National: Hackers are using malware to find vulnerabilities in U.S. swing states. Expect cyberattacks. | The Washington Post

The Pentagon has launched a preemptive strike against the Russian hackers who may have attacked the 2016 presidential election with social media influence campaigns. Numerous initiatives, including Harvard University’s Defending Digital Democracy Project, have educated officials on how to fortify elections against cyberattacks and encouraged social media companies to take down fake accounts. Despite these efforts, 67 percent of Americans consider that a foreign influence campaign, either by Russia or other governments, during the midterm elections is “very or somewhat” plausible. Their worry might have some basis. There’s another threat that few have worked to defend against: malware, or malicious software, designed to steal, deny or alter information. And our research strongly suggests that these attacks are underway in U.S. swing states, as we explain below.

National: Complaints Allege Cruz, Kemp Benefitting from Faulty Voting Machines That Change Dem Ballots to GOP | Law & Crime

Early voters submitting ballots for hotly contested races in Texas and Georgia claim that their states’ paperless voting machines are changing their votes for Democratic candidates to Republican, or deleting them altogether. According to Politico, individuals, as well as civil rights groups, have filed complaints alleging that glitches are resulting in votes for Republican Sen. Ted Cruz (R-Texas) instead of his Democratic challenger Beto O’Rourke. There have also been complaints that votes have gone to Georgia’s Republican candidate for governor, Brian Kemp, instead of his Democratic opponent Stacey Abrams. Voting technology experts have said that this is not the result of foul play, but outdated, faulty systems that don’t even leave a paper trail of what happened. Kemp, who is currently the Georgia Secretary of State, has resisted past calls for the state to change voting systems. His state has used the same system since 2002. Texas only uses electronic machines in some counties, but there have been reports of ballots that were intended to be “straight ticket” votes for one party were changed to the other party.

National: Voting Machine Manual Instructed Election Officials to Use Weak Passwords | Motherboard

States and counties have had two years since the 2016 presidential election to educate themselves about security best practices and to fix security vulnerabilities in their election systems and processes. But despite widespread concerns about election interference from state-sponsored hackers in Russia and elsewhere, apparently not everyone received the memo about security, or read it. An election security expert who has done risk-assessments in several states since 2016 recently found a reference manual that appears to have been created by one voting machine vendor for county election officials and that lists critical usernames and passwords for the vendor’s tabulation system. The passwords, including a system administrator and root password, are trivial and easy to crack, including one composed from the vendor’s name. And although the document indicates that customers will be prompted periodically by the system to change the passwords, the document instructs customers to re-use passwords in some cases—alternating between two of them—and in other cases to simply change a number appended to the end of some passwords to change them. Harri Hursti, founder of Nordic Innovation Labs and a longtime election security expert, told me he and his colleagues were conducting a risk-assessment in a county when they found the binder containing loose-leaf pages in an election office. The vendor, California-based Unisyn Voting Solutions, makes an optical-scan system called OpenElect Voting System for use in both precincts and central election offices.

National: How to Hack an Election | GQ

There is a voting machine in J. Alex Halderman’s office, not a particularly large one, just an oversize computer tablet set into a plastic frame balanced on tubular legs. But Halderman’s office isn’t especially large, either, so the machine takes up an inordinate, almost clumsy, amount of space. The machine is a Diebold AccuVote-TSX. In the jargon of election machinery, it is a DRE, which is short for direct recording electronic: Voters touch the screen to make their choices, which are then logged in the AccuVote’s memory. This is not exotic technology. DREs have been used in American elections for three decades, and the AccuVote and similar machines are being used in some 30 states this fall, when voters are determining, among other things, which party will control one or both houses of the United States Congress and whether there will be any reasonable checks on the current administration. Halderman got his AccuVote-TSX on eBay. It cost him $94.90 from a seller in North Canton, Ohio, who by last spring had sold at least 40 other used AccuVote-TSXs and had at least 10 more for sale (by the last week of October, he either had sold out or gone out of business, as his listing was gone). Because Halderman is a computer scientist at the University of Michigan, he programmed his AccuVote to tally a two-candidate election for “greatest university” between Michigan and, of course, Ohio State.

National: What to Do When Voting Machines Fail | Electronic Frontier Foundation

With Election Day just hours away, we are seeing reports across the country that electronic voting machines are already inaccurately recording votes and questions are being raised about potential foreign interference after 2016. While the responsibility to deal with these issues falls to state election officials, here is a quick guide for how to respond to some issues on Election Day, along with a handy resource from our friends at Verified Voting indicating what equipment is used in each polling place across the nation. 866-OUR-VOTE: If you experience voter machine glitches, see voters being turned away from the poll, or run into other issues, report them to the nonpartisan Election Protection network. This is the only way that we can spot patterns, put pressure on election officials to respond and, in the long run, make the case for paper ballots and risk limiting audits. Since the first electronic voting machines were introduced, security experts have warned that they pose a risk of interference or simple malfunction that cannot be easily detected or corrected. If someone hacks the machines, they hack the vote. If the machines fail, the vote is wrong. The fix is clear: all elections must include paper backups and a settled-on process for real risk limiting audits. If voting machines are down, you should ask for an emergency paper ballot. Do not simply accept that you cannot vote—broken machines should not result in disenfranchisement.

National: The cyber-hardened voting booth | The Fifth Domian

Protecting our elections from cyber meddling is a long-term effort; there is no silver-bullet answer. Yet the security of the 2018 midterm elections has practically made more headlines than the candidates have. A report from the the Center for Strategic and International Studies, in partnership with Raytheon, found that since the 2016 elections, 40 states have invested more than $75 million to improve election security. The center compiled the report from multiple sources and a survey it conducted with its network of cybersecurity experts. Robert “Bob” Kolasky, National Risk Management Center director at the Department of Homeland Security, expressed his confidence in the security of our election systems at an event ahead of the midterms elections. The event was hosted by CSIS on Oct. 30, in Washington, D.C.

National: U.S. Girds for Possible Russian Meddling on Election Day | Wall Street Journal

Two years ago, Rob Silvers arrived at a nondescript federal building in the Virginia suburbs of Washington on election day, afraid America was about to be hit by a catastrophic cyberattack. An alleged Russian operation to hack Democratic emails and peddle divisive disinformation was months in the making; election systems across the country had been probed by suspected Russian hackers; and one state—Illinois—had seen its voter registration database breached. “There was no playbook,” said Mr. Silvers, then a senior official at the Department of Homeland Security, now a partner at the law firm Paul Hastings. “We were writing the playbook as we were executing it.“ His worst fears never materialized, but Russia’s alleged actions convinced officials that cybersecurity would be a critical aspect of any future election. This year, voters will be casting ballots in what experts say will be the most secure U.S. election since the birth of the internet, thanks to steps taken since 2016. “States all across the country are more prepared,” said Wayne Williams, the Republican secretary of state of Colorado, who has been among the most active in adopting electoral cybersecurity measures.

National: Legal fights over voting rights tighten already-close races | The Hill

Legal battles over voting laws are poised to play a decisive role Tuesday in some states with tight races. Controversial statutes in Arizona and North Dakota have been challenged in federal court in recent months, with judges handing down rulings that are expected to keep thousands of voters from casting a ballot on Election Day. And while voting rights groups were able to get relief for Georgia voters in high-profile disputes over the state’s “exact match” registration verification process, the courtroom drama has catapulted a hotly contested gubernatorial race into the national spotlight. If elected, Stacey Abrams (D) would become the first black female governor in U.S. history. Edward Foley, director of the Election Law program at Ohio State University’s Moritz College of Law, said voting procedures perceived to be hostile to minority voters have backfired in the past. “It can actually increase turnout among groups that are purportedly targeted,” he said.

National: File-Sharing Software on State Election Servers Could Expose Them to Intruders | ProPublica

As recently as Monday, computer servers that powered Kentucky’s online voter registration and Wisconsin’s reporting of election results ran software that could potentially expose information to hackers or enable access to sensitive files without a password. The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentucky’s was accessible from other Eastern European countries. The service, known as FTP, provides public access to files — sometimes anonymously and without encryption. As a result, security experts say, it could act as a gateway for hackers to acquire key details of a server’s operating system and exploit its vulnerabilities. Some corporations and other institutions have dropped FTP in favor of more secure alternatives. Officials in both states said that voter-registration data has not been compromised and that their states’ infrastructure was protected against infiltration. Still, Wisconsin said it turned off its FTP service following ProPublica’s inquiries. Kentucky left its password-free service running and said ProPublica didn’t understand its approach to security.

National: Private Equity Controls the Gatekeepers of American Democracy | Bloomberg

Millions of Americans will cast votes in Tuesday’s midterm elections, some on machines that experts say use outdated software or are vulnerable to hacking. If there are glitches or some races are too close to call — or evidence emerges of more meddling attempts by Russia — voters may wake up on Wednesday and wonder: Can we trust the outcome? Meet, then, the gatekeepers of American democracy: Three obscure, private equity-backed companies control an estimated $300 million U.S. voting-machine industry. Though most of their revenue comes from taxpayers, and they play an indispensable role in determining the balance of power in America, the companies largely function in secret. Devices made by Election Systems & Software LLC, Dominion Voting Systems and Hart InterCivic Inc. will process about nine of every ten ballots next week. Each of the companies is privately held and at least partially controlled by private equity firms. Beyond that, little is known about how they operate or to whom they answer. They don’t disclose financial results and aren’t subject to federal regulation. While the companies say their technology is secure and up-to-date, security experts for years have raised concerns that older, sometimes poorly engineered, equipment can jeopardize the integrity of elections and, more importantly, erode public trust.

National: Hackers targeting election networks across country in lead up to midterms | The Boston Globe

Hackers have ramped up their efforts to meddle with the country’s election infrastructure in the weeks leading up to Tuesday’s midterms, sparking a raft of investigations into election interference, internal intelligence documents show. The hackers have targeted voter registration databases, election officials, and networks across the country, from counties in the Southwest to a city government in the Midwest, according to Department of Homeland Security election threat reports reviewed by the Globe. The agency says publicly all the recent attempts have been prevented or mitigated, but internal documents show hackers have had “limited success.” The recent incidents, ranging from injections of malicious computer code to a massive number of bogus requests for voter registration forms, have not been publicly disclosed until now. Federal agencies have logged more than 160 reports of suspected meddling in US elections since Aug. 1, documents show. The pace of suspicious activity has picked up in recent weeks — up to 10 incidents each day — and officials are on high alert.

National: Ready or not, states are about to find out if their election security investments worked | StateScoop

Last month, election officials in Vermont disclosed that the state had notified the U.S. Department of Homeland Security that it had detected a computer with an internet protocol address leading back to Russia snooping around its voter registration database in August. While the state said no data was altered , the incidentwas a reminder that the foreign cyberthreatis still out there, nearly two years after it dominated the conversation about the 2016 campaign. This election cycle, state and local officials who supervise elections have scrambled to add cybersecurity to portfolios that long consisted mostly of registering voters and tabulating ballots. The inflectionpoint came in September 2017, when DHS said that Russian hackers attempted to penetrate the voter registration systems in at least 21 states in 2016 and did so successfully in Illinois. With all that in mind, those state officials have becomeactive partners with the federal government, whileupgrading computer systems, replacing equipment and sharing threat information.On Tuesday, they and their voters will find out if their efforts were worthwhile.

National: Concerns about voter access dominate final stretch before Election Day | The Washington Post

n Saturday, voting rights advocates alerted lawyers for the Georgia secretary of state, as well as the FBI, of a potential vulnerability in the state’s election system that they said could allow hackers to obtain and alter private voter information. On Sunday, Republican Brian Kemp, who as secretary of state controls the state’s election process even as he runs for governor, responded by accusing Democrats of possessing software that could have extracted personal voter data, and his office opened an investigation into what it described as “a failed attempt to hack the state’s voter registration system.” Kemp’s campaign called Democrats “power-hungry radicals” who should be held to account for “their criminal behavior.” Democrats called the probe “an abuse of power.”

National: ‘They Don’t Really Want Us to Vote’: How Republicans Made It Harder | The New York Times

Damon Johnson is a 19-year-old sophomore studying chemical engineering at historically black Prairie View A&M University. He’s learning a lot about voting, too. Mr. Johnson is one of the plaintiffs in a lawsuit filed last month by the NAACP Legal Defense and Educational Fund alleging that rural Waller County has tried to disenfranchise students at the university over decades, most recently by curtailing early voting on campus. The polling station at the university’s student center was restricted to three days of early voting, compared with two weeks in some other parts of the county — and two weeks at majority-white Texas A&M in a nearby county. “I don’t want this to be the reason, but it looks like we’re PVAMU in a predominantly white area and they don’t really want us to vote,” Mr. Johnson said recently.

National: Watch out for vote suppression, other tricks on Election Day | McClatchy

Don’t be surprised by mischief on Election Day. That’s the advice experts give about last-minute text messages, robocalls or emails purporting to instruct people (falsely) on where or when to vote. Bogus text messages have already popped up in Florida, one of many states afflicted by attempts to skew the vote in the run-up to Tuesday’s midterm elections. Early voting has been fraught with problems, including an investigation into alleged hacking of Georgia voter registration systems on Sunday and court battles in the state over who should be allowed on voter rolls, and snafus with antiquated voting machines in Texas. In Kansas, a federal judge upheld Dodge City’s decision to move the only polling place to what one resident called “the middle of nowhere” outside of town. There are tougher ID rules for voters in North Carolina and Kansas, passed by Republican office-holders who want to keep their majorities.. In North Dakota, where officials require a residential address in order to vote, thousands of Native Americans faced a scramble to obtain new state-issued or tribal IDs with street addresses, rather than P.O. boxes, even though their homes often lack numbers and their streets lack names.

National: Homeland Security’s biggest election concern is what comes after you vote | CNET

The biggest concern for election security isn’t about Election Day — it’s about the day after, Department of Homeland Security Secretary Kirstjen Nielsen said. “My biggest concern is that a foreign entity will take the opportunity after the election, or the night of the election, to attempt to sow discord through social media by suggesting that something’s not working as it should in a particular area,” Nielsen said Friday morning at a Council on Foreign Relations event in New York. The conversation with Nielsen about comes just four days before Election Day and amid major DHS efforts to protect the US elections from foreign interference. That includes assisting election officials in all 50 states, creating its own center toprotect critical infrastructure, and attending Defcon to learn about voting machine flaws. While DHS is working to protect the machines and make sure voting officials are prepared, it’s that wave of disinformation on social media that’ll follow the election that Nielsen’s most worried about.

National: Could Hackers Give Us Another Bush v. Gore? | Washingtonian

The scenario would go like this. On Tuesday, November 6, Americans tune to television sets and radio broadcasts, unlock their phones and keep an eye on their desktop screens, all waiting for the same thing: A definitive account of who has won what in the midterm elections. Throughout the night, election numbers shoot across their screens—live, preliminary return data pumped in from congressional and Senate races across the country, and key gubernatorial races, too. Then, around 10 PM EST, CNN anchors announce the network’s call: The Democrats have taken control of the House, winning 31 of the necessary 24 seats to successfully wrest control from Republicans. On camera, Van Jones and Anderson Cooper waste no time as they begin discussing the implications of the victory and how the midterm results have placed the Trump presidency in a new chapter of turmoil. But there’s a problem. Fox News analysts have just announced the opposite result: In an extraordinary turn of events, Republicans have managed to hang on to their majority by a single seat, retaining control of the House. It’s a major political upset, says Bret Baier, and a replay of Trump’s surprise victory in 2016. And yet for clients of the newswire Reuters, the results are simply opaque—with political analysts there reporting that control of the House, and several nail-biter gubernatorial and Senate races, still remain too close to call.

National: Has US voter suppression become systematic? | Deutsche Welle

Audrey Calkins, a 33-year-old lawyer, had already voted in two elections in her county in the US state of Tennessee when she showed up to vote in the Republican presidential primary on March 1, 2016. That morning, she showed up at the polls bright and early, presented her ID and her voter registration card to the election official, who looked her up in the system. “They told me I wasn’t on the list,” Calkins said. “I said, ‘Check that you’re spelling my name right.'” The official turned his computer screen around so that Calkins could see he was spelling her name correctly, and indeed, she was not on the list. “They said I wasn’t a registered voter,” Calkins said. “I was blown away, because obviously I had just voted a couple of months before in both October and November.” Calkins was turned away from voting.

National: Voting machine errors already roil Texas and Georgia races | Politico

Glitchy paperless voting machines are affecting an untold number of early voting ballots in Texas and Georgia, raising the specter that two of the most closely watched races could be marred by questions about whether the vote count is accurate. Civil rights groups and voters in both states have filed complaints alleging that the ATM-style touchscreen machines inexplicably deleted some people’s votes for Democratic candidates or switched them to Republican votes. The errors — which experts have blamed on outdated software and old machines — would appear to work to the advantage of Republican Texas Sen. Ted Cruz over Democratic challenger Beto O’Rourke, and that of Georgia GOP gubernatorial candidate Brian Kemp over Democrat Stacey Abrams. It’s unclear how many times the errors have happened or whether they could be enough to change the outcome of either race, both of which appear to be tight. But the latest episodes come after at least a decade and a half of warnings from election security groups about the dangers of relying on voting machines that don’t produce a paper trail — saying they’re insecure and produce results that are impossible to audit.

National: Securing voting machines means raising funds | The Parallax

There likely isn’t a quick fix for complex U.S. election integrity challenges such as social-engineering interference on Facebook. Experts say there is a straightforward response, however, to vulnerable voting-machine software. The problem is that it involves cooperation in Congress. When the Senate failed to move the Secure Elections Act forward in August because of White House concerns over states’ rights, coupled with funding concerns, the United States lost its best chance this year of taking steps toward patching voting machines. The most recent federal dollars devoted to improving elections came from the Help Americans Vote Act of 2002, which was itself flawed because its authors failed to predict cybersecurity standards for voting machines. The idea of hackers infiltrating computerized voting machines at the time was “completely ridiculous,” says Margaret MacAlpine, a voting-machine security researcher and a founding partner of cybersecurity consultancy Nordic Innovation Labs. “The cybersecurity threat was more than science fiction at that point,” she says. And even now, as knowledge that the machines are vulnerable to hackers spreads, there is still a lack of political will to allocate the funds needed to replace them and ensure that new machines are secured against attacks, she says.

National: A Voter’s Guide to Election Security | Associated Press

Americans are now voting in the first major election since Russians launched a broad assault on the 2016 presidential campaign. And while election officials and security experts remain vigilant through Election Day, voters have a critical role in the fight to keep elections safe and accessible. The average voter shouldn’t be too concerned about foreign interference in elections, said Maurice Turner, a senior technologist at the nonprofit Center for Democracy and Technology in Washington, D.C. But, he said, that doesn’t mean she should be passive about secure elections. By understanding the system, its flaws and what needs changing, voters can call for accountability from election officials and state policymakers. “I’m hoping for a quiet Election Day,” Turner said. “I’m hoping that we can focus on the issues that are on the ballot versus how we’re going to count the ballot.” Malicious actors might attack the midterms by manipulating voter registration rolls. While a May report from the Senate Intelligence Committee said the “U.S. election infrastructure is fundamentally resilient,” it also outlined Russian attempts in 2016 to scan election systems in 21 states and aggressively try to infiltrate six of them.

National: The Vulnerabilities of Our Voting Machines | Scientific American

A few weeks ago computer scientist J. Alex Halderman rolled an electronic voting machine onto a Massachusetts Institute of Technology stage and demonstrated how simple it is to hack an election. In a mock contest between George Washington and Benedict Arnold three volunteers each voted for Washington. But Halderman, whose research involves testing the security of election systems, had tampered with the ballot programming, infecting the machine’s memory card with malicious software. When he printed out the results, the receipt showed Arnold had won, 2 to 1. Without a paper trail of each vote, neither the voters nor a human auditor could check for discrepancies. In real elections, too, about 20 percent of voters nationally still cast electronic ballots only. As the U.S. midterm elections approach, Halderman, among others, has warned our “outmoded and under-tested” electronic voting systems are increasingly vulnerable to attacks. They can also lead to confusion. Some early voters in Texas have already reported votes they cast for Democratic U.S. Senate challenger Beto O’Rourke were switched on-screen to incumbent Republican Sen. Ted Cruz. There’s no evidence of hacking, and the particular machines in question are known to have software bugs, which could account for the errors.

National: Mystery of the Midterm Elections: Where Are the Russians? | The New York Times

Shane Huntley has seen every form of state-sponsored cyberattack, first as an Australian intelligence officer and now as director of Google’s most advanced team of threat detectors. So when he was asked what surprised him the most about the 2018 midterm elections, his response was a bit counterintuitive. “The answer is surprisingly little on the hacking front, at least compared to two years ago.” He paused, and added: “And that reassures some people, and it scares some people.” He is right. From the cyberwar room that the Department of Homeland Security runs round the clock in a bland office building in Arlington, Va., to Microsoft’s threat-assessment center at the other end of the country, in Redmond, Wash., every form of digital radar is being focused on Russia, especially its military-intelligence unit, formerly known as the G.R.U.

National: Campaign cybersecurity poses next major challenge for federal election officials | The Hill

Federal officials say they want to help political campaigns guard against against cyberattacks, but are struggling to figure out how. Election officials said this week that while much of the attention since 2016 has focused on protecting voting systems, campaigns remain highly susceptible to cyber intrusions. However, those same officials have no means of directly communicating with the hundreds, if not thousands, of candidates about how best to address cyber threats. Robert Kolasky, director of the Department of Homeland Security’s (DHS) National Risk Management Center, said DHS has resorted to contacting the Republican and Democratic national committees to try to reach campaigns. And even then federal officials aren’t able to reach everyone. Few campaigns reach out to DHS about cybersecurity issues, Kolasky told reporters on Tuesday, adding that candidates are more likely to contact the FBI or their national committees when they notice something has gone wrong.

National: Ahead of U.S. elections, fears of voter suppression – and efforts to fight back | Reuters

Clemente Torres has proudly cast his vote in person at Dodge City’s lone polling place in every election since he became a naturalized citizen 20 years ago. This year is different. After Republican officials said in September they would move the Hispanic-majority city’s only polling place to a remote spot outside the city limits, across railroad tracks and away from bus lines, Torres decided to vote by mail. “I wanted to be sure I could vote,” said Torres, 57, who works at a meatpacking plant in this western Kansas city best known for its history as a Wild West outpost. “I didn’t want to take any chances.” Torres and other voters interviewed by Reuters said they were worried voting would be more difficult at the new location. Some were skeptical of the official explanation: that construction will hinder access to the usual site. The move sparked an outcry from voting rights groups that say Republicans are trying to limit Hispanic votes. The American Civil Liberties Union asked the courts to force Dodge City to open another polling site – a request denied by a judge on Thursday.

National: Mail-In Ballot Postage Becomes a Surprising (and Unnecessary) Cause of Voter Anxiety | ProPublica

At the absentee ballot parties organized by assistant professor Allison Rank and her political science students at the State University of New York at Oswego, young voters can sip apple cider and eat donuts as they fill out their ballots. But the main draw is the free stamps. “The stamp was actually the thing I was concerned about,” one freshman told Rank after she explained the process of completing and mailing in a ballot. According to Rank, only one store on the rural upstate campus sells postage. It has limited hours and only takes cash, which many students don’t carry. It’s not only students who may be short a stamp this election. An increasing number of Americans vote by mail in an age when fewer of us have a reason to keep postage on hand. But it’s long been an open secret among election officials: Even though the return envelopes on many mail-in ballots say “postage required,” the U.S. Postal Service will deliver even without a stamp.

National: In the South, an Aggressive Effort to Purge Former Felons From Voting Rolls | Pacific Standard

In many parts of the country, it’s becoming easier than ever for former felons to vote. A growing number of states have loosened restrictions, such as allowing people to cast ballots while still on parole or probation. But there is one region that still has a penchant for purging felons from the rolls: the South. An APM Reports/Pacific Standard analysis of federal data shows that, in the past decade, the number of registered voters removed from the rolls across the South due to a conviction has nearly doubled. That trend comes at a time when overall crime rates have been declining. States with the largest voting-aged, African-American populations tend to have some of the strictest laws. And that’s created a disproportionate impact on minority voters. In fact, the laws were initially designed 150 years ago to suppress African-American political influence.

National: Electronic voting was going to be the future. Now paper’s making a comeback | CNET

You could call it buyer’s remorse. Five US states went all in on electronic voting machines, and four of those states are poised to get out. Delaware, Georgia, Louisiana, New Jersey and South Carolina are the only states relying solely on voting machines that produce no paper record of an individual voter’s ballot. All but Georgia are on the cusp of swapping those out for new machines that print out a paper record of each completed ballot — and Georgia is under pressure to do the same. None, though, will be ready for next week’s midterm elections. It’s the next step in voting systems since Florida’s infamous hanging chads and butterfly ballots determined the 2000 presidential election. … Hackers could also infiltrate the computers that tabulate results, as security experts found when they examined voting-related software at the annual Defcon hacking conference this year, and they could attack or alter the websites that announce winners. The Defcon experts also found half of US states are using voting machines that have known software vulnerabilities.

National: How Electronic-Voting-Machine Errors Reflect a Wider Crisis for American Democracy | The New Yorker

When reports began circulating last week that voting machines in Texas were flipping ballots cast for Beto O’Rourke over to Ted Cruz, and machines in Georgia were changing votes for the Democratic gubernatorial candidate Stacey Abrams to those for her Republican opponent, Brian Kemp, it would not have been unreasonable to suppose that those machines had been hacked. After all, their vulnerabilities have been known for nearly two decades. In September, J. Alex Halderman, a computer-science professor at the University of Michigan, demonstrated to members of Congress precisely how easy it is to surreptitiously manipulate the AccuVote TS, a variant of the direct-recording electronic (D.R.E.) voting machines used in Georgia. In addition, Halderman noted, it is impossible to verify that the votes cast were not the votes intended, since the AccuVote does not provide a physical record of the transaction.

National: Fewer than half of US states have undergone federal election security reviews ahead of midterms | ABC

With only a week left before the 2018 midterm elections, fewer than half of U.S. states have submitted to a Department of Homeland Security assessment of their vulnerabilities to vote hacking. Under the department’s National Protection and Programs Directorate, the agency branch that coordinates cyber protection of U.S. infrastructure, a team of DHS officials are prepared to examine statewide election systems. They can check for cybersecurity vulnerabilities and run in-person exercises like phishing tests to ensure election officials are prepared to guard against attempts to hack their email accounts. The Department of Homeland Security has already provided or is scheduled to provide the service, which is free for states that request it, to only 21 states, a department spokesman told ABC News, concerning election experts who fear some states may not be aware of potential vulnerabilities.