pound” hacker sitting on his bed can easily seed mayhem and doubt by knocking voter registration sites offline or posting forged announcements of election results. Now San Francisco-based cloud security provider Cloudflare is offering a free service, called the Athenian Project, to any U.S. election authority for the 2018 polls. About 70 agencies, including 10 state election authorities as well as county- and city- level bodies have signed up, the company announced today. (If other companies are also providing pro-bono election security services, please let me know!) Cloudflare CEO Matthew Prince acknowledges that these are just a “drop in the bucket” out of the over 8,500 election authorities in the US, and he said that any other ones are welcome to join.
National: “Don’t count Russia out,” experts warn on election hacking amid relative calm | Fast Company
As the 2018 midterm election season heats up across the country, U.S. government officials say they’ve yet to see digital attacks by Russia on the scale of the 2016 presidential election–but cybersecurity experts warn that it’s too early to tell, noting that it’s still early in the election cycle. “Right now, there are no indications that Russia is targeting the 2018 U.S. midterms at a scale or scope to match their activities in 2016,” Homeland Security Secretary Kirstjen Nielsen told the National Association of Secretaries of State on Saturday.
National: New voting machines are important, but here are three other ways states are investing in election security | StateScoop
In the past eight days, federal officials — including Dan Coats, the director of national intelligence; Kirstjen Nielsen, the homeland security secretary; and Christopher Krebs, the homeland security undersecretary for cybersecurity — have warned that the Russian hackers who attempted to meddle in the 2016 election are on the prowl again. Depending on who you ask, state election officials are either implementing sweeping new security measures or making minimal progress in safeguarding voters ahead of this November’s general election. Every state has claimed its piece of the $380 million the federal Election Assistance Commission offered for new security measures, and several states’ top election officials have told Congress they’re using the money to harden the firewalls around their voter registration files and to replace antiquated ballot equipment with new machines that offer paper records.
In a party-line vote, House Republicans on Thursday blocked a Democratic effort to boost election security funding. The vote was on a procedural motion by Democrats intended to add $380 million for state election security grants in 2019 to a larger spending package. That spending legislation, which includes nearly $59 billion for the Interior Department, Environmental Protection Agency and Treasury Department, was approved, 217-199. Democratic lawmakers chanted “USA! USA!” on the House floor as they sought to support the bill, but Republicans insisted that those grants do not need additional funding given that as states have not yet used up all the money previously allocated to the program. “Over the past decade you’ve seen billions of dollars funded, by Republicans and Democrats, in our bipartisan appropriations each year to do exactly that, secure elections here at home,” House Ways and Means Committee Chairman Kevin Brady (R-TX) said, according to The Washington Post.
This fall, millions of Americans may head to the polls only to find their names aren’t on voter registration lists anymore. These voters may have to cast provisional ballots. Or worse, they could be turned away from the polls altogether. The cause? Voter purges — an often-flawed method of cleaning up voter registration lists by deleting names from voter rolls. Purges, of course, aren’t necessarily a bad thing. State and local election officials have a real need to ensure voting lists are accurate and up-to-date. During the course of a lifetime, people move. Sometimes people change their names. And inevitably, people die. Voter rolls should reflect those changes. But purges are a growing threat that we’ve found may imperil the right to vote for millions of Americans in the midterm elections in November.
California will be staying in one piece, at least for now, after the state’s supreme court ruled that a proposal to divide California into three cannot be placed on the ballot in November. Tim Draper, a wealthy venture capitalist, has spent years arguing that the Golden State would be better off as several smaller states. He says California is too large to be governed effectively and that splitting up would result in “better decision making and real solutions closer to home.” This year, he got enough signatures to put it before voters — although experts said that even if the proposal passed, it would face a range of daunting legal and political hurdles. Then the Planning and Conservation League (PCL), a nonprofit environmental group in California, filed a lawsuit to block the measure from getting to a vote.
The fate of about 1.4 million people will be at stake in November as Florida voters decide whether most convicted felons should have the right to vote. With the election less than four months away, supporters are organizing a statewide campaign to win voter approval of Amendment 4, which got on the ballot after an…
Florida elections officials were wrong to block on-campus early voting sites in Gainesville and Tallahassee, lawyers for the League of Women Voters of Florida told a federal judge Monday.
But attorneys representing the state argued there was no indication that college students — or anyone else — would have voting rights abridged due to an advisory opinion under scrutiny in the federal lawsuit filed this year by the League of Women Voters and other plaintiffs. U.S. District Judge Mark Walker gave no indication how he would rule after hearing nearly three hours of arguments Monday in the case, which involves the state’s position about early voting locations at the University of Florida and Florida State University.
Republican Gov. Bruce Rauner said Monday that he doesn’t see “any reason” for Illinois to end its participation in a controversial multistate voter registration system, which critics have called inaccurate and vulnerable to hackers. Rauner’s remarks came one day before he faces a deadline to act on a bill that would withdraw Illinois from the Interstate Voter Registration Crosscheck Program. The database is run through the Kansas secretary of state’s office and is aimed at flagging duplicate voter registrations across state lines. “I don’t see any reason why we should get out of that as a state,” the governor said at an unrelated appearance about gun control.
The Michigan Supreme Court on Wednesday heard arguments about whether voters in November should be able to pass a constitutional amendment that would change how the state’s voting maps are drawn or whether such changes could only be adopted at a rarely held constitutional convention. The proposed ballot measure would empower an independent commission to draw congressional and legislative districts every decade instead of the Legislature, which is now controlled by the Republicans. It is a bid to stop partisan gerrymandering, which critics say hurts democracy and denies citizens fair representation.
A Virginia-based political campaign and robocalling company Robocent left hundreds of thousands of voter records on a public, exposed and unprotected Amazon S3 bucket. This year has already seen a lineup of attempted attacks on local elections and campaigns, but this news comes less than a week after the indictment of 12 Russian officials for meddling in the 2016 US presidential election. According to an 18 July blog post by Bob Diachenko, head of communications at Kromtech Security, Robocent’s self-titled bucket was reportedly “indexed by GrayhatWarfare, a searchable database where a current list of 48,623 open S3 buckets can be found. Repository contained both audio files, with pre-recorded political messages for robocalls dials (*.mp3, *.wav), and voter data (*.csv, *.xls files).”
Cambodia: Election monitoring groups in Cambodia headed by Prime Minister’s son, ‘ambassador’ | Reuters
Three of the groups approved to monitor Cambodia’s election have close ties to Prime Minister Hun Sen, one headed by his son and the other two led by a man who was appointed by the Southeast Asian country’s strongman ruler as a “goodwill ambassador”. Cambodia heads to the polls on July 29 for an election criticized by the United Nations and Western countries as fundamentally flawed after the dissolution of the main opposition Cambodia National Rescue Party (CNRP) and imprisonment of its leader, Kem Sokha, last year. The United States and the European Union responded to the crackdown by withdrawing financial support and monitors from the election, a step followed by independent local and international NGOs that had overseen previous elections.
Hong Kong is taking unprecedented steps to ban a pro-independence party, in the government’s strongest action yet against the movement pushing for separation from China. Police on Tuesday delivered documents to the Hong Kong National party founder, Andy Chan Ho-tin, detailing their recommendations to the city’s secretary of security that the group halt operations. The development marks the first time since the former British colony’s return to Chinese rule in 1997 that it has sought to outlaw a political organisation. A letter addressed to Chan said security officials believed the party should be shut down “in the interests of national security or public safety, public order or the protection of the rights and freedoms of others”, according to photos of the documents posted on the group’s Facebook page.
Accusations of military interference, encroaching extremism and a series of deadly attacks have cast an alarming shadow over Pakistan’s hopes for a rare democratic transition of power in next week’s election. Observers have slammed “blatant” attempts to manipulate the ballot, which will see the brother of a recently jailed three-time prime minister face off against a former World Cup-winning cricketer for leadership of the nuclear-armed nation, whose short history is peppered by coups and assassinations. A series of deadly attacks in mid-July has further darkened the mood, denting optimism over hard-won security for the country of 207 million.
When Robert G. Mugabe stepped down as Zimbabwe’s president last fall, jubilant citizens poured into the streets of Harare, the capital, hoping that the end of his 37-year rule would lead to competitive multiparty elections and the revival of a moribund economy. But as campaigning intensifies ahead of elections on July 30 — the first without Mr. Mugabe’s name on the ballot since independence in 1980 — the ex-president’s heavy legacy hangs over the country. The political party Mr. Mugabe led for decades is now represented by Emmerson Mnangagwa, a former vice president who has been accused of organizing brutal repression during Mr. Mugabe’s rule. The opposition has been fractured and weakened after the death this year of its longtime leader, Morgan Tsvangirai, who challenged Mr. Mugabe in successive elections in 2002, 2008 and 2013.