National: Here’s the Email Russian Hackers Used to Try to Break Into State Voting Systems | The Intercept

Just days the 2016 presidential election, hackers identified by the National Security Agency as working for Russia attempted to breach American voting systems. Among their specific targets were the computers of state voting officials, which they had hoped to compromise with malware-laden emails, according to an intelligence report published previously by The Intercept. Now we know what those emails looked like. An image of the malicious email, provided to The Intercept in response to a public records request in North Carolina, reveals precisely how hackers, who the NSA believed were working for Russian military intelligence, impersonated a Florida-based e-voting vendor and attempted to trick its customers into opening malware-packed Microsoft Word files.

National: New website is Russian op designed to sway U.S. voters, experts say | McClatchy

A new Russian influence operation has surfaced that mirrors some of the activity of an internet firm that the FBI says was deeply involved in efforts to sway the 2016 U.S. elections, a cybersecurity firm says. A website called usareally.com appeared on the internet May 17 and called on Americans to rally in front of the White House June 14 to celebrate President Donald Trump’s birthday, which is also Flag Day. FireEye, a Milpitas, Calif., cybersecurity company, said Thursday that USA Really is a Russian-operated website that carries content designed to foment racial division, harden feelings over immigration, gun control and police brutality, and undermine social cohesion. The website’s operators once worked out of the same office building in St. Petersburg, Russia, where the Kremlin-linked Internet Research Agency had its headquarters, said Lee Foster, manager of information operations analysis for FireEye iSIGHT Intelligence.

National: FBI’s Aristedes Mahairas: These nations pose biggest cyber risk to US | Business Insider

An FBI agent has mapped out the nation states that pose the biggest cyber threat to the US. Business Insider spoke to Aristedes Mahairas, a special agent in charge of the New York FBI’s Special Operations/Cyber Division, about the cybersecurity landscape in America. He said the US is always alive to threats from cyber criminals, cyber terrorists, and renegade hacktivists, but nation states are at the “very top” of the threat list. Mahairas said there has been a “significant increase in state-sponsored computer intrusions” over the past 12 years as it has become a potent way of unsettling an adversary alongside traditional espionage.

National: Ahead of November election, old voting machines stir concerns among U.S. officials | Reuters

U.S. election officials responsible for managing more than a dozen close races this November share a fear: Outdated voting machines in their districts could undermine confidence in election results that will determine which party controls the U.S. Congress. In 14 of the 40 most competitive races, Americans will cast ballots on voting machines that do not provide a paper trail to audit voters’ intentions if a close election is questioned, according to a Reuters analysis of data from six states and the Verified Voting Foundation, a non-political group concerned about verifiable elections. These include races in Pennsylvania, New Jersey, Texas, Florida, Kansas and Kentucky. Nationwide, of 435 congressional seats up for grabs, 144 are in districts where some or all voters will not have access to machines using paper records, the analysis shows. While something could go wrong in any of those districts, it is in the close elections where a miscount or a perception of a miscount matters most.

National: State Websites Are Hackable — And That Could Compromise Election Security | FiveThirtyEight

Not every election hack is a blockbuster — but even small-scale attacks on states’ cyber infrastructure have the potential for catastrophic effects. After receiving a tip from a small cyber firm called Appsecuri, FiveThirtyEight has confirmed that two states, Alabama and Nevada, had vulnerabilities that left them open to potential compromises of their state web presences. Earlier this month, Appsecuri approached FiveThirtyEight and said it found potential flaws on several states’ websites that would allow for information to be tampered with. It provided a number of vulnerabilities to FiveThirtyEight; FiveThirtyEight is only reporting those it could verify with the states affected.

National: State Election Systems Increasingly at Risk for Cyberattacks, FireEye Says | Bloomberg

U.S. election systems are increasingly at risk for cyberattacks ahead of the November midterms as Russia continues information operations to sow political division, according to cyber firm FireEye Inc. State and local election infrastructure is becoming a more popular target for hackers, particularly state-sponsored cyber espionage actors, the Milpitas, California-based company said in a report Thursday, outlining risks to voter registration, polling places and ballot submission systems. Although the U.S. primary season is well underway, FireEye said it hasn’t observed attacks against election infrastructure as of March. But following Russian meddling in the 2016 elections, “malicious actors and nation states likely already have an understanding of the flaws in the U.S. elections infrastructure and will seek to exploit opportunities where they can,’’ the report said.

National: Trump claims, without evidence, that Mueller team plans to meddle in midterm elections | The Washington Post

President Donald Trump on Tuesday accused prosecutors working on the investigation into Russian interference in the 2016 election of planning to meddle in this year’s midterm elections, escalating his attack on the probe while offering no evidence to back up his assertion. In several morning tweets, Trump attempted to cast himself as the victim of a partisan assault, part of a pattern of political deflection in recent days where the president has made false or exaggerated statements in defending his policies or attacking his perceived enemies. Over the weekend, Trump blamed Democrats for his policy of separating migrant families at the border, falsely said that the New York Times made up a source for a story on negotiations between the United States and North Korea, and continued to claim that the FBI’s use of a source to interact with members of his 2016 election team was an attempt to spy on the campaign.

National: How has the Senate Intel committee stayed united on Russia probe? | USA Today

Congress’s last chance to tell Americans — in a bipartisan way — about Russia’s alleged interference in the 2016 election rests with 15 senators who meet twice a week behind closed doors. The Senate Intelligence Committee has become a rare symbol of unity on the divisive issue of Russia’s role in the presidential race — quite a feat for a panel with members ranging from conservative Trump ally Tom Cotton, R-Ark., to liberal Trump critic Kamala Harris, D-Calif. While bitter partisan fighting ripped apart the House Intelligence Committee and ended its Russia investigation in March with no agreement between Republicans and Democrats, the Senate panel managed to stay united.

National: Trump Asked Sessions to Retain Control of Russia Inquiry After His Recusal | The New York Times

By the time Attorney General Jeff Sessions arrived at President Trump’s Mar-a-Lago resort for dinner one Saturday evening in March 2017, he had been receiving the presidential silent treatment for two days. Mr. Sessions had flown to Florida because Mr. Trump was refusing to take his calls about a pressing decision on his travel ban.  When they met, Mr. Trump was ready to talk — but not about the travel ban. His grievance was with Mr. Sessions: The president objected to his decision to recuse himself from the Russia investigation. Mr. Trump, who had told aides that he needed a loyalist overseeing the inquiry, berated Mr. Sessions and told him he should reverse his decision, an unusual and potentially inappropriate request. Mr. Sessions refused.

National: Inside the Pro-Trump Effort to Keep Black Voters From the Polls | Bloomberg

Breitbart News landed an election scoop that went viral in August 2016: “Exclusive: ‘Black Men for Bernie’ Founder to End Democrat ‘Political Slavery’ of Minority Voters… by Campaigning for Trump.” If the splashy, counterintuitive story, which circulated on such conservative websites as Truthfeed and Infowars, wasn’t exactly fake news, it was carefully orchestrated. The story’s writer—an employee of the conservative website run by Steve Bannon before he took over Donald Trump’s campaign—spent weeks courting activist Bruce Carter to join Trump’s cause. He approached Carter under the guise of interviewing him. The writer eventually dropped the pretense altogether, signing Carter up for a 10-week blitz aimed at convincing black voters in key states to support the Republican real estate mogul, or simply sit out the election. Trump’s narrow path to victory tightened further if Hillary Clinton could attract a Barack Obama-level turnout. Bannon’s deployment of the psychological-operations firm Cambridge Analytica in the 2016 campaign drew fresh attention this month, when a former Cambridge employee told a U.S. Senate panel that Bannon tried to use the company to suppress the black vote in key states. Carter’s story shows for the first time how an employee at Bannon’s former news site worked as an off-the-books political operative in the service of a similar goal.

National: First Line of Defense in U.S. Elections Has Critical Weaknesses | Bloomberg

A software sensor with a knack for detecting intrusions like those from Russian hackers is being embraced by U.S. states determined to protect their election systems, though cybersecurity experts warn of the tool’s limits. The Department of Homeland Security is working with a growing number of state election officials to install “Albert sensors,” which detect traffic coming into and out of a computer network. The system can’t block a suspected attack, but it funnels suspicious information to a federal-state information-sharing center near Albany, New York, that’s intended to help identify malign behavior and alert states quickly. “Every sensor we’re able to add is another in what was previously a dark spot” that federal authorities “couldn’t see into,” said Brian Calkin, vice president of operations for the Multi-State Information Sharing and Analysis Center, the Homeland Security-funded group that created the sensor in 2010 and upgraded it in 2014.

National: Goofy, Elephant, Squid: How Political Gamesmanship Distorts Voters’ Power | The New York Times

They sound like possible program titles for the Cartoon Network: Goofy Kicking Donald Duck, The Earmuffs, The Broken-Winged Pterodactyl, The Upside-Down Elephant, The Fat Squid, A Steamed Crab Hit by a Mallet. Actually, they were the shapes some people saw when looking at federal and state legislative districts that had been gerrymandered to within an inch of their lives. For the record, Goofy was in Pennsylvania, the earmuffs in Illinois, the pterodactyl in Maryland, the elephant in Texas, and the squid and steamed crab in North Carolina. About all they had in common with cartoons was that critics dismissed these squiggly and lumpy legislative lines as loony tunes, and courts rejected some of them as unconstitutional. Gerrymandering — the manipulation of political boundaries by the party in office in hopes of ensuring its enduring primacy — is almost as old as the republic.

National: Supreme Court to rule soon on partisan gerrymander cases: Last, best chance for fair elections? | Salon

It’s almost decision day for partisan gerrymandering. Fewer than four weeks remain in this U.S. Supreme Court session, so rulings in two crucial cases from Maryland and Wisconsin will arrive sometime between this Tuesday and mid-June. There’s national momentum towards fair districts. Judges and citizens have been slowly fighting back against the most extreme partisan manipulations of the system. Rigged maps in Florida, Virginia, North Carolina, Texas, Wisconsin and Pennsylvania have been struck down. A bipartisan commission won an overwhelming victory in Ohio this month, and an even stronger commission seems likely to be on the ballot in Michigan this fall. Ballot initiatives have also advanced in Colorado, Utah, Missouri and Arkansas. Nevertheless, no one should expect a grand democracy-saving gesture from the Supreme Court. Yes, justices from across the court’s ideological spectrum have agreed that partisan gerrymandering is “distasteful.” They have expressed revulsion over naked power grabs, entrenched majorities insulated from the ballot box, and real fear that new technology and Big Data could make everything even worse when the next redistricting occurs after the 2020 census.

National: F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware | The New York Times

Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on. The malware is capable of blocking web traffic, collecting information that passes through home and office routers, and disabling the devices entirely, the bureau announced on Friday. A global network of hundreds of thousands of routers is already under the control of the Sofacy Group, the Justice Department said last week. That group, which is also known as A.P.T. 28 and Fancy Bear and believed to be directed by Russia’s military intelligence agency, hacked the Democratic National Committee ahead of the 2016 presidential election, according to American and European intelligence agencies. The F.B.I. has several recommendations for any owner of a small office or home office router. The simplest thing to do is reboot the device, which will temporarily disrupt the malware if it is present. Users are also advised to upgrade the device’s firmware and to select a new secure password. If any remote-management settings are in place, the F.B.I. suggests disabling them.

National: Election officials need more than just paper-based ballots to secure votes | StateScoop

Many experts on election security say the key to more secure ballots is to move away from electronic voting machines toward models that produce paper records of votes. But it takes more than just that, a former federal cybersecurity strategist said Wednesday at a conference for city and county officials. Mike Garcia, now a consultant with the Center for Internet Security, told the group of about 40 that attempts to undermine the U.S. electoral process are going to target more than just ballot boxes. “Voting machines aren’t the only place you can undermine the election process,” Garcia said at the Public Technology Institute event in Washington. “Adversaries are going to find weaknesses anywhere.”

National: Federal Election Commission Can’t Decide If Russian Interference Violated Law | NPR

As tech companies and government agencies prepare to defend against possible Russian interference in the midterm elections, the Federal Election Commission has a different response: too soon. The four commissioners on Thursday deadlocked, again, on proposals to consider new rules, for example, for foreign-influenced U.S. corporations and for politically active entities that don’t disclose their donors. “We have reason to think there are foreign actors who are looking for every single avenue to try and influence our elections,” said Commissioner Ellen Weintraub, a Democrat who offered two proposals for new regulations. Both proposals failed on partisan 2-2 votes.

National: The FBI is trying to thwart a massive Russia-linked hacking campaign | The Washington Post

U.S. law enforcement is trying to seize control of a network of hundreds of thousands of wireless routers and other devices infected by malicious software and under the control of a Russian hacking group that typically targets government, military and security organizations. In a statement issued late Wednesday, the Justice Department said the FBI had received a court order to seize a domain at the core of the massive botnet, which would allow the government to protect victims by redirecting the malware to an FBI-controlled server. The DOJ attributed the hacking campaign to the group known as Sofacy, also known as Fancy Bear. While the statement did not explicitly name Russia, Fancy Bear is the Russian military-linked group that breached the Democratic National Committee in the presidential election.

National: Remember the Age of Paper Ballots? It’s Back | Wall Street Journal

In an era rife with concerns about cybersecurity, election officials are increasingly turning to a decidedly low-tech solution: paper. While security advocates have long considered use of paper a best practice for election integrity, the pace of its adoption has accelerated in the wake of Russian meddling in the U.S. election in 2016. City and county governments around the country and a handful oif states, so far, have moved to replace electronic voting methods with paper ballots or to adopt electronic voting machines that generate paper receipts. Virginia last year, just two months before its state election, phased out all its old electronic touch-screen machines after a demonstration at a hacking conference spotlighted vulnerabvilities in its electronic voting machines. Voters across the state cast paper ballots on election day. In Kentucky and Pennsylvania, meanwhile, state officials have ordered that all new voting equipment have a paper trail.

National: Lawmakers look to fortify federal cyber defenses ahead of 2018 midterms | CyberScoop

A bipartisan pair of House lawmakers have introduced legislation aimed at strengthening U.S. infrastructure ahead of midterm elections this fall. The bill from Reps. Elise Stefanik, R-N.Y., and Val Demings, D-Fla., is an effort to shore up U.S. cyber defenses by, among other measures, urging agencies to fully implement an executive order on cybersecurity that President Donald Trump issued last year. The president’s directive makes agency heads accountable for cyber risk – such as nation-state hacking – that can affect the entire government. Within 60 days of the legislation’s enactment, Trump would owe a report to Congress on what steps agencies had taken to “better detect, monitor, and mitigate cyberattacks.” Stefanik and Demings’s “Defend Against Russian Disinformation Act,” would also boost U.S. military cooperation with NATO. Cybersecurity analysts have held up Estonia, a neighbor of Russia and NATO member, as a model of cyber resiliency.

National: Department of Homeland Security chief Kirstjen Nielsen did not read the official report on Russian interference | Quartz

As the new head of the US Department of Homeland Security, Kirstjen Nielsen took an oath last December to protect the US from all enemies, foreign and domestic. To do that, she runs a 200,000 employee agency tasked with fighting terrorism, handling immigration, and keeping elections secure. But her responsibilities apparently do not include staying up to date on key findings about Russia’s interference in the 2016 presidential election. Nielsen told reporters today that she has never read the publicly available 25-page report on election meddling written by the FBI, CIA, and NSA, and distributed by the Director of National Intelligence last January. … “I do not believe that I’ve seen that conclusion that the specific intent was to help President Trump win,” Nielsen said today. “I’m not aware of that.”

National: U.S. officials warn Congress on election hacking threats | Reuters

Senior Trump administration officials warned Congress on Tuesday of ongoing efforts by Russia to interfere in the 2018 midterm congressional elections as the federal government prepares to hand out $380 million in election security funding to states. At a briefing attended by about 40 or 50 members of the 435-member U.S. House of Representatives, the heads of FBI, Homeland Security Department and the director of National Intelligence told members to urge states and cities overseeing elections to be prepared for threats. DHS Secretary Kirstjen Nielsen told reporters she agreed Russia was trying to influence the 2018 elections. “We see them continuing to conduct foreign influence campaigns,” Nielsen said, but added there is no evidence of Russia targeting specific races.

National: Homeland security chief: I haven’t seen intel that showed Russia favored Trump | The Guardian

Donald Trump’s homeland security secretary, Kirstjen Nielsen, told reporters on Tuesday she was unaware of intelligence assessments that Russia favored Trump over Hillary Clinton in the 2016 election. “I do not believe I’ve seen that conclusion that the specific intent was to help President Trump win,” she said. “I’m not aware of that.” Nielsen’s comments stand at odds with the US intelligence community, which concluded in 2017 that Russia tried to influence the 2016 election to benefit Trump. Last week, the Senate intelligence committee said it agreed with that assessment. Nielsen was speaking to reporters after briefing House lawmakers on election security efforts.

National: Partisan Split Over Election Security Widens as 2018 Midterms Inch Closer | Roll Call

Democrats and Republicans struck drastically different tones about their confidence in federal agencies’ efforts to secure voting systems and stamp out foreign state-sponsored influence campaigns ahead of the 2018 midterms after a classified meeting on the subject for House members Tuesday. Secretary of Homeland Security Kirstjen Nielsen, Director of National Intelligence Daniel Coats, and FBI Director Christopher Wray were among the officials who briefed lawmakers and answered their questions about what their agencies are doing to combat potential Russian, Iranian, Chinese, and other nations’ attempts to undermine the midterms. Roughly 40 to 50 lawmakers showed up to the meeting, which House Speaker Paul D. Ryan organized for all House members. Democrats who attended left largely unsatisfied.

National: Giuliani ‘made up’ Robert Mueller deadline for Trump probe: Report | CNBC

Trump lawyer Rudy Giuliani’s claim that special counsel Robert Mueller is hoping to end his investigation into whether the president obstructed justice in the Russia probe by Sept. 1 is “entirely made up,” a new report says. A U.S. official familiar with the case said Giuliani’s assertion in a New York Times article on Sunday about Mueller’s supposed target date was “another apparent effort to pressure the special counsel to hasten the end of his work,” Reuters reported. “He’ll wrap it up when he thinks he’s turned every rock,” the unidentified source said, referring to Mueller’s inquiry into possible obstruction by President Donald Trump into the question of Russian meddling in the 2016 presidential election.

National: Congress to receive classified briefing on election security Tuesday | The Hill

House Speaker Paul Ryan (R-Wis.) has rescheduled a briefing for Congress on election security, which will now be classified, for Tuesday morning. Top U.S. officials are expected to brief lawmakers behind closed doors on current threats and risks to the election process and efforts by the Trump administration to help state officials secure their digital voting assets from hackers. The briefing will take place at 8 a.m. and will be classified, according to an aide for Ryan. The briefing was originally expected to take place last Thursday and be unclassified but closed to the public.

National: We surveyed 100 security experts. Almost all said state election systems were vulnerable. | The Washington Post

We brought together a panel of more than 100 cybersecurity leaders from across government, the private sector, academia and the research community for a new feature called The Network — an ongoing, informal survey in which experts will weigh in on some of the most pressing issues of the field. (You can see the full list of experts here.) Our first survey revealed deep concerns that states aren’t prepared to defend themselves against the types of cyberattacks that disrupted the 2016 presidential election, when Russian hackers targeted election systems in 21 states.  “We are going to need more money and more guidance on how to effectively defend against the sophisticated adversaries we are facing to get our risk down to acceptable levels,” said one of the experts, Rep. Jim Langevin (D-R.I.), who co-chairs the Congressional Cybersecurity Caucus. Congress in March approved $380 million for all 50 states and five territories to secure their election systems, but Langevin says he wants more. He introduced legislation with Rep. Mark Meadows (R-N.C.) that would provide election security funding to states if they adhere to new federal guidelines for identifying weaknesses in their systems and auditing election results. “I hope Congress continues to work to address this vital national security issue,” Langevin said. 

National: Congress is offering millions in election security. States may not use it by November. | The Washington Post

States are now free to claim their shares of the hundreds of millions of dollars Congress set aside to secure election systems across the country. But for many states, getting their hands on the money – and deciding how to spend it – is easier said than done. In Minnesota, Secretary of State Steve Simon (D) told me he wants to use part of the $6.6 million in federal funds his state was awarded to hire three coders to immediately upgrade the state’s aging voter registration system. The clock is ticking: Minnesota was one of the 21 states that had election systems targeted by Russian hackers during the 2016 presidential race. With U.S. intelligence agencies warning the midterm elections are likely to be hit by another wave of cyberattacks, states are scrambling to secure their voting infrastructure by November. But Simon says he might not get the funds he needs in time. Under Minnesota law, only the Republican-controlled legislature can release that money — and local politics have left lawmakers in a stalemate over how to proceed. Right now, language to approve the funds is tucked in a spending bill the Democratic governor has threatened to veto for an array of unrelated issues. 

National: Just 13 States Have Requested Funds Congress Set Aside to Secure Election Systems | Gizmodo

Thirteen states have withdrawn a total of nearly $88 million from an election security fund established by Congress in March, but more than 75 percent of the funding has yet to be dispersed. The $380 million fund, established as part of Congress’ omnibus appropriations bill, is meant to aid state officials in securing and improving election systems, whether through technical upgrades, cybersecurity audits, or by replacing vulnerable paperless electronic voting machines with paper-based systems. Although it makes up only fraction of what some experts say is needed—the Center for American Progress, for example, has suggested $1.25 billion over a 10-year period, which is close to what Democrats pushed for in February—the funding will ostensibly go a long way toward ensuring the continuation of free and fair elections in the United States, namely by hardening certain systems against hackers who might seek to tamper with the results.

National: Trump Jr. and Other Aides Met With Gulf Emissary Offering Help to Win Election | The New York Times

Three months before the 2016 election, a small group gathered at Trump Tower to meet with Donald Trump Jr., the president’s eldest son. One was an Israeli specialist in social media manipulation. Another was an emissary for two wealthy Arab princes. The third was a Republican donor with a controversial past in the Middle East as a private security contractor. The meeting was convened primarily to offer help to the Trump team, and it forged relationships between the men and Trump insiders that would develop over the coming months — past the election and well into President Trump’s first year in office, according to several people with knowledge of their encounters. Erik Prince, the private security contractor and the former head of Blackwater, arranged the meeting, which took place on Aug. 3, 2016. The emissary, George Nader, told Donald Trump Jr. that the princes who led Saudi Arabia and the United Arab Emirates were eager to help his father win election as president. The social media specialist, Joel Zamel, extolled his company’s ability to give an edge to a political campaign; by that time, the firm had already drawn up a multimillion-dollar proposal for a social media manipulation effort to help elect Mr. Trump.

National: Election hacking puts focus on paperless voting machines | Associated Press

As the midterm congressional primaries heat up amid fears of Russian hacking, an estimated 1 in 5 Americans will be casting their ballots on machines that do not produce a paper record of their votes. That worries voting and cybersecurity experts, who say the lack of a hard copy makes it difficult to double-check the results for signs of manipulation. “In the current system, after the election, if people worry it has been hacked, the best officials can do is say ‘Trust us,’” said Alex Halderman, a voting machine expert who is director of the University of Michigan’s Center for Computer Security and Society. Georgia, which holds its primary on Tuesday, and four other states — Delaware, Louisiana, New Jersey and South Carolina — exclusively use touch-screen machines that provide no paper records that allow voters to confirm their choices.