National: DEF CON plans to show US election hacking is so easy kids can do it | The Register

DEF CON Last year, the hackers at DEF CON showed how shockingly easy it was to crack into voting machine software and hardware. Next week, the 2018 conference’s Vote Hacking Village will let kids have a shot at subverting democracy. Beginning on Friday, August 10, teams in three age ranges, 8-11, 12-14 and 15-16, will be let loose on replica American government websites that report election results. In elections in the Ukraine and Ghana, these were hacked to spread confusion about the voting process and its results – and the village’s organizers hope the youngsters can do the same with US-style tech. “It’s just so easy to hack these websites we thought the grown-up hackers in the vote hacking village wouldn’t find it interesting,” Jake Braun, cofounder of the Vote Hacking Village and executive director of the University of Chicago Cyber Policy Initiative, told The Register. “When I was discussing it with a colleague, they noted ‘it would be child’s play’ and I said ‘good f**king point!’ and started planning the event with the Capture the Packet crew and the r00tz Asylum group, which trains young hackers.”

National: Russia Is ‘Keyboard Click’ From Major Election Hack, Coats Warns | Bloomberg

Russian efforts to interfere in upcoming U.S. midterm elections have yet to reach the intensity of the Kremlin’s campaign to disrupt the 2016 presidential vote, but they’re only “a keyboard click away” from a more serious attack, Director of National Intelligence Dan Coats said. “We have not seen that kind of robust campaign from them so far,” Coats said in a briefing at the White House on Thursday. Coats was among five top national security leaders — including National Security Adviser John Bolton, FBI Director Christopher Wray, Homeland Security Secretary Kirstjen Nielsen and General Paul Nakasone, director of the National Security Agency — who blasted Russian efforts to interfere in U.S. elections. The White House is looking to tamp down criticism that President Donald Trump has appeared reluctant to hold Russia accountable for election tampering. He provoked an uproar at the July summit with Vladimir Putin in Helsinki by casting doubt on U.S. intelligence findings that Russia interfered in the 2016 election.

National: How the U.S. Is Fighting Russian Election Interference | The New York Times

Senior Trump administration officials warned on Thursday that Russia is trying to interfere in November’s midterm elections and the 2020 presidential election and vowed to combat Moscow’s aggression. The high-profile alarm sounded at the daily White House briefing was striking for the officials’ unequivocal warnings, a departure from President Trump’s fumbling acknowledgments that Moscow undertook an influence campaign in 2016 to exploit partisan divisions in the American electorate and sow discord. “This is a threat we need to take extremely seriously and to tackle and respond to with fierce determination and focus,” said the F.B.I. director, Christopher A. Wray. 

National: Facebook Grapples With a Maturing Adversary in Election Meddling | The New York Times

They covered their tracks, using software to camouflage their internet traffic. They created Facebook pages for anti-Trump culture warriors, Hispanic activists and fans of alternative medicine. And they organized protests in coordination with real-world political groups. The people behind an influence campaign ahead of this year’s elections, which Facebook disclosed on Tuesday, copied enough of the tactics used by Russians in the 2016 races to raise suspicion that Russia was at it again. But the new efforts also revealed signs of a maturing adversary, adapting and evolving to better disguise itself, while also better imitating real activists. The coordinated activity — a collection of memes, photos and posts on issues like feminist empowerment, indigenous rights and the Immigration and Customs Enforcement agency — show the enormity of the challenge ahead of Facebook, as it tries to weed out impersonators. As the forces behind the accounts become harder to detect, the company is left to separate the ordinary rants and raves of legitimate users from coordinated, possibly state-backed attempts to sway public opinion.

National: Trump knocked by both parties as not doing securing US elections | Associated Press

As alarms blare about Russian interference in U.S. elections, the Trump administration is facing criticism that it has no clear national strategy to protect the country during the upcoming midterms and beyond. Both Republicans and Democrats have criticized the administration’s response as fragmented, without enough coordination across federal agencies. And with the midterms just three months away, critics are calling on President Donald Trump to take a stronger stand on an issue critical to American democracy. “There’s clearly not enough leadership from the top. This is a moment to move,” said Maryland Sen. Chris Van Hollen, head of the Democratic Senatorial Campaign Committee. “I don’t think they are doing nearly enough.”

National: The DNC Enlists Kids in Its Fight Against Hackers | WIRED

Voting systems in the United States are so woefully hackable, even an 8-year-old could do it. At least, that’s the conceit of a competition cosponsored by the Democratic National Committee at next week’s Def Con hacker conference in Las Vegas. The contest will include children, ages 8 to 16, who will be tasked with penetrating replicas of the websites that secretaries of state across the country use to publish election results. They’ll vie for $2,500 in prize money, $500 of which will come from the DNC and be awarded to the child who comes up with the best defensive strategy for states around the country. The DNC’s chief technology officer, Raffi Krikorian, says he was inspired to team up with Def Con after scoping out an event at last year’s conference called Voting Village, where attendees—grown-ups this time—got to hack into various models of voting machines and find flaws. “We wanted to figure out how we could use this to our advantage,” Krikorian tells WIRED. “Let’s get those lessons back to secretaries of state.”

National: Senate Republicans block additional funding for election security | FCW

Senate Republicans successfully beat back another attempt by Democrats to extend hundreds of millions of dollars in grant funding to assist states and localities looking to upgrade the security of their election systems. Sen. Patrick Leahy (D-Vt.) introduced an amendment to “minibus” appropriations legislation that would have allocated $250 million in federal funding to replace outdated and insecure voting machines, provide security training for election workers, upgrade voter registration software and fund other state and local initiatives related to election security. Sen. James Lankford (R-Okla.), one of the original co-sponsors of the Secure Elections Act that initially proposed grant funding to states, took to the floor to oppose the amendment. Lankford said he was opposing the measure because Congress voted in favor of giving $380 million to states earlier this year.

National: As midterm elections approach, a growing concern that the nation is not protected from Russian interference | The Washington Post

Two years after Russia interfered in the American presidential campaign, the nation has done little to protect itself against a renewed effort to influence voters in the coming congressional midterm elections, according to lawmakers and independent analysts. They say that voting systems are more secure against hackers, thanks to action at the federal and state levels — and that the Russians have not targeted those systems to the degree they did in 2016. But Russian efforts to manipulate U.S. voters through misleading social media postings are likely to have grown more sophisticated and harder to detect, and there is not a sufficiently strong government strategy to combat information warfare against the United States, outside experts said. Despite Facebook’s revelation this week that it had closed down 32 phony pages and profiles that were part of a coordinated campaign, technology companies in general have struggled to curb the flow of disinformation and hacking and have received little guidance from the U.S. government on how to do so.

National: On the Ballot in Some States Ahead of 2020: The Right to Vote | Wall Street Journal

Voters will get the chance this fall to expand or limit access to the polls in a wave of ballot initiatives ahead of the 2020 presidential election. Seven states have ballot measures this year involving election rules, such as ID requirements and easier registration, the National Conference of State Legislatures said. Maine voters already approved a measure, and Michigan could join the fray if a campaign clears a signature hurdle. Together, that equals the number of similar ballot measures from 2014 and 2016 combined, according to NCSL. “This entire decade has been roiling with concerns on both sides—integrity and access—to voting rights,” said Wendy Underhill, director of elections and redistricting at NCSL.

National: Senate rejects additional election security spending even as experts warn of growing foreign threat | ABC

Even as experts on cybersecurity and foreign interference told lawmakers Wednesday that the threat from Russia and other states seeking to influence American democracy is getting worse, the Senate failed to approve $250 million for state election security in the coming fiscal year. The specialists were testifying about the threat specifically as it relates to social media, but they were arguing that the U.S. government needs to mount a more aggressive and comprehensive approach to counter threats from foreign governments’ efforts to undermine U.S. institutions including elections. “As we focus on the past, we are missing what is happening and what will happen again,” Laura Rosenberger, director of the Alliance for Securing Democracy and a fellow at the German Marshall Fund, told the Senate Intelligence Committee.

National: The Government Needs Better Data to Stop Election Meddling | Nextgov

Online platforms need to be more transparent with government to help fight increasingly sophisticated online misinformation campaigns led by Russia and other adversaries, social media experts and internet analysts told lawmakers on Wednesday. Government leaders must also make it clear to adversaries there will be consequences if they attempt to disrupt elections, they said. Nearly two years after officials first uncovered Russia’s attempts to meddle in the U.S. election, the conversation on Capitol Hill is shifting away from what happened in 2016 to how to stop similar campaigns in the years ahead. In their testimony before the Senate Intelligence Committee, witnesses said Russian attempts to influence American politics continue even today and the government has a responsibility to lessen the impact of information warfare on society. They said that role could include alerting the public when influence attempts are uncovered, deterring foreign leaders from engaging in such campaigns and identifying potential threats in new technologies like artificial intelligence before bad actors can exploit them. 

National: Campaigns Grapple With Cybersecurity as Russian Threat Looms | Roll Call

Amid increased warnings of Russian interference in the midterm elections — and evidence that hackers are targeting candidates — congressional campaigns are trying to balance cybersecurity with the demands of competitive contests. That’s especially difficult for small House campaigns. But experts warn that such campaigns, particularly in competitive races, are prime targets for hackers and foreign adversaries. Take Minnesota’s 8th District, one of 10 Toss-up House contests according to Inside Elections with Nathan L. Gonzales, where two Democrats have noticed Russian interest in the open-seat race. Traffic originating from Russia started increasing on Joe Radinovich’s campaign website around the time the Democratic-Farmer-Labor Party was conducting its endorsement process in the 8th District in northeastern Minnesota.

National: Facebook Identifies an Active Political Influence Campaign Using Fake Accounts | The New York Times

Facebook said on Tuesday that it had identified a political influence campaign that was potentially built to disrupt the midterm elections, with the company detecting and removing 32 pages and fake accounts that had engaged in activity around divisive social issues. The company did not definitively link the campaign to Russia. But Facebook officials said some of the tools and techniques used by the accounts were similar to those used by the Internet Research Agency, the Kremlin-linked group that was at the center of an indictment this year alleging interference in the 2016 presidential election. Facebook said it had discovered coordinated activity around issues like a sequel to last year’s deadly “Unite the Right” white supremacist rally in Charlottesville, Va. Activity was also detected around #AbolishICE, a left-wing campaign on social media that seeks to end the Immigration and Customs Enforcement agency.

National: Whoever Is Trying to Hack America’s Elections Is Getting Smarter | Vanity Fair

Earlier this month, when Facebook executives were asked whether the company had detected any sign of foreign interference in the rapidly approaching 2018 midterm elections, the company hedged. “We know that Russians and other bad actors are going to continue to try to abuse our platform,” Nathaniel Gleicher, Facebook’s head of cybersecurity policy, told reporters on a call. “We are continually looking for that type of activity, and as and when we find things, which we think is inevitable, we’ll notify law enforcement, and where we can, the public.” As it turns out, Facebook was already well on its way to identifying a new threat. On Tuesday, the company announced it had detected a campaign to influence November elections by targeting divisive social issues, similar to the effort put forth by the Kremlin-linked Internet Research Agency in the run-up to the 2016 election. “We’re still in the very early stages of our investigation and don’t have all the facts—including who may be behind this,” the company wrote in a blog post. But, the post continued, “It’s clear that whoever set up these accounts went to much greater lengths to obscure their true identities than the Russian-based Internet Research Agency has in the past.”

National: The McCaskill Hack May Have Been Averted, But Cybersecurity Gaps Remain on Capitol Hill | Government Technology

That could mean the money Congress poured into improved training and a more robust information security posture for staff is working. But the legislative branch is still playing catch up to get ahead of threats. McCaskill’s staff may have been better prepared than others on Capitol Hill. She has advocated improved information security fluency and, as the top Democrat on the Senate Homeland Security and Governmental Affairs Committee, she has pushed for a more robust information security workforce. The House mandated information security training for all employees in early 2015. All staffers who have a House network username and password must complete annual training.

National: DHS launches a new cyber hub to coordinate against threats to US infrastructure | TechCrunch

Among the many things the current administration has been criticized for is its lack of a unified strategy to combat cyber threats, especially in light of ongoing election interference and psy ops perpetrated by Russia. The Department of Homeland Security is advancing the ball with the creation of the National Risk Management Center, intended on protecting critical infrastructure from attacks and subversion by online adversaries. The NRMC was announced today at a cyber summit in New York held by the agency, where DHS Secretary Kirstjen Nielsen explained the purpose and justification for this new entity. Remarkably, she directly contradicted the ongoing soft-pedaling by the Executive of Russian operations targeting the country. “Let me be clear: Our intelligence community had it right. It was the Russians. It was directed from the highest levels. And we cannot and will not allow it to happen again,” she said.

National: The 2020 Census Is in Trouble | The Atlantic

Nobody will write songs about the census. Among the fabled pillars underpinning the country’s democracy, the great American head count is often relegated to a dusty corner. In the nine interstitial years between each tally, analysis and development of a more perfect instrument take place mostly hidden from public view. There have been only 22 U.S. censuses—Presidents Ronald Reagan, John F. Kennedy, Abraham Lincoln, and Thomas Jefferson never administered one—but the rarity of the event has not assigned it a special blue-moon-like significance among the public. For most people, the census is a vague, decennial annoyance, nothing more. But the census is vital to the country’s functioning. It’s not just a count of all households or a measure of American characteristics. It’s also an augur of political, economic, and cultural forces—a predictor and an allocator of power. In times of social upheaval—between political parties, whites and nonwhites, urban and rural areas, economic elites and the working class—the census can function almost like an umpire. And today, when each of these intertwined conflicts is escalating, the incentive and ambition for working the ref are greater than they’ve ever been.

National: Pence says ‘Russia meddled’ in 2016 elections, explains security plans | CNBC

Vice President Mike Pence described several new initiatives meant to prevent cyberattacks against U.S. elections systems on Tuesday. The Federal Bureau of Investigation has formed a foreign influence task force, he said, aimed at investigating sources of nation-state backed election influence. DHS has launched the elections information sharing and analysis center, which includes participation from U.S. secretaries of state with the goal of sharing threat information to “help prevent attacks before they happen.” Pence said the moves would “elevate American security.”

National: The fight over election security comes to the Senate floor | The Washington Post

The Senate could be headed for a showdown this week over funding for state election security. Democrats are pushing for a floor vote on an amendment that would set aside an additional $250 million in grants for states to upgrade their voting systems and make other improvements. But they face firm opposition from Republicans, who say the initial round of funding Congress provided states earlier this year is sufficient. A similar amendment was rejected by the House two weeks ago in a party-line vote. Election security funding is fast emerging as a political hill Democrats are willing to die on. Although the amendment is unlikely to pass in the GOP-controlled Senate, Democrats can use it to hammer President Trump at a time when the White House is frantically trying to patch up the damage from his recent flip-flopping on the threat from Russia. Democrats are also hoping that a floor fight over the merits of grant money could make Republicans look like they’re standing in the way of resources state officials say they need to protect the vote. Whether that will help Democrats come November is unclear, but public polling has showed strong majorities of Americans want to see more action from the administration on election security.

National: A Census Question That Could Change How Power Is Divided in America | The New York Times

A citizenship question on the 2020 census has already drawn challenges from states that fear an undercount of immigrants and a loss of federal funds. But demographers say there could be even deeper consequences: The question could generate the data necessary to redefine how political power is apportioned in America. Republicans officials, red states and conservatives behind a series of recent court cases have argued that districts historically allotted based on total population unfairly favor states and big cities with more undocumented immigrants, tilting power from states like Louisiana and Montana to California and New York. Congressional seats and state legislative districts should equally represent citizens or eligible voters, they say, not everyone.

National: How the Russian government used disinformation and cyber warfare in 2016 election – an ethical hacker explains | phys.org

The Soviet Union and now Russia under Vladimir Putin have waged a political power struggle against the West for nearly a century. Spreading false and distorted information – called “dezinformatsiya” after the Russian word for “disinformation” – is an age-old strategy for coordinated and sustained influence campaigns that have interrupted the possibility of level-headed political discourse. Emerging reports that Russian hackers targeted a Democratic senator’s 2018 reelection campaign suggest that what happened in the lead-up to the 2016 presidential election may be set to recur. As an ethical hacker, security researcher and data analyst, I have seen firsthand how disinformation is becoming the new focus of cyberattacks. In a recent talk, I suggested that cyberwarfare is no longer just about the technical details of computer ports and protocols. Rather, disinformation and social media are rapidly becoming the best hacking tools. With social media, anyone – even Russian intelligence officers and professional trolls – can widely publish misleading content. As legendary hacker Kevin Mitnick put it, “it’s easier to manipulate people rather than technology.”

National: Voting-machine makers are already worried about Defcon | Engadget

Last year, Defcon’s Voting Village made headlines for uncovering massive security issues in America’s electronic voting machines. Unsurprisingly, voting-machine makers are working to prevent a repeat performance at this year’s show. According to Voting Village organizers, they’re having a tough time getting their hands on machines for white-hat hackers to test at the next Defcon event in Las Vegas (held in August). That’s because voting-machine makers are scrambling to get the machines off eBay and keep them out of the hands of the “good guy” hackers. Village co-organizer Harri Hursti told attendees at the Shmoocon hacking conference this month they were having a hard time preparing for this year’s show, in part because voting machine manufacturers sent threatening letters to eBay resellers. The intimidating missives told auctioneers that selling the machines is illegal — which is false.

National: Russians Are Targeting Private Election Companies, Too — And States Aren’t Doing Much About It | FiveThirtyEight

The American election system is a textbook example of federalism at work. States administer elections, and the federal government doesn’t have much say in how they do it. While this decentralized system has its benefits, it also means that there’s no across-the-board standard for election system cybersecurity practices. This lack of standardization has become all the more apparent over the past two years: Hackers probed 21 state systems during the lead-up to the 2016 election and gained access to one. But the federal government and states don’t appear to have made great strides to ensure that this doesn’t happen again. To do so, they’d need to deal with not only their own cybersecurity deficits but also those of the private companies that help states administer elections.

National: Trump admin has no central strategy for election security, and no one’s in charge | NBC

After nearly two years of calling Russian election interference a hoax and its investigation a witch hunt, President Donald Trump on Friday presided over the first National Security Council meeting devoted to defending American democracy from foreign manipulation. “The President has made it clear that his administration will not tolerate foreign interference in our elections from any nation state or other malicious actors,” the White House said in a statement afterward. But current and former officials tell NBC News that 19 months into his presidency, there is no coherent Trump administration strategy to combat foreign election interference — and no single person or agency in charge.

National: Russian Hackers Targeted The Most Vulnerable Part Of U.S. Elections. Again. | NPR

When Russian hackers targeted the staff of Sen. Claire McCaskill, D-Mo., they took aim at maybe the most vulnerable sector of U.S. elections: campaigns. McCaskill’s Senate staff received fake emails, as first reported by The Daily Beast, in an apparent attempt by Russia’s GRU intelligence agency to gain access to passwords. McCaskill released a statement confirming the attack but said there is no indication the attack was successful. “Russia continues to engage in cyber warfare against our democracy. I will continue to speak out and press to hold them accountable,” McCaskill said. “I will not be intimidated. I’ve said it before and I will say it again, Putin is a thug and a bully.”

National: Jeanne Shaheen: Senators targeted in “widespread” hacking attempts by Russia | CBS

Amid ongoing concern over continued efforts by Russian hackers to infiltrate U.S. election systems, Democratic Sen. Jeanne Shaheen of New Hampshire says that her office has been the subject of at least one phishing attack targeting email accounts and social media profiles. Shaheen’s experience comes after fellow Democratic Sen. Claire McCaskill of Missouri said that Russian hackers tried unsuccessfully to infiltrate her office’s computer network. Shaheen worries that the issue is more widespread than many think. “There has been one situation that we have turned over to authorities to look into, and we’re hearing that this is widespread, with political parties across the country, as well as with members of the Senate,” Shaheen told “Face the Nation” on Sunday. 

National: How they did it (and will likely try again): GRU hackers vs. US elections | Ars Technica

In a press briefing just two weeks ago, Deputy Attorney General Rod Rosenstein announced that the grand jury assembled by Special Counsel Robert Mueller had returned an indictment against 12 officers of Russia’s Main Intelligence Directorate of the Russian General Staff (better known as Glavnoye razvedyvatel’noye upravleniye, or GRU). The indictment was for conducting “active cyber operations with the intent of interfering in the 2016 presidential election.” The filing [PDF] spells out the Justice Department’s first official, public accounting of the most high-profile information operations against the US presidential election to date. It provides details down to the names of those alleged to be behind the intrusions into the networks of the Democratic National Committee and the Democratic Congressional Campaign Committee, the theft of emails of members of former Secretary of State Hillary Clinton’s presidential campaign team, and various efforts to steal voter data and undermine faith in voting systems across multiple states in the run-up to the 2016 election.

National: Despite Trump’s assurances, states struggling to protect 2020 election | Politico

President Donald Trump on Friday promised an intense, “whole-of-government” focus on securing the nation’s elections from cyberattacks — but a POLITICO survey of states finds ample reasons to worry about both this year’s midterms and 2020. Only 14 states plus Washington, D.C., say they plan to replace their voting machines in time for the next presidential election using their shares of the $380 million in election technology funding that Congress approved in March, according to POLITICO’s survey of election agencies nationwide. At least seven other states have paid for new voting equipment with other money. But 21 states either have decided not to upgrade their machines or are unsure of their plans — with some saying they would need much more federal aid to swap out their equipment.

National: Lacking direction from White House, intelligence agencies scramble to protect midterm elections from hackers | CNN

With the midterm election only a few months away, government officials working to counter election interference from Russia have been operating with no strategy from the top, including from President Donald Trump’s fractured National Security Council, leaving each agency to fend for itself without White House support or direction, according to lawmakers and national security officials who spoke with CNN. On Friday, following bipartisan criticism about the White House’s focus on pressuring Russia on election interference, Trump is expected to convene a meeting of the NSC to discuss election interference efforts where high-ranking officials including Secretary of State Mike Pompeo are expected to attend. Further details, including Trump’s planned remarks, weren’t available.
Defense of America’s electoral system has traditionally centered around the security of election infrastructure, like voting machines and voter rolls. However, as indictments from special counsel Robert Mueller allege, Russian operatives also seek to exploit weaknesses in the cyber infrastructure of individual political campaigns, while weaponizing social media platforms to spread targeted disinformation.

National: We have the first documented case of Russian hacking in the 2018 election | Vox

Russia is already trying to hack the 2018 midterm elections, going after Sen. Claire McCaskill (D-MO), one of the most vulnerable Senate Democrats up for reelection this year. That’s the key takeaway from a piece published Thursday afternoon by the Daily Beast. Reporters Andrew Desiderio and Kevin Poulsen used a combination of court records and internet sleuthing to identify that malicious emails to a McCaskill aide were sent from a server that likely belongs to Fancy Bear, the same Russian intelligence group that did the 2016 hacks. The attack, launched in the second half of last year, seems to have failed. The evidence in the Daily Beast piece that this attack was launched by Russians is reasonably compelling. If it’s correct, then this is the first publicly identified case of Russian interference in a specific 2018 election campaign.