Election machines used in more than half of U.S. states carry a flaw disclosed more than a decade ago that makes them vulnerable to a cyberattack, according to a report to be delivered Thursday on Capitol Hill. The issue was found in the widely used Model 650 high-speed ballot-counting machine made by Election Systems & Software LLC, the nation’s leading manufacturer of election equipment. It is one of about seven security problems in several models of voting equipment described in the report, which is based on research conducted last month at the Def Con hacker conference. The flaw in the ES&S machine stood out because it was detailed in a security report commissioned by Ohio’s secretary of state in 2007, said Harri Hursti, an election-security researcher who co-wrote both the Ohio and Def Con reports. “There has been more than plenty of time to fix it,” he said.
Voter data and the digital weapons hackers use to subvert elections are bought and sold daily on a corner of the internet known as the dark web. It is a network of websites that is tough to access but functions much like the internet we use every day. You can buy everything from guns and drugs to botnets and ransomware. And cyber-criminals can purchase voter records and hacking tools.The dark web is not accessible using typical web browsers like Chrome or Safari. Instead, you are required to log on using a virtual private network, or VPN, and the Tor web browser. Tor is an acronym for “the onion router.” Every computer has an identifying IP address, and the Tor browser can help shield your machine’s location by sending info through several layers of servers.
National: FEC data shows candidates hit snooze button on hacker threat, saying defending cyberattacks is hard | McClatchy
With some 40 days remaining to the crucial midterm elections, signs of digital meddling in campaigns are mounting. But most candidates have spent little or nothing on cybersecurity, and say it’s too hard and expensive to focus on hacking threats with all the other demands of running for office. Only six candidates for U.S. House and Senate spent more than $1,000 on cybersecurity through the most recent Federal Election Commission filing period. Yet those who monitor intrusions and digital mayhem say hackers are active. And various reports cite at least three candidates still in races or ousted in primaries were suffering attempted breaches of their campaigns. “We get things literally every day to my team … to investigate everything from phishing attacks to ‘We think our data was breached’ to ‘We think there was a denial of service attack’ to ‘Someone’s listening on our cell phones.’ So we get, like, the whole range of things every single day,” said Raffi Krikorian, chief technology officer for the Democratic National Committee, the party’s governing body.
Tara Benally and her 16-year-old son Delaney After Buffalo set up a plastic table alongside the last dusty highway intersection before the Arizona state line. Here in Monument Valley, in the shadows of the towering red rock monoliths sacred among the Navajo, the two are doing something that’s rarely been done in this part of Utah: conducting a voter registration drive for local Native Americans. For the first time, Navajo and Utes living here have a chance at being fully represented at the local level when they vote in November. Even though Native Americans are the majority in this 14,750-person county, slightly edging out whites, county commissioner and school board district lines were gerrymandered to give white voters disproportionate power for more than three decades.
National: Without offering evidence, Trump accuses China of interfering in U.S. midterm elections | The Washington Post
President Trump on Wednesday directly accused China of interfering in the U.S. midterm elections this fall in retaliation for the ongoing trade war between Washington and Beijing, marking a new front in the deepening hostilities that have threatened to upend bilateral relations. The president made the allegation during his opening remarks at a U.N. Security Council meeting on nonproliferation, asserting that China “has been attempting to interfere in our upcoming 2018 election, coming up in November, against my administration. They do not want me or us to win because I am the first president to ever challenge China on trade, and we are winning on trade — we are winning on every level. We don’t want them to meddle or interfere in our upcoming election.”
When technicians descended upon Maricopa County on Aug. 27 to set up equipment for the August primary election, they found a plethora of issues. Locked polling places. Broken check-in machines. Printers with no toner. Out-of-date software. No wireless internet. And the list went on from there, according to Tempe-based information technology contractor Insight. The Maricopa County Recorder’s Office hired Insight to assist with technology set-up the day before the primary and provide technical support on election day.
Illinois: Cook County Board approves new election equipment contract, despite rival firm’s lawsuit | Chicago Sun Times
Residents in suburban Cook County could be the first voters to use new election equipment next year. The Cook County Board of Commissioners on Wednesday awarded a 10-year contract for nearly $31 million to Dominion Voting Systems, Inc., which would mean an update for the county’s equipment, some of which is at least a decade old. The older technology could open the county up to threats to election security. The contract first came before the County Board in March, but two bid protests by Election Systems & Software, which has provided election equipment for the county in the past, delayed the vote. The roll out of the new equipment is still in question. Cook County Clerk David Orr said it’s too late to begin testing the equipment and training poll workers for the November election, but he hopes that testing can begin in suburban Cook during the February and April elections. Orr called the unanimous vote “a plus for many, but especially for voters.”
A supplier of election equipment brought a federal complaint in protest of the more than $30 million contract that Cook County, Illinois, is set to iron out Wednesday with another vendor. One of the voting machines offered by Election Systems & Software, which brought a federal complaint against Cook County, Illinois, on Sept. 25, 2018. As alleged by Nebraska-based Election Systems & Software, the state should not even have allowed Dominion Voting Systems to bid on the contract because the Illinois Board of Elections has not certified the latter’s system. Represented by the firm Vedder Price, Election Systems & Software filed its suit Tuesday in Chicago. ESS, as the plaintiff abbreviates its name in the complaint, notes that Cook County put out the request for proposals early last year with an eye toward purchasing or leasing a blended voting system that would feature both pen-marking and touch-screen ballot technology.
With the midterm elections just over a month away, there is heightened concern about the security of America’s voting process, following recent revelations by the FBI that a software company — which runs part of Maryland’s voter registration system — was purchased by Russian oligarch Vladimir Potanin, believed to have close ties to President Vladimir Putin. “So, the fact that one of his friends, one of his business, wealthy friends, is buying up (a) company that does business with our Board of Election(s) is a matter of major security interest here,” said Sen. Ben Cardin, D-Md. The company, Bytegrid, is responsible for voter registration, online ballot delivery and unofficial election night results, and while there’s been no evidence of wrongdoing, Cardin says change is needed now.
A second day of arguments in a lawsuit challenging Missouri’s photo voter ID law took place Tuesday at the Cole County Court House in Jefferson City. The parties bringing the litigation are Priorities USA, a national progressive organization that promotes voting rights, and 71-one-year-old Mildred Gutierrez, a Lee’s Summit resident. Gutierrez was allowed to vote in the November 2017 election only after signing a sworn statement under penalty of perjury because she did not have a valid photo ID. University of Wisconsin Political Scientist Kenneth Mayer offered expert testimony for Priorities USA. He called the sworn statement, also known as an affidavit, that Gutierrez had to sign in order to cast a ballot completely incomprehensible.
With Ohio facing a rare general election these days without major litigation hanging over the ballot process, voting rights groups on Wednesday staked out their hopes for future changes to make voting easier. The Ohio Voter Rights Coalition, consisting of groups like the League of Women Voters of Ohio and the new All Voting is Local, called for automatic voter registration for those eligible to vote, expanded early voting hours and days, and improvements in online voter registration. “When a quarter of those who are eligible are not registered and we have even worse turnout rates, we understand that the system is clearly not working,” League Executive Director Jen Miller said. While none of these proposed changes could happen in time to affect the Nov. 6 election, these discussions have been incorporated into the debate over who will succeed Secretary of State Jon Husted. The next secretary of state will be either state Sen. Frank LaRose (R., Hudson) or state Rep. Kathleen Clyde (D., Kent).
Pennsylvania: ‘A Relative Bargain’: Election Security Group Urges Funding for $125M Upgrade to Pennsylvania Voting Machines | NBC
A group examining election security in Pennsylvania urged Congress and state lawmakers Tuesday to speed up the funding required to replace voting machines, noting most lack a paper record needed to check for fraud and errors. The Blue Ribbon Commission on Pennsylvania’s Election Security released interim recommendations and said the estimated $125 million to replace all machines statewide was “a relative bargain.” “Pennsylvania’s elections are at risk,” the interim report said. “And one of the biggest risks is one that we can control — properly funding our election security, including by procuring voting machines that use voter-marked paper ballots.”
Citing cybercrimes as a threat in the upcoming national polls, the ruling party apprehends that there may be violent consequences due to use of information technology in the country. Criminals may use social media to demoralize country’s democratic atmosphere. Cyberwar can be a crucial issue during the poll time period, as anti-democratic forces, militant groups and religious fundamentalists may misuse the social media to operate cyber war, warned law enforcement agencies. Dhaka Metropolitan Police (DMP) high officials also said militant groups may use social media and online platforms to obstruct the 11th parliamentary election, scheduled at the end of 2018.
Brazil’s highest court ruled Wednesday that 3.4 million people cannot vote in next month’s national elections because they failed to register their fingerprints with authorities, a move that could affect the crowded presidential race. All voting is electronic in Brazil, and since 2016 voters have had to register their fingerprints to cast ballots under a biometric voting system. On a 7-2 vote, the justices found it would be impossible to drop the requirement for biometric identification less than two weeks before the Oct. 7 elections. Two judges abstained. Critics say authorities didn’t properly inform Brazilians of the requirement, so many failed to register their fingerprints.
The Maldives police and army have said they will act to guarantee the result of Sunday’s presidential election is honoured, amid reports the country’s ousted leader Abdulla Yameen is preparing a last-minute legal challenge to the vote. The acting chief of the Maldives police, Abdulla Nawaz, tweeted on Wednesday evening the decision “made by the beloved people of the Maldives on 23 September 2018 will be respected and upheld by police”. A similar statement was issued by captain Ibrahim Azim, an information officer in the Maldives National Defence Force. The assurances by the country’s security forces came after public warnings by opposition groups that Yameen, who was defeated in Sunday’s poll by 17 points, was preparing a legal bid to challenge the result.
Starting with the 2019 mid-term elections, the Commission on Elections (Comelec) will use an automated system of verifying the identity of voters. The Comelec on Tuesday started the bidding process for the P1.1-billion Voter Registration Verification Project, which will do away with the usual manual process of verification using printed copies of computerized voters’ list on Election Day. “So there will be no more discretion on the part of the electoral board or the Board of Election Inspector [BEI] as to the identity of the voter because just by finger-scanning the voter, the monitor will show if he or she is really the registered voter as listed in that particular precinct,” said Director J. Thaddeus Hernan, chairman of the Special Bids and Awards Committee (SBAC).
Ukraine: Russia, Ukrainian law-enforcement agencies will attempt to influence upcoming Ukrainian elections | InterFax
Russia will try to influence the presidential election campaign in Ukraine through social networks, cyber attacks and sabotage technologies. So will Ukraine’s law enforcement agencies, political analysts have said. “The participation of the so-called “siloviki” (power ministries) is not yet traced, but the fact they will participate in the election campaign is understandable,” political analyst Volodymyr Tsybulko said at a press conference in Kyiv on Wednesday. “The National Anti-Corruption Bureau (NABU) is working on criminal cases against some candidates. Ukraine’s National Corruption Prevention Center (NACP) is also actively working, and there are criminal cases at Ukraine’s Prosecutor General’s Office (PGO). There is a figure such as [ex-MP from Batkivschyna Party faction] Shepelev, who gives evidence. Sooner or later these investigations can affect the behavior of candidates and even the fate of certain candidates,” he said.