Bianca Lewis, 11, has many hobbies. She likes Barbie, video games, fencing, singing… and hacking the infrastructure behind the world’s most powerful democracy. “I’m going to try and change the votes for Donald Trump,” she tells me. “I’m going to try to give him less votes. Maybe even delete him off of the whole thing.” Fortunately for the President, Bianca is attacking a replica website, not the real deal. She’s taking part in a competition organised by R00tz Asylum, a non-profit organisation that promotes “hacking for good”. Its aim is to send out a dire warning: the voting systems that will be used across America for the mid-term vote in November are, in many cases, so insecure a young child can learn to hack them with just a few minute’s coaching.
Let’s get the fish in the barrel out of the way. Voatz are a tech startup whose bright idea was to disrupt democracy by having people vote on their phone, and store the votes on, you guessed it, a blockchain. Does this sound like a bad idea? Welp. It turned out that they seemed awfully casual about basic principles of software security, such as not hard-coding your AWS credentials. It turned out that their blockchain was an eight-node Hyperledger install, i.e. one phenomenologically not especially distinguishable from databases secured by passwords. They have been widely and justly chastised for these things. But they aren’t what’s important.
National: Two-Minute Hack Shows How Easy It Is To Gain Admin Access On An Elections Voting Machine | wccftech
Once again at the Defcon cybersecurity conference in Las Vegas on Friday, hackers posed how easy it is to break into the election voting machines. At the conference, officials from the US Department of Homeland security were present to learn about the problems of the election security. Seemingly, there’s another two-minute hack which will allow anyone to physically gain admin access on a voting machine. It’s definitely alarming for the forthcoming elections. So let’s dive in to see some more details on the hack and how it is performed. Rachel Tobac shared a video on Twitter, showing how she gained physical admin access in less than two minutes. It required no tools and the operation does not require any hardcore hacking techniques. At this point, with hacking options as easy as this, these attacks threaten trust in politics and even leadership to a greater scale. These loopholes can possibly allow alterations being made to the final count, which of course, does make a lot of difference.
As hackers sit down to break into dozens of voting machines here in Las Vegas this weekend, some state and local election officials that have flown in to witness the spectacle at one of the world’s largest hacking conventions are becoming increasingly concerned about another threat to November’s midterm elections: information warfare. Organizers of a “voting village” at the annual Def Con hacker convention have packed a conference room at Caesars Palace with voting machines and have asked civically-curious hackers to wreak havoc. The event, now in its second year, is supposed to demonstrate vulnerabilities in America’s vast election infrastructure. After a few hours on Friday, one hacker was essentially able to turn a voting machine into a jukebox, making it play music and display animations. While such hacks are a cause of concern for election officials, they are increasingly looking beyond the threats against traditional election infrastructure like voting machines and voting databases and more to the threat of disinformation. What, some of them ask, if they fall victim to a coordinated information warfare campaign?
Hackers at the Defcon computer security conference believe they can help prevent manipulation of U.S. elections. Some election officials and makers of voting machines aren’t so sure. That tension was front and center at Defcon’s second-annual Voting Village, where computer hackers are invited to test the security of commonly used election machines. Organizers see the event as an early test of U.S. election security and a counterpunch to potential outside interference. On the first day of the event, which runs through Sunday, hackers were able to swap out software, uncover network plug-ins that shouldn’t have been left working, and uncover other ways for unauthorized actors to manipulate the vote. These hacks can root out weaknesses in voting machines so that vendors will be pressured to patch flaws and states will upgrade to more secure systems, organizers say. … “You want companies to be building more secure products, but at the same time the public doesn’t necessarily know the full picture,” Ms. Manfra said. “If all you are saying is, ‘Look, even a kid can hack into this’, you’re not getting the full story, which can have the impact of having the average voter not understanding what is going on.”
Def Con, one of the world’s largest security conventions, served as a laboratory for breaking into voting machines on 10 August, extending its efforts to identify potential security flaws in technology that may be used in the November US elections.Hackers will continue to probe the systems over the weekend in a bid to discover new vulnerabilities, which could be turned over to voting machine makers to fix.The three-day Las Vegas-based “Voting Village” also aimed to expose security issues in digital poll books and memory-card readers. “These vulnerabilities that will be identified over the course of the next three days would, in an actual election, cause mass chaos,” said Jake Braun, one of the village’s organizers. “They need to be identified and addressed, regardless of the environment in which they are found.”
Some bathrooms have signs urging people to wash their hands. But at the Democratic National Committee, reminders hanging in the men’s and women’s restrooms address a different kind of hygiene. “Remember: Email is NOT a secure method of communication,” the signs read, “and if you see something odd, say something.” The fliers are a visible symptom of an increased focus on cybersecurity at the DNC, more than two years after hackers linked to the Russian military looted the committee’s computer networks and inflamed the party’s internal divides at the worst possible time for Hillary Clinton. But the painful lessons of 2016 have yet to take hold across the campaign world — which remains the soft underbelly for cyberattacks aimed at disrupting the American political process.
National: Election officials say money, training needed to improve security | Las Vegas Review-Journal
Regional U.S. election officials attending a hacker conference Friday in Las Vegas said they need more money and training to enhance cybersecurity of their election infrastructure. The thousands of local election officers around the U.S. have neither the cyber-knowledge nor resources to stand up to attacks from adversarial nations and need the support of state and federal governments, they said. But they warned that focusing too much on the vulnerabilities could backfire by undermining citizens’ confidence in the system. “There has never been such a spotlight and emphasis (on election hacking) as there has been since 2016. That is our new reality,’’ California Secretary of State Alex Padilla told an audience attending the annual Defcon computer security conference at Caesars Palace. “If it gets into the mind of anybody that maybe my vote isn’t going to matter, so why should I go vote — that is a form of voter suppression,” he said.
This election day, US officials are hoping for a vote of confidence on cybersecurity. Hackers at the Defcon cybersecurity conference in Las Vegas on Friday took on voting machines again, after showing how easy it was to break into election machines at last year’s gathering. This time around, officials from the US Department of Homeland Security were on hand to learn directly from hackers who find problems with election security. “We’ve been partners with Defcon for years on a lot of various different issues, so we see a lot of value in doing things like this,” Jeanette Manfra, the DHS’s top cybersecurity official, said at Defcon. In her speech, Manfra invited hackers at Defcon to come find her after to talk more about election security. “We’d love it if you worked for us, we’d love it if you worked with us,” she said.
Four lawmakers on the powerful House Intelligence Committee, including two Republicans, are introducing legislation to help states secure the nation’s digital election infrastructure against cyberattacks following Russian interference in the 2016 election. The bill, which is a companion to a measure in the upper chamber spearheaded by Sens. James Lankford (R-Okla.) and Amy Klobuchar (D-Minn.), is a direct response to the effort by Moscow’s hackers to target state websites and other systems involved in the electoral process in the run-up to the 2016 vote. “Although the Russian government didn’t change the outcome of the 2016 election, they certainly interfered with the intention of sowing discord and undermining Americans’ faith in our democratic process,” said Rep. Tom Rooney (R-Fla.) in a statement Friday. “There’s no doubt in my mind they will continue to meddle in our elections this year and in the future.”
National: Voting Rights Advocates Used to Have an Ally in the Government. That’s Changing. | The New York Times
A new voter ID law could shut out many Native Americans from the polls in North Dakota. A strict rule on the collection of absentee ballots in Arizona is being challenged as a form of voter suppression. And officials in Georgia are scrubbing voters from registration rolls if their details do not exactly match other records, a practice that voting rights groups say unfairly targets minority voters. During the Obama administration, the Justice Department would often go to court to stop states from taking steps like those. But 18 months into President Trump’s term, there are signs of change: The department has launched no new efforts to roll back state restrictions on the ability to vote, and instead often sides with them. Under Attorney General Jeff Sessions, the department has filed legal briefs in support of states that are resisting court orders to rein in voter ID requirements, stop aggressive purges of voter rolls and redraw political boundaries that have unfairly diluted minority voting power — all practices that were opposed under President Obama’s attorneys general.
A group is suing two red states and two blue states to change the Electoral College system. Former Massachusetts Gov. William Weld, Harvard Law professor Lawrence Lessig and David Boies, who served as former Vice President Al Gore’s lawyer in Bush v. Gore, make up the group according to the Boston Globe. The group is suing two predominantly Democratic states (California and Massachusetts) and two predominantly Republican states (Texas and South Carolina.) They argue the winner-take-all format of the Electoral College disenfranchises numerous voters and that it violates the principle of “one person, one vote.” Boies said the Electoral College system leads to candidates only campaigning to certain groups of voters and ignoring others.
Arizona: Judge to decide legality of Arizona law prohibiting collection of mail-in ballots | Arizona Daily Star
Attorneys for a Democratic activist told a federal judge Friday that there is a legal and constitutional right for her and others to deliver someone else’s ballot to polling places. And Spencer Scharff asked Judge Douglas Rayes to immediately quash the law and allow what’s known as “ballot harvesting” to once again be legal in time for the Aug. 28 primary. Scharff argued that federal law specifically allows individuals to deliver “mail” — and essentially compete with the U.S. Postal Service — as long as they don’t charge for the service. In these cases, he told Rayes, people like his client, Rivko Knox, who have been collecting early ballots for years, are doing that simply as a service.
California: Software incompatibilities cited in review of missing Los Angeles County voter names | Los Angeles Times
Los Angeles County’s election software was unable to process a formatting change in state voter data, contributing to 118,500 names being omitted from eligible-voter rosters on election day in June, according to an executive summary of an independent review released Wednesday. There was no evidence of a security breach, the summary said. The county paid IBM Security Services $230,000 to investigate the foul-up, which officials said affected roughly 2.3% of registered voters across the county and 35% of voting locations. L.A. County elections chief Dean Logan said in June that the problem had no impact on voter eligibility and that poll workers were instructed on election day to give provisional ballots to people whose names did not appear on rosters. But the omissions prompted elected officials and civil rights groups to demand that the county review its election process.
Florida: An 11-year-old changed election results on a replica Florida state website in under 10 minutes | PBS
An 11-year-old boy on Friday was able to hack into a replica of the Florida state election website and change voting results found there in under 10 minutes during the world’s largest yearly hacking convention, DEFCON 26, organizers of the event said. Thousands of adult hackers attend the convention annually, while this year a group of children attempted to hack 13 imitation websites linked to voting in presidential battleground states. The boy, who was identified by DEFCON officials as Emmett Brewer, accessed a replica of the Florida secretary of state’s website. He was one of about 50 children between the ages of 8 and 16 who were taking part in the so-called “DEFCON Voting Machine Hacking Village,” a portion of which allowed kids the chance to manipulate party names, candidate names and vote count totals.
Florida: Facebook Fight Over Florida Felon Voting Rights Restoration Ends in Shooting | Associated Press
A political argument on Facebook led to a 44-year-old Florida man driving to the home of a stranger he’d been arguing with and shooting and wounding him. Now Brian Sebring faces felony charges of aggravated battery with a deadly weapon and carrying a concealed gun. Sebring told the Tampa Bay Times he “just snapped and let primal rage take over” when he left work early on Monday, went home to get his gun and headed to the home of Alex Stephens. Sebring and Stephens, 46, had never met, though they live in the same neighborhood. “I’m not a bad guy,” Sebring told the newspaper, “but I mean, this guy threatened to hurt my family, and I went off the deep end.” Sebring said he’s probably going to see a therapist now because it scares him that “I could lose my temper like that and do something so stupid.”
In the fall of 2016, as reports of Russian-backed hacking of state election systems were surfacing, Georgia’s Secretary of State, Brian Kemp, rejected federal offers of help to secure his state’s voting systems. “The question remains whether the federal government will subvert the Constitution to achieve the goal of federalizing elections under the guise of security,” Kemp told a technology website. Now, Kemp is the Republican nominee to be Georgia’s next governor, and in another election season where cyber-attacks are in the air, his record securing the state’s elections is becoming a campaign issue. This past week, the Georgia Democratic Party called for Kemp’s resignation, citing in part his response to Russian-backed hacking attempts of state voting systems in 2016.
Local officials spread across Kansas’ 105 counties will exercise an incredible amount of power this week when they determine whether thousands of ballots should count in the closest primary race for governor in Kansas history. The roughly 9,000 provisional ballots, awaiting rulings from county officials across the state, will likely decide whether Gov. Jeff Colyer or Secretary of State Kris Kobach emerges as the GOP’s standard-bearer in the fall. More than 40 percent of the provisional ballots were cast in the state’s two most populous counties, Johnson and Sedgwick. The ballots have the power to swing the Kansas race in Colyer’s favor or solidify a victory for Kobach. Kobach’s role as the state’s chief election official has heightened the scrutiny of the vote-counting process in the contentious race. After a backlash this week, Kobach announced Friday that Assistant Secretary of State Eric Rucker will oversee the process in his stead.
Kentucky: State wants to replace voting machines. Some counties aren’t sure why | Louisville Courier Journal
In November, Kentuckians in 22 counties will cast their votes on electronic voting machines that were broken into in less than two days at the annual DEFCON hackers conference last year. Secretary of State Alison Lundergan Grimes said the state Board of Elections is coordinating with county officials to build hacker-proof voting systems, making use of nearly $6 million it received from Washington D.C. in March when Congress authorized a $380 million state grant program for election security following concerns about election fraud in the 2016 election. The Kentucky Board of Elections set aside the majority of that money — $4.6 million — to upgrade electronic voting machines across Kentucky to paper-trail machines, which experts say are less susceptible to hacking and can be audited to detect fraud. Grimes said she hopes to have the updated equipment in place in time for the 2020 election.
With the contract lucrative and available only once every decade or two, vendors were expected to aggressively fight for Louisiana’s contract to replace thousands of voting machines. But the latest search for a company to provide Louisiana’s voting equipment attracted more than just intense competition, also drawing allegations the secretary of state’s office mishandled parts of the bid process and attempted to manipulate the outcome for the winning bidder. The questions of impropriety come at the worst time for Secretary of State Kyle Ardoin, the state’s chief elections official. Ardoin, a Baton Rouge Republican who took over the job after a sexual harassment scandal ousted his boss Tom Schedler, is running for the elected position on the Nov. 6 ballot.
Michigan: Wayne County Board of Canvassers will dig into election night website issues | Michigan Radio
The Wayne County Board of Canvassers wants to know what went wrong with the county’s election website during last week’s primary. The board is expected to meet Monday with the CEO of ElectionSource, the Grand Rapids-based company that runs the county’s election results reporting website, to try and get answers. As returns started coming in Tuesday night, it was clear the website was having problems. Some initial results were reported incorrectly, causing inexplicable fluctuations and leading many to doubt whether the numbers could be trusted at all. And the website shut down altogether for several hours during the night, before coming back online Wednesday morning. County elections officials insist the vote count was always accurate. ElectionSource blamed the problems on software glitches that resulted from too-large data files, and too much web traffic overwhelming data uploads.
Two newly revealed flaws in the Australian Capital Territory (ACT) electronic voting systems could have allowed voters to be linked to their votes, breaking the core democratic concept of the secret ballot. The vulnerabilities were disclosed in a detailed technical write-up on Monday by independent security researcher T Wilson-Brown, who originally discovered and confirmed the flaws in early January. Elections ACT had agreed in March to public disclosure on April 9, but on April 10 it pulled out. Four months later, Wilson-Brown has published them, to allow time for changes to be made before the next ACT election in 2020. The first vulnerability stems from Elections ACT publishing online the individual, and their preference allocations under the ACT’s preferential voting system, for later analysis.
Millions of Malians are voting in an unprecedented runoff presidential election that has been overshadowed by widespread allegations of fraud and the threat of Islamist extremist violence. The current president, Ibrahim Boubacar Keïta, is the favourite, having won 41% of the vote in the first round two weeks ago while the challenger, Soumaïla Cissé, took only 18%. Extra security forces have been deployed after about 250,000 people, 3% of the electorate, were unable to vote because of insecurity during the first round. Armed attacks and other incidents were recorded at about a fifth of polling stations. Mali is key in the battle against Islamic extremism in the Sahel region and and is central to efforts to restrict illegal immigration to Europe.
United Kingdom: Ministers urged to abandon Voter ID as rollout at general election estimated to cost up to £20m | The Independent
Ministers are facing calls to ditch plans for nationwide voter ID checks as it emerged introducing them at a general election could cost up to £20m – even though there were only 28 cases of polling station impersonations alleged in 2017. The government has been urged to abandon the contentious proposals, with the Electoral Reform Society (ERS) pointing out that at this rate, the cost could equate to £700,000 per fraud allegation. Labour has claimed the moves are in danger of locking people out of the democratic process, and critics fear it could disproportionately affect ethnic minorities and the poorest.
Zimbabwe’s main opposition leader, Nelson Chamisa, filed a court challenge on Friday against President Emmerson Mnangagwa’s election victory, halting Mnangagwa’s planned Sunday inauguration. The first election since Robert Mugabe was forced to resign after a coup in November had been expected to end Zimbabwe’s pariah status and launch an economic recovery but post-election unrest has reminded the country of its violent past. Chamisa’s lawyer Thabani Mpofu said he had asked the Constitutional Court to nullify the July 30 vote and that his court application meant Mnangagwa’s swearing-in had been halted.