National: Senate overwhelmingly passes Russia sanctions deal with new limits on Trump | Politico

The Senate on Wednesday overwhelmingly approved a bipartisan package of new Russia sanctions that also lets Congress block President Donald Trump from easing or ending penalties against Moscow, the year’s most significant GOP-imposed restriction on the White House. The 97-2 vote on the Russia sanctions plan capped a week of talks that demonstrated cross-aisle collaboration that’s become increasingly rare as Trump and the GOP push to repeal Obamacare without any Democratic votes. Senators merged the sanctions package with a bipartisan Iran sanctions bill that’s on track for passage as soon as this week, complicating the politics of any future veto threat from the Trump administration. “It’s particularly significant that a bipartisan coalition is seeking to reestablish Congress, not the president, as the final arbiter of sanctions relief, considering that this administration has been too eager — far too eager, in my mind — to put sanctions relief on the table,” Minority Leader Chuck Schumer (D-N.Y.), who pressed hard for the strongest possible anti-Russia bill, said in a floor speech. “These additional sanctions will also send a powerful, bipartisan statement that Russia and any other nation who might try to interfere with our elections will be punished.”

National: Sessions’s testimony highlights Trump’s deep lack of interest in what Russia did in 2016 | The Washington Post

Sen. James E. Risch (R-Idaho) made a comment during the Senate Intelligence Committee’s questioning of Attorney General Jeff Sessions that has an obvious exception. “I don’t think there’s any American,” Risch said, “who would disagree with the fact that we need to drill down to this” — that is, Russian meddling in the 2016 election — “know what happened, get it out in front of the American people and do what we can to stop it again.” There is one American, at least, who seems generally uninterested in that need: Sessions’s boss, President Trump.

National: Russia Could Hack 2020 Election, Too, Report Says—39 States Hit in 2016 | Newsweek

The 2016 elections may have just been the beginning. Russian hackers attacked voter databases and software systems in 39 states during last year’s elections, and authorities fear that while the tampering may not have affected vote totals, it’s possible Russia learned enough from the attacks to put 2020’s presidential election in its crosshairs, sources with knowledge of the U.S. investigation told Bloomberg. The report, published Tuesday morning, said Illinois investigators discovered that hackers attempted to delete or alter voter data in the state’s voter database. (California and Florida were the only other states directly mentioned.) The Illinois database held some 15 million names—half were active voters—and 90,000 records were potentially compromised.

National: Russia’s already done some of the damage to American elections that it sought | The Washington Post

There are two documents created during the 2016 election cycle that help detail precisely how American electoral systems are secured. The first was a letter written by the Florida State Association of Supervisors of Elections explaining how the state secured its voters’ choices. Florida uses paper ballots, which are scanned on devices that are not connected to the Internet or to each other and each of which is tested before Election Day. The tally from those machines is transmitted to the state with several layers of encryption, and is backed up with and verified against thumb drives that are digitally secured. Those tallies are then verified against the machines themselves.

National: New Bipartisan Sanctions Would Punish Russia for Election Meddling | The New York Times

Senate leaders said they had reached an agreement late on Monday to approve new sanctions against Russia for interfering in the 2016 presidential election and for the country’s conduct in Ukraine and Syria, delivering a striking message to a foreign power that continues to shadow President Trump. The bipartisan measure would place the White House in an uncomfortable position, arriving amid sweeping investigations into ties between Mr. Trump’s associates and Russia. The sanctions package would also cut against the administration’s stated aim to reshape the United States’ relationship with Russia after Mr. Trump took office.

National: Russian Breach of 39 States Threatens Future U.S. Elections | Bloomberg

Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.

National: Friend Says Trump Is Considering Firing Mueller as Special Counsel | The New York Times

A longtime friend of President Trump said on Monday that Mr. Trump was considering whether to fire Robert S. Mueller III, the special counsel investigating possible ties between the president’s campaign and Russian officials. The startling assertion comes as some of Mr. Trump’s conservative allies, who initially praised Mr. Mueller’s selection as special counsel, have begun trying to attack his credibility. The friend, Christopher Ruddy, the chief executive of Newsmax Media, who was at the White House on Monday, said on PBS’s “NewsHour” that Mr. Trump was “considering, perhaps, terminating the special counsel.” “I think he’s weighing that option,” Mr. Ruddy said.

National: Sessions will testify in open hearing Tuesday before Senate Intelligence Committee | The Washington Post

Attorney General Jeff Sessions’s appearance Tuesday before the Senate Intelligence Committee will be a high-stakes test for a Trump official who has kept a low profile even as he has become a central figure in the scandal engulfing the White House over Russia and the firing of James B. Comey as FBI director. Sessions, a former Republican senator from Alabama, will face tough questions from his former colleagues on a number of fronts that he has never had to publicly address in detail. Democrats plan to ask about his contacts during the 2016 campaign with the Russian ambassador to the United States, Sergey Kislyak, which the attorney general failed to disclose fully during his confirmation hearing.

National: New Bipartisan Sanctions Would Punish Russia for Election Meddling | The New York Times

Senate leaders said they had reached an agreement late on Monday to approve new sanctions against Russia for interfering in the 2016 presidential election and for the country’s conduct in Ukraine and Syria, delivering a striking message to a foreign power that continues to shadow President Trump. The bipartisan measure would place the White House in an uncomfortable position, arriving amid sweeping investigations into ties between Mr. Trump’s associates and Russia. The sanctions package would also cut against the administration’s stated aim to reshape the United States’ relationship with Russia after Mr. Trump took office.

National: Trump-Comey Feud Eclipses a Warning on Russia: ‘They Will Be Back’ | The New York Times

Lost in the showdown between President Trump and James B. Comey that played out this past week was a chilling threat to the United States. Mr. Comey, the former director of the F.B.I., testified that the Russians had not only intervened in last year’s election, but would try to do it again. “It’s not a Republican thing or Democratic thing — it really is an American thing,” Mr. Comey told the Senate Intelligence Committee. “They’re going to come for whatever party they choose to try and work on behalf of. And they’re not devoted to either, in my experience. They’re just about their own advantage. And they will be back.” What started out as a counterintelligence investigation to guard the United States against a hostile foreign power has morphed into a political scandal about what Mr. Trump did, what he said and what he meant by it. Lawmakers have focused mainly on the gripping conflict between the president and the F.B.I. director he fired with cascading requests for documents, recordings and hearings.

National: Sessions Will Testify in Senate on Russian Meddling in Election | The New York Times

Attorney General Jeff Sessions told Congress on Saturday that he would testify before the Senate Intelligence Committee on Tuesday about issues related to Russia’s interference in the 2016 election. Mr. Sessions had been scheduled to testify before other committees about the Justice Department’s budget that day, but he will instead appear before the intelligence panel. Mr. Sessions said he would send Rod J. Rosenstein, the deputy attorney general, to testify about the department’s budget before the House and Senate appropriations panels. Mr. Sessions noted that several lawmakers on those panels had said they intended to ask him about the Russia investigation, after testimony by James B. Comey, who was fired last month as F.B.I. director by President Trump, before the intelligence committee on Thursday.

National: A brief history of Russia’s digital meddling in foreign elections shows disturbing progress. | WIRED

Just when the cybersecurity world thinks it’s found the limits of how far Russian hackers will go to meddle in foreign elections, a new clue emerges that suggests another line has been crossed. Even now, nearly a year after news first broke that Russian hackers had breached the Democratic National Committee and published its internal files, a leaked NSA document pointing to Russian attempts to hack a voting-tech firm has again redefined the scope of the threat. Taken with the recent history of Russia’s digital fingerprints on foreign elections, it points to a disturbing trend: Moscow’s habit of hacking democratic processes has only gotten more aggressive and technically focused over time. … As revealed in the Intercept’s leaked NSA report, hackers believed to be working for Russia’s GRU military agency—the same agency tied to the group known as Fancy Bear or APT28—sent phishing emails to VR Systems, the makers of hardware and code used to handle voter sign-ins at polling places in eight US states. Senate Intelligence committee vice chairman Mark Warner followed up by telling USA Today on Tuesday that the extent of the attacks were in fact much broader than anyone has yet reported. And US intelligence agencies had already implicated the Kremlin for breaches of the websites of the boards of election for Arizona and Illinois.

National: Forget Comey. The Real Story Is Russia’s War on America | Politico

It was a breezy, surprisingly pleasant summer week in Washington as the frenzy around potential Trump-Russia revelations reached near-carnival levels. On Thursday, brightly clad groups scattered across the lawns of Capitol Hill could almost have been picnickers — if not for the mounds of cable leashing them to nearby satellite trucks. Every news studio in D.C. seemed to have spilled forth into the jarring sunlight, eager for the best live backdrop to the spectacle that awaited. Bars opened early for live viewing of former FBI Director James Comey’s testimony before the Senate Select Intelligence Committee. Political ads against Comey — who isn’t running for anything — aired during coverage of the hearing, often back-to-back with vibrant ads praising President Trump’s first foreign trip, where he “[united] forces for good against evil.” Only D.C.’s usually opportunistic T-shirt printers seemed to have missed the cue, forced to display the usual tourist “FBI” fare in rainbow spectrum but offering no specialty knitwear for the occasion. The conversion of America’s political arena into a hybrid sporting event/reality show was nonetheless near complete.

National: Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election | The Intercept

Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept. The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light. While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.

National: Comey Says Russian Hackers Targeted ‘Hundreds’ of Election-Related Entities, and the Real Number ‘Could Be More Than 1,000’ | Nextgov

At the Senate Intelligence Committee hearing Thursday, committee Chairman Richard Burr asked James Comey to describe the scope of Russian-led “cyber intrusions” that took place during the 2016 election season. There was “a massive effort to target government and non-governmental—near governmental—agencies like nonprofits,” said Comey, the former FBI director. “What would be the estimate of how many entities out there the Russians specifically targeted in that time frame?” Burr asked. “It’s hundreds,” Comey said. “I suppose it could be more than 1,000, but it’s at least hundreds.”

National: Leaked NSA hacking report ratchets up pressure on local election officials | Cyberscoop

Despite new evidence from a leaked NSA report that Russian hackers sought to compromise state and local election technology, the officials in charge are still vigorously opposing the federal designation of their polling systems as critical infrastructure. “It’s unclear how this situation would change anyone’s opinions about the [critical infrastructure] designation,” Kay Stimson of the National Association of Secretaries of State told CyberScoop. NASS represents the state-level officials responsible for certifying statewide election results. Stimson added that officials didn’t get any additional resources to defend their networks as a result of the January 2017 announcement by the Department of Homeland Security, which many saw as a federal power grab. Federal officials have stressed that state or local participation in any DHS programs is voluntary, and suggested that DHS expertise might be able to help election officials secure themselves against online attacks.

National: Experts Warned About Voting Vulnerability At Center Of NSA Leak | Vocativ

The leaked NSA document published by The Intercept on Monday revealed a report that Russian military actors attacked one of the most especially vulnerable aspects of the American voting system: online voting registration databases. The classified document was leaked to the press by a 25-year-old intelligence contractor who has been arrested by the Department of Justice. The five-page report, which the AP has yet to authenticate, details a cyberattack that began in August 2016. The document does not reveal whether or not the Russian attempts at were successful, nor does it address if it could have affected voting outcomes in the presidential election. It does, however, validate the concerns of cybersecurity experts who have long considered the possibility of this type of attack as a potential threat to our voting process’ security.

National: Experts surprised by extent of Russian election meddling, demand voting security for 2018 | SC Magazine

The leak of a classified NSA document confirming that Russian military intelligence interfered with the 2016 U.S. presidential race has reinforced the need to fix vulnerabilities in America’s voting infrastructure before the next election cycle, say experts who expressed dismay over the reported intricacy of the Kremlin’s campaign. According to the leaked report, which was dated May 5 and published yesterday by The Intercept, the Russian General Staff Main Intelligence Directorate, or GRU, launched a spoofing attack against an unnamed electronic voting vendor, in order to get access to that company’s data and internal systems. Next, the GRU hackers (often referred to as the APT Fancy Bear) sent various government employees spear phishing emails that appeared to be from this e-voting vendor, but in actuality contained attachments that infected machines with malware. … J. Alex Halderman, director of the Center for Computer Security & Society at the University of Michigan’s College of Engineering, said that Russia’s spearphishing plot “raises an enormous number of questions about how far they got [and] if other vendors were attacked that haven’t been detected or announced yet, about what they were trying to do, and about whether they succeeded” in their ultimate objective.

National: Leaked Documents Show US Vote Hacking Risks | AFP

Security experts have warned for years that hackers could penetrate electronic voting systems, and now, leaked national security documents suggest a concerted effort to do just that in the 2016 US election. An intelligence report revealed this week showed a cyberattack that targeted more than 100 local election officials and software vendors, raising the prospect of an attempt, possibly led by Russia, to manipulate votes. … Hacking elections “has always been thought of as a theoretical possibility, but now we know it is a real threat,” said Susan Greenhalgh, a researcher with the Verified Voting Foundation, an election systems monitor. “We need to ensure our voting systems are resilient going into 2018 and 2020” elections, she added.

National: Russian hacking attempt targets small elections-technology industry | USA Today

An attempt by Russian hackers to infiltrate an obscure Florida elections technology company is igniting concerns about whether the small industry is vulnerable to attacks that could undermine confidence in election results. Russian hackers apparently targeted employees of Tallahassee, Fla.-based VR Systems with phishing attacks to swipe their computer log-in credentials, then impersonated the company’s workers by sending emails with nefarious attachments to local governmental officials, according to a National Security Agency document leaked to news site The Intercept. The NSA concluded it was “likely” that at least one of the employees’ accounts was compromised. “We have seen no reports of attacks against voting machine vendors and vendors that program ballots for those machines, but it would be naïve to think it’s not a possibility that there would be attempts to do that,” said Lawrence Norden, deputy director of New York University School of Law Brennan Center for Justice’s Democracy Program.

National: DHS May Fast-Track Bug Bounties But Hit Brakes on Election Security | Nextgov

The Homeland Security Department may not wait for a legislative push before starting a bug bounty program, Secretary John Kelly told lawmakers Tuesday. Bug bounties are cash rewards organizations offer to ethical hackers who spot exploitable flaws in their systems. They’re common at major tech companies and have been done in pilot form at the Defense Department and several of the military services. … During Tuesday’s hearing, Kelly also told lawmakers he may reconsider a decision made late in the Obama administration to designate state and local election systems as critical infrastructure. Critical infrastructure is an official DHS designation that makes it easier for the department to provide resources and other aid. Kelly signaled early in his term he supported the designation. He may reconsider the designation, though, in light of “a large amount of pushback” from state-level officials and some members of Congress, he said. State officials consider the designation a federal power grab and worry it could undermine the nonpartisan image of election contests. The National Association of Secretaries of State called on DHS to rescind the designation in February.

National: U.S. spy agencies probe another flank in Russian hacking | Reuters

Russian hacking of the 2016 U.S. election included sophisticated targeting of state officials responsible for voter rolls and voting procedures, according to a top secret U.S. intelligence document that was leaked and published this week, revealing another potential method of attempted interference in the vote. The month-old National Security Agency document outlined activities including impersonating an election software vendor to send trick emails to more than 100 state election officials. Analysts at the NSA believed the hackers were working for the Russian military’s General Staff Main Intelligence Directorate, or GRU, according to the document. The document’s publication on Monday by The Intercept, a news outlet that focuses on security issues, received particular attention because an intelligence contractor, Reality Leigh Winner, was charged the same day with leaking it.

National: The mathematicians who want to save democracy | Nature

Leaning back in his chair, Jonathan Mattingly swings his legs up onto his desk, presses a key on his laptop and changes the results of the 2012 elections in North Carolina. On the screen, flickering lines and dots outline a map of the state’s 13 congressional districts, each of which chooses one person to send to the US House of Representatives. By tweaking the borders of those election districts, but not changing a single vote, Mattingly’s maps show candidates from the Democratic Party winning six, seven or even eight seats in the race. In reality, they won only four — despite earning a majority of votes overall. Mattingly’s election simulations can’t rewrite history, but he hopes they will help to support democracy in the future — in his state and the nation as a whole. The mathematician, at Duke University in Durham, North Carolina, has designed an algorithm that pumps out random alternative versions of the state’s election maps — he’s created more than 24,000 so far — as part of an attempt to quantify the extent and impact of gerrymandering: when voting districts are drawn to favour or disfavour certain candidates or political parties.

National: Some states review election systems for signs of intrusion | Associated Press

Officials in some states are trying to figure out whether local election offices were targeted in an apparent effort by Russian military intelligence to hack into election software last fall. The efforts were detailed in a recently leaked report attributed to the U.S. National Security Agency. North Carolina is checking on whether any local systems were breached, while the revelation prompted an election security review in Virginia. Both are considered presidential battleground states. In Illinois, officials are trying to determine which election offices used software from the contractor that the report said was compromised.

National: Matt Blaze: How to Hack an Election Without Really Trying | Exhaustive Search

This Monday, The Intercept broke the story of a leaked classified NSA report [pdf link] on an email-based attack on a various US election systems just before the 2016 US general election. The NSA report, dated May 5, 2017, details what I would assume is only a small part of a more comprehensive investigation into Russian intelligence services’ “cyber operations” to influence the US presidential race. The report analyzes several relatively small-scale targeted email operations that occurred in August and October of last year. One campaign used “spearphishing” techniques against employees of third-party election support vendors (which manage voter registration databases for county election offices). Another — our focus here — targeted 112 unidentified county election officials with “trojan horse” malware disguised inside plausibly innocuous-looking Microsoft Word attachments. The NSA report does not say whether these attacks were successful in compromising any county voting offices or what even what the malware actually tried to do.

National: Leaked NSA doc highlights deep flaws in US election system | Associated Press

A leaked intelligence document outlining alleged attempts by Russian military intelligence to hack into U.S. election systems is the latest evidence suggesting a broad and sophisticated foreign attack on the integrity of the nation’s elections. And it underscores the contention of security experts and computer scientists that the highly decentralized, often ramshackle U.S. election system remains profoundly vulnerable to trickery or sabotage. The document, purportedly produced by the U.S. National Security Agency, does not indicate whether actual vote-tampering occurred. But it adds significant new detail to previous U.S. intelligence assessments that alleged Russia-backed hackers had compromised elements of America’s electoral machinery. It also suggests that attackers may also have been laying groundwork for future subversive activity. The operation described in the document could have given attackers “a foothold into the IT systems of elections offices around the country that they could use to infect machines and launch a vote-stealing attack,” said J. Alex Halderman, a University of Michigan computer scientist. “We don’t have evidence that that happened,” he said, “but that’s a very real possibility.”

National: Latest NSA Leak Reveals Exactly the Kind of Cyberattack Experts Had Warned About | MIT Technology Review

The details of an apparent Russian state-sponsored cyberattack on local election officials and a vendor of U.S. voting software are shocking—but they shouldn’t be surprising. In fact, experts had been warning for months before the 2016 election about exactly the type of attack that was revealed Monday in leaked NSA documents. According to the documents, the purpose of the attack, which occurred last August, was “to obtain information on elections-related software and hardware solutions.” The attackers “likely used data obtained from that operation to create a new email account and launch a voter-registration themed spear-phishing campaign targeting U.S. local government organizations.” The NSA’s analysis does not draw any conclusions about whether the attack affected voting outcomes in the presidential election in November, or any other national or local races. But targeting voter registration systems is widely seen as one of the most effective ways to use a cyberattack to disrupt the electoral process. An adversary with access to voter registration information could, for example, delete names from the voter roll or make other modifications to the data that could cause chaos on Election Day. (See “How Hackers Could Send Your Polling Station Into Chaos.”)

National: DHS chief doubles down on critical infrastructure designation for voting systems | FCW

In the wake of a leaked intelligence document describing Russian attempts to hack voting systems, Department of Homeland Security Secretary John Kelly doubled down on maintaining the designation of voting systems as critical infrastructure. Kelly told the Senate Homeland Security and Governmental Affairs Committee on June 6 that despite pushback he’s received from state and local election officials — as well as “many members of Congress” — he would support the designation put in place by his predecessor Jeh Johnson. “I don’t believe we should” back off on the critical infrastructure designation, he testified, adding that he plans to meet with state officials next week to further discuss how DHS can make sure states’ election systems are protected. “We’re here to help,” he said. “There is nothing more fundamental to our democracy than voting.”

National: Russian hackers’ election goal may have been swing state voter rolls | USA Today

Russian military hackers said to have infiltrated the U.S. election system would have had several potential avenues to influence U.S. elections — including by tampering with voting rolls, interference that could have had an important impact in swing states. Whether or not this happened isn’t outlined in a leaked National Security Agency report that led to the arrest Monday of a federal contractor with top-secret security clearance. There has been no evidence votes were changed in the 2016 presidential election, though officials in North Carolina are actively investigating attempts to compromise the state’s electronic poll book software. Online news site The Intercept said the report it obtained said Russian military intelligence executed a cyber attack on VR Systems, a Florida-based U.S. supplier of voting software. Hackers used the VR Systems account to send deceptive emails to more than 100 local election officials in the days leading up to the November presidential election, according to The Intercept.

National: Mark Warner: More state election systems were targeted by Russians | USA Today

The top Democrat on the Senate Intelligence Committee told USA TODAY on Tuesday that Russian attacks on election systems were broader and targeted more states than those detailed in an explosive intelligence report leaked to the website The Intercept. “I don’t believe they got into changing actual voting outcomes,” Virginia Sen. Mark Warner said in an interview. “But the extent of the attacks is much broader than has been reported so far.” He said he was pushing intelligence agencies to declassify the names and number of states hit to help put electoral systems on notice before midterm voting in 2018. “None of these actions from the Russians stopped on Election Day,” he warned.