National: Can your vote be hacked—after you cast it? | The Parallax

In early August, Donald Trump began expressing fear that the U.S. presidential election would be “rigged” against him. “I’m afraid the election is going to be rigged, I have to be honest,” Trump told an audience in Columbus, Ohio. While much has been written about his remarks—as well as several others he made in the weeks following the Democratic National Convention—it remains an open question whether electronic databases storing votes can be hacked and manipulated. Voting has entered the digital era on two fronts. Electronic voting machines and, in some locations, Internet voting have introduced numerous opportunities for hackers to alter voting records. It is the security of massive spreadsheets recording the will of the people that concerns Richard Forno, a computer security expert who recently thrust himself into the national debate over the hackability of U.S. elections by publishing a column on the subject. “Everyone’s focusing on the edges of the network, the voting machines, but no one’s looking at the databases,” Forno, a career computer security expert and currently the director of the Graduate Cybersecurity Program at the University of Maryland at Baltimore County, tells The Parallax.

National: House homeland security chairman urges Obama administration to secure election system | InsideCyberSecurity

House Homeland Security Chairman Michael McCaul (R-TX) is urging the Obama administration to act quickly to secure the nation’s election system amid allegations of Russian hacker interference, rejecting concerns that the move would be a federal takeover over a system managed at the state and local level. “We can’t afford to let a foreign government attack our country – our election system,” McCaul said today at the Internet Security Alliance conference on Capitol Hill. “We can’t afford to let a foreign government attack our country – our election system,” McCaul said today at the Internet Security Alliance conference on Capitol Hill. McCaul referred to a “debate going on within the administration” over designating the national election system as critical infrastructure, which would allow the Department of Homeland Security to provide assistance under a national program for a coordinated response to risks to critical industry sectors.

National: FBI trying to build legal cases against Russian hackers: sources | Reuters

The Federal Bureau of Investigation is intensifying efforts to find enough evidence to enable the Justice Department to indict some of the Russians that U.S. intelligence agencies have concluded are hacking into American political parties and figures, U.S. law enforcement and intelligence officials said on Thursday. Building legal cases is difficult, largely because the best evidence against foreign hackers is often highly classified, they said. Still, some White House and State Department officials think legal action is the best way to respond to what they said are growing Russian attempts to disrupt and discredit the November elections, without sparking an open confrontation with Russian President Vladimir Putin. “Doing nothing is not an option, because that would telegraph weakness and just encourage the Russians to do more meddling, but retaliating in kind carries substantial risks,” said one U.S. official involved in the administration’s deliberations. Russia has denied it sponsors or encourages any hacking activity.

National: Can the vote really be hacked? Here’s what you need to know | CS Monitor

Recent cyberattacks on state voter databases and the Democratic National Committee are raising fresh concerns that hackers could manipulate the upcoming presidential election. … “When people hear how the Russians have infiltrated political parties or state election sites, they immediately jump to, ‘Oh, they can flip votes and change the result of an election,’ ” said Lawrence Norden, deputy director of the Democracy Program at New York University’s Brennan Center for Justice. That’s much easier said than done, said Mr. Norden. State boards of elections and law enforcement officials are working to protect the vote, and election officials do have measures in place to safeguard elections. For instance, the Department of Homeland Security said it will monitor closely for suspected breaches on voting systems and work with election boards to bolster their security. Still, according to Norden and other experts, more needs to be done. Here’s a closer look at potential problems at today’s ballot box and some solutions to harden the vote against hackers.

National: Why Can’t Americans Vote Online? | Tom’s Guide

If we were to poll the readers of this article, we would likely find that the vast majority of readers — if not all — regularly shop online, make banking transactions online, fill out registrations and applications online, pay taxes online and maybe even vote for contestants in reality shows online. Yet Americans cannot vote for candidates for public office online. … But experts warn that online voting isn’t as simple as it sounds. Even though it has already been tried in a few places around the world, it probably can’t be secured. We already worry about hackers stealing our credit cards and our identities. If we voted online, we would have to worry about hackers stealing our elections, too.… Several countries have experimented with online voting, but none has forged ahead as far as the tiny Baltic country of Estonia, where nearly a third of ballots are cast online. But Estonia’s elections don’t look anything like those of the United States, where more votes are cast in some cities than in all of Estonia. The Estonian online voter must plug a national ID card — mandatory for all Estonians older than 15, and each of which has an embedded encrypted chip — into a card reader attached to his or her computer. It sounds secure, but two independent assessments, led by Verified Voting in 2011 and the University of Michigan in 2014, found serious flaws with the system.

National: Hackers are already shaping U.S. election coverage with data leaks | Computerworld

Hackers are becoming a major source of political leaks in this year’s presidential race. Case in point: On Tuesday, stolen emails from former secretary of state Colin Powell became headline news after a mysterious site with possible ties to Russian cyber spies gave them to the press. Since then, media outlets have been pointing out juicy details found in the emails. For example, Powell called Clinton “greedy” and her rival Donald Trump a “national disgrace.” The incident has security experts worried that hackers are manipulating U.S. media outlets to influence this year’s election. “The media is certainly being used as a battlefield here,” said Rich Barger, CIO with security firm ThreatConnect.

National: Organization Of American States To Observe U.S. Election | NPR

The upcoming presidential election will mark a surprising first. Yes, a woman will be on the ballot as a major party nominee. But in addition, for the first time ever, the Organization of American States is sending poll observers to watch as U.S. voting takes place. The OAS, based in Washington, D.C., has previously observed elections in 26 of its 34 member nations, but never before in the United States. The mission will be led by former Costa Rican President Laura Chinchilla. Gerardo de Icaza, the OAS director of electoral observation and cooperation, says “a small deployment” of 20 to 30 observers will be sent at the invitation of the U.S. State Department. He says the OAS views it “as a learning experience” and will issue nonbinding recommendations “that can improve the electoral system anywhere.” Those recommendations will be shared with the other OAS members.

National: DHS won’t define election systems as critical before November | FedScoop

The Department of Homeland Security will not classify election systems as critical infrastructure before the November presidential election, DHS Assistant Secretary for Cybersecurity Andy Ozment said at the Billington Cybersecurity Summit Tuesday. “This is not something we’re looking to in the near future. This is a conversation we’re having in the long term with state and local government, who are responsible for voting infrastructure,” said Ozment, a former senior director for cybersecurity on the National Security Council. “We’re focused right now on what we can usefully offer that local and state government will find valuable.”

National: NSA Chief: Potential Russian Hacking of U.S. Elections a Concern | NBC

The head of the National Security Agency said Tuesday that the potential for Russia to harm the U.S. electoral process in the upcoming general election is a concern. Cybersecurity officials have become increasingly worried about the issue in the wake of revelations that Russia-based hackers were behind two recent hacking attempts into state voter registration databases. One incident included stealing information from roughly 200,000 Illinois voting records. In another attempt in Arizona, cyber criminals used malware to try and breach voting records, forcing state officials to disable online voting registration for nine days as they investigated the unsuccessful hacking.

National: Possible Russian Meddling with US Elections Worries Key Defense Officials | VoA News

Top U.S. defense officials insist they are not turning a blind eye to fears that Russian hackers are trying to hijack upcoming U.S. presidential and local elections. Still, the scope of the threat and just how the U.S. plans to respond remain unclear. “This continues to be an issue of great focus,” said Adm. Michael Rogers, who serves as both National Security Agency Director and chief of the Defense Department’s Cyber Command. “I’m not going to characterize this activity,” Rogers told members of the Senate Armed Services Committee on Tuesday, but added “I think there are scenarios where you could see capability applied.” The question was first raised by Senate Armed Services Committee Chairman John McCain, a long-time Republican senator from Arizona who is running for reelection … “They need not attack every county in every state,” said Rice University Professor Dan Wallach. “It’s sufficient for them to go after battleground states where a small nudge can have a large impact.”

National: Guccifer 2.0 drops more DNC docs | Politico

The hacker persona Guccifer 2.0 has released a new trove of documents that allegedly reveal more information about the Democratic National Committee’s finances and personal information on Democratic donors, as well as details about the DNC’s network infrastructure. The cache also includes purported memos on tech initiatives from Democratic vice presidential nominee Tim Kaine’s time as governor of Virginia, and some years-old missives on redistricting efforts and DNC donor outreach strategy. DNC interim chair Donna Brazile immediately tied the leak to GOP presidential nominee Donald Trump. “There’s one person who stands to benefit from these criminal acts, and that’s Donald Trump,” she said in a statement Tuesday night, adding that Trump has “embraced” Russian President Vladimir Putin and “publicly encouraged further Russian espionage to help his campaign.”

National: Court disputes over voting laws often divide justices along party lines | Los Angeles Times

It’s no secret that partisan state legislators, once in power, frequently try to alter voting laws to give their party an advantage. But increasingly, when those laws are challenged in federal court, the outcome appears to turn on whether the judges or justices hearing the case were appointed by Republicans or Democrats. Last month, North Carolina’s Republican leaders were blocked from enforcing several new restrictions on voting that had been adopted over the fierce opposition of Democrats. They included less time for early voting and a requirement that a registered voter show one of several specific types of photo ID cards. A federal judge appointed by former President George W. Bush had upheld the full law in April, deciding the regulations were reasonable. They were struck down in late July by a panel of three judges of the 4th Circuit Court of Appeals, all of them Democratic appointees, who said the new rules violate the federal Voting Rights Act because they “target African Americans with almost surgical precision.”

National: Politicians, Experts Suspect Russia of Hacking US Political System | VoA News

The controversy still rages over Russia’s possible hacking into computer systems used by American political entities. Defense Secretary Ash Carter has warned Russia not to try to interfere with the U.S. general election in November. Yet Republican presidential candidate Donald Trump says he doubts that Russia is involved. The election — the heart of U.S. democracy — is at the center of the debate. But before we tell you how … a little background. The system is decentralized. Votes are collected where people live, and then each state sets up its own security, in its own electoral system, to tabulate its votes. This method is intended to reduce fraud. So imagine the shock when the FBI told Arizona election officials that Russians had hacked into their system. Experts also blame Russia for hacking into Democratic party emails.

National: America can’t promise secure vote | McClatchy

Is it time to panic about Election Day? Not about the choices for president, but about whether the votes that millions of Americans will cast Nov. 8 will be secure. “My level of concern is pretty high,” said Thomas Hicks, chairman of the Election Assistance Commission, an independent, bipartisan group created to develop guidelines following the disputed 2000 presidential election. Experts are warning that in a year of unending political drama, still more might be in store, from Russian hackers to obsolete voting machines prone to breakdowns, all with the potential for causing considerable political chaos. … Computer security experts have long expressed concerns about the vulnerabilities of state voter registration rolls and the frailties of older voting machines. “Flipped votes, freezes, shutdowns, long lines and in the worst-case scenarios, lost votes and erroneous tallies,” is how a report last year, “America’s Voting Machines At Risk,” described the recurring problems of older machines. It was written by the Brennan Center for Justice, a nonpartisan public policy and legal research center at the New York University School of Law.

National: Hacking the election is nearly impossible. But that’s not Russia’s goal. | The Hill

Elections authorities and cyber security experts say a concerted effort to alter the outcome of November’s elections through a cyber attack is nearly impossible, even after hackers gained access to voter registration databases in at least two states. But some of those same experts say hackers with ties to Russia aren’t aiming to change election results; instead, their goal is to create a perception that the results are in question, and to undermine confidence in American democracy. “Russian tampering with elections is not new. It’s only new to the U.S.,” said Chris Porter, who runs strategic intelligence for the cybersecurity firm FireEye Horizons. He pointed to Ukraine, Bulgaria, Romania and the Philippines, where Russian-backed hackers have gained access to electoral systems in recent years.
“It’s just enough create scandal,” Porter said. “That’s sufficient for Russian aims.” Last month, officials in Arizona and Illinois discovered their voter registration systems had been hacked, a leak that put thousands of voter registration records up for sale on the black market. In January, more than 17 million voter registration records from Washington, Delaware, Rhode Island and Ohio were stolen.

National: Appeals Court Blocks Proof-of-Citizenship Requirement for Voters in 3 States | Associated Press

A federal appeals court on Friday blocked Kansas, Georgia and Alabama from requiring residents to prove they are U.S. citizens when registering to vote using a national form. The 2-1 ruling is a victory for voting rights groups who said a U.S. election official illegally changed proof-of-citizenship requirements on the federal registration form at the behest of the three states. People registering to vote in other states are only required to swear that that they are citizens, not show documentary proof. The three-judge panel of the U.S. Court of Appeals for the District of Columbia acted swiftly in the case, issuing a two-page, unsigned ruling just a day after hearing oral arguments. A federal judge in July had refused to block the requirement while the case is considered on the merits.

National: Paperless voting could fuel ‘rigged’ election claims | Politico

Voters in four competitive states will cast ballots in November on electronic machines that leave no paper trail — a lapse that threatens to sow distrust about a presidential election in which supporters of both Donald Trump and Hillary Clinton have raised fears about hackers tampering with the outcome. The most glaring potential trouble spots include Pennsylvania, where the vast majority of counties still use ATM-style touchscreen voting machines without the paper backups that critics around the country began demanding more than a decade ago. It’s also a state where Trump and his supporters have warned that Democrats might “rig” the election to put Clinton in the White House, a claim they could use to attack her legitimacy if she wins. Similar paperless machines are used heavily in Georgia, where the presidential race appears unusually close, and to a much smaller extent in Virginia and Florida, both of which are phasing them out. Florida has almost entirely abandoned the electronic machines following a number of elections that raised red flags, including a close 2006 congressional race in which Democrats charged that as many as 16,000 votes went missing.

National: Appeals court sympathetic to challenge over voter rules | Associated Press

A federal appeals court on Thursday seemed likely to side with voting rights groups seeking to block Kansas, Georgia and Alabama from requiring residents to prove they are U.S. citizens when registering to vote using a national form. Judges hearing arguments in the case considered whether to overturn a decision by a U.S. election official who changed the form’s proof-of-citizenship requirements at the behest of the three states, without public notice. The dispute is part of a slew of challenges this year that civil rights groups have brought against various state voting laws they claim are designed to dampen turnout among minority groups that tend to favor Democrats. Those challengers have already succeeded in stopping voter ID requirements in North Carolina and Texas and restrictions elsewhere. In the citizenship case, a coalition including the League of Women Voters and civil rights groups say the requirement to show proof undermines efforts to register new voters and deprives eligible voters of the right to vote in federal elections.

National: U.S. officials investigating hacking into more state election systems | CBS News

U.S. officials are expanding their investigation into the hacking of state election systems as officials believe more states beyond just Arizona and Illinois were affected, a government official has confirmed to CBS News. Law enforcement officials were summoned to Capitol Hill to brief House and Senate leaders on the investigation into the cyberattack on election systems, CBS News’ Jeff Pegues reports. Sources tell CBS News that the Department of Homeland Security will soon send out an alert to election officials across the country about the intrusions. The alert is expected to offer states specific assistance and detail preventative measures they can take to make their systems more secure. Officials declined to offer specifics, and called the investigation “highly confidential.” While U.S. officials are looking into whether Russia is tampering with the election process, FBI Director James Comey predicted Thursday that the cyberattacks won’t change the outcome of the election race.

National: Hack the vote: Experts say the risk is real | CSO Online

You should be worried about the November election. Not so much that the candidates you support won’t win, but about the risk that the “winners” may not really be the winners, due to hackers tampering with the results. Or, that even if the winners really are the winners, there will be enough doubt about it to create political chaos. This is not tinfoil-hat conspiracy theory. The warnings are coming from some of the most credible security experts in the industry. Richard Clarke, former senior cybersecurity policy adviser to presidents Bill Clinton and George W. Bush, wrote recently in a post for ABC News that not only are US election systems vulnerable to hacking, but that it would not be difficult to do so. “The ways to hack the election are straightforward and are only slight variants of computer system attacks that we see every day in the private sector and on government networks in the US and elsewhere around the world,” he wrote, adding that, “in America’s often close elections, a little manipulation could go a long way.”

National: DHS fights election hacking fears as experts warn of vulnerabilities | KUTV

The Department of Homeland Security (DHS) has offered assistance to state officials attempting to prevent hacking of voting systems, but experts say the equipment remains highly vulnerable to manipulation with two months until Election Day. Amid reports of hackers accessing voting data in Arizona and Illinois, DHS Secretary Jeh Johnson held a conference call with secretaries of state from across the country last month. DHS is considering whether to declare election systems “critical infrastructure,” a move that would give the government the same level of oversight of elections that it has over the financial system and power grids. … “Hacking elections is easy,” a new report from the Institute for Critical Infrastructure Technology (ICIT) states bluntly. “Electronic voting machines are black-box, unsecured endpoints that feature vulnerabilities that would be scandalous in any other sectors,” said James Scott, senior fellow at ICIT and co-author of the report, “such as a lack of native security applications, open networked connections, a non-verifiable chain of custody, a reliance on personnel who are not trained to practice even basic cyber-hygiene, and other critical vulnerabilities.” The ICIT report lays out a number of potential threats, most related to voting machines being antiquated and poorly-secured devices that lack some of the basic safeguards home PCs now have.

National: U.S. Voting System So ‘Clunky’ It Is Insulated From Hacking, FBI Director Says | Wall Street Journal

The head of the Federal Bureau of Investigation sought to calm fears that Russians or others could electronically sabotage the nation’s election in November, saying the 50-state voting system is so dispersed and “clunky” it would be difficult for hackers to affect the outcome. Appearing at a panel with other senior US intelligence officials on Thursday, FBI Director James Comey was asked about the concerns that hackers acting on behalf of the Russian government might try to manipulate the presidential election. Such concerns have grown in recent weeks, after the FBI issued an alert to state officials about the possibility of hackers penetrating state election computer systems. In Arizona, a hacker obtained one of two credentials needed to access the state’s voter-registration system.

National: Could Russia Really Tamper With the U.S. Election? | Observer

On Monday, the Washington Post reported that some election officials and intelligence officials have doubts about the ability of systems in the USA’s states and provinces to defend themselves against a sustained attack by a state-level actor. “America doesn’t have its act together,” Ion Sancho, a Florida election supervisor, fretted to the paper. “We need a plan.” Despite the warnings, it would be incredibly difficult for a foreign power to directly tamper with a U.S. state’s election results. Still, voter rolls themselves could be vulnerable in a number of states. Under the Help America Vote Act of 2002, each state must have one centralized, digital database of voters. One way that a malicious actor could impact an election (presidential or otherwise) would be to tamper with the registrations of a demographic group associated with the opponent of a candidate favored by the adversary.

National: Clinton Campaign Says There Is a “Direct Link” Between Trump and Russian Hackers | Mother Jones

A Hillary Clinton campaign spokesman says a new article in the New York Observer establishes a “direct link” between the Donald Trump campaign and the hacker or hackers who have recently penetrated the Democratic National Committee, the Democratic Congressional Campaign Committee, and other high-profile Democratic officials. On Tuesday, the Observer published a piece maintaining that the DCCC had coordinated—presumably improperly—with the Hillary Clinton campaign in 2015. The story, written by a freelance contributor named Michael Sainato, cited “an internal DCCC memo” leaked to the Observer from Guccifer 2.0—the handle of the hacker or hackers who have successfully targeted these Democratic committees. The Observer is owned by Trump’s son-in-law, Jared Kushner, who has been a top adviser to the Republican presidential nominee. … In an email to Mother Jones, Fallon elaborated on his tweet: “Guccifer 2.0 is known to be the Russians. And now that they are leaking materials obtained from their hacking to Trump adviser Jared Kushner’s newspaper, that’s a pretty direct link between Trump and the Russians behind this hack.”

National: US Lawmakers Wary of Russian Cyberattacks as Elections Near | VoA News

U.S. lawmakers of both political parties told VOA they have no reason to doubt that Russian hackers are targeting America’s voting infrastructure with the possible intent of disrupting or undermining confidence in the November elections. “I don’t think it’s a stretch because Russia’s been engaged in cyberattacks against the United States,” said Republican Senator John Cornyn of Texas. “These are well known to our national security experts. So no, it does not surprise me.” “We know Russia has been very active in cyberattacks in the United States, and we know that they mine for information all the time,” said Senator Ben Cardin, a Maryland Democrat. “Nothing surprises me about Russia.”

National: Defense Secretary Warns Russia to Stay Out of U.S. Elections | The New York Times

Defense Secretary Ashton B. Carter lashed out at Russia on Wednesday, accusing the government of President Vladimir V. Putin of demonstrating a “clear ambition to erode” international order and warning Russia to stay out of the American elections. Speaking on Wednesday at Oxford University in England, Mr. Carter used language that evoked a time before the fall of the Berlin War, when leaders in Washington and Moscow were entrenched global adversaries. “The United States does not seek a cold, let alone a hot, war with Russia,” Mr. Carter said. “But make no mistake, we will defend our allies, the principled international order, and the positive future it affords all of us.” He also warned Moscow that Washington “will not ignore attempts to interfere with our democratic processes.” The F.B.I. is investigating whether Russia hacked into computer systems of the Democratic National Committee. Mr. Carter accused Russia of “undercutting the work and contributions of others rather than creating or making any positive contributions on its own,” and said that Moscow was sowing “instability rather than cultivating stability.”

National: Top spy: ‘Russians hack our systems all the time’ | The Hill

Russian hackers are constantly targeting U.S. computer networks, the nation’s top intelligence official said Wednesday, in an apparent tip of his hand toward blaming Moscow for recent attacks on Democratic Party institutions. “The Russians hack our systems all the time,” Director of National Intelligence James Clapper said at the Intelligence and National Security Summit in Washington. “Not just government but also corporate and personal systems.” “So do the Chinese and others, including non-state actors,” he added. Clapper declined to specifically address the hacks of Democratic groups, which have been traced to hackers with suspected Russian ties. But he referred to comments previously made by President Obama that “experts have attributed this to the Russians.”

National: Fear and hacking on the campaign trail: Will votes be secure? | McClatchy

Is it time to panic about Election Day? Not about the choices for president, but about whether the votes that millions of Americans will cast Nov. 8 will be secure. “My level of concern is pretty high,” said Thomas Hicks, chairman of the Election Assistance Commission, an independent, bipartisan group created to develop guidelines after the disputed 2000 presidential election. Experts are warning that in a year of unending political drama, still more might be in store, from Russian hackers to obsolete voting machines prone to breakdowns, all with the potential for causing considerable political chaos. … Nervousness over the apparatus by which the next president will be chosen seemed inevitable. Computer-security experts have long expressed concerns about the vulnerabilities of state voter-registration rolls and the frailties of older voting machines.

National: Voting machines are still too easy to hack | InfoWorld

People have trouble prioritizing risk. For example, you often hear about the threat of voter fraud, when all evidence suggests that the risks of such fraud are inconsequential. In truth, hacked voting machines are much more likely to affect an election’s outcome. Why would an election fraudster try to herd a flock of criminal participants to the polls when one mildly talented hacker could cause far more trouble? On a state-by-state level, most presidential elections are decided by many thousands of votes. For example, in 2012, Barack Obama beat Mitt Romney by more than 166,000 votes in the swing state of Ohio. Even in the 2000 election, the closest presidential contest ever, what sort of Houdini could have marshaled the miscreants necessary to cast a few hundred fake votes to tip the balance without getting caught? A hack of a single voting machine could accomplish the same objective.