The Department of Homeland Security (DHS) has offered assistance to state officials attempting to prevent hacking of voting systems, but experts say the equipment remains highly vulnerable to manipulation with two months until Election Day. Amid reports of hackers accessing voting data in Arizona and Illinois, DHS Secretary Jeh Johnson held a conference call with secretaries of state from across the country last month. DHS is considering whether to declare election systems “critical infrastructure,” a move that would give the government the same level of oversight of elections that it has over the financial system and power grids. … “Hacking elections is easy,” a new report from the Institute for Critical Infrastructure Technology (ICIT) states bluntly. “Electronic voting machines are black-box, unsecured endpoints that feature vulnerabilities that would be scandalous in any other sectors,” said James Scott, senior fellow at ICIT and co-author of the report, “such as a lack of native security applications, open networked connections, a non-verifiable chain of custody, a reliance on personnel who are not trained to practice even basic cyber-hygiene, and other critical vulnerabilities.” The ICIT report lays out a number of potential threats, most related to voting machines being antiquated and poorly-secured devices that lack some of the basic safeguards home PCs now have.
National: U.S. Voting System So ‘Clunky’ It Is Insulated From Hacking, FBI Director Says | Wall Street Journal
The head of the Federal Bureau of Investigation sought to calm fears that Russians or others could electronically sabotage the nation’s election in November, saying the 50-state voting system is so dispersed and “clunky” it would be difficult for hackers to affect the outcome. Appearing at a panel with other senior US intelligence officials on Thursday, FBI Director James Comey was asked about the concerns that hackers acting on behalf of the Russian government might try to manipulate the presidential election. Such concerns have grown in recent weeks, after the FBI issued an alert to state officials about the possibility of hackers penetrating state election computer systems. In Arizona, a hacker obtained one of two credentials needed to access the state’s voter-registration system.
On Monday, the Washington Post reported that some election officials and intelligence officials have doubts about the ability of systems in the USA’s states and provinces to defend themselves against a sustained attack by a state-level actor. “America doesn’t have its act together,” Ion Sancho, a Florida election supervisor, fretted to the paper. “We need a plan.” Despite the warnings, it would be incredibly difficult for a foreign power to directly tamper with a U.S. state’s election results. Still, voter rolls themselves could be vulnerable in a number of states. Under the Help America Vote Act of 2002, each state must have one centralized, digital database of voters. One way that a malicious actor could impact an election (presidential or otherwise) would be to tamper with the registrations of a demographic group associated with the opponent of a candidate favored by the adversary.
National: Clinton Campaign Says There Is a “Direct Link” Between Trump and Russian Hackers | Mother Jones
A Hillary Clinton campaign spokesman says a new article in the New York Observer establishes a “direct link” between the Donald Trump campaign and the hacker or hackers who have recently penetrated the Democratic National Committee, the Democratic Congressional Campaign Committee, and other high-profile Democratic officials. On Tuesday, the Observer published a piece maintaining that the DCCC had coordinated—presumably improperly—with the Hillary Clinton campaign in 2015. The story, written by a freelance contributor named Michael Sainato, cited “an internal DCCC memo” leaked to the Observer from Guccifer 2.0—the handle of the hacker or hackers who have successfully targeted these Democratic committees. The Observer is owned by Trump’s son-in-law, Jared Kushner, who has been a top adviser to the Republican presidential nominee. … In an email to Mother Jones, Fallon elaborated on his tweet: “Guccifer 2.0 is known to be the Russians. And now that they are leaking materials obtained from their hacking to Trump adviser Jared Kushner’s newspaper, that’s a pretty direct link between Trump and the Russians behind this hack.”
U.S. lawmakers of both political parties told VOA they have no reason to doubt that Russian hackers are targeting America’s voting infrastructure with the possible intent of disrupting or undermining confidence in the November elections. “I don’t think it’s a stretch because Russia’s been engaged in cyberattacks against the United States,” said Republican Senator John Cornyn of Texas. “These are well known to our national security experts. So no, it does not surprise me.” “We know Russia has been very active in cyberattacks in the United States, and we know that they mine for information all the time,” said Senator Ben Cardin, a Maryland Democrat. “Nothing surprises me about Russia.”
Defense Secretary Ashton B. Carter lashed out at Russia on Wednesday, accusing the government of President Vladimir V. Putin of demonstrating a “clear ambition to erode” international order and warning Russia to stay out of the American elections. Speaking on Wednesday at Oxford University in England, Mr. Carter used language that evoked a time before the fall of the Berlin War, when leaders in Washington and Moscow were entrenched global adversaries. “The United States does not seek a cold, let alone a hot, war with Russia,” Mr. Carter said. “But make no mistake, we will defend our allies, the principled international order, and the positive future it affords all of us.” He also warned Moscow that Washington “will not ignore attempts to interfere with our democratic processes.” The F.B.I. is investigating whether Russia hacked into computer systems of the Democratic National Committee. Mr. Carter accused Russia of “undercutting the work and contributions of others rather than creating or making any positive contributions on its own,” and said that Moscow was sowing “instability rather than cultivating stability.”
Russian hackers are constantly targeting U.S. computer networks, the nation’s top intelligence official said Wednesday, in an apparent tip of his hand toward blaming Moscow for recent attacks on Democratic Party institutions. “The Russians hack our systems all the time,” Director of National Intelligence James Clapper said at the Intelligence and National Security Summit in Washington. “Not just government but also corporate and personal systems.” “So do the Chinese and others, including non-state actors,” he added. Clapper declined to specifically address the hacks of Democratic groups, which have been traced to hackers with suspected Russian ties. But he referred to comments previously made by President Obama that “experts have attributed this to the Russians.”
Is it time to panic about Election Day? Not about the choices for president, but about whether the votes that millions of Americans will cast Nov. 8 will be secure. “My level of concern is pretty high,” said Thomas Hicks, chairman of the Election Assistance Commission, an independent, bipartisan group created to develop guidelines after the disputed 2000 presidential election. Experts are warning that in a year of unending political drama, still more might be in store, from Russian hackers to obsolete voting machines prone to breakdowns, all with the potential for causing considerable political chaos. … Nervousness over the apparatus by which the next president will be chosen seemed inevitable. Computer-security experts have long expressed concerns about the vulnerabilities of state voter-registration rolls and the frailties of older voting machines.
People have trouble prioritizing risk. For example, you often hear about the threat of voter fraud, when all evidence suggests that the risks of such fraud are inconsequential. In truth, hacked voting machines are much more likely to affect an election’s outcome. Why would an election fraudster try to herd a flock of criminal participants to the polls when one mildly talented hacker could cause far more trouble? On a state-by-state level, most presidential elections are decided by many thousands of votes. For example, in 2012, Barack Obama beat Mitt Romney by more than 166,000 votes in the swing state of Ohio. Even in the 2000 election, the closest presidential contest ever, what sort of Houdini could have marshaled the miscreants necessary to cast a few hundred fake votes to tip the balance without getting caught? A hack of a single voting machine could accomplish the same objective.
Although Champaign, Ill., native Judith Maltby has lived in Great Britain for 30 years, she returns to the United States regularly and follows U.S. presidential races. This year’s election is of particular concern to Maltby, a chaplain at England’s Oxford University who hopes “the U.S. remains a serious partner with democratic Europe and continues to be outward looking.” She said she is backing Democratic candidate Hillary Clinton because Republican “Donald Trump’s campaign is about isolationism of the most destructive kind.” Maltby is one of approximately 8 million Americans living abroad, a group large enough to tip elections in close presidential and state contests. They could not vote until 1975, when the Overseas Citizens Voting Rights Act became law. Since then, non-partisan organizations, including Vote From Abroad and Overseas Vote Foundation, have offered help, such as how to register from abroad.
Following an official invitation to observe the US general election in November and an in-country assessment in May, the Organization for Security and Cooperation in Europe (OSCE) plans to deploy 100 long-term and 400 short-term observers to the US this fall. The mission will also include a media monitoring element and will be complimented by a core team of analysts. While the long-term observers are slated to follow the election process across the country already before election day, the short-term observers are tasked with monitoring the polls on election day only. Election observers are usually seconded for the mission by OSCE participating states. Four years ago the OSCE deployed 44 short-term observers across the country as well as a core team of 13 experts to monitor the 2012 US election. No short-term contingent was sent for what was considered a “limited mission.”
Brace for a stream of digital leaks and shenanigans by Election Day. Whether it’s newly disclosed Democratic Party emails or someone tampering with voting machines, this year’s presidential election could come with hacking intrigue like none before it. Consider messages stolen from the Democrats by suspected Russian-linked hackers and posted online in the summer by the self-described…
The Federal Bureau of Investigation’s disclosure earlier this month that foreign hackers had infiltrated voter registration systems in Illinois and Arizona came as no surprise to some cybersecurity experts. “Given where cybercrime has gone, it’s not too surprising to think about how information risks might manifest themselves during the election season to cause some level of either potential disruption, change in voting, or even just political fodder to add the hype cycle,” says Malcolm Harkins, chief security and trust officer at network security firm Cylance. Growing concern that hackers sponsored by Russia or other countries may be attempting to disrupt the presidential election is certainly not far-fetched, given the recent data breach at the Democratic National Committee headquarters. In fact, hacking an election is shockingly easy, according to a report by the Institute for Critical Infrastructure Technology, a cybersecurity think tank. In most cases, electronic voting systems “are nothing but bare-bone, decade old computer systems that lack even rudimentary endpoint security,” according to the report. Security vulnerabilities are discussed every four years, but little attention is given to the problem. “It’s time for a complete overhaul in the electoral process’ cyber, technical and physical security,” the report concludes.
National: National Association of Secretaries of State names members of election security group | FCW
After reports of possible hacks by foreign entities on U.S. voting systems and massive data theft from political party databases, the Department of Homeland Security is assembling a group of state and federal officials who will explore ways to protect the integrity of U.S. election systems. On Aug. 31, the National Association of Secretaries of State named four representatives to DHS’ Election Infrastructure Cybersecurity Working Group: Denise Merrill, Connecticut’s secretary of state and the association’s president; Connie Lawson, Indiana’s secretary of state and the association’s president-elect; and NASS Elections Committee Co-Chairs Alex Padilla, California’s secretary of state, and Brian Kemp, Georgia’s secretary of state. Other participants in the group include the Election Assistance Commission, the National Institute of Standards and Technology, the Justice Department, the FBI and the Defense Department’s Federal Voting Assistance Program, the official said.
National: Intelligence community investigating covert Russian influence operations in the United States | The Washington Post
U.S. intelligence and law enforcement agencies are probing what they see as a broad covert Russian operation in the United States to sow public distrust in the upcoming presidential election and in U.S. political institutions, intelligence and congressional officials said. The aim is to understand the scope and intent of the Russian campaign, which incorporates cyber-tools to hack systems used in the political process, enhancing Russia’s ability to spread disinformation. The effort to better understand Russia’s covert influence operations is being spearheaded by James R. Clapper Jr., the director of national intelligence. “This is something of concern for the DNI,” said Charles Allen, a former longtime CIA officer who has been briefed on some of these issues. “It is being addressed.”
National: Trump’s ‘rigged election’ rhetoric could inspire voter intimidation, say experts | The Guardian
Donald Trump’s claims that if he loses in November it will be due to a “rigged” election have sparked strong bipartisan criticism from election lawyers, donors and a former member of Congress who warn that the Republican candidate’s words are dangerous, fueling doubts about the election’s legitimacy and potentially leading to voter intimidation. As his poll numbers have weakened and his high-decibel spats with critics escalated, Trump has raised the specter of rigged elections and suggested that if he loses it might well be because of voter fraud. “The only way we can lose, in my opinion, I really mean this, Pennsylvania, is if cheating goes on,” Trump told a largely white rally last month in Altoona, Pennsylvania. “Go down to certain areas and watch and study [to] make sure other people don’t come in and vote five times. “We’re going to have unbelievable turnout, but we don’t want to see people voting five times,” Trump added, saying that he had “heard some stories about certain parts of the state and we have to be very careful”.
National: Without conservative Supreme Court majority, voter-law challengers make gains | The Washington Post
A coalition of civil rights groups, Democratic lawyers and the Obama administration has scored significant victories in overturning strict voting laws, highlighting how the death of Justice Antonin Scalia has removed the Supreme Court as a crucial conservative backstop for such measures. With the presidential election approaching, the challengers have rung up wins against their two top targets. Texas and North Carolina are now under judicial order to shelve comprehensive voting laws, passed by Republican legislators, that appeals courts said discriminated against African Americans and Hispanics. In Wisconsin, federal courts restored some early-voting opportunities — seen as beneficial to African American voters, who overwhelmingly vote Democratic — that had been scotched by the state legislature. And a federal judge has been tasked with overseeing the state’s efforts to make it easier for those without the documentation required by the state to cast ballots.
Since 2010, 25 states passed laws making it harder to vote. Some required voters to present photo ID at the polls; others restricted early voting or the re-enfranchisement of ex-felons. In 17 of the states, Republicans control the legislature and the governorship. Liberals have scrambled to get the laws repealed or overturned in court. But with exceptions such as the July decision by a federal appeals court to block several new voting restrictions in North Carolina, most of the new laws remain on the books and will be in effect in November. Now some of the bluest states are passing laws to make voting easier. Since the start of 2015, five states have approved automatic voter registration measures, in which government agencies such as the Department of Motor Vehicles add qualified citizens to the voter rolls unless they opt out. “The question should be, Why would we ever have a barrier?” says Democrat Jennifer Williamson, state house majority leader in Oregon, where the nation’s first AVR measure was signed into law in March 2015. “We should be constructing a system where the default is voting.”
We’ve heard a lot in recent weeks about the potential for Russian meddling in the presidential election. A lot of circumstantial evidence – and the fact that Russia has the means, motive and opportunity to conduct these attacks – suggests an important Russian role in the leaks of confidential emails from the Democratic National Committee, the release of opposition research on Donald Trump compiled by the DNC and personal contact details of many prominent Democrats. And just this week, news broke that the FBI has found evidence of foreign penetrations of voter registration databases in Arizona and Illinois and warned officials in every state to improve the cybersecurity of election-related systems. We also know that most citizens will cast their ballots on electronic voting machines; in 43 states those machines are more than a decade old. These are the computers that were introduced immediately after the Bush-Gore election in 2000, to correct the problems with balloting that had cast doubt on the actual choices of many Florida voters. Over the last decade or so, it has been conclusively demonstrated that at least some models of electronic voting machines are vulnerable to hacking by people with the skills of graduate students in computer science. No one knows how secure the other machines are, because many vendors have asserted their intellectual property rights to prevent the security of their machines from being examined by independent parties.
National: Cybersecurity firm finds evidence of Russian tie to hacks of vote systems in Arizona and Illinois | McClatchy DC
The Russian internet nodes used to hack into voting systems in Illinois and Arizona were also used in recent penetrations of Turkey’s ruling party, the Ukrainian Parliament and a political party in Germany, a U.S. cybersecurity firm said Friday. Individuals using Russian infrastructure “are looking to manipulate multiple countries’ democratic processes,” said an alert from ThreatConnect, an Arlington, Virginia, firm that tracks digital intrusions. The company said, however, that it still did not have enough information to attribute the attacks to any individual or country. Russian President Vladimir Putin, meanwhile, told the Bloomberg news agency that a public leak of more than 19,000 emails siphoned from computers at the Democratic National Committee earlier in the summer was for the public good. He denied, however, that Russia had perpetrated the hack. “Listen, does it even matter who hacked this data?’’ Putin told Bloomberg in Vladivostok, the Pacific port. “The important thing is the content that was given to the public.”
Tens of thousands of Americans with disabilities have lost their voting rights. It usually happens when a court assigns a legal guardian to handle their affairs. Now, some of those affected are fighting to get back those rights.
David Rector recently went to Superior Court in San Diego, Calif., to file a request to have his voting rights restored. Rector lost those rights in 2011 when his fiance, Rosalind Alexander-Kasparik, was appointed his conservator after a brain injury left him unable to walk or speak.
Alexander-Kasparik says he was still able to communicate his wishes to a court clerk.
Tens of thousands of Americans with disabilities have lost their voting rights. It usually happens when a court assigns a legal guardian to handle their affairs. Now, some of those affected are fighting to get back those rights. David Rector recently went to Superior Court in San Diego, Calif., to file a request to have his voting rights restored. Rector lost those rights in 2011 when his fiance, Rosalind Alexander-Kasparik, was appointed his conservator after a brain injury left him unable to walk or speak. Alexander-Kasparik says he was still able to communicate his wishes to a court clerk. “He did manage to say through his electronic voice on his eye-tracking device, ‘I, David Rector, want my voting rights restored, immediately,'” she told supporters outside the courthouse. That’s crucial, because under a new California law, individuals with guardians have to express a desire to vote to be able to do so. Rector, who used to work as a producer for NPR, is believed to be one of more than 30,000 Californians — and an unknown number of others in the U.S. — who’ve lost their voting rights under state guardianship laws. “The problem with those laws is that a determination of guardianship or competence really has nothing to do with someone’s ability to vote,” says Jennifer Mathis, director of policy and legal advocacy at the Judge David L. Bazelon Center for Mental Health Law in Washington DC . “They have to do with someone’s ability to ensure their basic health and safety needs.” She says just because someone can’t do one thing, doesn’t mean they can’t do another.
Voting machine vulnerabilities go well beyond what most voters know, warns Dan Zimmerman, a computer scientist who specializes in election information technology. There probably is not time to fix all of those vulnerabilities by November. But there are still things election officials could do to reduce the hack-ability of the U.S. presidential election. Here are his five steps for making the U.S. election less hackable.
1. More federal oversight (and not just on Election Day)
This week’s report sophisticated actors in Russia trying to penetrate voter databases sounded alarm bells about the U.S. election being hacked. Zimmerman, who works with Free & Fair, a company that provides election-related IT services, says that because most electronic voting machines are not connected to the internet, the threat of remote hacking from Russia is small. The machines are far from secure, however.
The U.S. election system will likely face a significant trial this year, thanks to a summer of startling revelations including nation-state-linked attacks targeting the Democratic National Committee and state voter databases, along with a statement of no-confidence by the Republican nominee. The result has been a slew of media stories positing how the election could be hacked. The ongoing cyber-attacks and raised doubts will put states’ choice of voting technology under the microscope, with a focus on the security of voting systems and the ability to audit the results produced by those balloting systems, according to election security experts. Unfortunately, while all but five states now have at least some systems with a verifiable paper trail, more than half do not have meaningful post-election audits, according to Verified Voting, a group focused on improving election-system integrity and accuracy. “We would like to see post-election audits everywhere,” Pamela Smith, director of the group, told eWEEK. “There is actual research showing that being able to conduct a robust audit in a public way brings confidence in the election. A voter-verifiable paper ballot is a tool to instill confidence that the election has come to true result.”
A suspected Russian hacker probed a voter registration database in Arizona and another unidentified attacker gained entry to one in Illinois this summer, election officials said, prompting the FBI to warn states their election boards should conduct vulnerability scans. The systems that count votes in elections were not compromised, officials said, and the hacks don’t appear to be politically motivated. Still, the breaches add to concerns such attacks could exploit the personal data of millions of voters for monetary or political gain. Those worries have been running high after July reports that the Democratic National Committee’s email system had been hacked, a breach U.S. intelligence officials believe was perpetrated by the Russian government. “We’re all very aware that it’s less than 80 days before an important election,” said Pamela Smith with Verified Voting, a non-partisan, non-profit organization that advocates for election transparency.
As Democrats in the U.S. Congress call for the Federal Bureau of Investigation to investigate concerns that Russia may be trying to manipulate the November general election with cyberattacks, government officials are wrestling with new challenges to ensure accurate results. In a letter dated Saturday to FBI Director James Comey, Senate Minority Leader Harry Reid of Nevada said the threat of Russia tampering with the elections “is more extensive than widely known.” “The prospect of a hostile government actively seeking to undermine our free and fair elections represents one of the gravest threats to our democracy since the Cold War,” Reid added. Reid’s letter was followed by one from four Democrats who asked the FBI to investigate whether officials of Republican presidential nominee Donald Trump’s campaign may have conspired with Russia to carry out recent hacks against the Democratic National Committee and Democratic Congressional Campaign Committee to “interfere with the U.S. presidential election.”
Reports this week of Russian intrusions into US election systems have startled many voters, but computer experts are not surprised. They have long warned that Americans vote in a way that’s so insecure that hackers could change the outcome of races at the local, state and even national level. Multibillion-dollar investments in better election technology after the troubled 2000 presidential election count prompted widespread abandonment of flawed paper-based systems, such as punch ballots. But the rush to embrace electronic voting technology – and leave old-fashioned paper tallies behind – created new sets of vulnerabilities that have taken years to fix. “There are computers used in all points of the election process, and they can all be hacked,” said Princeton computer scientist Andrew Appel, an expert in voting technologies. “So we should work at all points in that system to see how we make them trustworthy even if they do get hacked.”
Soon after the 2000 presidential elections went to a recount, Americans got acquainted with an exotic new vocabulary – hanging chads and butterfly ballots – and what lawmakers saw as a modern solution to the nightmare of punchcard voting systems: electronic voting machines. In 2002, Congress passed the Help America Vote Act, pouring nearly $3 billion into an effort to get states to adopt those machines. More than a decade and a half later, those same electronic machines are still around in many states. And the system arising from the 2002 congressional fix is now at the heart of growing concerns over the integrity of this year’s elections, with cybersecurity experts suggesting that it is an easy target for hackers. Federal authorities are beginning to get involved. But the best insurance for election integrity – a system that uses paper to back up electronic results – may require new federal funding. Not all of the country is on equally precarious footing. Partly because of bad experiences with glitches in electronic voting machines, some localities have been shifting in recent years toward paper-backed systems.
Wednesday’s Supreme Court deadlock ensured that North Carolina’s restrictive voting law won’t be in force for the November election. But it also underlined that the court’s four conservatives appear wedded to a strikingly limited approach to protecting access to the ballot. And it made clearer than ever that the future of voting rights in America will likely be determined by the court’s ninth justice—and therefore by the winner of the presidential election. In a 4-4 ruling that included no explanation, the high court rejected North Carolina’s bid to reinstate its photo ID requirement, its cuts to early voting, and its elimination of a popular pre-registration program for high-school students. All those provisions of the state’s voting law, and others, were blocked by a federal appeals court panel in July. The decision wasn’t a surprise. More notable was that three of the court’s conservatives—Chief Justice John Roberts, and Justices Anthony Kennedy and Samuel Alito—would have granted North Carolina’s request to put the ID requirement and the early voting cuts back into effect. The fourth conservative, Justice Clarence Thomas, would have done so for all three provisions at issue.
The Federal Election Commission has a few questions for God, Satan, and the Ghost of Ronald Reagan, all of whom have filed paperwork to run for office this election cycle. This implausible scenario is part of a policy aimed at dealing with an influx of suspicious-sounding presidential candidate names. It’s relatively easy to register as a presidential candidate, and during the 2016 election plenty of people seem to be taking advantage of that. As a result, the federal agency is now asking whoever filed paperwork to run for president under the names “God,” “Satan,” and “Ronald Reagan’s Ghost” to prove they actually exist. “It has come to the attention of the Federal Election Commission that you may have failed to include an accurate candidate name,” a letter sent by the commission to “H. Majesty Satan Lord of Underworld Prince of Darkness!” in College Station, Texas dated August 31, 2016 reads. “The Commission requires the filing to be true, correct and complete,” the letter warns, adding that “knowingly and willfully making any materially false, fictitious, or fraudulent statement or representation to a federal government agency, including the Federal Election Commission, is punishable.”
Online volunteers seeking to help Donald Trump by making phone calls might be signing up for more than they bargained for. To sign up on Trump’s website, potential volunteers must agree to a 2,271-word non-disclosure agreement in which they also promise they won’t compete against or say anything bad about Trump, his company, his family members or products – now and forever. The agreement is a required part of the sign-up process for Trump Red Dialer, an online call system that connects volunteers for the Republican presidential candidate with potential voters. Earlier this year, volunteers for Trump in New York had to sign non-disclosure agreements in person before making phone calls at Trump Tower. But the website requirement is the first indication that online volunteers must also sign the form, even if they’ll never meet a Trump family member, attend a Trump rally, meet a campaign staffer in person or step inside a Trump campaign office.