Archives

National: Defcon Voting Village report: bug in one system could “flip Electoral College” | Ars Technica

Today, six prominent information-security experts who took part in DEF CON’s Voting Village in Las Vegas last month issued a report on vulnerabilities they had discovered in voting equipment and related computer systems. One vulnerability they discovered—in a high-speed vote-tabulating system used to count votes for entire counties in 23 states—could allow an attacker to remotely hijack the system over a network and alter the vote count, changing results for large blocks of voters. “Hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election,” the authors of the report warned.

Full Article: Defcon Voting Village report: bug in one system could “flip Electoral College” | Ars Technica.

Iraq: Voting begins to elect new parliament in Iraq’s Kurdistan | AFP

Iraqi Kurds voted on Sunday for a new parliament in their autonomous region, which is mired in an economic crisis a year after an independence referendum that infuriated Baghdad. Almost 3.1 million voters were eligible to cast ballots across three provinces in the northern region, where 673 candidates from 29 political movements contested seats in the 111-member parliament. Polling closed as scheduled at 1500 GMT and the results are expected within 72 hours. The vote passed off with only minor incidents such as gunmen trying to vote without the necessary papers. The electoral commission gave an official turnout of 58 percent of registered voters in Arbil, the regional capital and one of the three provinces which make up Iraqi Kurdistan.

Full Article: Iraqi Kurds vote for new parliament.

National: DEF CON hackers’ dossier on US voting machine security is just as grim as feared | The Register

Hackers probing America’s electronic voting systems have painted an astonishing picture of the state of US election security, less than six weeks before the November midterms. The full 50-page report [PDF], released Thursday during a presentation in Washington DC, was put together by the organizers of the DEF CON hacking conference’s Voting Village. It recaps the findings of that village, during which attendees uncovered ways resourceful miscreants could compromise electoral computer systems and change vote tallies. In short, the dossier outlines shortcomings in the electronic voting systems many US districts will use later this year for the midterm elections. The report focuses on vulnerabilities exploitable by scumbags with physical access to the hardware. “The problems outlined in this report are not simply election administration flaws that need to be fixed for efficiency’s sake, but rather serious risks to our critical infrastructure and thus national security,” the report stated. “As our nation’s security is the responsibility of the federal government, Congress needs to codify basic security standards like those developed by local election officials.”

Full Article: DEF CON hackers' dossier on US voting machine security is just as grim as feared • The Register.

National: Hackers warn about election security ahead of midterms | CNN

The vulnerabilities in America’s voting systems are “staggering,” a group representing hackers warned lawmakers on Capitol Hill on Thursday — just over a month before the midterm elections. The findings are based on a project at the Voting Village at the Def Con hacking conference held in Las Vegas last month, where hackers were invited to attempt to break into voting machines and other equipment used in elections across the country. The hacking group claims they were able to break into some voting machines in two minutes and that they had the ability to wirelessly reprogram an electronic card used by millions of Americans to activate a voting terminal to cast their ballot. “This vulnerability could be exploited to take over the voting machine on which they vote and cast as many votes as the voter wanted,” the group claims in the report.

Full Article: Hackers warn about election security ahead of midterms - WISC.

National: Questions on Pompeo’s certainty about secure midterms | Politico

Secretary of State Mike Pompeo on Wednesday said there was “no question” the U.S. midterm elections would be safe from foreign interference, a level of certitude that is … shall we say, not widely shared? “That’s a dangerous level of confidence for someone in that position to have,” Alex Halderman, a University of Michigan computer science professor at the forefront of the election security debate, told MC. Halderman said that perhaps intelligence sources might not see any indications of foreign planning to further disrupt elections, but “frankly, you don’t know what you don’t know.” Democratic Rep. Mike Quigley said this about Pompeo: “I wish I could be so confident.” Robert Johnston, credited with discovering the DNC hack while working at CrowdStrike and now CEO of Adlumin, told MC there are already signs Russia has interfered in the 2018 races. Some of the suspect incidents have surfaced in California’s congressional races and the U.S. Senate.

Full Article: Questions on Pompeo’s certainty about secure midterms - POLITICO.

California: Los Angeles County Supervisors Approve Investigation For Voter Registration ‘Errors’ | KHTS

The board unanimously approved a motion by Supervisor Kathryn Barger calling for an investigation into voter registration errors as a result of the new “motor voter” program managed by the California Department of Motor Vehicles. Created by the Motor Voter Act of 2015 and implemented in April 2018, the program automatically registers any eligible voters who apply for a driver’s license or identification card and transmits this data to the county where that person lives unless the individual specifically declines to participate. The state reported that 23,000 instances of voter registration errors occurred between mid-April and early August. The “motor voter” program has experienced other implementation issues as well, with 77,000 voter records allegedly being misreported in May by the DMV, according to officials.

Full Article: Los Angeles County Supervisors Approve Investigation For Voter Registration ‘Errors’.

Mississippi: Hackers attempt cyber attacks on state voting system | WMC

How safe is the ballot you will be casting during the November 6 election? Secretary of State Delbert Hosemann maintains that your ballot will be safe from hackers, but he reveals that there are thousands of attempts each month to try to penetrate the Statewide Election Management System. In the past few weeks, the agency that oversees elections reports that hackers have attempted to get into the systems of circuit clerks and election commissioners. “They are sending out emails to my circuit clerks and my election commissioners telling them to open this invoice from a former employee who’s no longer employed here,” said Hosemann. “So I will tell you that’s the level of attempts we have going on.”

Full Article: Hackers attempt cyber attacks on state voting system.

Missouri: Testimony ends in voter ID lawsuit | New Tribune

Closing arguments will be Monday in the lawsuit challenging Missouri’s current voter ID law, after the state presented its final witness Wednesday. Cole County Senior Judge Richard Callahan is being asked to rule on the plaintiffs’ claim that Missouri’s new voter ID law conflicts with existing constitutional language that says people who are properly registered to vote “are entitled” to vote at all elections. The new law went into effect July 1, 2017, after voters in November 2016 added language to the state Constitution saying lawmakers could pass a law specifying the kinds of identification a voter would need to show at the polls before casting a vote.

Full Article: Testimony ends in voter ID lawsuit | Central MO Breaking News.

Virginia: House panel backs GOP redistricting bill on party-line vote | Richmond Times-Dispatch

An attempt to find a bipartisan compromise on political redistricting culminated Thursday in a pair of party-line votes by a House of Delegates committee. It endorsed a new Republican plan, while killing a bill proposed by Democrats in a battle for control of the closely divided chamber before elections next year. The House Privileges and Elections Committee voted 12-10 to endorse a bill that Del. Chris Jones, R-Suffolk, introduced a day earlier, with a promise of some Democratic support. Jones said it was an effort to break an impasse in finding a legislative solution after a federal court found that 11 House districts were racially gerrymandered. Del. Kelly Convirs-Fowler, D-Virginia Beach, one of six Democrats whom Jones said he had approached for support, voted against the bill. She also voted against a move by the Republican-controlled panel to kill the Democratic redistricting plan that Del. Lamont Bagby, D-Henrico, had introduced on Aug. 30.

Full Article: Va. House panel backs GOP redistricting bill on party-line vote | State News | newsadvance.com.

Wisconsin: Studies find that photo ID is tied to lower turnout in Wisconsin | Wisconsin Gazette

With all of her necessary documentation, University of Wisconsin-Madison student Brooke Evans arrived at her polling place on Nov. 8, 2016, for the presidential election. For her, voting that day meant not only casting a ballot for the first female presidential candidate with a real shot of winning, but having a voice in a society in which homeless people such as herself were marginalized. The law requires Wisconsin residents to present certain forms of photo identification to vote but does not require that the ID have the voter’s current address. Such voters must provide proof of their current address — and that is where Evans ran into trouble. She eventually was able to cast a ballot using a campus address she herself had advocated for to help homeless students. Not only did Evans, as a college student, face increased obstacles under the voter ID law, her homelessness was another barrier — one that almost prevented her from exercising a fundamental right of citizenship. “I was just really surprised at the hassle I was given,” Evans said.

Full Article: Studies find that photo ID is tied to lower turnout in Wisconsin | News | wisconsingazette.com.

Afghanistan: Election campaigning kicks off amid violence, fraud claims | AFP

Campaigning for Afghanistan’s long-delayed parliamentary elections kicks off Friday (Sep 28), as a crescendo of deadly violence and claims of widespread fraud fuel debate over whether the vote will go ahead. More than 2,500 candidates will contest the Oct 20 poll, which is seen as a test run for next year’s presidential vote and a key milestone ahead of a UN meeting in Geneva where Afghanistan is under pressure to show progress on “democratic processes”. But preparations for the ballot, which is more than three years late, have been in turmoil for months, despite UN-led efforts to keep Afghan organisers on track.

Full Article: Afghan election campaigning kicks off amid violence, fraud claims - Channel NewsAsia.

Canada: Elections Canada preps for spring vote as MPs set deadline for new law | iPolitics

Canada’s Chief Electoral Officer has revealed that the federal elections agency intends to be ready for an election by next April, five months before the fixed election date for 2019. Chief Electoral Officer Stéphane Perrault outlined the timetable as he informed a Commons committee this week that a sweeping bill to overhaul the Canada Elections Act and upgrade cybersecurity would have to clear Parliament by December to give his office time to prepare. “For the next election, given the environment, I very much look forward to having this legislation passed,” Perrault told the Commons Standing Committee on Procedure and House Affairs, which began reviewing Bill C-76 last May.

Full Article: Elections Canada preps for spring vote as MPs set deadline for new law - iPolitics.

Congo: Leader Vows Elections to Proceed on Schedule in December | Bloomberg

Democratic Republic of Congo President Joseph Kabila vowed delayed elections to select his successor will take place as planned this year. Presidential and parliamentary votes have been delayed since 2016, after the electoral commission failed to organize them on time. The central African nation, which is the world’s largest cobalt producer, hasn’t had a peaceful transition of power since it gained independence from Belgium in 1960. “I reaffirm the irreversible character of holding the elections planned for the end of this year,” Kabila told the United Nations General Assembly on Tuesday. “Everything will be implemented in order to guarantee the peaceful and credible character of these polls.”

Full Article: Congo Leader Vows Elections to Proceed on Schedule in December - Bloomberg.

Iraq: After failed independence bid, disillusioned Iraqi Kurds vote for parliament | MEO

A year after a failed bid for independence, Iraq’s Kurds will be voting again on Sunday, this time in a parliamentary election that could disrupt the delicate balance of power in their semi-autonomous region. With opposition parties weak, the Kurdistan Democratic Party (KDP) and Patriotic Union of Kurdistan (PUK) are likely to extend their almost three decades of sharing power. But splits within the PUK present the possibility that Masoud Barzani’s KDP will take a dominant position in Kurdish politics, both in the regional capital Erbil and in the difficult formation of a federal government in Baghdad. The contentious referendum on independence in 2017, led by Barzani, promised to set Iraq’s Kurds on a path to a homeland.

Full Article: After failed independence bid, disillusioned Iraqi Kurds vote for parliament | MEO.

Latvia: How do you Russia-proof an election? Educate your voters, says Latvian official | CBC

Countering attempts by Russia and other actors to meddle in the democracies of other countries requires more than just stronger cyber defences and better election monitoring, Latvia’s deputy minister of defence said Thursday. It also demands stronger societies and better-informed citizens able to withstand an onslaught of disinformation, rumours and outright fabrications, said Janis Garisons in an interview Thursday with CBC News. Latvia, which has faced cyber attacks on its infrastructure and frequent disinformation campaigns for years, has learned a lot about how to protect itself, said Garisons. “Without general resilience in the long term, I think it will be very difficult to resist,” he said.

Full Article: How do you Russia-proof an election? Educate your voters, says Latvian official | CBC News.

Macedonia: President Urges Boycott Of Name Referendum | RFE/RL

President Gjorge Ivanov has called for voters to boycott an upcoming referendum on Macedonia’s name change, saying the country was being asked to commit “historical suicide.” “Voting in a referendum is a right, not an obligation,” Ivanov said on September 27 in a speech at the United Nations General Assembly. Macedonians are due to go to the polls on September 30 to vote on an agreement its new Socialist government led by Prime Minister Zoran Zaev reached with Greece this year to change the country’s name to North Macedonia. The name dispute between Skopje and Athens dates back to 1991, when Macedonia peacefully broke away from Yugoslavia, declaring its independence under the name Republic of Macedonia.

Full Article: Macedonian President Urges Boycott Of Name Referendum.

Nigeria: Opposition cries foul in Nigeria governorship runoff vote | AFP

Nigerian opposition parties cried foul late Thursday as the country’s electoral commission failed to publish official results for runoff governorship elections in the southwestern Osun state. The vote is the final major test before Nigerians elect a new president, parliament, governors, and state legislatures in February and March next year. Forty-eight candidates from different political parties contested the election last Saturday. But the leading candidates were Gboyega Oyetola from President Muhammadu Buhari’s ruling All Progressives Congress (APC) and Ademola Adeleke of the main opposition Peoples Democratic Party (PDP).

Full Article: Flash - Opposition cries foul in Nigeria governorship runoff vote - France 24.

National: Widely Used Election Systems Are Vulnerable to Attack, Report Finds | Wall Street Journal

Election machines used in more than half of U.S. states carry a flaw disclosed more than a decade ago that makes them vulnerable to a cyberattack, according to a report to be delivered Thursday on Capitol Hill. The issue was found in the widely used Model 650 high-speed ballot-counting machine made by Election Systems & Software LLC, the nation’s leading manufacturer of election equipment. It is one of about seven security problems in several models of voting equipment described in the report, which is based on research conducted last month at the Def Con hacker conference. The flaw in the ES&S machine stood out because it was detailed in a security report commissioned by Ohio’s secretary of state in 2007, said Harri Hursti, an election-security researcher who co-wrote both the Ohio and Def Con reports. “There has been more than plenty of time to fix it,” he said.

Full Article: Widely Used Election Systems Are Vulnerable to Attack, Report Finds - WSJ.

National: The dark web is where hackers buy the tools to subvert elections | CBS

Voter data and the digital weapons hackers use to subvert elections are bought and sold daily on a corner of the internet known as the dark web. It is a network of websites that is tough to access but functions much like the internet we use every day. You can buy everything from guns and drugs to botnets and ransomware. And cyber-criminals can purchase voter records and hacking tools.The dark web is not accessible using typical web browsers like Chrome or Safari. Instead, you are required to log on using a virtual private network, or VPN, and the Tor web browser. Tor is an acronym for “the onion router.” Every computer has an identifying IP address, and the Tor browser can help shield your machine’s location by sending info through several layers of servers.

Full Article: The dark web is where hackers buy the tools to subvert elections - CBS News.

National: FEC data shows candidates hit snooze button on hacker threat, saying defending cyberattacks is hard | McClatchy

With some 40 days remaining to the crucial midterm elections, signs of digital meddling in campaigns are mounting. But most candidates have spent little or nothing on cybersecurity, and say it’s too hard and expensive to focus on hacking threats with all the other demands of running for office. Only six candidates for U.S. House and Senate spent more than $1,000 on cybersecurity through the most recent Federal Election Commission filing period. Yet those who monitor intrusions and digital mayhem say hackers are active. And various reports cite at least three candidates still in races or ousted in primaries were suffering attempted breaches of their campaigns. “We get things literally every day to my team … to investigate everything from phishing attacks to ‘We think our data was breached’ to ‘We think there was a denial of service attack’ to ‘Someone’s listening on our cell phones.’ So we get, like, the whole range of things every single day,” said Raffi Krikorian, chief technology officer for the Democratic National Committee, the party’s governing body.

Full Article: FEC data shows candidates spend little money on cybersecurity | McClatchy Washington Bureau.