West Virginia: Hacking attempt reported against West Virginia’s mobile voting app | Benjamin Freed/StateScoop

The FBI is investigating an alleged hacking attempt against the mobile app that West Virginia officials used to collect ballots from some overseas voters during the 2018 election cycle, the Justice Department announced Tuesday. Mike Stuart, the U.S. attorney for West Virginia, said that during last year’s election cycle, his office received a report from West Virginia Secretary of State Mac Warner pertaining to an “attempted intrusion by an outside party” to access the app, Voatz, which Warner’s office has heralded as the future of voting for expat U.S. citizens, especially deployed members of the military. The attempt, Stuart continued, appeared to be unsuccessful, with no actual intrusion or effect on the 144 ballots that were cast in last year’s general election. “No penetration occurred and the security protocols to protect our election process worked as designed,” Warner said at a press conference Tuesday in Charleston, the state capital. Still, Warner said, the attempted intrusion was referred to the FBI for investigation as a “deterrent” against attempts by outside actors to interfere with the state’s election process.

National: Former officials flag disinformation as top threat to U.S. elections | Derek B. Johnson/FCW

Two top former national security officials believe that disinformation campaigns may pose a greater long-term threat to election infrastructure than cybersecurity risks. “Securing the voting apparatus … that’s hugely important, but that to me at least is one bin of the problem,” said former Director of National Intelligence James Clapper while speaking at an Oct. 2 Washington Post event. “The other bin is what I would call, for lack of a better term, intellectual security, meaning how do you get people to question what they read, see and hear on the internet? And this where the Russians exploited our divisiveness by using social media, so that part of the problem I’m not sure about.” Clapper said that when it comes to protecting voting machines and other election infrastructure, agencies like the FBI, Department of Homeland Security, National Security Agency and others have “done a lot” since 2016.

National: US Officials Not Taking Putin Election Comments Lightly | Jeff Seldin/VoA News

U.S. security officials are not laughing at the latest comments by Russian President Vladimir Putin about the Kremlin’s attempts to interfere in U.S. elections. Putin, speaking at an economic forum in Moscow Wednesday, dismissed U.S. allegations that Russia meddled in both the 2016 U.S. presidential election and the 2018 mid-term election as “ridiculous.” “Or it would be ridiculous if it was not that sorrowful, because all we see now in the U.S. domestic politics ruins Russia-U.S. relations, and I am sure it harms the United States itself, too,” Putin said. “I’m telling you as a secret – yes, we will definitely do it (meddle in next year’s U.S. presidential election) in order to deliver you the best of fun,” Putin joked with the audience. “Just don’t tell anyone.” Despite Putin’s comments, U.S. security and intelligence officials have said, consistently, that they have seen indications Russia will try to interfere with the upcoming 2020 presidential elections.

National: US diplomats told Zelenskiy that Trump visit was dependent on Biden statement | Julian Borger and Lauren Gambino/The Guardian

US diplomats told Ukraine’s president, Volodymyr Zelenskiy, that a prestigious White House visit to meet Donald Trump was dependent on him making a public statement vowing to investigate Hunter Biden’s company, and a Ukrainian role in the 2016 elections, according to texts released on Thursday night. The texts, released by three congressional committees holding impeachment hearings, show that the diplomats made clear that any improvement in Kyiv’s relations with Washington would be dependent on Zelenskiy’s cooperation in Trump’s quest to find damaging material about son of his leading political opponent, and on the Democrats in general. In August, Zelenskiy’s government became aware, through a US press report, that military aid for its struggle with Russia, had been withheld by Trump, in an apparent effort to increase the pressure on the Ukrainian government. The texts are exchanges from July to early September between three US diplomats – Gordon Sondland, the ambassador to the European Union, Kurt Volker, the then special envoy on Ukraine, and Bill Taylor, the acting ambassador to Kyiv. Trump’s personal lawyer, Rudy Giuliani and a Zelenskiy aide, Andrey Yermak, also make brief appearances in the correspondence.

Editorials: Democrats Must Act Now to Deter Foreign Interference in the 2020 Election | Thomas Wright/The Atlantic

Democrats face a national-security problem without parallel in the annals of American democracy. The president of the United States, Donald Trump, has made clear not only that he will remain passive in the face of foreign interference in the 2020 U.S. election—a threat his current and former directors of national intelligence have called the most serious facing the country—but also that he will actually solicit such interference if it serves his interests. We know of at least one case—when he asked President Volodymyr Zelensky of Ukraine to launch an investigation into former Vice President Joe Biden as a personal favor—but there may well be others. Parts of the U.S. government, such as the Department of Homeland Security and the FBI, as well as state authorities, are working to prevent foreign interference in American elections, but even with a Herculean effort, the country’s defenses against political warfare, especially in the cyber domain, are weak and porous. Such attacks are easy to execute, but difficult and expensive to thwart. The threat is evolving and will be different than it was in 2016. There are many targets.

Editorials: Voting machines pose a greater threat to our elections than foreign agents | Lulu Friesdat/The Hill

As the election security conversation widens beyond Russia, to include countries like Iran and China, it’s important to examine how security flaws in our country’s voting equipment increase the vulnerability of our elections. In 2010 a university cyber team conducted a test attack on an internet voting pilot project in Washington, D.C. The team successfully picked the winner of the election remotely from its Michigan lab. Writing about the attack, computer science professor J. Alex Halderman said, “Within 36 hours of the system going live, our team had … the ability to change votes.” In follow-up testimony, Halderman offered some chilling details: “While we were in control of these systems, we observed other attack attempts originating from computers in Iran and China. These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have soon succeeded.” Security experts have long warned that short passwords provide easy targets, but hackers at DEF CON, an annual security convention, recently found U.S. election systems with no passwords at all.  How did the security bar get set so low?

Colorado: Secretary of State’s QR code election security measure adopted | Teresa L. Benns/Del Norte Prospector

According to a Sept. 16 news release on the Colorado Secretary of State’s (SoS) website, Secretary of State Jena Griswold announced that Colorado will stop using ballots with QR codes, a marking used to track packages and other materials pictured above. The removal of QR codes from ballots will increase the security of vote tabulation and ensure voters can accurately verify that their ballots are correctly marked. With foreign countries actively trying to exploit voting vulnerabilities, this is a first-in-the nation added security measure. Marilyn Marks, who advocates for voting integrity nationwide, came to Saguache County in 2011 to investigate the irregular county election held in 2010. During that time, she also monitored an election held in Chaffee County where the QR code question was first raised. “Chaffee ballots are identifiable by both the voter and the government,” Marks said in an Aug. 9, 2012 Center Post-Dispatch article. (QR) codes on the ballot can be traced back to the voter in what Marks says is a very sophisticated process that could not have been detected by most voters or watchers.

Georgia: Previously redacted Georgia election security document made public | Mark Niesse/The Atlanta Journal-Constitution

The Georgia secretary of state’s office acknowledged Thursday that a vendor had improperly redacted a purchasing document detailing security features of the state’s new $107 million voting system. The unredacted 143-page document was posted on the secretary of state’s website Thursday. The document, which explains “high level security” of the state’s new voting check-in iPads, doesn’t compromise the integrity of the system, according to the secretary of state’s office. The document was made public “in the spirit of good governance and transparency” after the secretary of state’s office was alerted about the redactions, said Deputy Secretary of State Jordan Fuchs. “Our new voting system, including new Poll Pads, are our most secure system to date,” Fuchs said. The iPads will be provided by a company called KnowInk, which is working with Dominion Voting Systems to install the new voting technology statewide before the March 24 presidential primary.

North Carolina: Toss-up State to Use Vulnerable Tech in 2020 | Jack Lowenstein/WhoWhatWhy

The 2020 election is expected to once again be razor-close and, in light of Russian attempts to hack the vote in 2016, making it secure is of paramount importance. That is why North Carolina’s recent decision to open the door for unverifiable barcode election technology is raising eyebrows in the election integrity community. At the end of a 30-month process, the North Carolina State Board of Elections recently approved three new voting systems to replace decades-old technology in the state. However, state election officials also did something else: With their selection, they approved the use of barcode voting technology. Election integrity advocates, cybersecurity experts, and even two members of the five-member state board have strongly objected to the use of this technology. With the 2020 presidential election on the horizon — and North Carolina expected to be in play — the decision of state officials to choose voting systems that do not leave behind a verifiable paper trail creates major concerns for election transparency advocates.

Ohio: House Lawmakers Approve Civilian Cyber Reserve | Jim Provance/Toledo Blade

The Ohio House on Wednesday voted unanimously to create a civilian cyberforce within the Ohio National Guard to respond to cyberattacks against elections systems, governments, businesses, and critical infrastructure. Senate Bill 52, sponsored by Sen. Theresa Gavarone (R., Bowling Green), now returns to the Senate for consideration of House changes. The bill passed the upper chamber unanimously earlier this year. A city’s mayor could ask the governor to call out the Ohio Cyber Reserve if the city finds itself in over its head in fending off or mitigating a ransomware attack or other cyberintrusion, much as governments can now ask for help after natural disasters. “By their nature, elections are vulnerable to threats both foreign and domestic,” Rep. Doug Green (R., Mt. Orab) said. “Creating the Ohio Cyber Reserve allows for preparedness in mitigating those cyberattacks and ensures Ohio’s voters that their elections are secure and accessible.”

Pennsylvania: Green Party’s Jill Stein threatens legal challenge to Philadelphia’s new, $29M voting machines | Jonathan Lai/Philadelphia Inquirer

Jill Stein, the 2016 Green Party presidential candidate, threatened Wednesday to take legal action to block Philadelphia from using its new voting machines if the Pennsylvania Department of State continues to allow their use. The machines, which cost the city $29 million, are slated to be used in next month’s election. But Stein said they violate the terms of a settlement she reached with the state late last year stemming from her 2016 recount battle. “We will seek relief in the court if this unverified, unauditable, hackable, expensive machine is not promptly decertified,” Stein, flanked by about two dozen supporters, said outside the federal courthouse in Center City. That agreement settled Stein’s effort in 2016 to seek a recount and forensic audit of voting machines in Pennsylvania and elsewhere after Donald Trump’s victory that year. (Stein, an activist and physician from Massachusetts, received 0.82% of the vote in Pennsylvania.) Under the settlement, the plaintiffs must first notify the Pennsylvania Department of State in writing of potential violations of the agreement; the department then has 30 days to respond before Stein and other plaintiffs can take the matter to court.

West Virginia: Attempted hack of military app investigated | Steve Allen Adams/The Intermountain

Federal and state officials announced this week an FBI investigation into an attempted hack on the new app for overseas deployed military voters and their families and warned others not to make the attempt. Mike Stuart, U.S. attorney for the Southern District of West Virginia, and Secretary of State Mac Warner held a press conference at the Robert C. Byrd Courthouse in downtown Charleston. According to Warner, there was an attempt to hack the Secure Military Voting Application during the 2018 elections. The mobile app allows deployed military and their families to download an app and vote for candidates after they apply to use the app and are approved. “In last year’s election, we detected activity that may have been an attempt to penetrate West Virginia’s mobile voting process,” Warner said. “No penetration occurred and the security protocols to protect our election process worked as designed.” During the mobile voting process, the virtual ballot is encrypted and secured utilizing blockchain technology, then sent to the voter’s county clerk in West Virginia where their ballot is printed and tabulated. West Virginia was the first state to use mobile voting, first in a pilot project during the 2018 primary election, then a full rollout for any county that wanted to participate in the 2018 general election.

West Virginia: FBI called in to investigate 2018 Mountain State mobile voting system hacking | Shaun Nichols/The Register

The state of West Virginia says someone attempted to hack its citizens’ votes during the 2018 mid-term elections. A statement issued this week by US Attorney Mike Stuart of the Southern District of West Virginia revealed that the FBI has been called in and is actively investigating at least one attempt to tamper with election results. “My office instituted an investigation to determine the facts and whether any federal laws were violated. The FBI has led that investigation,” Stuart said. “That investigation is currently ongoing and no legal conclusions whatsoever have been made regarding the conduct of the activity or whether any federal laws were violated.” According to the US attorney, the unknown hacker, only referred to as an ‘outside party’ tried (and failed) to get access to the mobile voting system the state used for military service members stationed overseas.

Canada: Online voting in Northwest Territories election questioned as recounts set to take place | Hilary Bird/CBC

With two recounts set to take place in the next 10 days, one candidate in Tuesday’s Northwest Territories election says he has some concerns with how online votes will be recounted. Under the Elections and Plebiscite Act of the Northwest Territories, races that won with a margin of less than two per cent must have judicial recounts within 10 days of the official results being released. That means ballots cast in the Frame Lake and Yellowknife North ridings will all need to be recounted by a judge. Rylund Johnson won in Yellowknife North by just five votes over incumbent Cory Vanthuyne. Johnson got 501 votes; Vanthuyne received 496. In Yellowknife’s Frame Lake riding, incumbent Kevin O’Reilly won by a slim margin with 357 votes. The riding’s only other candidate, former minister Dave Ramsay, received 346 votes. Ramsay told CBC News Wednesday that he has already seen discrepancies between unofficial numbers reported by Elections NWT Tuesday evening and numbers reported Wednesday morning after returning officers double-checked the polls.

India: Election Commission releases new cybersecurity guidelines | Samaya Dharmaraj/OpenGov Asia

The Election Commission of India (ECI) recently released a document outlining cybersecurity guidelines for the upcoming Assembly elections. All Indian states have received detailed cybersecurity guidelines, which include a special audit of all ICT applications hosted by the chief electoral officer, cyber hygiene for the electoral staff, and detailed application/infrastructure level guidelines. According to the document, ECI has taken several steps to ensure cyber safety for the Lok Sabha (House of the People) Elections. ECI has created clear regulations for cybersecurity and educated its entire electoral staff through several workshops. One of its major initiatives was to revamp old applications, reduce the number of applications, and consolidate them into a few manageable ones. Furthermore, all applications have been built with cybersecurity measures in design by default. The core principles are to reduce the attack surface area, deploy defence-in-depth, and to fix security issues correctly.

Mexico: Mexicans living abroad could cast their vote online for the first time in 2021 | Alexandra Mendoza/The San Diego Union-Tribune

Mexicans living abroad could cast their vote online as soon as the 2021 midterm elections. For almost 15 years, voters wanting to participate in Mexican elections from outside the country voted by mail. The new process of voting online will have to go through several tests to make sure it is error free, according to Enrique Andrade, a counselor with Mexico’s National Electoral Institute (INE). “It’s not something simple,” he said during a recent visit to San Diego. “It’s going to depend a lot on the trust in the system”. In the 2018 elections, about 182,000 Mexicans registered to vote from abroad and 54 percent cast their ballots. In 2012, almost 60,000 Mexicans registered to vote, with 69 percent participating in the election. Last year was the third time that Mexicans were allowed to vote from abroad, but the first one in which they could apply for the credential to vote in the consulate.