National: Election officials: ‘We are going to need more assistance’ | FCW

The Department of Homeland Security continues to work with state and local governments to protect election systems as critical infrastructure. At an Aug. 16 public meeting of the federal Election Assistance Commission, however, officials made clear that risks still remain. EAC Vice-Chairman Thomas Hicks pointed to a recent planning exercise in Albany, N.Y., as an example. That exercise, conducted in July, resulted in some surprising results that remain classified. “I found the meeting very informative, enlightening and frightening,” Hicks said. “I would encourage every state to hold a similar meeting with election officials, emergency management folks and IT officials.”

National: In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking | The New York Times

The hacker, known only by his online alias “Profexer,” kept a low profile. He wrote computer code alone in an apartment and quietly sold his handiwork on the anonymous portion of the internet known as the Dark Web. Last winter, he suddenly went dark entirely. Profexer’s posts, already accessible only to a small band of fellow hackers and cybercriminals looking for software tips, blinked out in January — just days after American intelligence agencies publicly identified a program he had written as one tool used in the hacking of the Democratic National Committee. But while Profexer’s online persona vanished, a flesh-and-blood person has emerged: a fearful man who the Ukrainian police said turned himself in early this year, and has now become a witness for the F.B.I. “I don’t know what will happen,” he wrote in one of his last messages posted on a restricted-access website before going to the police. “It won’t be pleasant. But I’m still alive.” It is the first known instance of a living witness emerging from the arid mass of technical detail that has so far shaped the investigation into the D.N.C. hack and the heated debate it has stirred. The Ukrainian police declined to divulge the man’s name or other details, other than that he is living in Ukraine and has not been arrested. There is no evidence that Profexer worked, at least knowingly, for Russia’s intelligence services, but his malware apparently did.

National: Will U.S. Cyberwarriors Be Ready for the Next Big Hack? | RealClearDefense

Hackers around the world see weaknesses in U.S. voting systems, electric grids and other pillars of American society. Russia’s alleged election meddling and other high-profile breaches have created a heightened sense of vulnerability even as new gee-whiz technologies to keep hackers at bay flood the market. To deter future attacks, experts warn, the United States needs to shore up its defenses and upend the perception that its systems are easy prey. “I guarantee the North Koreans and the Iranians saw what the Russians did and they’re going to try things in 2018 and 2020,” said former Pentagon cybersecurity policy chief Eric Rosenbach. “We have to change the perception that they’re going to get away with that,” he said at an industry conference last month.

National: America’s dubious tradition of gerrymandering: Out of Line – Impact 2017 and Beyond | Cleveland Plain Dealer

Credit a clever cartoonist in Massachusetts for coining the term gerrymander in 1812, though the practice of drawing district maps to create political advantages was common practice long before then. The cartoon published by the pro-Federalist Boston Gazettecriticized legislative maps orchestrated by Massachusetts Gov. Elbridge Gerry for the benefit of his Democratic-Republican Party over the Federalists. One district resembled the shape of a salamander. The cartoon depicted the district as a monster, labeling it “The Gerry-mander.” Merriam-Webster now definises gerrymander this way: “to divide (a territorial unit) into election districts to give one political party an electoral majority in a large number of districts while concentrating the voting strength of the opposition in as few districts as possible.”

National: Math experts join brainpower to help address gerrymandering | Associated Press

Some of the brightest minds in math arrived at Tufts University last week to tackle an issue lawyers and political scientists have been struggling with for decades. They came from colleges across the country for a weeklong conference on gerrymandering, the practice of crafting voting districts in a way that favors voters from a certain political party or demographic. It’s a topic of growing interest among many math and data experts who say their scholarly fields can provide new tools to help courts identify voting maps that are drawn unfairly. Among those working to bridge the classroom and the courtroom is Moon Duchin, a math professor at Tufts who orchestrated the gathering at her Boston-area campus. The workshop was the first in a series being organized at campuses nationwide to unite academics and to harness cutting-edge mathematics to address gerrymandering.

National: Successful voting systems must be accurate, usable, accessible and secure | Phys.org

Voting systems must be accurate, usable, accessible and secure to be successful, according to a new paper from a voting behavior expert at Rice University. “Improving Voting Systems’ User-Friendliness, Reliability and Security” will appear in Behavioral Science and Policy and summarizes voting systems in the United States used throughout the past decade and outlines lessons about how to improve them. In the paper, author Mike Byrne, a professor of psychology and computer science at Rice, summarizes previous voting research that supports his argument that the following four factors are critical to the success of voting systems. In his previous research on voting accuracy, Byrne found that voting machines fail to capture voter intent up to 4 percent of the time. He found a 1-2 percent error rate for paper ballots, a 1.5 percent error rate for direct recording electronic – DRE – machines and a 3-4 percent error rate for punch cards and lever machines. He said this is clear evidence that this issue must be addressed. Voting error rates were measured by comparing each voter’s intent with the actual vote that was cast.

National: Ex-Trump Aides Hunt for Untapped Voters, and Proof of Fraud | The New York Times

With President Trump’s poll numbers slipping, a group of the president’s former campaign aides is beginning an effort to encourage new voters in parts of the country that supported him in the election, and to stop what they contend are illegal votes in Democratic areas. The former aides are starting a group called Look Ahead America to identify “disaffected” rural and working-class Americans who either do not vote or are not on the voter rolls, in order to register and mobilize them ahead of future elections, according to a prospectus being distributed to possible donors. Look Ahead America also seeks to discourage or invalidate “fraudulent” votes by deploying poll watchers with cameras, and through what it called a forensic voter fraud investigation to identify “votes cast in the names of the deceased, by illegal immigrants or non-citizens,” according to the prospectus, which was shared with The New York Times.

National: The Voter Purge Crusade That Preceded Trump’s Sketchy Elections Commission | TPM

Vice President Mike Pence, leader of President Trump’s shady “Elections Integrity” commission kicked off its first meeting last month with a promise that it would have “no preconceived notions or preordained results.” But like many of its other members, commissioner J. Christian Adams has done little to hide what has been his end-game: bullying state and local election officials into aggressive voter registration purges that civil rights groups worry will end in eligible voters getting kicked off the rolls. Now he will be joining on the commission several other figures known for their efforts to make it harder — not easier – to vote in an endeavor that many in the voting rights community believe will be used to justify tougher voting laws, including measures that will prompt sloppy voter purges. For more than half a decade, Adams has been on his own private sector crusade to pressure election officials to agree to voter purge protocols beyond what are required by law.

National: Obama administration was warned in 2014 about Russian interference | Politico

The Obama administration received multiple warnings from national security officials between 2014 and 2016 that the Kremlin was ramping up its intelligence operations and building disinformation networks it could use to disrupt the U.S. political system, according to more than half a dozen current and former officials. As early as 2014, the administration received a report that quoted a well-connected Russian source as saying that the Kremlin was building a disinformation arm that could be used to interfere in Western democracies. The report, according to an official familiar with it, included a quote from the Russian source telling U.S. officials in Moscow, “You have no idea how extensive these networks are in Europe … and in the U.S., Russia has penetrated media organizations, lobbying firms, political parties, governments and militaries in all of these places.”

National: Why the latest theory about the DNC not being hacked is probably wrong | The Hill

A forensic report claiming to show that a Democratic National Committee insider, not Russia, stole files from the DNC is full of holes, say cybersecurity experts. “In short, the theory is flawed,” said FireEye’s John Hultquist, director of intelligence analysis at FireEye, a firm that provides forensic analysis and other cybersecurity services. “The author of the report didn’t consider a number of scenarios and breezed right past others. It completely ignores all the evidence that contradicts its claims.” The theory behind the report is that it would have been impossible for information from the DNC to have been hacked due to upload and download speeds.   The claims have slowly trickled through the media, finding backers at the right -wing site Breitbart in early June. Last week, the left-wing magazine The Nation published a 4,500-word story on the allegations. The claims are based on metadata from the leaked files, which were published on WikiLeaks during the 2016 presidential election.

National: Mueller Is Said to Seek Interviews With West Wing in Russia Case | The New York Times

In a sign that the investigation into Russian interference in the 2016 presidential election will remain a continuing distraction for the White House, the special counsel, Robert S. Mueller III, is in talks with the West Wing about interviewing current and former senior administration officials, including the recently ousted White House chief of staff, Reince Priebus, according to three people briefed on the discussions. Mr. Mueller has asked the White House about specific meetings, who attended them and whether there are any notes, transcripts or documents about them, two of the people said. Among the matters Mr. Mueller wants to ask the officials about is President Trump’s decision in May to fire the F.B.I. director, James B. Comey, the two people said. That line of questioning will be important as Mr. Mueller continues to investigate whether Mr. Trump obstructed justice in the dismissal of Mr. Comey.

National: ‘Let America Vote’ sets up shop in Manassas with scores of interns | InsideNova

Jason Kander might have fallen a bit short in his bid to become a U.S. senator last fall, but when he put out a call for summer help in Manassas, some of his 194,000 Twitter followers didn’t hesitate to answer. In the days since President Donald Trump’s election (and Kander’s own 3-point loss to Sen. Roy Blunt, R-Mo.), the former Missouri Secretary of State has been crafting a new kind of political organization: “Let America Vote,” a group Kander says is designed to “create political consequences for politicians who’ve made voting more difficult or failed to stand up for voting rights.” But with the 2018 midterm elections still a long way out, the Democrat turned his eye toward the statewide races in Virginia as a good place to start. His team of organizers, largely culled from the staff of his Senate bid, saw an opportunity to make an impact in Northern Virginia and made plans to open the group’s first field office in Prince William County.

National: This System Catches Vote Fraud and the Wrath of Critics | NBC

It’s been called a faulty, error-prone failure. But that might not stop this system for rooting out vote fraud from getting a national debut. Kansas Secretary of State Kris Kobach, the vice chair of President Donald Trump’s vote fraud commission, is looking to expand the “Interstate Voter Registration Crosscheck Program” that he’s developed in his state to sweep possible illegal voters off the rolls. Crosscheck is a computer system designed to detect fraud by finding matches in voter registration lists shared by dozens of states and thereby detecting suspected double voters.

National: Russian Cyberattack Targeted Elections Vendor Tied To Voting Day Disruptions | NPR

When people in several North Carolina precincts showed up to vote last November, weird things started to happen with the electronic systems used to check them in. “Voters were going in and being told that they had already voted — and they hadn’t,” recalls Allison Riggs, an attorney with the Southern Coalition for Social Justice. The electronic systems — known as poll books — also indicated that some voters had to show identification, even though they did not. Investigators later discovered the company that provided those poll books had been the target of a Russian cyberattack. There is no evidence the two incidents are linked, but the episode has revealed serious gaps in U.S. efforts to secure elections. Nine months later, officials are still trying to sort out the details. … At first, the county decided to switch to paper poll books in just those precincts to be safe. But Bowens says the State Board of Elections & Ethics Enforcement got involved “and determined that it would be better to have uniformity across all of our 57 precincts and we went paper poll books across the county.”

National: A Summer School for Mathematicians Fed Up with Gerrymandering | The New Yorker

On a late-spring evening in Boston, just as the sun was beginning to set, a group of mathematicians lingered over the remains of the dinner they had just shared. While some cleared plates from the table, others started transforming skewers and hunks of raw potato into wobbly geodesic forms. Justin Solomon, an assistant professor at M.I.T., lunged forward to keep his structure from collapsing. “That’s five years of Pixar right there,” he joked. (Solomon worked at the animation studio before moving to academia.) He and his collaborators were unwinding after a long day making preparations for a new program at Tufts University—a summer school at which mathematicians, along with data analysts, legal scholars, schoolteachers, and political scientists, will learn to use their expertise to combat gerrymandering.

National: Is the Path to Secure Elections Paved With Open Source Code? | LinuxInsider

Increased use of open source software could fortify U.S. election system security, according to an op-ed published last week in The New York Times.Former CIA head R. James Woolsey and Bash creator Brian J. Fox made their case for open source elections software after security researchers demonstrated how easy it was to crack some election machines in the Voting Machine Hacking Village staged at the recent DefCon hacking conference in Las Vegas. … “They confirmed what we already knew,” said James Scott, a senior fellow at the Institute for Critical Infrastructure Technology. “These are extremely vulnerable machines.” “Think of what a voting machine is,” he told LinuxInsider. “It’s a 1980s PC with zero endpoint security in a black box where the code is proprietary and can’t be analyzed.” Although the researchers at DefCon impressed the press when they physically hacked the voting machines in the village, there are more effective ways to crack an election system. “The easiest way to hack an election machine is to poison the update on the update server at the manufacturer level before the election,” Scott explained. “Then the manufacturer distributes your payload to all its machines for you.”

National: DefCon hackers made short work of voting machines. Now what? | GCN

The news coming out of last month’s DefCon hacker conference in Las Vegas was not good for voting machine manufacturers — and unsettling for election officials. A “voting village” was set up where hackers tested the security of about a dozen voting machines. They made their way into every single one. Eric Hodge, director of consulting at CyberScout, helped plan the event. There had been plenty of discussion about the security of these machines, he said. American intelligence officials concluded last year that Russia interfered with the 2016 presidential election, but many state election officials  argued that their voting machines were secure because they were not connected to the internet. The DefCon voting village was set up to actually test the physical machines, which Hodge said never experience much penetration testing. In their testing debut, they didn’t fare too well. … Within minutes, some of the machines were hacked.  “These guys are good,” Hodge said. “But, you know, so are the Russians.”

National: Could voting fraud panel create an easy target for hackers? | Associated Press

Officials from both parties had a consistent answer last year when asked about the security of voting systems: U.S. elections are so decentralized that it would be impossible for hackers to manipulate ballot counts or voter rolls on a wide scale. But the voter fraud commission established by President Donald Trump could take away that one bit of security. The commission has requested information on voters from every state and recently won a federal court challenge to push ahead with the collection, keeping it in one place. By compiling a national list of registered voters, the federal government could provide one-stop shopping for hackers and hostile foreign governments seeking to wreak havoc with elections. “Coordinating a national voter registration system located in the White House is akin to handing a zip drive to Russia,” said Kentucky Secretary of State Alison Lundergan Grimes, a Democrat who has refused to send data to the commission.

National: Amid DHS leadership shuffle, voting systems remain vulnerable | FCW

Even with the widespread attention and federal protections provided to election systems, state and federal officials alike have concerns that U.S. election systems remain vulnerable to digital meddling. In the final days of the Obama administration, then-Department of Homeland Security Secretary Jeh Johnson formally designated state election assets as U.S. critical infrastructure in response to digital floods of misinformation, as well as Russian cyber espionage on an election software vendor and spear-phishing attempts against local election officials during the lead-up to the November 2016 presidential election. The move allowed state governments to ask DHS for help on a voluntary basis in securing their election infrastructure, but was met with resistance from many state officials and some members of Congress. Amid this resistance — and the current shuffle in DHS leadership — Johnson expressed fear on CBS’s Face the Nation Aug. 6 that voting systems remain vulnerable to digital meddling. “I’m concerned that we are almost as vulnerable, perhaps, now as we were six, nine months ago,” he said.

National: Trump Campaign Turns Over Thousands of Documents in Russia Probe | Bloomberg

Donald Trump’s presidential campaign, his son Donald Trump Jr. and former campaign manager Paul Manafort have started turning over documents to the Senate Judiciary Committee as part of the panel’s expanded investigation of Russian election-meddling. The Trump campaign turned over about 20,000 pages of documents on Aug. 2, committee spokesman George Hartmann said Tuesday. Manafort provided about 400 pages on Aug. 2, including his foreign-advocacy filing, while Trump Jr. gave about 250 pages on Aug. 4, Hartmann said. The committee had asked them last month to start producing the documents by Aug. 2. A company the Judiciary panel says has been linked to a salacious “dossier” on Trump, Fusion GPS, and its chief executive officer, Glenn Simpson, have yet to turn over any requested documents, Hartmann said.

National: Voting System Hacks Prompt Push for Paper-Based Voting | Information Week

Calls for paper-based voting to replace computer-based systems at the DEF CON hacker conference have intensified in the wake of a wave of voting machine hacks earlier this month. … “It’s undeniably true that systems that depend on software running in a touchscreen voting machine can’t be relied on,” Voting Village organizer Matt Blaze said in a Facebook Live feed hosted by US congressmen Will Hurd (R-Texas) and James Langevin (D-R.I.), in the aftermath of the DEF CON hacks. “We need to switch to systems that don’t depend on software,” said Blaze, a renowned security expert who is a computer science professor at the University of Pennsylvania. Blaze recommends OCR-based systems using paper ballots that provide an audit trail for counting and confirming votes. … “We know that computers can be hacked. What surprised me is that they did it so quickly” with the voting machines at DEF CON, says computer scientist Barbara Simons, president of Verified Voting. “One of the things that 2016 made quite clear is that we have very vulnerable voting systems and we don’t do a good job” of protecting them, Simons says. “So we exposed ourselves, and we haven’t taken the necessary steps to protect ourselves.”

National: DHS Reassures States it Won’t Step on Election Authority | MeriTalk

he designation of the nation’s election systems as critical infrastructure will not infringe upon state and local authority to run elections. In a recent memo to Senate Homeland Security and Governmental Affairs Committee Members, Ranking Member Claire McCaskill, D-Mo., relayed communications from the Department of Homeland Security that reiterated that fact. “This designation does not allow for technical access by the Federal Government into the systems and assets of election infrastructure, without voluntary legal agreements made with the owners and operators of these systems,” DHS told McCaskill, also confirming that there is no intention to change that critical infrastructure designation. “This dynamic is consistent with engagements between the Federal Government and other previously established critical infrastructure sectors and subsectors.”

National: Hacking the Vote: Why Voting Systems Aren’t as Secure as You Might Think | KQED

Defcon is the annual hacker conference in Vegas and the buzz this year centered around the Voting Machine Hacking Village. A dozen electronic voting machines, like you might see at your local polling place, were set up along the walls of a conference room. In the center were tables where hackers took some machines apart. … In fact, until 2015, hacking voting machines — even to do research — was against the law unless you got a special waiver, said Matt Blaze, a computer science professor at the University of Pennsylvania. “So far, only a few dozen people who are computer scientists thinking about this have been able to get access to these machines,” Blaze said. Blaze helped set up the voting village at Defcon. A decade ago he obtained a waiver to study electronic voting machines in California and Ohio. “And my team of graduate students and I were able to very quickly discover a number of really serious and exploitable problems with those systems,” he said.

National: The justices tackle partisan gerrymandering again: In Plain English | SCOTUSblog

Justice Ruth Bader Ginsburg has suggested that it might be the most important case of the upcoming term. On October 3, the Supreme Court will hear oral argument in Gill v. Whitford, a challenge to the redistricting plan passed by Wisconsin’s Republican-controlled legislature in 2011. A federal court struck down the plan last year, concluding that it violated the Constitution because it was the product of partisan gerrymandering – that is, the practice of purposely drawing district lines to favor one party and put another at a disadvantage. The challengers argue that the redistricting plan would allow Republicans to cement control of the state’s legislature for years to come, even if popular support for the party wanes; the lower court’s decision, they contend, merely corrected “a serious democratic malfunction that would otherwise have gone unremedied.” By contrast, the state of Wisconsin counters that if the lower court’s decision is allowed to stand, it will open the door to “unprecedented intervention in the American political process.”

National: Jeh Johnson worries U.S. still “vulnerable” to election meddling | CBS

Former Homeland Security Secretary Jeh Johnson said Sunday he is concerned that the U.S. remains “vulnerable” to election meddling, and that the cyber threat facing the U.S. is “going to get worse before it gets better.” “The Department of Homeland Security very much was on alert on Election Day and in the days leading up to it, along with the FBI. And we were very concerned,” Johnson said on CBS News’ “Face the Nation.” He said that “a number of vulnerabilities” in election infrastructure were identified and addressed. “But that process needs to continue,” he said. “I’m concerned that we are almost as vulnerable perhaps now as we were six, nine months ago.”

National: States ramping up defenses against election hacks | The Hill

States across the nation are ramping up their digital defenses to prevent the hacking of election systems in 2018. The efforts come in the wake of Russia’s interference in the 2016 presidential election, which state officials say was a needed wake up call on cybersecurity threats to election systems and infrastructure. … Security experts are still divided over the extent of hacking risks to actual voting machines. Some say that because many different voting machines are used across the country and because they are not connected to the internet, that would make any large scale attack hard to carry out. … But others contend that digital voting machines are vulnerable and could be targeted to influence actual election outcomes. “Some election functions are actually quite centralized,” Alex Halderman, a University of Michigan computer science professor, told the Senate Intelligence Committee in June. “A small number of election technology vendors and support contractors service the systems used by many local governments. Attackers could target one or a few of these companies and spread malicious code to election equipment that serves millions of voters.”

National: Voting Machine Hackers Have 5 Tips to Save the Next Election | WIRED

American Democracy depends on the sanctity of the vote. In the wake of the 2016 election, that inviolability is increasingly in question, but given that there are 66 weeks until midterm elections, and 14 weeks until local 2017 elections, there’s plenty of time to fix the poor state of voting technology, right? Wrong. To secure voting infrastructure in the US in time for even the next presidential election, government agencies must start now. At Def Con 2017 in Las Vegas, one of the largest hacker conferences in the world, Carsten Schurmann (coauthor of this article) demonstrated that US election equipment suffers from serious vulnerabilities. It took him only a few minutes to get remote control of a WINVote machine used in several states in elections between 2004 and 2015. Using a well-known exploit from 2003 called MS03-026, he gained access to the vote databases stored on the machine. This kind of attack is not rocket science and can be executed by almost anyone. All you need is basic knowledge of the Metasploit tool.

National: To Fix Voting Machines, Hackers Tear Them Apart | WIRED

The toughest thing to convey to newcomers at the DefCon Voting Village in Las Vegas this weekend? Just how far they could go with hacking the voting machines set up on site. “Break things, just try to pace yourself,” said Matt Blaze, a security researcher from the University of Pennsylvania who co-organized the workshop. DefCon veterans were way ahead of him. From the moment the doors opened, they had cracked open plastic cases and tried to hot-wire devices that wouldn’t boot. Within two minutes, democracy-tech researcher Carsten Schürmann used a novel vulnerability to get remote access to a WINVote machine. The Voting Village organizers—including Harri Hursti, an election technology researcher from Finland, and Sandy Clark from the University of Pennsylvania—had set up about a dozen US digital voting machines for conference attendees to mess with. Some of the models were used in elections until recently and have since been decommissioned; some are still in use. Over three days, attendees probed, deconstructed and, yes, even broke the equipment in an effort to understand how it works and how it could be compromised by attackers. Their findings were impressive, but more importantly, they represented a first step toward familiarizing the security community with voting machines and creating momentum for developing necessary defenses.

National: Federal judge denies Common Cause effort to block Trump fraud commission | The Washington Post

A federal judge on Tuesday declined to temporarily bar President Trump’s voting commission from collectingvoter data from states and the District, saying a federal appeals court likely will be deciding the legality of the request. U.S. District Judge Royce C. Lamberth of the District denied an emergency motion by Common Cause, a nonprofit government watchdog group. The group alleged the request for voting history and political party affiliation by the Trump administration violates a Watergate-era law that prohibits the government from gathering information about how Americans exercise their First Amendment rights. Lamberth advised the group to flesh out its claims by documenting the commission’s activity at a recent July 19 meeting while the lawsuit continues.

National: 33 states accepted Department of Homeland Security aid to secure elections | The Hill

The Department of Homeland Security (DHS) provided cybersecurity assistance to 33 state election offices and 36 local election offices leading up to the 2016 presidential election, according to information released by Democratic congressional staff. During the final weeks of the Obama administration, the DHS announced that it would designate election infrastructure as critical, following revelations about Russian interference in the 2016 election. Since January, two states and six local governments have requested cyber hygiene scanning from the DHS, according to a memo and DHS correspondence disclosed Wednesday by the Democratic staff of the Senate Homeland Security and Governmental Affairs Committee. The information is related to the committee’s ongoing oversight of the DHS decision to designate election infrastructure.