National: Hacking the Election: Security Flaws Need Fixing, Researchers Say | AFP

Hackers could have easily infiltrated US voting machines in 2016 and are likely to try again in light of vulnerabilities in electronic polling systems, a group of researchers said Tuesday. A report with detailed findings from a July hacker conference which demonstrated how voting machines could be manipulated concluded that numerous vulnerabilities exist, posing a national security threat. The researchers analyzed the results of the “voting village” hacking contest at the DefCon gathering of hackers in Las Vegas this year, which showed how ballot machines could be compromised within minutes. “These machines were pretty easy to hack,” said Jeff Moss, the DefCon founder who presented the report at the Atlantic Council in Washington. “The problem is not going away. It’s only going to accelerate.”

National: U.S. voting machines are susceptible to hacking by foreign actors | CBS

Hacking and national security experts say that U.S. voting machines are vulnerable and could allow Russia to access to them, according to a new report out of DEFCON, one of the world’s longest-running hacker conferences. The report concludes that it is incredibly easy to hack U.S. voting machines, and the system is not nearly as safe as it’s portrayed by election officials because many voting machines contain foreign-manufactured internal parts that may be susceptible to tampering. Hackers also do not need advanced knowledge of voting machines to hack them — it would take only a few minutes or hours for someone with the technical knowledge to infiltrate the machines. At the Voting Village conference in July, DEFCON set up a hacking village to draw attention to cyber vulnerabilities in U.S. election infrastructure. It invited participants to hack 25 pieces of election equipment including voting machines and electronic poll books, and produced a report afterwards.

National: U.S. governors, hackers, academics team up to secure elections | Reuters

Hackers are joining forces with U.S. governors and academics in a new group aimed at preventing the manipulation of voter machines and computer systems to sway the outcome of future U.S. elections, a source familiar with the project said on Monday. The anti-hacking coalition’s members include organizers of last summer’s Def Con hacking conference in Las Vegas, the National Governors Association and the Center for Internet Security, said the source, who asked not to be identified ahead of a formal announcement due to be made on Tuesday. The Washington-based Atlantic Council think tank and several universities are also part of the project, the source said.

National: Hack-Vulnerable Voting Machines a ‘National Security Threat,’ Experts Warn | Newsweek

It happened in Las Vegas, but the weaknesses in U.S. voting equipment uncovered during a summer hackathon are too important to stay there, experts say. They’re a matter of national security. A new report breaks down the lessons learned at the DEF CON 25 hacking conference, which amounted to a concentrated attack—orchestrated in the name of public safety—on the programming and machinery used in U.S. elections. “The results were sobering,” according to a copy of the report provided by the Atlantic Council, an international affairs think tank. “By the end of the conference, every piece of equipment in the Voting Village was effectively breached in some manner. Participants with little prior knowledge and only limited tools and resources were quite capable of undermining the confidentiality, integrity, and availability​ ​of​ ​these​ ​systems.” … Researchers found the susceptibilities exposed by the hackers controverted manufacturers’ long-standing claims that their products were designed to thwart tampering. “If a voting machine can be hacked by a relative novice in a matter of minutes at DEFCON, imagine what a savvy and well-resourced adversary could do with months or years,” the researchers wrote.  

National: Democratic Member Isn’t Sure If Trump Fraud Panel Will Ever Meet Again | HuffPost

A member of President Donald Trump’s voter fraud probe expressed deep frustration Tuesday over the way the commission has been run so far and doubted that the panel would ever meet again. Even though the Presidential Advisory Commission on Election Integrity was formally created five months ago and has conducted two public meetings, Maine Secretary of State Matthew Dunlap (D) told HuffPost that he still has no idea what it’s working on or when it will meet next. He said he plans to raise concerns with Kansas Secretary of State Kris Kobach (R), the commission’s vice chair, about how it has operated so far ― if he ever has another chance. “I think we have to talk about that if we get another opportunity. I don’t know that we’re ever going to meet again, to tell you the truth. We certainly haven’t talked about it,” Dunlap said. “I think it is a possibility. We haven’t heard about any future meetings. We talked about a meeting in November ― that was back in July. We haven’t had anything further about it. … It wouldn’t surprise me if we didn’t meet again.”

National: Time is running out for state officials to be approved for cybersecurity intel ahead of elections | Cyberscoop

With just about a month left before the polls open in New Jersey and Virginia for gubernatorial elections, the Department of Homeland Security is racing to vet state officials who have applied for the ability to receive classified briefings and other information related to potential cyber-intrusions into election systems, people familiar with the matter tell CyberScoop. In August, the DHS began reaching out to chief election officials in every state to begin the process of obtaining clearances. While the nominees for these clearances are usually the secretary of state or similar high-ranking office-holders, some supporting staff have also sought clearances. The processing for each of these applications varies by person and as a result, there’s no average wait time. Over the last several months, however, DHS has been able to issue “interim” clearances when necessary within 30 days of an application, officials told CyberScoop. Final clearance approvals are taking much longer, the officials said.

National: Carter Page says he won’t testify before Senate Intelligence panel in Russia probe | Politico

Carter Page, a former foreign policy adviser to the Trump campaign, informed the Senate Intelligence Committee on Tuesday that he will not be cooperating with any requests to appear before the panel for its investigation into Russian meddling in the 2016 election and would plead the Fifth, according to a source familiar with the matter. A former naval-officer-turned-energy consultant, Page came under fire last year after reports emerged that he had met with high-level associates of Russian President Vladimir Putin in Moscow in 2016. While Page denied those meetings occurred, the Trump campaign distanced itself from the adviser not long after, with former officials saying that Page and Trump had never met.

National: How Russia Harvested American Rage to Reshape U.S. Politics | The New York Times

YouTube videos of police beatings on American streets. A widely circulated internet hoax about Muslim men in Michigan collecting welfare for multiple wives. A local news story about two veterans brutally mugged on a freezing winter night. All of these were recorded, posted or written by Americans. Yet all ended up becoming grist for a network of Facebook pages linked to a shadowy Russian company that has carried out propaganda campaigns for the Kremlin, and which is now believed to be at the center of a far-reaching Russian program to influence the 2016 presidential election. A New York Times examination of hundreds of those posts shows that one of the most powerful weapons that Russian agents used to reshape American politics was the anger, passion and misinformation that real Americans were broadcasting across social media platforms.

National: Hacker study: Russia could get into U.S. voting machines | Politico

American voting machines are full of foreign-made hardware and software, including from China, and a top group of hackers and national security officials says that means they could have been infiltrated last year and into the future. DEFCON, the world’s largest hacker conference, will release its findings on Tuesday, months after hosting a July demonstration in which hackers quickly broke into 25 different types of voting machines. The report, to be unveiled at an event at the Atlantic Council, comes as the investigation continues by four Hill committees, plus Justice Department special counsel Robert Mueller, into Russian meddling in the 2016 elections, on top of the firm intelligence community assessments of interference. Though the report offers no proof of an attack last year, experts involved with it say they’re sure it is possible—and probable—and that the chances of a bigger attack in the future are high.

National: If Russia Comes Calling, Feds and States United for Election Cybersecurity | NBC

President Donald Trump says allegations of Russian hacking in the 2016 election are a hoax — but his own agencies are working with states to beef up their cybersecurity, heeding the U.S. intelligence community’s warning: Moscow will be back in 2018. The Department of Homeland Security, state and local election officials, the FBI, and a federal election council have joined forces to work through hacking scenarios and root out weaknesses in state election systems. The project, in which states will have access to grants to upgrade election technology and tools to run simulations to examine holes in their systems, is a test for how well officials can work together to ward off potential election-related threats ahead of the midterm elections next year and the presidential election in 2020, experts said.

National: Google uncovers Russian-bought ads on YouTube, Gmail and other platforms | The Washington Post

Google for the first time has uncovered evidence that Russian operatives exploited the company’s platforms in an attempt to interfere in the 2016 election, according to people familiar with the company’s investigation. The Silicon Valley giant has found that tens of thousands of dollars were spent on ads by Russian agents who aimed to spread disinformation across Google’s many products, which include YouTube, as well as advertising associated with Google search, Gmail, and the company’s DoubleClick ad network, the people said, speaking on condition of anonymity to discuss matters that have not been made public. Google runs the world’s largest online advertising business, and YouTube is the world’s largest online video site. The discovery by Google is also significant because the ads do not appear to be from the same Kremlin-affiliated troll farm that bought ads on Facebook — a sign that the Russian effort to spread disinformation online may be a much broader problem than Silicon Valley companies have unearthed so far.

National: Microsoft is reviewing its records for signs of potential Russian meddling during the 2016 election | Recode

Microsoft is currently reviewing its sales records to determine whether trolls aligned with the Russian government purchased ads on Bing or other company products during the 2016 U.S. presidential race. The decision to conduct an internal investigation comes as Microsoft’s tech industry peers — Facebook, Google and Twitter — contend with parallel probes by the U.S. Congress into the extent to which Kremlin-backed agents spread disinformation on their platforms around Election Day. “We take reports of misuse of our platform seriously,” a Microsoft spokesman said late Monday. “We are therefore investigating and if inappropriate activity is found, we will take steps to minimize such misuse in the future.” Reuters first reported the news.

National: The U.S. Election System Remains Deeply Vulnerable, But States Would Rather Celebrate Fake Success | The Intercept

When the Department of Homeland Security notified 21 states that Russian actors had targeted their elections systems in the months leading up to the 2016 presidential election, the impacted states rolled out a series of defiant statements. … But in most cases, according to the DHS, Russian actors scanned the public-facing websites of state agencies, apparently looking for vulnerabilities. The DHS said that in almost all of the cases, there was no evidence the operatives attempted to exploit any vulnerabilities. It was not, in other words, a thwarted bank robbery. Instead, Russian operatives surveyed the bank from the sidewalk, and then headed home. While the states are busy celebrating their successes, they are doing far too little to ensure that operatives don’t get in next time they show up and actually try to infiltrate, say cybersecurity experts.

National: US senator seeks cyber info from voting machine makers | The Washington Post

A U.S. senator wants to know how well the country’s top six voting machine manufactures protect themselves against cyberattacks, a move that comes just weeks after federal authorities notified 21 states that they had been targeted by Russian government hackers during the 2016 presidential election. In a letter Tuesday to the CEOs of top election technology firms, Sen. Ron Wyden writes that public faith in American election infrastructure is “more important than ever before.” “Ensuring that Americans can trust that election systems and infrastructure are secure is necessary to protecting confidence in our electoral process and democratic government,” writes Widen, an Oregon Democrat.

National: Kobach plan for Trump included federal voting laws changes | McClatchy

Kansas Secretary of State Kris Kobach urged President Donald Trump to pursue changes to federal voting law to promote proof-of-citizenship requirements, according to documents unsealed Thursday by a federal judge. Kobach, a candidate for Kansas governor and the vice chair of Trump’s voting commission, was photographed carrying a strategic plan for the Department of Homeland Security into a meeting with Trump in November. The American Civil Liberties Union sought the documents as part of an ongoing lawsuit challenging a Kansas law that requires voters to provide proof of citizenship, such as a birth certificate or passport, when they register. Kobach was ordered to turn over the documents to the ACLU earlier this year, but the documents had been sealed until Judge Julie Robinson opened them Thursday.

National: Supreme Court takes up Wisconsin as test in partisan gerrymandering claims | The Washington Post

Opponents of political gerrymandering had reason for optimism at the Supreme Court on Tuesday, with Justice Anthony M. Kennedy, the likely swing vote, appearing more in sync with liberal colleagues who seemed convinced that a legislative map can be so infected with political bias that it violates the Constitution. But it’s what Kennedy didn’t say that could determine whether the court, for the first time, strikes down a legislative map because of extreme partisan gerrymandering. While he has previously expressed concerns about the political mapmaking practice, he has yet to endorse a way of determining when gerrymandering is excessive, and Kennedy give no sign at oral arguments Tuesday that he had found one. In a case from Wisconsin that could reshape the way American elections are conducted, the Supreme Court heard from challengers that it was the “only institution in the United States” that could prevent a coming wave of extreme partisan gerrymandering that would distort the basic structure of democracy.

National: Kobach plan for Trump included federal voting laws changes | Associated Press

A Kansas official who later became vice chairman of President Donald Trump’s commission on election fraud drafted a proposal for Trump to change federal voter registration laws to promote proof-of-citizenship requirements by states, an unsealed federal court document showed Thursday. The proposal was part of a “strategic plan” for the U.S. Department of Homeland Security prepared by Kansas Secretary of State Kris Kobach and carried by him into a meeting in November with Trump, then the president-elect. It was among three proposals designed to “stop aliens from voting.” U.S. District Judge Julie Robinson ordered a highly-edited version of the document unsealed Thursday in a voting-rights lawsuit from the American Civil Liberties Union. Robinson also ordered the unsealing of a second document, prepared by Kobach and circulated within the Kansas secretary of state’s office, showing the text of proposed changes to federal law.

National: The ‘unique’ nature of the US voting system could help Russia tip the scales of future elections, experts say | Business Insider

The vice chairman of the Senate Intelligence Committee told reporters on Wednesday he was disappointed that it had taken nearly a year for the Department of Homeland Security to notify 21 states that their voter registration systems had been targeted by hackers during the election. “There needs to be a more aggressive, whole-of-government approach in terms of protecting our electoral system,” said Democratic Sen. Mark Warner. “Remember, to make a change in a national election doesn’t require penetration into 50 states … arguably, you could pick two or three states, and two or three jurisdictions, and alter an election.”

National: Facebook Cut Russia Out of April Report on Election Influence | Wall Street Journal

Facebook cut references to Russia from a public report in April about manipulation of its platform around the presidential election because of concerns among the company’s lawyers and members of its policy team, according to people familiar with the matter. The drafting of the report sparked internal debate over how much information to disclose about Russian mischief on Facebook and its efforts to affect U.S. public opinion during the 2016 presidential contest, according to these people. Some at Facebook pushed to not include a mention of Russia in the report because the company’s understanding of Russian activity was too speculative, according to one of the people.

National: Think Automatic Voter Registration Just Benefits Democrats? Not Necessarily. | Governing

Over the past two years, nine states and the District of Columbia have quietly implemented a significant overhaul of the voter registration process, aiming to reduce bureaucracy and increase the number of people signed up to vote. Automatic voter registration, or AVR for short, essentially turns the current opt-in system of voter registration to an opt-out system. “When eligible citizens interact with certain government offices, they are added to the voter rolls unless they say no,” according to an article by the Brennan Center for Justice at New York University, which is working to advance the idea. Two years ago, no state had AVR. Today, 1 in 4 Americans live in a state that has approved automatic voter registration. “AVR is coming,” says Natalie Tennant, a former Democratic secretary of state from West Virginia who is now the Brennan Center’s manager of state advocacy on voting rights and elections.

National: Trump Fraud Commissioner Is Continuing Voter Purge Crusade Side Job | TPM

A member of the President Trump’s voter fraud commission is continuing his separate crusade of bullying localities into purging their voter rolls, even as a witness at a commission meeting last month questioned the formula the commissioner has used to bring his claims. For years before J. Christian Adams was named to Trump’s voter fraud commission, he led a private group that sent letters and in some cases brought lawsuits against counties alleging that they had bloated voter rolls in violation of the National Voter Registration Act. To make those claims, he has compared the Census Bureau’s estimate of the number of a county’s citizens of voting age to the number of registered voters on its rolls. … However, as Kimball Brace, president of Election Data Services, testified at the voter fraud commission’s second meeting in New Hampshire last month, the comparison is not as simple as it looks.

National: Who’s Really in Charge of the Voting Fraud Commission? | ProPublica

On Friday, in response to a judge’s order, the Department of Justice released data showing the authors, recipients, timing, and subject lines of a group of emails sent to and from the Presidential Advisory Commission on Election Integrity. They show that in the weeks before the commission issued a controversial letter requesting sweeping voter data from the states, co-chair Kris Kobach and the commission’s staff sought the input of Hans von Spakovsky and J. Christian Adams on “present and future” state data collection, and attached a draft of the letter for their review — at a moment when neither had yet been named to the commission. The commission’s letter requesting that data has been by far its most significant action since its formation in May — and was widely considered a fiasco. It sparked bipartisan criticism and multiple lawsuits. Yesterday, a federal court blocked the state of Texas from handing over its data due to privacy concerns.  

National: Russian propaganda may have been shared hundreds of millions of times, new research says | The Washington Post

Facebook has said ads bought by Russian operatives reached 10 million of its users. But does that include everyone reached by the information operation? Couldn’t the Russians also have created simple — and free — Facebook posts and hoped they went viral? And if so, how many times were these messages seen by Facebook’s massive user base? The answers to those questions, which social media analyst Jonathan Albright studied for a research document he posted online Thursday, are: No. Yes. And hundreds of millions — perhaps many billions — of times. “The primary push to influence wasn’t necessarily through paid advertising,” said Albright, research director of the Tow Center for Digital Journalism at Columbia University. “The best way to to understand this from a strategic perspective is organic reach.”

National: How Civil Rights Groups Are Fighting Trump’s Fraud Commission in Every State | Newsweek

Civil rights advocates have launched a direct attack on President Donald Trump’s election integrity commission in the form of a grassroots campaign aimed at increasing voter participation in all 50 states. Taking a step beyond simply responding to Trump-backed efforts to find voter fraud, the American Civil Liberties Union over the weekend kicked off a “Let People Vote” campaign in Lawrence, Kansas, the home state of Kris Kobach, who leads the controversial commission. The location wasn’t accidental.

National: Russian election meddling in 2018 may be difficult for Congress to stop | USA Today

With congressional elections just a year away, lawmakers are scrambling to stop Russia from hacking state election systems and using social media to create chaos and uncertainty among voters. But Congress may be stymied by its reluctance to regulate private tech companies and by states’ traditional aversion to any federal control over their elections, analysts say. The burden on the three congressional committees conducting investigations into Russian meddling has become much greater than simply trying to prevent Kremlin-linked groups from stealing campaign emails, as they allegedly did last year in cyber attacks against the Democratic National Committee and Hillary Clinton’s presidential campaign.

National: DHS Creates Task Force To Bolster Election Security | Defense Daily Network

The Department of Homeland Security is upping its game to help state and local officials with strengthening the security of their election systems through the creation of a new task force, according to a senior department official. Last week the DHS National Protection and Programs Directorate established an election task force that includes members from the different departments components, including the Office of Intelligence and Analysis, to work with state and local governments to help them protect their election systems, Christopher Krebs, the acting undersecretary of the NPPD, on Tuesday told the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection. Prior to the creation of the task force, the Office of Infrastructure Protection within NPPD was in charge of working with state and local governments to provide any help they needed with their election systems. Krebs said that elevating this role to a task force is comes down to “matching my words with our execution,” adding that the entity is being resourced “appropriately.”

National: Top Senate intelligence duo: Russia did interfere in 2016 election | The Guardian

The Senate intelligence committee has said it has confidence in an US agency finding earlier this year that Russia intervened in the US presidential election in an effort to skew the vote in Donald Trump’s favour. The committee chairman, Republican senator Richard Burr, said it remained an “open question” whether there was collusion by the Trump campaign with Moscow. But he added that Russian intelligence could threaten the next round of congressional elections next year. “We’ve got to make our facts, as it related to Russia’s involvement in our election, before the primaries getting started in 2018,” Burr said. “You can’t walk away from this and believe that Russia’s not currently active.” Burr said that the committee was making substantial progress in various areas of investigation.

National: Senator calls on voting machine makers to detail how they’ll prevent hacks | TechCrunch

One of the Senate’s main cybersecurity proponents wants assurances that voting systems in the U.S. are ready for their next major threat and he’s going straight to the hardware makers to get it. In a letter, Oregon Senator Ron Wyden — an outspoken member of the Senate Intelligence Committee — called on six of the main voting machine manufacturers in the U.S. to provide details about their cybersecurity efforts to date. The request comes on the heels of emerging details around Russia’s successful attempts to hack election systems in many states. Wyden’s line of inquiry is grounded in the pursuit of details, like if a company has been breached previously without reporting the incident and how often it has conducted penetration testing in cooperation with an external security firm. … Wyden’s appeal to voting machine manufacturers is the latest piece in the ongoing conversation around election system and voting machine security following revelations from the 2016 U.S. presidential election. Because states handle elections in a variety of ways, implementing different styles of machine and overseeing their own voter rolls, just how airtight these systems are is difficult to assess.

National: Supreme Court shows divisions in Wisconsin redistricting case that could reshape U.S. politics | Milwaukee Journal Sentinel

U.S. Supreme Court justices showed deep divisions Tuesday over a gerrymandering case from Wisconsin that could have far-reaching national implications. Liberal justices expressed openness to the idea that courts should intervene when lawmakers draw election maps that greatly favor their party. Conservatives were skeptical that judges could come up with a way to determine whether and when legislators had gone too far. In the middle of it all — as expected — was Justice Anthony Kennedy. Both sides see him as the one who will likely cast the deciding vote and they pitched their arguments to him. 

National: Supreme Court Appears Divided in Partisan Gerrymandering Case | Governing

A lawyer for Wisconsin Democrats, who have been shut out of power in the state since Republicans drew new election maps nearly a decade ago, pleaded with the U.S. Supreme Court on Tuesday to restrict partisan gerrymandering, the practice of one party using redistricting to give itself a political advantage. “The politicians are never going to fix gerrymandering,” Paul M. Smith, an attorney for the Campaign Legal Center, told the justices. “You are the only institution in the United States that can solve this problem.” Wisconsin Democrats say the 2011 Republican legislative map violated the First Amendment by punishing them for their political beliefs and violated the 14th Amendment’s equal protection clause because it intended to dilute Democratic votes but not Republican ones.