Europe: Russian hackers target European governments ahead of election: FireEye | CNBC

Russian hackers have targeted European government systems ahead of the EU parliament election, cybersecurity firm FireEye said Thursday. The company found that two state-sponsored hacking groups, APT28 and Sandworm, used spear phishing — the practice of sending out emails designed to look like they’re from a trusted party — in an attempt to obtain government information. FireEye said European government institutions were sent emails with links to websites that appeared to be authentic, luring a person into changing their password and thus sharing their credentials with hackers. APT28, more popularly known as Fancy Bear, is believed to be linked to Russian military intelligence agency GRU and has been labeled as one of the malicious actors behind the 2016 Democratic National Convention hack.

Canada: Several webpages from Elections Canada and MPs lack basic data protections, expert says | CBC

Several Elections Canada webpages and personal websites from MPs don’t have the basic encryption necessary to stop your information from being hacked as it’s sent from point A to point B. Pages to request publications from Elections Canada, as well as the websites of Liberal, Conservative and NDP MPs use an outdated, unprotected chain to carry information you send to them through the network. Liberal Democratic Institutions Minister Karina Gould, Conservative Finance Critic Pierre Poilievre and the NDP’s Ruth Ellen Brosseau had this deficiency on the “contact me” form that asks for personal information — like your email, name and address — before sending feedback to your MP. Gould and other Liberal MPs updated their sites after queries from CBC News. 

Indonesia: Russian, Chinese language Hackers Interfering With Indonesian Presidential Election | Brinkwire

Indonesia has identified China and Russia as sources of an ongoing wave of relentless cyber assaults intended to disrupt the country’s presidential elections on April 17. The attacks originate in Russia and China, said Arief Budiman, head of Indonesia’s General Elections Commission or KPU. Budiman also said some of the cyberattacks are attempts to “manipulate or modify” content. Others aim to create ghost voters, or fake voter identities. “They try to hack our system,” according to Budiman. “Not only every day. Almost every hour,” he said. The KPU head said it remains unclear if the motive of this continuing wave of attacks is “to disrupt Indonesia” or to help one of the candidates win. Incumbent president Joko Widodo is squaring-off against Prabowo Subianto, a former special forces general in the election.

Malta: No more manual counting: is Malta justified in joining the voting future? | Malta Today

Maltese elections are unique in the way hundreds of party activists and canvassers congregate inside the national counting hall to monitor the live count of votes, collecting tallies of the data as it is read out to calculate samples, and hit the Perspex separator wall hard when a vote is incorrectly counted. The process, which usually takes over three days to fully complete, usually delivers a first-count vote tally within 12 hours, but sampling of votes delivers a clear picture of who the winner is within the first hour of sorting. In November of last year, the vote counting hall in Naxxar was transformed to include a fully-functioning electronic system from Idox, a Scottish software company. Their technology will be used for the European Parliament and local council elections in May this year, less than two months from now. E-counting will be used in a bid to speed up the process and to minimise human error. Voting will still be a manual endeavour via a ballot paper.

Switzerland: Experts Find Serious Problems With Switzerland’s Online Voting System | Motherboard

Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system’s design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what’s going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly. “Most of the system is split across hundreds of different files, each configured at various levels,” Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England’s GCHQ intelligence agency, told Motherboard. “I’m used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding.”

Ukraine: Security service ready to take on Russian election hackers | AFP

At the headquarters of Ukraine’s SBU more than a dozen local and Western security experts watch a simulated foreign cyber attack on several big screens ahead of this month’s presidential vote. During the joint EU-Ukraine cyber security drills the Westerners pretend to be hackers attacking the country’s central election commission, while the Ukrainians seek to neutralise them. The exercises held in Kiev last week involved around a hundred experts and were part of efforts to prevent arch-foe Russia from interfering in the crucial March 31 election. Ukrainian security officials said they had registered a growing number of distributed denial-of-service attacks and phishing attempts to gain access to computers of the country’s ministries and other state structures in recent months.

National: ‘We’re doubling down.’ DHS insists it’s not reducing election security efforts | The Washington Post

The Homeland Security Department is actually surging its efforts to protect elections against foreign hackers during the two years leading up to the 2020 elections — not winding them down, the agency’s top cybersecurity official insists. Chris Krebs, who leads DHS’s Cybersecurity and Infrastructure Security Agency, was punching back Thursday against a Daily Beast report citing anonymous staffers who said the department was reducing its election security efforts following the midterms to invest more in border security and other Trump administration priorities. “The department’s election security and countering foreign influence security-related efforts are not going anywhere,” Krebs said. “In fact, we’re doubling down.” The article made waves in the security community because even a perception that the government isn’t serious about securing elections against Russian hackers could damage trust in the result in the 2020 election.  Federal officials — including Krebs himself — have warned Russia may have viewed the midterms as merely a “warm-up” for 2020 when more Americans will be looking for signs of foreign influence. That stakes for officials such as Krebs are especially high because President Trump has wavered on whether he believes Russia was responsible for its hacking and disinformation campaign to influence the 2016 presidential contest.

National: CISA says it’s ramping up election security efforts for 2020 | FCW

The head of the Department of Homeland Security’s cybersecurity wing is pushing back on a media report that the agency has scaled back personnel and resources from its combatting foreign election interference. Cybersecurity and Infrastructure Security Agency Director Chris Krebs hosted a conference call with reporters less than 24 hours after The Daily Beast published a story that quoted multiple anonymous DHS officials who said two CISA task forces focused on coordinating the department’s response to foreign influence in U.S. elections were significantly downsized shortly after the mid-terms. Krebs didn’t deny that personnel levels for the task forces were reduced. He characterized the task forces as temporary vehicles to address an emerging threat while CISA worked to hire staff and build more permanent institutional capacity to tackle the issue.

Virginia: Federal court approves Virginia redistricting plan | The Washington Post

A federal court on Thursday approved new district boundaries for the Virginia House of Delegates that were drawn by a court-appointed expert and are likely to benefit Democrats in November’s state election. The U.S. District Court for Eastern District of Virginia voted 2 to 1 to finalize the map, which would put six Republicans into districts that would probably become majority Democratic, according to an analysis of recent elections by the nonpartisan Virginia Public Access Project. Several of those Republicans hold leadership positions — including House Speaker Kirk Cox (R-Colonial Heights).

National: DHS Guts Task Forces Protecting Elections From Foreign Meddling | The Daily Beast

Two teams of federal officials assembled to fight foreign election interference are being dramatically downsized, according to three current and former Department of Homeland Security officials. And now, those sources say they fear the department won’t prepare adequately for election threats in 2020. “The clear assessment from the intelligence community is that 2020 is going to be the perfect storm,” said a DHS official familiar with the teams. “We know Russia is going to be engaged. Other state actors have seen the success of Russia and realize the value of disinformation operations. So it’s very curious why the task forces were demoted in the bureaucracy and the leadership has not committed resources to prepare for the 2020 election.”

National: Lawmakers quiz officials on 2020 election security measures | The Hill

Lawmakers questioned federal officials Wednesday about the importance of passing election security measures ahead of the 2020 contests, pressing witnesses on the threat posed by foreign actors to influence U.S. elections. Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security (DHS), testified during the House Homeland Security Committee hearing Wednesday that the federal government is “lightyears ahead” of where it was in 2016 when it came to communicating with state and local officials. But he said improving outreach and communication with those officials is a top priority for his department ahead of 2020. Krebs also said that being able to audit elections is a pressing issue for his agency, and that records of votes, like paper trails, will help officials confirm election results. The DHS official added that basic cybersecurity remains a crucial issue, saying he fears any gaps could expose vulnerabilities in systems that could be abused by hackers.

National: This key House Republican is open to mandates on states for election security | The Washington Post

As the House Homeland Security Committee meets for the first election security hearing of 2019 today, Congress is still far away from a grand bargain to help protect state election systems from foreign hackers. But the goalposts may be changing with Democrats in charge of the House. The new top Republican on the committee, Rep. Mike Rogers (Ala.), tells me he’s ready to impose requirements on states to secure their election systems against hackers. He called for a baseline of security states must meet before receiving money from the government to upgrade outdated and vulnerable voting machines and secure other election infrastructure. “We want to get some minimum standards that have to be adhered to,” Rogers tells me. And he says he’s willing to work with Democrats to get it done.

National: House Democrats, Republicans cross swords over election security bill | Politico

Democrats and Republicans have clashed before over H.R. 1, the House Dems’ sweeping package of democracy and governance proposals, but today the fight goes directly to the election security provisions of the bill. The House Homeland Security panel holds a hearing today on the measure with testimony from DHS’s top cyber official, Cybersecurity and Infrastructure Security Agency Director Chris Krebs, Election Assistance Commission Chairman Thomas Hicks and others. A CISA official told MC: “Director Krebs will confirm election security remains a priority for CISA in the run up to 2020, laying out the Agency’s plan to work with State and local election officials on broader engagement, better defining risk to election systems, and understanding the resources to manage that risk.” At least one witness — Jake Braun, a former Obama administration official who now works as executive director of the University of Chicago’s Cyber Policy Initiative and an organizer of DEF CON’s Voting Village — endorses the bill’s election security ideas in his prepared testimony. He praises the provisions mandating auditable paper trails and authorizing voting infrastructure research and development funds.

National: State and Local Elections Experts Weigh-In on Security Concerns | MeriTalk

With the 2020 national election cycle on the horizon, House Homeland Security Committee Chairman Bennie Thompson, D-Miss., convened a hearing Wednesday to examine the how the United States was working to secure its elections. The hearing, broken into two panels, heard from senior Federal election officials, as well as state and local election officials. During the first half of the hearing Christopher Krebs, director of the newly minted Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS), stressed that election cybersecurity is on the upswing. However, the second half of the hearing held a slightly different tone, with California Secretary of State Alex Padilla declaring that “our democracy is under attack.”

National: Cyber chief pushes audits as key to election security | FCW

The nation’s top cybersecurity official told Congress that the ability to audit voting machines after elections is critical for ballot security. “The area that I think we need to invest the most in the nation is ensuring auditability across infrastructure,” Christopher Krebs, head of the Cybersecurity and Infrastructure Security Agency said at a Feb. 13 hearing of the House Homeland Security Committee. “If you don’t know what’s happening and you can’t check back at what’s happening in the system — you don’t have security.” While 34 states and the District of Columbia have some laws mandating post-election audits, according to the National Conference of State Legislatures, Congress has been unable to agree on how hard or soft to make such language in legislation. Krebs and Election Assistance Commission (EAC) Chair Thomas Hicks endorsed the need for greater auditability, though both deferred to states on the question of whether it should be done digitally or by hand.

National: Manafort Found to Have Lied to Prosecutors While Under a Cooperation Agreement | The New York Times

A federal judge ruled on Wednesday that Paul Manafort, President Trump’s former campaign chairman, had breached his plea agreement by lying multiple times to prosecutors after pledging to cooperate with the special counsel’s investigation into Russia’s interference in the 2016 election. The decision by Judge Amy Berman Jackson of United States District Court in Washington may affect the severity of punishment that awaits Mr. Manafort. Judge Jackson is scheduled to sentence him next month on two conspiracy counts, and he is also awaiting sentencing for eight other counts in a related fraud case. After Mr. Manafort agreed in September to cooperate with the office of the special counsel, Robert S. Mueller III, the judge found, he lied about his contacts with a Russian associate during the campaign and after the election. Prosecutors claim that the associate, Konstantin V. Kilimnik, has ties to Russian intelligence, and have been investigating whether he was involved in Russia’s covert campaign to influence the election results.

Kentucky: Bill would strip Grimes’ power over Kentucky elections board | Lexington Herald Leader

A top Republican lawmaker is proposing legislation that would strip embattled Secretary of State Alison Lundergan Grimes of her authority over the Kentucky State Board of Elections. Senate Majority Leader Damon Thayer, R-Georgetown, said he will introduce a committee substitute Wednesday to Senate Bill 34 that would make the secretary of state a symbolic, non-voting member of the elections board, stripping her of any day-to-day authority over the group. It also would block Grimes and others in her office from accessing to the state’s voter registration database.

Mississippi: Federal judge orders remap of a Mississippi state Senate district | Associated Press

A federal judge ruled Wednesday that one of Mississippi’s 52 state Senate districts violates the Voting Rights Act because it does not give African-American voters an “equal opportunity” to elect a candidate of their choice. U.S. District Judge Carlton Reeves ruled in a lawsuit that challenges the composition of Senate District 22. The district stretches through parts of six counties in the Delta down into the Jackson suburbs of Madison County. It has a 51 percent black voting-age population and a white senator, Republican Buck Clarke of Hollandale.

New Hampshire: Voter residency law challenged in New Hampshire | Associated Press

A New Hampshire law that will make residency a condition of voting in the state unconstitutionally restricts students’ right to vote, the American Civil Liberties Union said Wednesday in a lawsuit. Under current law, New Hampshire is the only state that doesn’t require residency. The federal lawsuit filed against Secretary of State William Gardner and Attorney General Gordon MacDonald was brought on behalf of two Dartmouth College students. They say the law, which takes effect July 1, burdens their right to vote by requiring new voters to shift their home state driver’s licenses and registrations to New Hampshire. “Under this law, I have to pay to change my California license to be a New Hampshire one,” one of the students, Maggie Flaherty, said in a statement. “If I vote and don’t change my license within 60 days, I could even be charged with a misdemeanor offense with up to one year in jail.

North Carolina: Redistricting reformers hopeful about legislation this year | Associated Press

Lawmakers who want to reform the redistricting process in North Carolina say uncertainty over pending map litigation and the shaky balance of power at the legislature make them more optimistic their ideas will be voted on this year. House Democrats and Republicans filed legislation on Wednesday that would create an 11-member “nonpartisan” redistricting commission. The panel would propose new legislative and congressional maps to the General Assembly after each decennial census, the next one of which occurs in 2020. Lawmakers have filed similar bills in previous years, unsuccessfully. The House and Senate revise and approve General Assembly and congressional districts based on population changes from the census. For generations, majority parties have pushed through maps favoring their sides. When they were in the minority 10 years ago, many Republicans supported the idea of the commission. In the years since regaining General Assembly control, they largely have set the proposal aside.

Pennsylvania: As election officials delay Philadelphia voting machines decision, activists press for answers | Philadelphia Inquirer

Advocates of paper ballots cheered the news late Tuesday that the Philadelphia city commissioners have delayed their selection of new voting machines, but found themselves frustrated Wednesday when officials said they had no new information to provide. “The only thing we know now is that our message, to some degree, has been heard, otherwise I do believe that we would have gotten a decision today and probably not the one that would have been most appropriate and prudent,” said Stephen Strahs, one of a core group of activists who have shown up for meetings and held rallies. “But where this goes from here, I have no idea. My hope is that there’s going to be a process of reconsideration.” Strahs and a handful of others attended a commissioners meeting Wednesday — for which a decisive vote had been scheduled — but left without any clarity on a process they say has been opaque. The commissioners did not say anything about the machines when pressed by the activists on the decision timeline.

Tennessee: Lawmakers Consider Easing Felon Voting Rights Restoration | Associated Press

Tennessee lawmakers are considering a move to make it easier for some felons to get their voting rights restored. The legislation would lift the Republican-led state’s unique requirement for formerly incarcerated individuals to be up-to-date on child support before restoration of voting rights, in addition to other court fines and restitution. It would also aim to simplify the bureaucratic process for those people to get their rights back once they’re out of prison and off parole and probation. The legislation has made partners of the American Civil Liberties Union of Tennessee and Americans for Prosperity, who headlined a news event Wednesday touting the bill. Tori Venable, state director of Americans for Prosperity, said the legislation offers common ground for her group, at times perceived as right-leaning, and the ACLU, sometimes thought of as left-leaning.

Afghanistan: Authorities Investigating Fired Electoral Officials | RFE

Afghan authorities say they have launched an investigation into allegations that two election commissions misused their authority during last year’s general elections. The country’s Attorney General’s Office announced the investigation late on February 12, after all 12 members of the Independent Election Commission (IEC) and Independent Electoral Complaints Commission (IECC) were dismissed for allegedly abusing their authority. The seven IEC officials and five IECC staff were also barred from leaving the country, the office said in a statement. The electoral officials were heavily criticized following the October parliamentary polls, which were marred by inefficiencies including absent electoral staff and missing voting materials. Final results for all 15 provinces are yet to be announced.

India: For democracy’s sake, electronic voting machines must have proper VVPAT-based audit | Hindustan Times

The bizarre claim made in London recently about the alleged hacking of Electronic Voting Machines (EVMs) in previous elections has done more harm than good by diverting public attention from genuine concerns about EVMs and the Election Commission of India’s (ECI) lack of transparency in the matter. The controversy over the security of EVMs dates back to the early 2000s, and is not confined to India. A consensus has emerged that voters can’t verify whether their votes have been recorded and counted correctly, and that miscounts due to EVM malfunction or fraud are undetectable and unchallengeable. Hence, an additional verifiable physical record of every vote cast in the form of voter verified paper audit trail (VVPAT) is required. In 2013, the Supreme Court mandated the use of EVMs with VVPAT units, and ECI has been deploying these in assembly elections from 2017 onwards.

Moldova: Election may keep Moldova in ‘grey zone’ between West and Russia | Reuters

An election in Moldova this month looks likely to produce a hung parliament, entrenching a split between pro-Western and pro-Russian forces at a time when concerns over corruption and democracy have soured its relations with the European Union. The EU forged a deal on closer trade and political ties with the tiny ex-Soviet republic in 2014 and showered it with aid but it has become increasingly critical of Chisinau’s track record on reforms. Sandwiched between EU member Romania and Ukraine, Moldova has been dogged by scandals and its pro-Western government has failed to lift low living standards, driving many voters towards the Socialists, who favour closer ties with Russia. Socialist leader Igor Dodon took the presidency in 2016. The presidency is not being contested in the February 24 election.

Serbia: Opposition says to boycott parliament, demands snap election | Reuters

Serbian opposition parties said on Monday they had started to boycott parliamentary sessions in protest against what they see as the increasingly authoritarian rule of President Aleksandar Vucic and his ruling Serbian Progressive Party (SNS). Opposition parties and their backers accuse Vucic and the SNS of stifling media freedoms and carrying out attacks on political opponents and journalists in Serbia, a country seeking to join the European Union. They deny the accusations. The boycott move comes amid weekly protests by thousands of people that began in December and have spread from the capital Belgrade to a dozen other towns and cities. The protesters and opposition are also demanding Vucic’s resignation and snap elections.

Spain: Spain primed for early election after budget rejection | Politico

Spain looks set for a snap general election — or slow agony for Pedro Sánchez. The Socialist prime minister had his 2019 budget plans rejected by parliament on Wednesday, prompting his office to say that on Friday he’ll announce if there will be an early ballot — which could be as soon as April. Catalan pro-independence lawmakers joined forces with the right-of-center opposition to defeat the budget proposal — paving the way for an electoral test that polls predict Sánchez will win but fall short of being able to put together a coalition. The news follows days of speculation about election dates, ranging from April 14 and 28 to May 26. The latter has already been dubbed “Super Sunday” because it would coincide with European, regional and local ballots.

Ukraine: Official: Hacking intensifies as election nears | Associated Press

Russian hackers are redoubling their efforts in the run-up to presidential elections in Ukraine, according to the head of Ukraine’s cyber-police. Serhii Demediuk said in an interview with The Associated Press that Russian-controlled digital saboteurs are stepping up attacks on the Central Elections Commission and its employees, trying to penetrate electronic systems in order to manipulate information about the March 31 election. “On the eve of the election and during the counting of votes there will be cyberattacks on certain objects of critical infrastructure. This applies to the work of the polling stations themselves, districts, and the CEC,” he said. “From what we are seeing, it will be manipulation aimed at distorting information about the results of elections, and calling the elections null or void,” Demediuk said.

Georgia: Voting irregularities raise more troubling questions about the state’s elections | Politico

Lawsuits, complaints about lax security and accusations of voter suppression marred Georgia’s election for governor in November. But the state’s race for lieutenant governor had its own trouble, Democrats and election security advocates say. The contest between Republican Geoff Duncan and Democrat Sarah Riggs Amico drew far less national attention than the marquee governor’s race in which GOP candidate Brian Kemp narrowly defeated Stacey Abrams. But plaintiffs in a lawsuit against the state say abnormalities in the lieutenant governor’s election raise questions about Duncan’s victory — and potentially about the outcome of other races on the ballot if the state’s electronic voting machines were to blame. In addition to the lawsuit, Amico asked the state to investigate irregularities in the election. The problem: Georgians cast nearly 4 million ballots on Election Day, but about 160,000 of them showed no vote cast in the lieutenant governor race, about 4.3 percent of ballots. To election experts, this so-called “undervote” rate — when a race is left blank — is evidence either that Georgia voters were unusually apathetic about their lieutenant governor, or that something went wrong.

National: Senate committee leaders worry no one’s in charge on cybersecurity | The Washington Post

Responsibility for the nation’s cybersecurity is spread piecemeal throughout the government without a single person or agency in charge. That creates dangerous gaps that U.S. adversaries could exploit to hack the government or critical infrastructure, two prominent Senate Republicans told me. Homeland Security Chairman Ron Johnson (Wis.) and Mike Rounds (S.D.), chair of the Armed Services Committee’s cyber panel, are mulling how they might create a centralized government authority for cybersecurity issues. The goal would be an office that could make sure the Homeland Security, Defense and Justice departments are effectively sharing information and working toward common goals, the senators said. For example, the Defense Department, which is authorized to conduct clandestine military activities in cyberspace, might not be as clued in as DHS is to how some of those activities could prompt retaliation against U.S. businesses. Rounds also noted that some parts of the government were concerned for several years that Chinese telecom giant Huawei could use its position inside global telecommunications infrastructure to spy on behalf of the Chinese government — but the U.S. did not act until recently.