National: Trump and Biden campaign apps easy targets for cyber criminals | Alex Scroxton/Computer Weekly

US president Donald Trump may seem to believe nobody gets hacked, and that to get hacked you need “someone with 197 IQ” and “about 15% of your password”, but his official campaign app is right now vulnerable to an easy-to-exploit Android vulnerability that could be used to spread misinformation – and his rival Joe Biden fares no better. Trump’s latest false pronouncements, which attracted derision across the industry, prompted researchers at Norwegian mobile security outfit Promon to investigate the US election campaign apps, and during its analysis, it found both Trump’s app and Biden’s are vulnerable to StrandHogg. StrandHogg – an old Norse word for a Viking raiding tactic – was first identified at Promon last year. The vulnerability allows malware to pose as a legitimate application and if successfully exploited on a victim device enables cyber criminals to access SMS messages, photos, account credentials, location data, to make and record phone calls, and to activate on-board cameras and the device’s microphone. StrandHogg 2.0, a more dangerous version, was identified in May 2020.

National: Shouting matches, partisan rallies, guns at polling places: Tensions high at early-voting sites | Joshua Partlow/The Washington Post

During a pro-Trump rally earlier this month in Nevada City, Calif., enthusiastic supporters in cars and trucks crowded into the parking lot of the county government center.As many as 300 people played music, cheered and called out through a megaphone, according to Natalie Adona, a county election official who could see the gathering from her second-floor office at the Eric Rood Administration Center.But unlike usual Trump rallies, this one was happening at the site of one of the most popular drive-up ballot boxes in the county. And early voting was already underway.That afternoon, voters were forced to navigate through the pro-Trump crowd, and some felt the electioneering amounted to voter intimidation. In an election year clouded with anxieties about voter intimidation and the possibility of election-related violence, the first days of early voting have unfolded with dozens of accusations of inappropriate campaigning and possible voter intimidation in at least 14 states. The reports, though anecdotal, illustrate the tensions unfolding as more than 33 million Americans have already cast ballots two weeks before Election Day.

National: Trump’s former homeland security adviser says Russia remains major election hacking threat | Joseph Marks/The Washington Post

President Trump’s former homeland security adviser remains seriously concerned that Russia or another U.S. adversary will exploit weaknesses in U.S. election infrastructure to sow chaos or raise doubts about the outcome of the 2020 contest. Tom Bossert, who left the White House in 2018 when John Bolton became national security adviser, worries adversaries could try to change actual vote tallies or corrupt voter registration data and create confusion at polling places.Adversaries might also interfere with state and county systems that report vote tallies to sow mistrust in official results, said Bossert, who is now president of Trinity Cyber.Bossert’s concerns stand in sharp contrast to Trump, who has largely ignored or downplayed the threat of Russian interference in the election, claiming without evidence that a greater threat is posed by domestic fraud from mail ballots. But foreign interference would pay dividends for adversaries including Russian President Vladimir Putin, Bossert said — even if it doesn’t result in corrupting the entire election process or delivering a reelection victory to Tump, which U.S. intelligence agencies say Putin prefers.

National: FBI says Russia and Iran have interfered with the US presidential election | Jeremy Herb, Zachary Cohen, Evan Perez and Paul P. Murphy/CNN

Director of National Intelligence John Ratcliffe said Wednesday both Iran and Russia have obtained US voter registration information in an effort to interfere in the election, including Iran posing as the far-right group Proud Boys to send intimidating emails to voters. Ratcliffe, appearing alongside FBI Director Chris Wray, said at a hastily arranged news conference Wednesday evening that Iran was responsible for the email campaign, made to look like it came from the Proud Boys, as well as spreading disinformation about voter fraud through a video linked in some of the emails.”This data can be used by foreign actors to attempt to communicate false information to registered voters that they hope will cause confusion, sow chaos and undermine your confidence in American democracy,” Ratcliffe said. “We have already seen Iran sending spoof emails designed to intimidate voters, incite social unrest and damage President (Donald) Trump,” Ratcliffe added. “You may have seen some reporting on this in the last 24 hours, or you may have even been one of the recipients of those emails.” Ratcliffe did not explain what he meant by his statement that the emails — which were sent to registered voters from “info@officialproudboys.com” and warned recipients to “Vote for Trump or else!” — were intended to damage the President.

National: U.S. government concludes Iran was behind threatening emails sent to Democrats | Ellen Nakashima, Amy Gardner, Isaac Stanley-Becker and Craig Timberg/The Washington Post

The U.S. government has concluded that Iran is behind a series of threatening emails arriving this week in the inboxes of Democratic voters, according to two U.S. officials.Department of Homeland Security officials told state and local election administrators on a call Wednesday that a foreign government was responsible for the online barrage, according to the U.S. officials and state and local authorities who participated in the call, who all spoke on the condition of anonymity because of the matter’s sensitivity. A DHS official also said authorities had detected holes in state and local election websites and instructed those participating to patch their online services.The emails claimed to be from the Proud Boys, a far-right group supportive of President Trump, but appeared instead to be a deceptive campaign making use of a vulnerability in the organization’s online network.

National: Hacking federal voting system now a federal crime | Maggie Miller/The Hill

President Trump has signed legislation making it a federal crime to attempt to hack federal voting systems.The Defending the Integrity of Voting Systems Act was unanimously approved by the House last month, over a year after the Senate also unanimously passed the legislation. Trump signed the legislation on Tuesday, just two weeks before the election.The new law empowers the Department of Justice (DOJ) to pursue charges against anyone who attempts to hack a voting system under the Computer Fraud and Abuse Act, commonly used by the agency to pursue charges against malicious hackers. The bill’s original introduction was the result of a 2018 report compiled by the DOJ’s Cyber Digital Task Force, which evaluated ways the federal government could improve its response to cyber threats. The bipartisan bill was introduced by Sens. Richard Blumenthal (D-Conn.), Sheldon Whitehouse (D-R.I.) and Lindsey Graham (R-S.C.) last year.

National: Cybersecurity company finds hacker selling info on 186 million U.S. voters | Ken Dilanian/NBC

A cybersecurity company says it has found a hacker selling personally identifying information of more than 200 million Americans, including the voter registration data of 186 million. The revelation underscored how vulnerable Americans are to email targeting by criminals and foreign adversaries, even as U.S. officials announced that Iran and Russia had obtained voter registration data and email addresses with an eye toward interfering in the 2020 election. Much of the data identified by Trustwave, a global cybersecurity company, is publicly available, and almost all of it is the kind that is regularly bought and sold by legitimate businesses. But the fact that so many names, email addresses, phone numbers and voter registration records were found for sale in bulk on the so-called dark web underscores how easily criminals and foreign adversaries can deploy it as the FBI said Iran has done recently, by sending emails designed to intimidate voters.

National: US Cyber Command Teams With Microsoft To Limit TrickBot Botnet Ahead of Expected Election Interference | Scott Ikeda/CPO Magazine

Malware-as-a-Service (MaaS) giant TrickBot, a botnet estimated to be about one to three million computers strong, is the world’s largest of its kind and the biggest distributor of ransomware. Already wreaking havoc on the United States for several years, the US Cyber Command is also expecting it to be involved in election interference attempts ahead of the 2020 vote. Both Cyber Command and Microsoft are actively running persistent operations against the Trickbot botnet in an effort to reduce its capability, and there have been some significant successes. Cyber Command is the Pentagon’s offensive force in cyberspace, engaging in active measures against threat actors. The agency has been tracking TrickBot for some time; it came onto the US government’s radar after the Department of Homeland Security (DHS) issued reports indicating that it was a substantial ransomware threat to state and local IT networks. TrickBot not only poses a threat to the 2020 election, but also is an ongoing potential risk to disrupt critical infrastructure such as patient care facilities, financial institutions and utilities.

National: Cybercriminals Step Up Their Game Ahead of U.S. Elections | Lindsey O’Donnell/Threatpost

With the U.S. presidential elections a mere few weeks away, the security industry is hyper-aware of security vulnerabilities in election infrastructure, cyberattacks against campaign staffers and ongoing disinformation campaigns. Past direct hacking efforts, such as the attack on the Democratic National Committee in 2016, have left many nervous that this time around, the actual election results could be compromised in some way. This year, worries about the integrity of voting machines have popped up too, coupled with the expected expansion of mail-in voting due to COVID-19. Perhaps most concerning, according to Matt Olney, director of Talos’ Threat Intelligence and Interdiction at Cisco, is cybercriminals “going after the minds of the American people and their trust in the democratic institutions that we use to select our leaders. ”The good news, Olney, said in a recent video interview with Threatpost, is that awareness of election-security threats has increased since the 2016 elections. That’s been both on the part of the federal government, as well as by U.S. citizens themselves, who have gotten better at calling out content that may be associated with disinformation campaigns.

National: Mid-October numbers indicate increased turnout of military absentee voters | Karen Jowers/Military Times

Some early statistics indicate this year’s absentee voting turnout among military and overseas citizen voters may far surpass the turnout for the 2016 general election.One indicator of the increased military vote is the 51-percent increase in the overseas absentee ballots returning to the U.S. by the Label 11-DoD express mail tracking system, compared to the same time period in the 2016 general election, from the beginning of September through Oct. 14. The U.S. Postal Service has tracked 36,377 of these ballots entering the U.S. mail stream since the tracking began in September, said USPS spokesman David Coleman. That compares to 24,034 through Oct. 14, 2016.The Label 11-DoD is a free express mail tracking system that is used at military post offices overseas, and is available only to service members and family members. It has been used in federal elections since 2010, and is available starting the beginning of September before the election. About three out of four active duty members in the U.S. and overseas are eligible to vote by absentee ballot because they’re stationed away from their voting residence, according to the Federal Voting Assistance Program.

Editorial: Actually, Americans Do Want to Wear Masks to Vote | Joshua A. Douglas and ichael A. Zilis/Politico

Over the next couple of weeks, as around 60 million Americans arrive at polling places to cast their ballots, they’ll face an array of safety protocols to protect them from the risk of Covid-19. Most states will require them to stand at least 6 feet apart and observe social-distancing requirements. And most will require masks for both poll workers and voters.But not all. With the mask and other pandemic safety measures remaining a political issue, several states have explicitly said masks aren’t required, or are leaving the rules loose.South Carolina’s rules on masks in public explicitly exclude voters and election workers. Texas’ attorney general recently reminded voters that the state’s mask mandate does not apply while voting. (In its July primary, some poll workers in Texas left when their fellow poll workers refused to wear a mask.) Indiana will provide face masks to poll workers and voters who do not have them, but it is not clear how much pressure there will be to ensure that everyone complies. Indeed, one Indiana official in charge of local elections is refusing to wear one during early voting. Alabama will allow anyone to switch to an absentee ballot by citing Covid-19 concerns—but will not require either poll workers or voters to wear a mask.

Alabama: US Supreme Court Bars Curbside Voting in Alabama | Adam Liptak/The New York Times

The Supreme Court on Wednesday blocked a trial judge’s ruling that would have allowed, but not required, counties in Alabama to offer curbside voting.The vote was 5 to 3, with the court’s more conservative members in the majority.The court’s brief, unsigned order gave no reasons, which is typical when it rules on emergency applications, and it said the order would remain in effect while appeals moved forward.In dissent, Justice Sonia Sotomayor, joined by Justices Stephen G. Breyer and Elena Kagan, said the state’s policy discriminated against older and disabled voters.“If those vulnerable voters wish to vote in person,” Justice Sotomayor wrote, “they must wait inside, for as long as it takes, in a crowd of fellow voters whom Alabama does not require to wear face coverings,” referring to masks that help mitigate the spread of the coronavirus.

Florida: Pinellas County deputies investigate report of armed voter intimidation at St. Petersburg voting location | Lisette Lopez  and Ryan Smith/WFTS

The Pinellas County Sheriff’s Office is investigating a report of possible armed voter intimidation at a downtown St. Petersburg voting location, the Pinellas Supervisor of Elections said. According to the Pinellas SOE Julie Marcus, two people suspected of voter intimidation were wearing security uniforms at the downtown St. Petersburg early voting location at 501 First Ave N.According to Marcus, the pair told a responding law enforcement officer that they are with a private security company. She says a concerned staff member reported at least one of them was armed. The pair set up a tent and claimed to be working for the Trump campaign, Marcus said.”These persons claimed or said that they were hired by the Trump campaign, again I’m not going to speculate to that. This was a licensed security company and they were licensed security officers,” Marcus said.

Idaho Secretary of State awards $500,000 to establish Election Cybersecurity Center | KIVI

The November 3 election is less than two weeks away and a team of experts in cybersecurity, computer science and political science at Boise State has been awarded $500,000 by the Idaho Secretary of State. The team will establish the Idaho Election Cybersecurity Center (INSURE), whose role will be to recommend and develop tools, technologies and policies to protect the election process from cyber and information attacks. “Election cybersecurity is critical to ensure that Americans are able to carry out their democratic duty and privilege with confidence. Our researchers’ new and groundbreaking work in this area will be vital in efforts to help our nation maintain a secure and trustworthy election process,” said Dr. Marlene Tromp, Boise State president.

Iowa Supreme Court upholds Republican law on absentee voting requests | Stephen Gruber-Miller/Des Noines Register

The Iowa Supreme Court has upheld a new law making it harder for county auditors to process absentee ballot requests with missing or incomplete information, days before Iowa’s deadline to request a ballot for the 2020 election.The court issued a decision Wednesday evening upholding a Republican-supported law that prevents auditors from using the state’s voter registration database to fill in any missing information or correct errors when a voter requests an absentee ballot. The law instead requires the auditor’s office to contact the voter by telephone, email or physical mail.The League of United Latin American Citizens and Majority Forward, a Democratic-aligned nonprofit organization that supports voter registration and turnout efforts, sued Iowa Secretary of State Paul Pate, seeking to have the law declared unconstitutional. They said auditors have used the database to correct errors in the past and that the law burdens Iowans’ right to vote.A district court upheld the law last month, and the Supreme Court on Wednesday affirmed the lower court’s decision.

Maryland: Montgomery County election officials reject ballot fraud claims in YouTube video | Rebecca Tan/The Washington Post

Elections officials in Maryland’s most populous jurisdiction held an emergency meeting Wednesday to discuss a viral video alleging that an election worker attempted to tamper with a mailed-in ballot.A thorough investigation revealed no evidence of fraud or misconduct, Montgomery County officials said, but they’re concerned that the video may have spread some damaging misinformation.“Something like this just feeds into people who believe mail-in voting is fraudulent,” said the county’s elections board chair, Jim Shalleck, a Republican appointed by Gov. Larry Hogan (R). “It’s very unfortunate.” … In actuality, Karpinski said, what the clip captured was the canvass worker darkening an oval that had been filled in too lightly, to ensure that it would be picked up by the ballot scanners. Karpinski said that protocol has been in place for election workers since he started working for the elections board in 2003 and is designed to ensure that as many eligible ballots as possible are counted.

Minnesota: Calls for armed guards, ‘Army for Trump’ cause alarm | Stephen Montemayor/ Minneapolis StarTribune

Calls for armed military veterans combined with a volunteer “Army for Trump” to descend on Minnesota polling places have created fresh anxieties for state law enforcement and elections officials already preparing for a major election in the COVID-19 pandemic. Cybersecurity and the corona­virus pandemic dominated preparations for the vote this year, but state and federal officials are now closely monitoring new reports of private security contractors advertising jobs that would — illegally — dispatch armed guards at Minnesota polling places. Adding to those concerns, the Trump campaign has vowed to raise a 50,000-plus army of volunteer observers across an array of battleground states to monitor the voting. Raising fears of elections he says will be rigged, President Donald Trump, trailing in polls in Minnesota and other key battleground states, has called on his supporters to “go into the polls and watch very carefully, because that’s what has to happen.”Minnesota GOP officials say roughly 3,000 people have signed up so far and will get training on state election laws, which forbid campaign workers to interact directly with voters. “The actual running of the election is coming along OK but that doesn’t mean that some of the reporting and messaging and things that have come out have not been alarming,” said Attorney General Keith Ellison, adding that he believes the prospect of armed guards at the polls could be a voter suppression tactic.

Pennsylvania: A year ago, voting machines malfunctioned in Northhampton county. Have the problems been fixed? | Marie Albiges/Spotlight PA

On Election Day a year ago, Matthew Munsey was getting some alarming reports.Voters in Northampton County were casting their ballots for the first time on the county’s new voting machines, and things weren’t going well: The screens were responding erratically to voters’ touches, and the official ballots the machines printed out were hard to read.At the end of the night, a Democratic candidate for Court of Common Pleas judge was showing zero recorded votes at some precincts, even though the candidate knew at least three people — his campaign manager and the manager’s parents — had voted for him.“I felt like this was the worst-case scenario that I had dreaded,” said Munsey, the chairperson for the county Democrats.One year later, those same voting machines will face their most consequential test yet: a highly scrutinized presidential election in a Pennsylvania county widely viewed as a national political bellwether for the race overall.In 2020, many elections experts believe as Northampton County goes, so goes the nation.

Wisconsin: Can people bring guns to the polls? It depends where you vote | Alison Dirr/Milwaukee Journal Sentinel

Do guns and polling places mix in Wisconsin?  It depends where you vote. Wisconsin doesn’t have a statewide law or policy governing the possession of guns in polling places, so the rules depend on the circumstances of each voting location, Wisconsin Attorney General Josh Kaul said. Many polling places in the state are located in buildings such as schools where firearms are already banned, he said, and those rules apply during voting as well. Guns would also be prohibited in polling places located in private or government buildings with posted firearm bans. “If there’s not one of those policies in place, then there would not be a prohibition,” the Democratic attorney general said. “Although … there are other policies related to voter intimidation that would still be potentially relevant.” No one would be allowed to brandish a gun or use one to intimidate voters in any way, he said.