National: Cambridge Analytica whistleblower says Bannon wanted to suppress voters | The Guardian

Former White House senior strategist Steve Bannon and billionaire Robert Mercer sought Cambridge Analytica’s political ad targeting technology as part of an “arsenal of weapons to fight a culture war”, according to whistleblower Christopher Wylie. “Steve Bannon believes that politics is downstream from culture. They were seeking out companies to build an arsenal of weapons to fight a culture war,” Wylie said, when asked why investors thought that the political consultancy’s efforts would work, targeting people based on psychological profiles and assessment of their personality. The pink-haired 28-year-old was appearing to give evidence on Capitol Hill for the first time since his decision to blow the whistle on the use of Facebook data by Cambridge Analytica set off shock waves that are still reverberating through Westminster, Washington DC and Silicon Valley.  During his testimony to the Senate judiciary committee, Wylie also confirmed that he believed one of the goals of Steve Bannon while he was vice-president of Cambridge Analytica was voter suppression. “One of the things that provoked me to leave was discussions about ‘voter disengagement’ and the idea of targeting African Americans,” he said, noting he had seen documents referencing this.

National: Homeland Security unveils new cyber security strategy amid threats | Reuters

The U.S. Department of Homeland Security on Tuesday unveiled a new national strategy for addressing the growing number of cyber security risks as it works to assess them and reduce vulnerabilities. “The cyber threat landscape is shifting in real-time, and we have reached a historic turning point,” DHS chief Kirstjen Nielsen said in a statement. “It is clear that our cyber adversaries can now threaten the very fabric of our republic itself.” The announcement comes amid concerns about the security of the 2018 U.S. midterm congressional elections and numerous high-profile hacking of U.S. companies.

National: Legislation would force Trump to fill vacant cyber post | Federal Times

Reps. Jim Langevin, D-R.I., and Ted Lieu. D-Calif., aim to mandate that the Trump administration fill its cyber coordinator position left vacant in the wake of Rob Joyce’s departurein early May 2018. The two congressmen introduced the Executive Cyberspace Coordination Act May 15, 2018, which would create a National Office for Cyberspace in the Executive Office of the President, cementing a new cyber advisory role within the White House into law. “We have had three excellent cybersecurity coordinators since the late Howard Schmidt originated the position. It is an enormous step backwards to deemphasize the importance of this growing domain within the White House,” Langevin said in a news release on the bill. “We need a designated expert to harmonize cyber policy across the many agencies in government with responsibility in this space. We also need clear communication of administration positions on cybersecurity challenges, whether during major incidents or when establishing norms of responsible state behavior in cyberspace.”

National: Google rolls out free cyberattack shield for elections and campaigns | CNET

For about an hour on the night of a primary election in May, residents in Knox County, Tennessee, couldn’t tell who was winning. Hackers had taken down the county’s election tracking website, crashing the page at 8 p.m., right as polls were closing. The county’s IT director, Dick Moran, said the website had seen “extremely heavy and abnormal network traffic.” Its mayor called for an investigation into the cyberattack. The incident showed all the signs of a distributed denial-of-service attack — when attackers flood a website’s servers with traffic until they can’t handle the incoming requests and crash. And it was just the kind of thing that Jigsaw, a tech incubator owned by Google’s parent company, Alphabet, wants to prevent. The company is already expecting even more DDoS attacks as Election Day in the US, on Nov. 6, draws closer. “We have seen that attacks spike in election cycles in different parts of the world,” said George Conard, a product manager for Jigsaw’s Project Shield.

National: Homeland Security unveils new cyber security strategy amid threats | Reuters

The U.S. Department of Homeland Security on Tuesday unveiled a new national strategy for addressing the growing number of cyber security risks as it works to assess them and reduce vulnerabilities. “The cyber threat landscape is shifting in real-time, and we have reached a historic turning point,” DHS chief Kirstjen Nielsen said in a statement. “It is clear that our cyber adversaries can now threaten the very fabric of our republic itself.” The announcement comes amid concerns about the security of the 2018 U.S. midterm congressional elections and numerous high-profile hacking of U.S. companies.

National: Can Government Protect Our Elections From Cyber-Hacking? | The National Memo

For five days in late March, the computers running most of Atlanta city government were frozen—shut down and held hostage by hackers who used ransomware, a pernicious way of extorting money. The attackers breached networks and hard drives. They locked up and encrypted the data. They changed file names to “I’m sorry” and gave its targets a week to pay with cyber currency. “We are dealing with a hostage situation,” Atlanta Mayor Keisha Lance Bottoms said at the time. That nightmarish scenario is exactly what the officials who run state and local elections are seeking to prevent in spring primaries and especially next fall’s general election: a widespread disruption of voting in key locales and races, where the process is held hostage as the press, candidates, supporters and public impatiently demand results.

National: Justice Department and F.B.I. Are Investigating Cambridge Analytica | The New York Times

The Justice Department and the F.B.I. are investigating Cambridge Analytica, the now-defunct political data firm, and have sought to question former employees and banks that handled its business, according to an American official and other people familiar with the inquiry. Prosecutors have questioned potential witnesses in recent weeks, telling them that there is an open investigation into Cambridge Analytica — which worked on President Trump’s election and other Republican campaigns in 2016 — and “associated U.S. persons.” But the prosecutors provided few other details, and the inquiry appears to be in its early stages, with investigators seeking an overview of the company and its business practices. The investigation compounds the woes of a firm that has come under intense scrutiny from lawmakers and regulators in the United States and Britain since The New York Times and Observer in London reported in March that it had harvested private data from more than 50 million Facebook profiles, and that it may have violated American election laws. This month, Cambridge Analytica announced that it would shut down and declare bankruptcy, saying that negative press and cascading federal and state investigations had driven away customers and made it impossible for the firm to remain in business.

National: Email No Longer a Secure Method of Communication After Critical Flaw Discovered in PGP | Gizmodo

If you use PGP or S/MIME for email encryption you should immediately disable it in your email client. Researchers have discovered a critical vulnerability they’re calling EFAIL that exposes the encrypted emails in plaintext, even for messages sent in the past. “Email is no longer a secure communication medium,” Sebastian Schinzel, a professor of computer security at Germany’s Münster University of Applied Sciences, told the German news outlet Süddeutschen Zeitun. The vulnerability was first reported by the Electronic Frontier Foundation (EFF) in the early hours of Monday morning, and details were released prematurely just before 6am ET today after Süddeutschen Zeitun broke a news embargo. The group of European researchers are warning people to stop using PGP entirely and say that, “there are currently no reliable fixes for the vulnerability.” You can read more about what the researchers are calling the EFAIL vulnerability at https://efail.de/.

National: Mueller’s Probe Is Even More Expansive Than It Seems | The Atlantic

FBI agents working for special counsel Robert Mueller allegedly detained a lawyer with ties to Russia who is closely associated with Joseph Mifsud, the shadowy professor who claimed during the election that Russia had “dirt” on Hillary Clinton. The revelation was made in a book co-written by that lawyer, Stephan Roh, and set to be published next month. “The Faking of RUSSIA-GATE: The Papadopoulos Case” is the latest in a stream of books aiming to capitalize on the chaos of this political moment. But it sheds new light on the expansive nature of Mueller’s investigation into Russia’s election interference and possible ties between President Donald Trump’s campaign team and Moscow. It also highlights Mueller’s interest in answering one of the probe’s biggest outstanding questions: whether the campaign knew in advance that Russia planned to interfere in the election.

National: Russian company charged in Mueller probe seeks grand jury materials | Reuters

A Russian company accused by Special Counsel Robert Mueller of funding a propaganda operation to interfere in the 2016 U.S. presidential election is asking a federal judge for access to secret information reviewed by a grand jury before it indicted the firm. In a court filing on Monday, lawyers for Concord Management and Consulting LLC said Mueller had wrongfully accused the company of a “make-believe crime,” in a political effort by the special counsel to “justify his own existence” by indicting “a Russian-any Russian.” They asked the judge for approval to review the instructions provided to the grand jury, saying they believed the case was deficient because Mueller lacked requisite evidence to show the company knowingly and “willfully” violated American laws.

National: Justice Department Official To Testify On Census Citizenship Question Request | NPR

The acting head of the Justice Department’s civil rights division, John Gore, has agreed to testify about why the department requested a controversial, new citizenship question to be added to 2020 census forms, according to a DOJ official and Amanda Gonzalez, a spokesperson for the chairman of the House Oversight and Government Reform Committee. Lawmakers were planning to issue a subpoena for Gore, who was a no-show after receiving an invitation to appear at the committee’s May 8 hearing about the upcoming national headcount. Gore has now “agreed to appear voluntarily” at a follow-up hearing on May 18, and was not served a subpoena, Gonzalez says.

National: The Facebook ad dump shows the true sophistication of Russia’s influence operation | The Washington Post

The massive trove of Facebook ads House Intelligence Committee Democrats released Tuesday provides a stunning look into the true sophistication of the Russian government’s digital operations during the presidential election. We’ve already heard a lot from the U.S. intelligence community about the hacking operation Russian intelligence services carried out against Democratic party computer networks to influence the election in favor of then-candidate Donald Trump. But this is the first time we have a swath of empirical and visual evidence of Russia’s disinformation campaign, in the form of more than 3,000 incredibly specific and inflammatory ads purchased by an Internet troll farm sponsored by the Kremlin.

National: Senate report on Russian hacking highlights threats to election tech vendors | CyberScoop

Lawmakers are concerned about a major blind spot in the government’s ongoing effort to protect U.S. elections from hackers. Agencies like the Homeland Security Department have little insight into the cybersecurity practices of election technology vendors. This lack of visibility opens the door to supply chain attacks, according to the Senate Intelligence Committee, which could be otherwise potentially detected or stopped by government cybersecurity experts. The Senate committee’s first installment of a larger report on Russian targeting of the 2016 presidential election was released late Tuesday night. It focuses on assessing the federal government’s response to security threats and provides recommendations for future elections.

National: U.S. Voting System Still Vulnerable To Cyberattacks 6 Months Before Election Day | NPR

As America heads toward the 2018 midterms, there is an 800-pound gorilla in the voting booth. Despite improvements since Russia’s attack on the 2016 presidential race, the U.S. elections infrastructure is vulnerable — and will remain so in November. Cybersecurity expert Bruce Schneier laid out the problem to an overflowing room full of election directors and secretaries of state — people charged with running and securing elections — at a conference at Harvard University this spring. “Computers are basically insecure,” said Schneier. “Voting systems are not magical in any way. They are computers.” Even though most states have moved away from voting equipment that does not produce a paper trail, when experts talk about “voting systems,” that phrase encompasses the entire process of voting: how citizens register, how they find their polling places, how they check in, how they cast their ballots and, ultimately, how they find out who won. Much of that process is digital.

National: States Await Election Security Reviews as Primaries Heat Up | Associated Press

With the midterm congressional primaries about to go into full swing, the Department of Homeland Security has completed security reviews of election systems in only about half the states that have requested them so far. The government’s slow pace in conducting the reviews has raised concerns that the nation’s voting systems could be vulnerable to hacking, especially after U.S. intelligence agencies warned that Russia plans to continue meddling in the country’s elections. Among those still waiting for Homeland Security to conduct a risk assessment is Indiana, one of four states with primaries on Tuesday. Its ballot includes several hotly contested races, including a Republican primary for U.S. Senate. Indiana Secretary of State Connie Lawson said she is confident state officials have done what they can to safeguard Tuesday’s voting, but acknowledged: “I’ll probably be chewing my fingernails during the entire day on Election Day.”

National: Six States Hit Harder By Cyberattacks Than Previously Known, New Report Reveals | NPR

Two years after Russia’s wave of cyberattacks against American democracy, a Senate committee investigating election interference says those hackers hit more states harder than previously thought. The committee also added that it still doesn’t know with complete certainty exactly how much of U.S. voting infrastructure was compromised. The report summary released this week by the Senate intelligence committee gives an overview of initial findings focused specifically on how Russian government operatives affected U.S. elections systems. The full report is undergoing a review to check for classified information.

National: Bolton pushing to eliminate White House cybersecurity job | Politico

President Donald Trump’s national security team is weighing the elimination of the top White House cybersecurity job, multiple sources told POLITICO — a move that would come as the nation faces growing digital threats from adversaries such as Russia and Iran. John Bolton, Trump’s hawkish new national security adviser, is leading the push to abolish the role of special assistant to the president and cybersecurity coordinator, currently held by the departing Rob Joyce, according to one current and two former U.S. officials with direct knowledge of the discussions. The sources spoke on condition of anonymity because of the sensitive nature of deliberations about internal White House operations.

National: Documents Reveal How Russian Official Courted Conservatives In U.S. Since 2009 | NPR

Kremlin-linked Russian politician Alexander Torshin traveled frequently between Moscow and various destinations in the United States to build relationships with figures on the American right starting as early as 2009, beyond his previously known contacts with the National Rifle Association. Documents newly obtained by NPR show how he traveled throughout the United States to cultivate ties in ways well beyond his formal role as a member of the Russian legislature and later as a top official at the Russian central bank. These are steps a former top CIA official believes Torshin took in order to advance Moscow’s long-term objectives in the United States, in part by establishing common political interests with American conservatives. “Putin and probably the Russian intelligence services saw [Torshin’s connections] as something that they could leverage in the United States,” said Steve Hall, a retired CIA chief of Russian operations. “They reach to reach out to guy like Torshin and say, ‘Hey, can you make contact with the NRA and some other conservatives… so that we can have connectivity from Moscow into those conservative parts of American politics should we need them?’ And that’s basically just wiring the United States for sound, if you will, in preparation for whatever they might need down the road.”

National: What data on more than 3,500 Russian Facebook ads reveals about the interference effort | The Washington Post

On Thursday morning, Democratic members of the House Intelligence Committee released 8 gigabytes of archives containing more than 3,500 documents detailing advertisements run on Facebook from 2015 to 2017 and paid for by Russians attempting to interfere in American politics. We analyzed those files to get a better sense of how the Russian interference effort operated — and how well it worked. Overall, the files provide information on thousands of ads, including data on when ad campaigns began, when they ended, how effective they were and how much they cost. The two months in which the most campaigns began were May 2016 and April 2017 — shortly before the Russian effort was curtailed. (No data for June 2017 were released.)

National: A Voting Rights Push: Allowing Felons to Cast Ballots | Wall Street Journal

As the midterm elections draw closer, Dameon Stackhouse is eager to cast a ballot, but he can’t under New Jersey law because he remains on parole after more than a decade behind bars for second-degree robbery. “We have no say,” said Mr. Stackhouse, a 41-year-old construction worker and student at Rutgers University-New Brunswick. “This is one of the worst things you can do to a citizen.” New Jersey is weighing a measure that would immediately restore voting rights to Mr. Stackhouse and more than 94,000 other state residents with convictions. If passed by the state’s Democratic-controlled Senate and General Assembly, it would be the third U.S. state, along with Maine and Vermont, to allow people to vote even while incarcerated.

National: Fiercest Fight of the Midterms May Be the One for Maps | Roll Call

The congressional maps are all but set for the 2018 elections. But for those on the front lines of a simmering battle over the next decade of elections, the results are about more than who will control the next Congress. This year’s election season could reveal just how much the current districts have entrenched an advantage for one political party over the other, whether courts will step in to stop state lawmakers from creating such partisan districts, and which party will control crucial local offices ahead of a nationwide redistricting based on the 2020 census. The National Democratic Redistricting Committee — a new group led by former Attorney General Eric H. Holder Jr. that aims to spend $30 million this cycle — has targeted 20 legislative chambers, nine gubernatorial races and other races it considers the “most important for shifting the balance of power in the redistricting process.”

National: Senate Intelligence Committee offers election security guidelines | FCW

A May 8 report on election security by the Senate Select Committee on Intelligence calls for paper backups for state voter registration databases, risk assessments for voting machine manufacturers and better sensor technology for state and local election systems. The committee recommended two-factor authentication for state voter registration databases, better sensors around election systems to detect malicious activity, paper backups for state voter registration data and assessments for third-party vendors like voting machine manufacturers to ensure they’re meeting baseline security standards. Cybersecurity experts have long called for states to institute paper records for their voting machines, and the Senate Intel report reiterated that advice, but the recommendation to do the same for state voter registration databases takes on new importance after the committee found activity around as many as six states’ election infrastructure that went beyond mere scanning and targeting of public websites.

National: Lawmakers call for action following revelations that APT28 posed as ISIS online | CyberScoop

The world got a fresh reminder Tuesday of the difficulties associated with assigning blame for hacking – and of the consequences when a case of mistaken identity takes hold. New evidence reinforces the notion that a group dubbed the CyberCaliphate, which sent death threats to the wives of U.S. military personnel in 2015 under the banner of the Islamic State, is actually an infamous Russian-government-linked hacking group accused of meddling in the 2016 U.S. presidential election, the Associated Press reported. Activity from the CyberCaliphate coincided with attempts by the Russian group, known as APT28 or Fancy Bear, to breach the womens’ email accounts, according to the Associated Press. The episode brings to life established links between the CyberCaliphate and APT28 in a way that no cybersecurity research did. The hacking victims were led to believe that jihadists, and not state-backed Russians, were breaching their accounts and leaving threatening messages.

National: Russia tried to undermine voting process in US, Senate panel reports | CNET

Russia was preparing to wage a campaign to undermine confidence in the US voting process when hackers associated with Russia’s government targeted about 18 state election systems in the months leading up to the 2016 election, the Senate Intelligence Committee has concluded. The hackers attempted to access several state election systems, but the committee said it found no evidence of vote tallies being changed. Some voter registration databases were accessed, though, and the hackers were “in a position to, at a minimum, alter or delete voter registration data,” the committee said in a report released on Tuesday.

National: Russia Tried to Undermine Confidence in Voting Systems, Senators Say | The New York Times

Russia was preparing to undermine confidence in the United States’ voting process when its hackers surveilled around 20 state election systems in the run-up to the 2016 elections, the Senate Intelligence Committee concluded in a brief report released on Tuesday. But the committee said it saw no evidence that the Russians had ultimately changed vote tallies or voter registration information. In a few states, however, Russian hackers were “in a position to, at a minimum, alter or delete voter registration data,” the committee said. “These activities began at least as early as 2014, continued through Election Day 2016, and included traditional information-gathering efforts as well as operations likely aimed at preparing to discredit the integrity of the U.S. voting process and election results,” the senators wrote.

National: GOP Voter Suppression: A Bigger Problem Than Russian Meddling? | WhoWhatWhy

While Democrats, Republicans, and the intelligence community are all warning about potential Russian meddling in the November midterm elections, ordinary citizens face even greater obstacles to exercising their vote. WhoWhatWhy spoke to voting rights and election integrity experts about the broad range of threats to voting access. They noted that there are other serious election concerns that voters should worry about this fall — challenges to the integrity of the voting process that are not getting enough attention in the mainstream media. In 2016, Donald Trump campaigned with a warning that the vote might be rigged against him. After winning the election but not the popular vote, President Trump — to prove his (completely unsubstantiated) claim that “millions voted illegally” — established a commission to address alleged voter fraud. The commission was later disbanded after many states refused to turn over sensitive voter data and allegations surfaced that its true purpose may have been voter suppression.

National: Hack-Resistant Vote Machines Missing as States Gird for ’18 Vote | Bloomberg

Past piles of hay outside the Pennsylvania Farm Show Complex in Harrisburg, vendors in a meeting hall hawked their latest secure voting technology. Local officials and activists tapped sleek Android screens in a mock election and saw the results documented on printouts. Yet none of the state-of-the-art equipment displayed will be used for the battleground state’s May 15 primary. That’s despite fears of hacking spawned by Russian meddling in the national election two years ago and the narrow margin of victory in key recent contests from Alabama to Pennsylvania. There’s too little time and money, officials say. U.S. election season is well underway, with Indiana, North Carolina, Ohio and West Virginia all holding primaries on Tuesday. Control of Congress in November’s midterm election may hinge on voters in Pennsylvania, a closely divided state that helped President Donald Trump clinch his 2016 victory. But like several other states, there’s a gaping hole in Pennsylvania’s machinery of democracy: It has some of the oldest, least secure voting technology in the country.

National: Cambridge Analytica: how did it turn clicks into votes? | The Guardian

How do 87m records scraped from Facebook become an advertising campaign that could help swing an election? What does gathering that much data actually involve? And what does that data tell us about ourselves? The Cambridge Analytica scandal has raised question after question, but for many, the technological USP of the company, which announced last week that it was closing its operations, remains a mystery. For those 87 million people probably wondering what was actually done with their data, I went back to Christopher Wylie, the ex-Cambridge Analytica employee who blew the whistle on the company’s problematic operations in the Observer. According to Wylie, all you need to know is a little bit about data science, a little bit about bored rich women, and a little bit about human psychology…

National: Republicans Make Moves To Crush Gerrymandering Reform | TPM

With anti-gerrymandering efforts gaining steam, Republicans in some states are mobilizing to protect their ability to continue rigging election maps. In late April, a Republican group backed by the Michigan Chamber of Commerce sued to keep a popular redistricting reform measure off the state’s November ballot. Arizona’s GOP-controlled legislature last week narrowly failed to pass a bill that would have given the party much more control over the map-drawing process. And Pennsylvania Republicans, who recently mulled impeaching a group of state judges who struck down their gerrymander, this week gutted reform legislation.