Editorials: I Just Hacked a State Election. I’m 17. And I’m Not Even a Very Good Hacker. | River O’Connor/Politico

It took me around 10 minutes to crash the upcoming midterm elections. Once I accessed the shockingly simple and vulnerable set of tables that make up the state election board’s database, I was able to shut down the website that would tally the votes, bringing the election to a screeching halt. The data were lost completely. And just like that, tens of thousands of votes vanished into thin air, throwing an entire election, and potentially control of the House or Senate—not to mention our already shaky confidence in the democratic process itself—into even more confusion, doubt, and finger-pointing. I’m 17. And I’m not even a very good hacker. I’ve attended the hacking convention DEF CON in Las Vegas for over five years now, since I was 11 years old. While I have a good conceptual understanding of how cyberspace and the internet work, I’ve taken only a single Python programming class in middle school. When I found out that the Democratic National Committee was hosting a security competition for kids and teens, however, my interest in politics fed into curiosity about how easy it might be to mess with a U.S. election. Despite that limited experience, I understood immediately when I got to Las Vegas this year why the professionals tend to refer to state election security as “child’s play.”

National: Election integrity advocates protest security bill changes | Politico

The version of the Senate’s major election security bill that the Rules Committee marks up this week will not require states to conduct post-election audits using paper records, a major blow to election integrity advocates who are now sharply criticizing the bill. The chairman’s mark of the Secure Elections Act, S. 2593 (115), “would allow for and validate audits of electronic ballot images, which are just plain worthless as a safeguard against cyberattacks,” Susan Greenhalgh, policy director at the National Election Defense Coalition, told MC. Voting system vendors, which encourage local election officials to buy electronic systems, tout the supposed auditability of their digital ballots, despite cybersecurity experts nearly unanimously warning against electronic audits. “This sort of audit would be very appealing to election officials,” Greenhalgh said of the weakened provision, “as it would eliminate the need for extensive ballot manifests and tracking of paper ballots.”

National: Russian hackers targeting more US political groups, Microsoft says | The Guardian

Microsoft says it has uncovered new Russian hacking attempts targeting US political groups before the midterm elections. The company said a group linked to the Russian government created fake internet domains that appeared to spoof two US conservative organisations: the Hudson Institute and the International Republican Institute. Three other fake domains were designed to look as if they belonged to the Senate. Microsoft did not offer any further description of the fake sites. The revelation came just weeks after a similar Microsoft discovery led the senator Claire McCaskill, a Missouri Democrat who is running for re-election, to reveal that Russian hackers tried unsuccessfully to infiltrate her Senate computer network.

Editorials: Election Security Bill Without Paper Records and Risk Limiting Audits? No Way. | Electronic Frontier Foundation

The Senate is working on a bill to secure election infrastructure against cybersecurity threats, but, unless amended, it will widely miss the mark. The current text of the Secure Elections Act omits the two most effective measures that could secure our elections: paper records and automatic risk limiting audits. Cybersecurity threats by their very nature can be stealthy and ambiguous. A skillful attack can tamper with voting machines and then delete itself, making it impossible to prove after the fact that an election suffered interference. Paper records ensure that it is possible to detect and quickly correct for such interference. Automatic audits ensure that such detection actually happens.

Arizona: ACLU lawyers file suit over Arizona voter address updates | Associated Press

Voting rights organizations are suing Arizona Secretary of State Michele Reagan over concerns that her office isn’t updating voters’ addresses. The American Civil Liberties Union of Arizona on Monday announced the lawsuit from multiple voter rights organizations including the League of Women Voters of Arizona. They’re concerned that Reagan’s office doesn’t update voter registration information when someone changes their address on their driver’s license. Reagan’s office last week rejected a request from the ACLU to change more than 500,000 voter registration addresses to what is listed on driver’s licenses. She cited concerns about a lack of voters’ consent. Instead, she says her office has coordinated with the Arizona Department of Transportation to make those changes next year.

Georgia: Too late to switch to paper ballots, officials say | McClatchy

County election officials across Georgia say it’s too late to switch to paper ballots in the upcoming elections, despite warnings that hackers could easily penetrate the state’s antiquated electronic voting system and that Russia could unleash a new wave of disruptive cyberattacks. U.S. District Judge Amy Totenberg is expected to rule any day on whether the state must switch to old-fashioned paper ballots. Her ruling would come in response to a year-old lawsuit by citizen activists. They argue that the state’s current system of relying on electronic voting machines that lack a paper backup is “hopelessly compromised” and paper ballots are necessary to ensure public confidence in the results. Georgia is just one of many states dealing with the fallout of the U.S. intelligence agencies’ conclusion that Russia worked to influence the 2016 campaign and has compromised — or tried to compromise — state election systems across the country to disrupt the 2018 midterms elections. But interviews and court statements from Republican and Democratic county officials and from state election officials drew the same response: It’s just too late to make the switch.

Illinois: Governor Blocks Bill To Tell People With Criminal Histories About Their Voting Rights | HuffPost

Illinois Gov. Bruce Rauner (R) blocked legislation on Friday that would have required corrections officials throughout the state to help people detained in jails and prisons understand whether they can vote. The bill would have required election and corrections officials to offer ballots to people being detained in jail prior to their trials who want to vote. It would have also required corrections officials to provide voter registration forms to people being released from jail and information about voting rights to those leaving prison. The bill was meant to reduce the confusion about voting rights that contributes to voter disenfranchisement. People detained in jails often have no idea they are eligible to vote, let alone how to request a ballot to do so. The policies governing whether felons can vote when they are released from prison vary widely from state to state. Offenders, as well as parole officers and other corrections officials, can easily be confused about who has the right to vote.

Indiana: New campaign to increase awareness of Indiana voting security launched | Wash Times Herald

If the Indiana election system were human, it would be the “healthiest 200-year-old you’ll ever find,” according to a radio ad released Monday by the office of Secretary of State Connie Lawson. The audio is part of a $500,000 campaign by Lawson’s office in partnership with an Indianapolis marketing firm to increase public awareness around cybersecurity, voting and the relationship between the two ahead of the Nov. 6 general election. “In Indiana, the security of our voting system is of the utmost importance. This public awareness campaign demonstrates to voters that proper precautions are in place to secure their vote,” Lawson said in the campaign announcement. “We take great care to prepare our election administrators for each cycle, and in partnership with counties, other states, and the federal government we are developing new answers to security concerns and election policy.”

Louisiana: Dominion, winner of Louisiana voting machine contract was low bidder | Associated Press

The up to $95 million price tag estimated by the company chosen for Louisiana’s lucrative voting machine replacement contract may have caused a bit of sticker shock, but the projection remains tens of millions of dollars cheaper than plans pitched by the two losing bidders. Financial proposals by vendors who weren’t chosen ranged from $115 million to nearly $160 million for the work, according to bid evaluation documents obtained by The Associated Press. Still, the cost projections submitted by the low-bidder that won the award, Dominion Voting Systems, remains at least $50 million or more higher than the money set aside for the work. Final terms — and a final price tag — for the contract remain to be negotiated.

Maryland: A Russian Oligarch Bought Maryland’s Election Vendor. Now These Senators Are Questioning the Rules | Roll Call

Maryland’s Democratic senators want a Senate committee to require disclosures of foreign investments in U.S. election systems, an alarm bell set off by a Russian oligarch’s connection to their state’s voter registration system. The request to the Rules and Administration Committee comes from Sen. Benjamin L. Cardin and Sen. Chris Van Hollen. Van Hollen is also the chairman of the Democratic Senatorial Campaign Committee. The Maryland senators have been alarmed by a Russian oligarch’s investment connection to ByteGrid LLC, which handles the Old Line State’s voter registration database and candidate management operations. “As the Rules Committee prepares to mark up the Secure Elections Act, we respectfully request that you sponsor an amendment requiring that an election infrastructure vendor submit a report to the Chair of the [Election Assistance Commission] and the Secretary of [the Department of Homeland Security] identifying any foreign national that directly or indirectly owns or controls the vendor, as well as any material change in ownership resulting in ownership or control by a foreign national,” Cardin and Van Hollen wrote Monday.

South Carolina: What is South Carolina doing to keep 2018 election from being hacked? | The State

If the Russians show up again this election season, South Carolina wants to be ready. Earlier this month, election officials from all 46 counties sat down with federal officials from the FBI and the Department of Homeland Security to plan possible responses to election hacking attempts in the run-up to November’s election. It was the first time federal law enforcement agencies have led such a statewide training exercise, playing out different scenarios on how malicious actors could try to break into South Carolina’s election system ahead of November. … A lawsuit filed last month says the machines are so dysfunctional that they violate the right to vote for citizens.

Australia: Want to hack the Western Australia government? Try ‘Password123’ | Computerworld

A staggering 60,000 out of 234,0000 active accounts at a range of WA government agencies were potentially at risk of a dictionary attack due to their weak passwords, a review by the state’s auditor general has found. The state’s auditor general today upheld a venerable WA government information security tradition, slamming agencies for poor practices when it came to passwords and other protective measures. For the report, the WA Office of the Auditor General obtained encrypted password data from 23 Active Directory environments across 17 agencies. Using a selection of password dictionaries it found that tens of thousands of users had chosen weak passwords including “Password123” (1464 accounts), “password1” (813), “password” (184), “password2” (142) and “Password01” (118). “‘After repeatedly raising password risks with agencies, it is unacceptable that people are still using Password123 and abcd1234 to access critical agency systems and information,” said Western Australia’s auditor general, Caroline Spencer.

Mali: Constitutional court upholds election results | Associated Press

Mali’s constitutional court on Monday confirmed the re-election of President Ibrahim Boubacar Keita to a second five-year term. The court said Keita received 67 percent of the Aug. 12 runoff vote, beating opposition leader Soumaila Cisse who received more than 32 percent. There was a 34 percent voter turnout, the constitutional court said, with more than 2.7 million Malians having voted despite threats by extremist groups. Constitutional Court President Manassa Danioko rejected motions filed by the opposition party last week against results. He said there is not enough evidence of fraud to nullify the results. Keita is to be inaugurated Sept. 4 for his second and final term.

Sweden: International observers to monitor Swedish election for first time | The Local

For the first time in a Swedish election, observers from the Organization for Security and Cooperation in Europe (OSCE) will be present in the country to oversee the vote, according to reports in Swedish media. “This is the first time we have had any form of mission or observation activity in Sweden for an election,” the organization’s spokesperson Thomas Rymer told Sveriges Radio. The decision was made following discussions with politicians, representatives of the Swedish media, and some of those involved in organizing the election.

Zimbabwe: Regional leaders call for calm ahead of Zimbabwe poll ruling | AFP

Southern African leaders on Saturday called for calm in Zimbabwe as the country awaits a Constitutional Court hearing on President Emmerson Mnangagwa’s disputed election victory. The main opposition the Movement for Democratic Change (MDC) has accused the ruling Zanu-PF party and the election commission of fraud in the July 30 vote, the first in Zimbabwe since Robert Mugabe’s ouster in November. The Southern African Development Community (SADC) in a statement at the close of its two-day summit in Namibia, urged Zimbabweans to “remain calm while the legal processes regarding the outcome of the elections are being considered by the courts and to respect the will of the people”.