National: State Websites Are Hackable — And That Could Compromise Election Security | FiveThirtyEight

Not every election hack is a blockbuster — but even small-scale attacks on states’ cyber infrastructure have the potential for catastrophic effects. After receiving a tip from a small cyber firm called Appsecuri, FiveThirtyEight has confirmed that two states, Alabama and Nevada, had vulnerabilities that left them open to potential compromises of their state web presences. Earlier this month, Appsecuri approached FiveThirtyEight and said it found potential flaws on several states’ websites that would allow for information to be tampered with. It provided a number of vulnerabilities to FiveThirtyEight; FiveThirtyEight is only reporting those it could verify with the states affected.

National: State Election Systems Increasingly at Risk for Cyberattacks, FireEye Says | Bloomberg

U.S. election systems are increasingly at risk for cyberattacks ahead of the November midterms as Russia continues information operations to sow political division, according to cyber firm FireEye Inc. State and local election infrastructure is becoming a more popular target for hackers, particularly state-sponsored cyber espionage actors, the Milpitas, California-based company said in a report Thursday, outlining risks to voter registration, polling places and ballot submission systems. Although the U.S. primary season is well underway, FireEye said it hasn’t observed attacks against election infrastructure as of March. But following Russian meddling in the 2016 elections, “malicious actors and nation states likely already have an understanding of the flaws in the U.S. elections infrastructure and will seek to exploit opportunities where they can,’’ the report said.

National: Trump claims, without evidence, that Mueller team plans to meddle in midterm elections | The Washington Post

President Donald Trump on Tuesday accused prosecutors working on the investigation into Russian interference in the 2016 election of planning to meddle in this year’s midterm elections, escalating his attack on the probe while offering no evidence to back up his assertion. In several morning tweets, Trump attempted to cast himself as the victim of a partisan assault, part of a pattern of political deflection in recent days where the president has made false or exaggerated statements in defending his policies or attacking his perceived enemies. Over the weekend, Trump blamed Democrats for his policy of separating migrant families at the border, falsely said that the New York Times made up a source for a story on negotiations between the United States and North Korea, and continued to claim that the FBI’s use of a source to interact with members of his 2016 election team was an attempt to spy on the campaign.

National: How has the Senate Intel committee stayed united on Russia probe? | USA Today

Congress’s last chance to tell Americans — in a bipartisan way — about Russia’s alleged interference in the 2016 election rests with 15 senators who meet twice a week behind closed doors. The Senate Intelligence Committee has become a rare symbol of unity on the divisive issue of Russia’s role in the presidential race — quite a feat for a panel with members ranging from conservative Trump ally Tom Cotton, R-Ark., to liberal Trump critic Kamala Harris, D-Calif. While bitter partisan fighting ripped apart the House Intelligence Committee and ended its Russia investigation in March with no agreement between Republicans and Democrats, the Senate panel managed to stay united.

National: Trump Asked Sessions to Retain Control of Russia Inquiry After His Recusal | The New York Times

By the time Attorney General Jeff Sessions arrived at President Trump’s Mar-a-Lago resort for dinner one Saturday evening in March 2017, he had been receiving the presidential silent treatment for two days. Mr. Sessions had flown to Florida because Mr. Trump was refusing to take his calls about a pressing decision on his travel ban.  When they met, Mr. Trump was ready to talk — but not about the travel ban. His grievance was with Mr. Sessions: The president objected to his decision to recuse himself from the Russia investigation. Mr. Trump, who had told aides that he needed a loyalist overseeing the inquiry, berated Mr. Sessions and told him he should reverse his decision, an unusual and potentially inappropriate request. Mr. Sessions refused.

National: Inside the Pro-Trump Effort to Keep Black Voters From the Polls | Bloomberg

Breitbart News landed an election scoop that went viral in August 2016: “Exclusive: ‘Black Men for Bernie’ Founder to End Democrat ‘Political Slavery’ of Minority Voters… by Campaigning for Trump.” If the splashy, counterintuitive story, which circulated on such conservative websites as Truthfeed and Infowars, wasn’t exactly fake news, it was carefully orchestrated. The story’s writer—an employee of the conservative website run by Steve Bannon before he took over Donald Trump’s campaign—spent weeks courting activist Bruce Carter to join Trump’s cause. He approached Carter under the guise of interviewing him. The writer eventually dropped the pretense altogether, signing Carter up for a 10-week blitz aimed at convincing black voters in key states to support the Republican real estate mogul, or simply sit out the election. Trump’s narrow path to victory tightened further if Hillary Clinton could attract a Barack Obama-level turnout. Bannon’s deployment of the psychological-operations firm Cambridge Analytica in the 2016 campaign drew fresh attention this month, when a former Cambridge employee told a U.S. Senate panel that Bannon tried to use the company to suppress the black vote in key states. Carter’s story shows for the first time how an employee at Bannon’s former news site worked as an off-the-books political operative in the service of a similar goal.

National: First Line of Defense in U.S. Elections Has Critical Weaknesses | Bloomberg

A software sensor with a knack for detecting intrusions like those from Russian hackers is being embraced by U.S. states determined to protect their election systems, though cybersecurity experts warn of the tool’s limits. The Department of Homeland Security is working with a growing number of state election officials to install “Albert sensors,” which detect traffic coming into and out of a computer network. The system can’t block a suspected attack, but it funnels suspicious information to a federal-state information-sharing center near Albany, New York, that’s intended to help identify malign behavior and alert states quickly. “Every sensor we’re able to add is another in what was previously a dark spot” that federal authorities “couldn’t see into,” said Brian Calkin, vice president of operations for the Multi-State Information Sharing and Analysis Center, the Homeland Security-funded group that created the sensor in 2010 and upgraded it in 2014.

National: Goofy, Elephant, Squid: How Political Gamesmanship Distorts Voters’ Power | The New York Times

They sound like possible program titles for the Cartoon Network: Goofy Kicking Donald Duck, The Earmuffs, The Broken-Winged Pterodactyl, The Upside-Down Elephant, The Fat Squid, A Steamed Crab Hit by a Mallet. Actually, they were the shapes some people saw when looking at federal and state legislative districts that had been gerrymandered to within an inch of their lives. For the record, Goofy was in Pennsylvania, the earmuffs in Illinois, the pterodactyl in Maryland, the elephant in Texas, and the squid and steamed crab in North Carolina. About all they had in common with cartoons was that critics dismissed these squiggly and lumpy legislative lines as loony tunes, and courts rejected some of them as unconstitutional. Gerrymandering — the manipulation of political boundaries by the party in office in hopes of ensuring its enduring primacy — is almost as old as the republic.

National: Supreme Court to rule soon on partisan gerrymander cases: Last, best chance for fair elections? | Salon

It’s almost decision day for partisan gerrymandering. Fewer than four weeks remain in this U.S. Supreme Court session, so rulings in two crucial cases from Maryland and Wisconsin will arrive sometime between this Tuesday and mid-June. There’s national momentum towards fair districts. Judges and citizens have been slowly fighting back against the most extreme partisan manipulations of the system. Rigged maps in Florida, Virginia, North Carolina, Texas, Wisconsin and Pennsylvania have been struck down. A bipartisan commission won an overwhelming victory in Ohio this month, and an even stronger commission seems likely to be on the ballot in Michigan this fall. Ballot initiatives have also advanced in Colorado, Utah, Missouri and Arkansas. Nevertheless, no one should expect a grand democracy-saving gesture from the Supreme Court. Yes, justices from across the court’s ideological spectrum have agreed that partisan gerrymandering is “distasteful.” They have expressed revulsion over naked power grabs, entrenched majorities insulated from the ballot box, and real fear that new technology and Big Data could make everything even worse when the next redistricting occurs after the 2020 census.

National: F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware | The New York Times

Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on. The malware is capable of blocking web traffic, collecting information that passes through home and office routers, and disabling the devices entirely, the bureau announced on Friday. A global network of hundreds of thousands of routers is already under the control of the Sofacy Group, the Justice Department said last week. That group, which is also known as A.P.T. 28 and Fancy Bear and believed to be directed by Russia’s military intelligence agency, hacked the Democratic National Committee ahead of the 2016 presidential election, according to American and European intelligence agencies. The F.B.I. has several recommendations for any owner of a small office or home office router. The simplest thing to do is reboot the device, which will temporarily disrupt the malware if it is present. Users are also advised to upgrade the device’s firmware and to select a new secure password. If any remote-management settings are in place, the F.B.I. suggests disabling them.

National: Election officials need more than just paper-based ballots to secure votes | StateScoop

Many experts on election security say the key to more secure ballots is to move away from electronic voting machines toward models that produce paper records of votes. But it takes more than just that, a former federal cybersecurity strategist said Wednesday at a conference for city and county officials. Mike Garcia, now a consultant with the Center for Internet Security, told the group of about 40 that attempts to undermine the U.S. electoral process are going to target more than just ballot boxes. “Voting machines aren’t the only place you can undermine the election process,” Garcia said at the Public Technology Institute event in Washington. “Adversaries are going to find weaknesses anywhere.”

National: Federal Election Commission Can’t Decide If Russian Interference Violated Law | NPR

As tech companies and government agencies prepare to defend against possible Russian interference in the midterm elections, the Federal Election Commission has a different response: too soon. The four commissioners on Thursday deadlocked, again, on proposals to consider new rules, for example, for foreign-influenced U.S. corporations and for politically active entities that don’t disclose their donors. “We have reason to think there are foreign actors who are looking for every single avenue to try and influence our elections,” said Commissioner Ellen Weintraub, a Democrat who offered two proposals for new regulations. Both proposals failed on partisan 2-2 votes.

National: The FBI is trying to thwart a massive Russia-linked hacking campaign | The Washington Post

U.S. law enforcement is trying to seize control of a network of hundreds of thousands of wireless routers and other devices infected by malicious software and under the control of a Russian hacking group that typically targets government, military and security organizations. In a statement issued late Wednesday, the Justice Department said the FBI had received a court order to seize a domain at the core of the massive botnet, which would allow the government to protect victims by redirecting the malware to an FBI-controlled server. The DOJ attributed the hacking campaign to the group known as Sofacy, also known as Fancy Bear. While the statement did not explicitly name Russia, Fancy Bear is the Russian military-linked group that breached the Democratic National Committee in the presidential election.

National: Remember the Age of Paper Ballots? It’s Back | Wall Street Journal

In an era rife with concerns about cybersecurity, election officials are increasingly turning to a decidedly low-tech solution: paper. While security advocates have long considered use of paper a best practice for election integrity, the pace of its adoption has accelerated in the wake of Russian meddling in the U.S. election in 2016. City and county governments around the country and a handful oif states, so far, have moved to replace electronic voting methods with paper ballots or to adopt electronic voting machines that generate paper receipts. Virginia last year, just two months before its state election, phased out all its old electronic touch-screen machines after a demonstration at a hacking conference spotlighted vulnerabvilities in its electronic voting machines. Voters across the state cast paper ballots on election day. In Kentucky and Pennsylvania, meanwhile, state officials have ordered that all new voting equipment have a paper trail.

National: Lawmakers look to fortify federal cyber defenses ahead of 2018 midterms | CyberScoop

A bipartisan pair of House lawmakers have introduced legislation aimed at strengthening U.S. infrastructure ahead of midterm elections this fall. The bill from Reps. Elise Stefanik, R-N.Y., and Val Demings, D-Fla., is an effort to shore up U.S. cyber defenses by, among other measures, urging agencies to fully implement an executive order on cybersecurity that President Donald Trump issued last year. The president’s directive makes agency heads accountable for cyber risk – such as nation-state hacking – that can affect the entire government. Within 60 days of the legislation’s enactment, Trump would owe a report to Congress on what steps agencies had taken to “better detect, monitor, and mitigate cyberattacks.” Stefanik and Demings’s “Defend Against Russian Disinformation Act,” would also boost U.S. military cooperation with NATO. Cybersecurity analysts have held up Estonia, a neighbor of Russia and NATO member, as a model of cyber resiliency.

National: Department of Homeland Security chief Kirstjen Nielsen did not read the official report on Russian interference | Quartz

As the new head of the US Department of Homeland Security, Kirstjen Nielsen took an oath last December to protect the US from all enemies, foreign and domestic. To do that, she runs a 200,000 employee agency tasked with fighting terrorism, handling immigration, and keeping elections secure. But her responsibilities apparently do not include staying up to date on key findings about Russia’s interference in the 2016 presidential election. Nielsen told reporters today that she has never read the publicly available 25-page report on election meddling written by the FBI, CIA, and NSA, and distributed by the Director of National Intelligence last January. … “I do not believe that I’ve seen that conclusion that the specific intent was to help President Trump win,” Nielsen said today. “I’m not aware of that.”

National: U.S. officials warn Congress on election hacking threats | Reuters

Senior Trump administration officials warned Congress on Tuesday of ongoing efforts by Russia to interfere in the 2018 midterm congressional elections as the federal government prepares to hand out $380 million in election security funding to states. At a briefing attended by about 40 or 50 members of the 435-member U.S. House of Representatives, the heads of FBI, Homeland Security Department and the director of National Intelligence told members to urge states and cities overseeing elections to be prepared for threats. DHS Secretary Kirstjen Nielsen told reporters she agreed Russia was trying to influence the 2018 elections. “We see them continuing to conduct foreign influence campaigns,” Nielsen said, but added there is no evidence of Russia targeting specific races.

National: Homeland security chief: I haven’t seen intel that showed Russia favored Trump | The Guardian

Donald Trump’s homeland security secretary, Kirstjen Nielsen, told reporters on Tuesday she was unaware of intelligence assessments that Russia favored Trump over Hillary Clinton in the 2016 election. “I do not believe I’ve seen that conclusion that the specific intent was to help President Trump win,” she said. “I’m not aware of that.” Nielsen’s comments stand at odds with the US intelligence community, which concluded in 2017 that Russia tried to influence the 2016 election to benefit Trump. Last week, the Senate intelligence committee said it agreed with that assessment. Nielsen was speaking to reporters after briefing House lawmakers on election security efforts.

National: Partisan Split Over Election Security Widens as 2018 Midterms Inch Closer | Roll Call

Democrats and Republicans struck drastically different tones about their confidence in federal agencies’ efforts to secure voting systems and stamp out foreign state-sponsored influence campaigns ahead of the 2018 midterms after a classified meeting on the subject for House members Tuesday. Secretary of Homeland Security Kirstjen Nielsen, Director of National Intelligence Daniel Coats, and FBI Director Christopher Wray were among the officials who briefed lawmakers and answered their questions about what their agencies are doing to combat potential Russian, Iranian, Chinese, and other nations’ attempts to undermine the midterms. Roughly 40 to 50 lawmakers showed up to the meeting, which House Speaker Paul D. Ryan organized for all House members. Democrats who attended left largely unsatisfied.

National: Giuliani ‘made up’ Robert Mueller deadline for Trump probe: Report | CNBC

Trump lawyer Rudy Giuliani’s claim that special counsel Robert Mueller is hoping to end his investigation into whether the president obstructed justice in the Russia probe by Sept. 1 is “entirely made up,” a new report says. A U.S. official familiar with the case said Giuliani’s assertion in a New York Times article on Sunday about Mueller’s supposed target date was “another apparent effort to pressure the special counsel to hasten the end of his work,” Reuters reported. “He’ll wrap it up when he thinks he’s turned every rock,” the unidentified source said, referring to Mueller’s inquiry into possible obstruction by President Donald Trump into the question of Russian meddling in the 2016 presidential election.

National: Congress to receive classified briefing on election security Tuesday | The Hill

House Speaker Paul Ryan (R-Wis.) has rescheduled a briefing for Congress on election security, which will now be classified, for Tuesday morning. Top U.S. officials are expected to brief lawmakers behind closed doors on current threats and risks to the election process and efforts by the Trump administration to help state officials secure their digital voting assets from hackers. The briefing will take place at 8 a.m. and will be classified, according to an aide for Ryan. The briefing was originally expected to take place last Thursday and be unclassified but closed to the public.

National: We surveyed 100 security experts. Almost all said state election systems were vulnerable. | The Washington Post

We brought together a panel of more than 100 cybersecurity leaders from across government, the private sector, academia and the research community for a new feature called The Network — an ongoing, informal survey in which experts will weigh in on some of the most pressing issues of the field. (You can see the full list of experts here.) Our first survey revealed deep concerns that states aren’t prepared to defend themselves against the types of cyberattacks that disrupted the 2016 presidential election, when Russian hackers targeted election systems in 21 states.  “We are going to need more money and more guidance on how to effectively defend against the sophisticated adversaries we are facing to get our risk down to acceptable levels,” said one of the experts, Rep. Jim Langevin (D-R.I.), who co-chairs the Congressional Cybersecurity Caucus. Congress in March approved $380 million for all 50 states and five territories to secure their election systems, but Langevin says he wants more. He introduced legislation with Rep. Mark Meadows (R-N.C.) that would provide election security funding to states if they adhere to new federal guidelines for identifying weaknesses in their systems and auditing election results. “I hope Congress continues to work to address this vital national security issue,” Langevin said. 

National: Congress is offering millions in election security. States may not use it by November. | The Washington Post

States are now free to claim their shares of the hundreds of millions of dollars Congress set aside to secure election systems across the country. But for many states, getting their hands on the money – and deciding how to spend it – is easier said than done. In Minnesota, Secretary of State Steve Simon (D) told me he wants to use part of the $6.6 million in federal funds his state was awarded to hire three coders to immediately upgrade the state’s aging voter registration system. The clock is ticking: Minnesota was one of the 21 states that had election systems targeted by Russian hackers during the 2016 presidential race. With U.S. intelligence agencies warning the midterm elections are likely to be hit by another wave of cyberattacks, states are scrambling to secure their voting infrastructure by November. But Simon says he might not get the funds he needs in time. Under Minnesota law, only the Republican-controlled legislature can release that money — and local politics have left lawmakers in a stalemate over how to proceed. Right now, language to approve the funds is tucked in a spending bill the Democratic governor has threatened to veto for an array of unrelated issues. 

National: Just 13 States Have Requested Funds Congress Set Aside to Secure Election Systems | Gizmodo

Thirteen states have withdrawn a total of nearly $88 million from an election security fund established by Congress in March, but more than 75 percent of the funding has yet to be dispersed. The $380 million fund, established as part of Congress’ omnibus appropriations bill, is meant to aid state officials in securing and improving election systems, whether through technical upgrades, cybersecurity audits, or by replacing vulnerable paperless electronic voting machines with paper-based systems. Although it makes up only fraction of what some experts say is needed—the Center for American Progress, for example, has suggested $1.25 billion over a 10-year period, which is close to what Democrats pushed for in February—the funding will ostensibly go a long way toward ensuring the continuation of free and fair elections in the United States, namely by hardening certain systems against hackers who might seek to tamper with the results.

National: Trump Jr. and Other Aides Met With Gulf Emissary Offering Help to Win Election | The New York Times

Three months before the 2016 election, a small group gathered at Trump Tower to meet with Donald Trump Jr., the president’s eldest son. One was an Israeli specialist in social media manipulation. Another was an emissary for two wealthy Arab princes. The third was a Republican donor with a controversial past in the Middle East as a private security contractor. The meeting was convened primarily to offer help to the Trump team, and it forged relationships between the men and Trump insiders that would develop over the coming months — past the election and well into President Trump’s first year in office, according to several people with knowledge of their encounters. Erik Prince, the private security contractor and the former head of Blackwater, arranged the meeting, which took place on Aug. 3, 2016. The emissary, George Nader, told Donald Trump Jr. that the princes who led Saudi Arabia and the United Arab Emirates were eager to help his father win election as president. The social media specialist, Joel Zamel, extolled his company’s ability to give an edge to a political campaign; by that time, the firm had already drawn up a multimillion-dollar proposal for a social media manipulation effort to help elect Mr. Trump.

National: Election hacking puts focus on paperless voting machines | Associated Press

As the midterm congressional primaries heat up amid fears of Russian hacking, an estimated 1 in 5 Americans will be casting their ballots on machines that do not produce a paper record of their votes. That worries voting and cybersecurity experts, who say the lack of a hard copy makes it difficult to double-check the results for signs of manipulation. “In the current system, after the election, if people worry it has been hacked, the best officials can do is say ‘Trust us,’” said Alex Halderman, a voting machine expert who is director of the University of Michigan’s Center for Computer Security and Society. Georgia, which holds its primary on Tuesday, and four other states — Delaware, Louisiana, New Jersey and South Carolina — exclusively use touch-screen machines that provide no paper records that allow voters to confirm their choices.

National: Top Republican Senator Says ‘No Reason to Dispute’ That Russia Favored Trump | The New York Times

The Republican at the helm of the Senate’s investigation into Russian interference in the 2016 presidential election backed on Wednesday the assessment by American intelligence agencies that Moscow favored Donald J. Trump in the race, contradicting both the president and fellow Republicans in the House. Senator Richard M. Burr of North Carolina, the chairman of the Senate Intelligence Committee, said in a statement that he saw “no reason to dispute” the intelligence assessment, which was delivered in the final weeks of the Obama administration. Mr. Burr’s statement, while indirect, offered a clear rebuke to Mr. Trump’s most ardent supporters in the Republican Party and in the right-wing news media, who have sought to cast the assessment as the shoddy work of Obama loyalists bitter over Mr. Trump’s election victory. Russia’s only goal, those supporters have insisted, was to sow chaos, and thus it could not have colluded with a campaign it cared little about.

National: White House Eliminates Cybersecurity Coordinator Role | The New York Times

The White House eliminated the position of cybersecurity coordinator on the National Security Council on Tuesday, doing away with a post central to developing policy to defend against increasingly sophisticated digital attacks and the use of offensive cyber weapons. A memorandum circulated by an aide to the new national security adviser, John R. Bolton, said the post was no longer considered necessary because lower-level officials had already made cybersecurity issues a “core function” of the president’s national security team. Cybersecurity experts and members of Congress said they were mystified by the move, though some suggested Mr. Bolton did not want any competitive power centers emerging inside the national security apparatus. The decision was criticized by Mark R. Warner, a senator from Virginia and the ranking Democrat on the Senate Intelligence Committee. “I don’t see how getting rid of the top cyber official in the White House does anything to make our country safer from cyber threats,” he wrote on Twitter.

National: Voting Info in Spanish Often Lost in Translation | WhoWhatWhy

Incorrect translations, hard-to-find details, gibberish, or sometimes no information at all. That’s what many Spanish-speaking American voters encounter when searching for online voting materials in Spanish. In most cities, counties, and states across the nation, there is no federal requirement to present information in anything other than English. But for 263 jurisdictions — the vast majority of which are counties — federal law requires that voter information be presented in a minority language, with Spanish being the most common. California, Texas, and Florida are the only states required to present statewide voter information in Spanish. WhoWhatWhy has examined a number of official government websites across the country, looking at how well English-language voter information is translated into Spanish, how often it’s done, and if there are any major discrepancies between the two. What we discovered is that translated material is often hard to find and sometimes is nonexistent. Also, much of what does exist is poorly translated. In a closely contested election, that could make all the difference. In some instances, certain information just doesn’t get included in Spanish.

National: Jigsaw’s Project Shield Will Protect Campaigns From Online Attacks | WIRED

With midterm elections looming and primaries already underway in many states, anxiety has been building over the possibility of cyberattacks that could impact voting. Though officials and election security researchers alike are adamant that voters can trust the United States election system, they also acknowledge shortcomings of the current security setup. Little time remains to meaningfully improve election security before the midterms. But Google parent company Alphabet’s experimental incubator Jigsaw announced on Tuesday that it will start offering free protection from distributed denial of service attacks to US political campaigns. DDoS attacks overload a site or service with junk traffic so that legitimate users can’t access it. For the last two years, Jigsaw’s Project Shield has focused on fighting DDoS where it might be used for censorship around the world, offering free defenses to journalists, small publications, human rights groups, and election board sites. Now, those tremendous resources and that technical expertise will extend to political campaigns.