National: Hackers descend on Las Vegas to expose voting machine flaws | Politico

Election officials and voting machine manufacturers insist that the rites of American democracy are safe from hackers. But people like Carten Schurman need just a few minutes to raise doubts about that claim. Schurman, a professor of computer science at the University of Copenhagen in Denmark, used a laptop’s Wi-Fi connection Friday to gain access to the type of voting machine that Fairfax County, Virginia, used until just two years ago. Nearby, other would-be hackers took turns trying to poke into a simulated election computer network resembling the one used by Cook County, Illinois. …  Before the 2016 election, former FBI Director James Comey assuaged fears by telling Congress that the system was so “clunky” — comprised of a mishmash of different kinds of machines and networks, with each state’s results managed by a consortium of state and county officials — that its overall integrity was fairly safe. Election security advocates aren’t as confident. Barbara Simons, Board Chair of Verified Voting, a nonprofit that since 2003 has studied U.S. elections equipment, said that the vulnerabilities on display in Las Vegas only served to reiterate a need for the country to adopt a nationwide system of verifiable paper ballots and mandatory, statistically significant audits. While numerous states have starting moving in this direction, Simons worries it’s not enough.

National: These Hackers Reveal How Easy It Is To Hack US Voting Machines | Forbes

In a muggy little room in the far corner of Caesar’s Palace, wide-eyed and almost audibly buzzing is Carsten Schurmann. The German-born hacker has just broken into a U.S. voting machine with his Apple Mac in a matter of minutes. He can turn it on and off, he can read all the information stored within and if he felt like it, he could probably change some votes if the system was in use. “This is insane,” he says. But today, that machine is not in use, it’s being opened up for anyone to try what Schurmann did. A host of technically-minded folk have gathered at DEF CON’s Voting Machine Village, where they’re tinkering with more than 25 commonly used systems used across American elections. They might just save the next election from Russian hackers. Those machines are, co-organizer Matt Blaze says, horribly insecure. Blaze’s hope is the public will be made aware of their many, many flaws, and demand elections be protected from outside, illegal interference, following the much-documented attempts by Russia to install Donald Trump as president.

National: Hackers Scour Voting Machines for Election Bugs | VoA News

Hackers attending this weekend’s Def Con hacking convention in Las Vegas were invited to break into voting machines and voter databases in a bid to uncover vulnerabilities that could be exploited to sway election results. The 25-year-old conference’s first “hacker voting village” opened on Friday as part of an effort to raise awareness about the threat of election results being altered through hacking. Hackers crammed into a crowded conference room for the rare opportunity to examine and attempt to hack some 30 pieces of election equipment, much of it purchased over eBay, including some voting machines and digital voter registries that are currently in use.

National: Hackers breach each of dozens voting machines brought to conference | The Hill

One of the nation’s largest cybersecurity conferences is inviting attendees to get hands-on experience hacking a slew of voting machines, demonstrating to researchers how easy the process can be. “It took me only a few minutes to see how to hack it,” said security consultant Thomas Richards, glancing at a Premier Election Solutions machine currently in use in Georgia. The DEF CON cybersecurity conference is held annually in Las Vegas. This year, for the first time, the conference is hosting a “Voting Machine Village” where attendees can try to hack a number of systems and help catch vulnerabilities. The conference acquired 30 machines for hackers to toy with. Every voting machine in the village was hacked.

National: Defcon hackers break voting machines easily with old exploits | CNET

When the password for a voting machine is “abcde” and can’t be changed, the integrity of our democracy might be in trouble. The Advanced Voting Solutions WinVote machine, dubbed “America’s worst voting machine,” came equipped with this simple password even as it was used in some of the country’s most important elections. AVS went out of business in 2007, but Virginia used its insecure machines until 2015 before dropping them for scrap metal. That means this vulnerable hunk of technology was used in three presidential elections, starting with George W. Bush’s re-election in 2004 to Barack Obama’s in 2012. In addition to Virginia, Pennsylvania and Mississippi used the WinVote without knowing all the ways it could be hacked. Unlike other technology — your phone, your laptop, connected cars — security wasn’t really a focus. 

National: Leader Of Voter Fraud Probe Really Doesn’t Want To Release Trump Meeting Documents | HuffPost

Kansas Secretary of State Kris Kobach (R) continued to fight releasing documents from a meeting with President Donald Trump in November, saying that the public did not need to see them and that disclosing them would impede his ability to serve on Trump’s commission to investigate voter fraud. Kobach, who has lent support to Trump’s claims of widespread voter fraud and exaggerated instances of it in the past, made the argument with his lawyer in a Friday court filing as part of an ongoing lawsuit brought by the American Civil Liberties Union over a Kansas law requiring people to prove their citizenship to vote. As part of the lawsuit, the ACLU is requesting a Kansas federal judge unseal documents that Kobach was photographed holding when he met with Trump in November 2016, as well as a draft amendment to federal voting law, which circulated in his office. The documents contain potential amendments to the National Voter Registration Act, a 1993 law requiring motor vehicle and some other state agencies to provide opportunities to register to vote.

National: It took DEF CON hackers minutes to pwn these US voting machines | The Register

After the debacle of the 2000 presidential election count, the US invested heavily in electronic voting systems – but not, it seems, the security to protect them. This year at the DEF CON hacking conference in Las Vegas, 30 computer-powered ballot boxes used in American elections were set up in a simulated national White House race – and hackers got to work physically breaking the gear open to find out what was hidden inside. In less than 90 minutes, the first cracks in the systems’ defenses started appearing, revealing an embarrassing low level of security. Then one was hacked wirelessly. “Without question, our voting systems are weak and susceptible. Thanks to the contributions of the hacker community today, we’ve uncovered even more about exactly how,” said Jake Braun, who sold DEF CON founder Jeff Moss on the idea earlier this year. “The scary thing is we also know that our foreign adversaries – including Russia, North Korea, Iran – possess the capabilities to hack them too, in the process undermining principles of democracy and threatening our national security.”

National: U.S. elections are an easier target for Russian hackers than once thought | Los Angeles Times

When Chris Grayson pointed his Web browser in the direction of Georgia’s elections system earlier this year, what he found there shocked him. The Santa Monica cybersecurity researcher effortlessly downloaded the confidential voter file of every registered Georgian. He hit upon unprotected folders with passwords, apparently for accessing voting machines. He found the off-the-shelf software patches used to keep the system secure, several of which Grayson said could be easily infected by a savvy 15-year-old hacker. “It was like, holy smokes, this is all on the Internet with no authentication?” Grayson said in an interview. “There were so many things wrong with this.” … Among the most alarmed have been pedigreed computer security scholars, who warn that a well-timed hack of a vendor that serves multiple states could be enough to cause chaos even in systems that were thought to be walled off from one another. And they say security lapses like those in Georgia reveal the ease with which hackers can slip in.

National: Voter Registration Data from 9 States Available for Sale on Dark Web | Dark Reading

Threat intelligence company LookingGlass Cyber Solutions says it has discovered over 40 million voter records from nine different states being traded in an underground forum for stolen credit card data and login credentials. The voter records being offered for sale include the voter’s full first, last and middle name, voter ID, birthdate, voter status, party affiliation, residential address and other details. The data belongs to voters in Arkansas, Colorado, Connecticut, Delaware, Florida, Michigan, Ohio, Oklahoma and Washington State. Over the last two days, voter databases from at least two of the states—Arkansas and Ohio—were sold for a mere $2 each, or a total of $4 for almost 10 million voter records. That suggests financial gain is not the primary reason for the activity, according to LookingGlass. ‘Logan,’ the individual who has advertised the data and is selling it on a site called RaidForums, has hinted at possessing voter records for an additional 20 to 25 states, says Jonathan Tomek, director of threat research at LookingGlass Cyber Solutions.

National: Kris Kobach says Trump’s fraud panel will keep voter data secure. Some states aren’t buying it | Los Angeles Times

After weeks of legal battles and bipartisan pushback from top election officials nationwide, President Trump’s voter fraud commission has renewed a message for the states: It’s safe to pass along your data about voters. “Individuals’ voter registration records will be kept confidential and secure throughout the duration of the commission’s existence,” Kris Kobach, vice chairman of the commission, wrote in a letter sent late Wednesday to all 50 secretaries of state. Even so, by Thursday, much of the criticism that greeted an earlier request from the commission was repeated by election officials and activists, who have expressed concerns about privacy and have called the panel both a sham created by an insecure president and a tool to suppress votes. … The letter from Kobach is the second in less than a month requesting that secretaries of state submit voter data to the so-called Presidential Advisory Commission on Election Integrity.

National: Senate panel moves bill to deter foreign meddling in US | Associated Press

The Senate is moving forward with legislation to combat cyberattacks and deter foreign interference amid an investigation into Russian meddling in the 2016 election. The bill approved by the Senate intelligence committee 14-1 Thursday will now move to the Senate floor. According to the panel, the legislation would ensure the intelligence community is well-positioned to detect cyberattacks, strengthen information-sharing with states to protect voting systems and “send a message to Moscow that we will not accept their aggressive actions.”

National: Voter fraud commission will almost certainly ‘find’ thousands of duplicate registrations that aren’t duplicates. Here’s why. | The Washington Post

Did Vice President Pence commit voter fraud? You might think so, if you looked at voter registration data that includes only each voter’s name and birth year. Mike Pence registered to vote eight times and cast seven ballots across six states in the November 2016 election. But you would be wrong. Each of these registration records belongs to a different person. Their only crime is that they share their name and were born in the same year as the vice president. The Presidential Advisory Commission on Election Integrity, led by the vice president, has gotten considerable attention for requesting voter registration information (including names, birthdays and Social Security numbers) from each state. Presumably, the commission will use the names and birthdays in these lists to identify potential duplicate registration records between states.

National: With New Sanctions, Senate Forces Trump’s Hand on Russia | The New York Times

The Senate on Thursday approved sweeping sanctions against Russia, forcing President Trump to decide whether to accept a tougher line against Moscow or issue a politically explosive veto amid investigations into ties between his presidential campaign and Russian officials. The Senate vote, 98 to 2, followed the passage of a House bill this week to punish Russia, Iran and North Korea for various violations by each of the three American adversaries. In effect, the measure would sharply limit Mr. Trump’s ability to suspend or lift sanctions on Russia — handcuffing a sitting president just six months into his term with the nearly unanimous support of a Republican-led Congress.

National: Hackers plan to break into 30 voting machines to put election meddling to the test | USA Today

Think of it as a stress test for democracy. Hackers plan to spend this weekend trying to break into more than 30 voting machines used in recent elections to see just how far they can get. U.S. election officials have consistently said that despite Russian attempts to affect the outcome of the 2016 presidential election, no votes were tampered with. … However, experts in election voting software say no states routinely perform post-election vote audits to ensure that the reported vote count tallies with ballots, Singer said. Moreover, there were no forensic examinations of any of the voting machines used in the 2016 presidential election, in part because many election-machine vendor contracts prohibit it, Singer said. That’s a red flag for hackers at DefCon.

National: Top hacker conference to target voting machines | Politico

Hackers will target American voting machines—as a public service, to prove how vulnerable they are. When over 25,000 of them descend on Caesar’s Palace in Las Vegas at the end of July for DEFCON, the world’s largest hacking conference, organizers are planning to have waiting what they call “a village” of different opportunities to test how easily voting machines can be manipulated. Some will let people go after the network software remotely, some will be broken apart to let people dig into the hardware, and some will be set up to see how a prepared hacker could fiddle with individual machines on site in a polling place through a combination of physical and virtual attacks. … With all the attention on Russia’s apparent attempts to meddle in American elections—former President Barack Obama and aides have made many accusations toward Moscow, but insisted that there’s no evidence of actual vote tampering—voting machines were an obvious next target, said DEFCON founder Jeff Moss. Imagine, he said, what a concerted effort out of Russia or anywhere else could do.

National: Lawmakers reach deal for Senate Russia sanctions vote | Reuters

U.S. lawmakers reached an agreement on Wednesday paving the way for the U.S. Senate to pass a bill as soon as this week to impose new sanctions on Russia and bar President Donald Trump from easing sanctions on Moscow without Congress’ approval. Earlier on Wednesday, Russia warned it was edging closer to retaliation against Washington after the House of Representatives backed new U.S. sanctions on Moscow, while the European Union said the move might affect its energy security and it stood ready to act too.

National: Facebook funds Harvard group trying to fight election hacking | The Hill

Facebook said on Wednesday that it will give funding to a nonprofit at Harvard that is trying to curb cyberattacks aimed political groups and election systems. The social media giant’s money will go to Defending Digital Democracy, a group led by former campaign chairs for Hillary Clinton and Mitt Romney, based at Harvard’s Kennedy School of Government. Though Facebook is providing the initial funding for the center, it said that it hopes other participants will help the organization transition into a group with several members who share information and analysis in “critical areas of the democratic process.”
At Black Hat, an IT security conference, Facebook Chief Security Officer Alex Stamos said the project was born out of the company realizing that no one was taking responsibility for issues of election hacking. “A huge amount of harm falls outside what we considered to be our problem,” Stamos said. “The real problems is that those issues is generally not anybody else’s problem either.”

National: Voting Machine Hacking Village at DEF CON | Gizmodo

… DEF CON is getting more deeply involved with election security than ever before—this year, the event will host its first Voting Machine Hacking Village. DEF CON villages are offshoots of the main event, where attendees get to tinker with technology. At the vote-hacking village, they’ll be invited to tamper with voting hardware and software. In addition to the hackers, the village is expecting visitors from Congress, the National Institute of Standards and Technology, the Department of Homeland Security, and voting machine vendors. Moss hopes to discover just how easy it is to compromise a voting system. Although states test components of their systems, Moss couldn’t find any examples of a state testing their complete voting apparatus. Most manufacturers, he explained, test voting machines for their ability to withstand humidity rather than hackers. This is worrisome, particularly at a time when Americans are suddenly obsessed with qualifying the security of their electoral systems.

National: Kobach says states will be sent new letter on voter information request | The Kansas City Star

Kris Kobach said states will be sent a new letter describing how to submit voter information following a federal court ruling this week that favored Kobach and President Donald Trump’s election integrity commission. Kobach told The Star that he expected those instructions to be issued Tuesday. The commission, which Kobach helps lead, had asked states to hold off from submitting the data until a judge ruled on a request for a temporary restraining order filed by the Electronic Privacy Information Center. “There are more than 30 states that already indicated they intended to provide this publicly available information to the commission,” Kobach said. “So I anticipate that that will start happening soon.”

National: Eager to punish Russia for meddling in 2016 election, House decisively passes sanctions bill curbing Trump’s power | Associated Press

Eager to punish Russia for meddling in the 2016 election, the House on Tuesday overwhelmingly backed a new package of sanctions against Moscow that prohibits President Donald Trump from waiving the penalties without first getting permission from Congress. Lawmakers passed the legislation, 419-3, clearing the far-reaching measure for action by the Senate. If senators move quickly, the bill could be ready for Trump’s signature before Congress exits Washington for its regular August recess. The Senate, like the House, is expected to pass the legislation by a veto-proof margin. The bill also slaps Iran and North Korea with sanctions. The 184-page measure serves as a rebuke of the Kremlin’s military aggression in Ukraine and Syria, where Russian President Vladimir Putin has backed President Bashar Assad. It aims to hit Putin and the oligarchs close to him by targeting Russian corruption, human rights abusers, and crucial sectors of the Russian economy, including weapons sales and energy exports.

National: DOJ inspector general testimony may shed light on 2016 election inquiry | Politico

With special prosecutor Robert Mueller’s criminal inquiry into Russian meddling in the 2016 election now well underway and at least four congressional probes ongoing, it may seem like every aspect of the controversy is already being closely scrutinized. But there’s also a less-noticed investigation by the Justice Department’s Office of Inspector General, which has been exploring several issues key to the Russia saga since before President Donald Trump’s inauguration. Inspector General Michael Horowitz has offered few public indications of the status of his probe, which some lawmakers said he initially told them was expected to be complete by early next year. On Wednesday, he’s likely to make his first public statements at a hearing in front of the Senate Judiciary Committee about the status of his inquiry – and whether he’ll acquiesce to any of the many requests from Republicans and Democrats to expand his review to include the firing of former FBI director James Comey or other developments.

National: Five things to watch for at ‘hacker summer camp’ | The Hill

The largest cybersecurity event of the year kicks off this week, as the Black Hat, Def Con and BSides conferences launch back-to-back-to-back in Las Vegas. … In a subversive move, attendees at Def Con will be able to attend its first Voting Machine Village. The Village offers a side conference on voting machine insecurity and a playground of real voting machines for hackers to toy with.

National: District court refuses to block federal government voter information collection | Los Angeles Times

A federal court in Washington on Monday cleared the way for President Trump’s election commission to ask states to turn over personal voter information as part of its investigation into Trump’s claims about voter fraud in the 2016 presidential election. The U.S. District Court ruled against the Electronic Privacy Information Center, a public-interest research group that had sought a temporary restraining order to block the Presidential Advisory Commission on Election Integrity. The court rejected arguments that the commission’s request for certain voter data violated Americans’ privacy and that the commission did not follow constitutional proceedings. … The commission has been hit with a flurry of lawsuits since its vice chairman, Kansas Secretary of State Kris Kobach, sent a letter to state officials nationwide June 28 requesting voter information, including dates of birth, partial Social Security numbers and information about which elections voters participated in since 2006.

National: Beyond Russia: 5 Ways to Interfere in U.S. Elections—Without Breaking the Law | The Atlantic

Russia’s apparent interference in the U.S. presidential election is a big story, but it’s part of an even bigger one: the ease with which foreign actors can insert themselves into the democratic process these days, and the difficulty of determining how to minimize that meddling. Witness the disagreement in recent weeks among leaders of the U.S. Federal Election Commission. Democratic Commissioner Ellen Weintraub has urged the regulatory agency to plug the types of “legal or procedural holes” that enabled Russia to pose “an unprecedented threat to the very foundations of our American political community,” while her Republican colleagues have resisted her proposed fixes.

National: Trump intel chief: No agencies dispute Russian election meddling | The Hill

Director of National Intelligence Dan Coats said Friday that U.S. intelligence agencies uniformly believe the Kremlin meddled in the 2016 presidential campaign, despite President Trump’s earlier claim there was a misunderstanding between the agencies. “There is no dissent, and I have stated that publicly and I have stated that to the president,” Coats told NBC News’s Lester Holt at the Aspen Security Forum. Trump had previously claimed that only “three or four” U.S. intelligence agencies came to the conclusion that Russian meddled in the presidential race, however Coats said agencies, such as the Coast Guard and the Drug Enforcement Agency, do not focus on the subject of election meddling.

National: Bipartisan group agrees on Russia sanctions for meddling in election | The Guardian

Congressional Democrats announced on Saturday that a bipartisan group of House and Senate negotiators have reached an agreement on a sweeping package of sanctions to punish Russia for meddling in the presidential election and its military aggression in Ukraine and Syria. Steny Hoyer of Maryland, the number two House Democrat, said lawmakers had settled lingering issues with the bill, which also includes stiff economic penalties against Iran and North Korea. The sanctions targeting Russia, however, have drawn the most attention due to Donald Trump’s persistent push for warmer relations with Vladimir Putin and ongoing investigations into Russia’s interference in the 2016 campaign.

National: Trump’s Voter-Fraud Commission Has Its First Meeting | The Atlantic

Getting served with seven different lawsuits is probably a bad way to start any job. But that’s exactly what the members of President Trump’s  Presidential Advisory Commission on Election Integrity faced Wednesday, when the commission met in person for the first time. The latest of these lawsuits comes from the NAACP Legal Defense Fund, alleging among other things that with Trump’s creation of the commission by executive order in May, he “appointed a commission stacked with biased members to undertake an investigation into unfounded allegations of voter fraud.” The lawsuit also states that “the work of the Commission as described by its co-chairs are grounded on the false premise that Black and Latino voters are more likely to perpetrate voter fraud.” The LDF lawsuit finds in the new commission a veritable rogues gallery of voter suppression. The first defendant named is Trump himself, who has touted controversial—and false—claims of millions of fraudulent votes in the 2016 election. But much of the plaintiffs’ ire is directed towards vice chair Kris Kobach, the Kansas Secretary of State and the de facto leader of the commission. In his position in Kansas, Kobach has launched a one-of-a-kind effort to track down illegal noncitizen voters, an aggressive campaign that has challenged hundreds of votes and brought to court dozens of campaigns but has only secured one such conviction so far.

National: Trump’s voter commission now facing at least 7 federal suits | The Washington Post

The NAACP Legal Defense Fund on Tuesday filed a lawsuit in federal court alleging that President Donald Trump’s voting commission “was formed with the intent to discriminate against voters of color in violation of the Constitution.” “Statements by President Trump, his spokespersons and surrogates … as well as the work of the Commission as described by its co-chairs, are grounded on the false premise that Black and Latino voters are more likely to perpetrate voter fraud,” the suit alleges. As evidence, the suit points to Trump’s repeated unsubstantiated claims that millions of illegal immigrants voted in the 2016 election. Those claims were subsequently repeated by Vice President Mike Pence and Kansas Secretary of State Kris Kobach, now the chair and vice-chair of the Presidential Advisory Commission on Election Integrity, which Trump set up to investigate his unfounded claims.

National: Kelly: States ‘nuts’ if they don’t ask feds for election protection help | Politico

Homeland Security Secretary John Kelly said Wednesday that states that aren’t asking Washington for help in protecting their election systems from hackers are “nuts.” But while Kelly said he supported the Obama administration’s decision to designate U.S. election systems “critical infrastructure,” given threats from Russia and other entities, he also acknowledged that elections remain the domain of the states. “All of the input I get from all of the states are ‘We don’t want you involved in our election process,’” he said. “I think they’re nuts if they don’t [seek help. But] If they don’t want the help, they don’t have to ask.” Kelly spoke during the opening session of this year’s Aspen Security Forum; he’s one of several officials in President Donald Trump’s administration slated to speak at the gathering, which runs through Saturday.

National: This anti-voter-fraud program gets it wrong over 99 percent of the time. The GOP wants to take it nationwide. | The Washington Post

At the inaugural meeting of President Trump’s election integrity commission on Wednesday, commission Vice-Chairman Kris Kobach of Kansas praised a data collection program run by his state as a model for a national effort to root out voter fraud. States participating in the program, known as the Interstate Crosscheck System, send their voter registration files to Kansas. Kansas election authorities compare these files to those from other states. Each participating state receives back a list of their voter registrations that match the first name, last name and date of birth of a voter in another state. States may act upon the findings as they wish, although Crosscheck provides some guidelines for purging voter registrations from the rolls. In theory, the program is supposed to detect possible cases of people voting in multiple locations. But academics and states that use the program have found that its results are overrun with false positives, creating a high risk of disenfranchising legal voters. A statistical analysis of the program published earlier this year by researchers at Stanford, Harvard, University of Pennsylvania and Microsoft, for instance, found that Crosscheck “would eliminate about 200 registrations used to cast legitimate votes for every one registration used to cast a double vote.” Kobach’s championing of Crosscheck is one reason many voting rights advocates are concerned that President Trump’s voter fraud commission may be a vehicle for recommending mass voter purges.