National: Cybersecurity Concerns with Online Voting for 2020 Presidential Election | 2020-06-11 | Security Magazine

A new report by researchers at the Massachusetts Institute of Technology (MIT) and University of Michigan discusses the cybersecurity vulnerabilities associated with OmniBallot, a we-based system for blank ballot delivery, ballot marking and (optionally) online voting. Three states – Delaware, West Virginia and New Jersey – recently announced they would allow certain voters to cast votes using OmniBallot. Researcher Michael A. Specter at MIT and J. Alex Halderman at the University of Michigan reverse engineered the client-side e portion of OmniBallot, as used in Delaware, in order to detail the system’s operation and analyze its security. “We find that OmniBallot uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare,” the researchers explain. In addition, Democracy Live, which appears to have no privacy policy, receives sensitive personally identifiable information— including the voter’s identity, ballot selections, and browser fingerprint— that could be used to target political ads or disinformation campaigns, the report says.

National: Researchers say online voting tech used in 5 states is fatally flawed | Timothy B. Lee/Ars Technica

OmniBallot is election software that is used by dozens of jurisdictions in the United States. In addition to delivering ballots and helping voters mark them, it includes an option for online voting. At least three states—West Virginia, Delaware, and New Jersey—have used the technology or are planning to do so in an upcoming election. Four local jurisdictions in Oregon and Washington state use the online voting feature as well. But new research from a pair of computer scientists, MIT’s Michael Specter and the University of Michigan’s Alex Halderman, finds that the software has inadequate security protections, creating a serious risk to election integrity. Democracy Live, the company behind OmniBallot, defended its software in an email response to Ars Technica. “The report did not find any technical vulnerabilities in OmniBallot,” wrote Democracy Live CEO Bryan Finney. This is true in a sense—the researchers didn’t find any major bugs in the OmniBallot code. But it also misses the point of their analysis. The security of software not only depends on the software itself but also on the security of the environment on which the system runs. For example, it’s impossible to keep voting software secure if it runs on a computer infected with malware. And millions of PCs in the United States are infected with malware.

National: Some states have embraced online voting. It’s a huge risk. | Eric Geller/Politico

Some West Virginians voting in Tuesday’s primary will be allowed to tap on their phones or laptops instead of heading to the polls. Some in Delaware will get to do the same next month. And the trend may spread into November, as the coronavirus pandemic inspires a search for voting methods that don’t expose people to the deadly disease. But moving elections to the internet poses huge risks that the United States is unprepared to handle — endangering voters’ privacy, the secrecy of the ballot and even the trustworthiness of the results. The problems: The internet is riddled with security flaws that hackers can exploit. So are voters’ computers, smartphones and tablets. And the U.S. has never developed a centralized digital identity system like the one in Estonia, a tiny, digitally savvy nation that has held its elections online since 2005. “Securing the return of voted ballots via the internet while ensuring ballot integrity and maintaining voter privacy is difficult, if not impossible, at this time,” four federal agencies, including the Department of Homeland Security’s cybersecurity arm and the FBI, warned in a bulletin last month. They called it far riskier than mail-in voting, the technology that has drawn the bulk of the political debate during the pandemic. On Sunday, researchers at the Massachusetts Institute of Technology and the University of Michigan revealed numerous security flaws in the product that West Virginia and Delaware are using, saying it “represents a severe risk to election security and could allow attackers to alter election results without detection.”

National: Democracy Live Internet Voting System Can Be Hacked, Researchers Warn | Lucas Ropek /Government Technology

An online voting platform that has seen recent adoption by numerous state and county governments has vulnerabilities that could be exploited to change votes without the knowledge of election officials, a new report alleges. The OmniBallot, which is a product of Seattle-based tech firm Democracy Live, purports to offer “secure, accessible remote balloting for all voters” and is being used by state or county governments in Oregon, Washington, Colorado, Ohio, Florida, New Jersey and West Virginia. The company developed a number of contracts for limited Internet voting pilot programs with states earlier this year, after COVID-19 threatened to disrupt primary elections nationwide. These programs are fairly limited in scope and largely focus on overseas voters and the disabled. However, computer science researchers say what the company really offers is an insecure platform. The recently published report from professors Michael J. Specter, of MIT, and J. Alex Halderman, of the University of Michigan, states that the company “uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare [its partners].”

National: Major Problems With Voting in Atlanta as 5 States Hold Primaries | Astead W. Herndon and Stephanie Saul/The New York Times

Georgia election officials, poll workers and voters reported major trouble with voting in Atlanta and elsewhere on Tuesday as the state’s primaries got underway, most critically a series of problems with new voting machines that forced many people across the state to wait in long lines and cast provisional ballots. Mayor Keisha Lance Bottoms said on Twitter that voting machines were not working in many parts of the city. Poll workers in several locations were having difficulty operating the machines, which were new models. “If you are in line, PLEASE do not allow your vote to be suppressed,” Ms. Bottoms wrote. “PLEASE stay in line.” Nikema Williams, the chairwoman of the Democratic Party of Georgia, said she had 84 text messages reporting voting problems within 10 minutes of the polls opening at 7 a.m. Ms. Williams, who is a state senator from Atlanta, said that in some locations the voting machines did not work and in at least one other no machines ever arrived. “It’s a hot mess,” Ms. Williams said. “How do you not have a voting machine?”

National: Cyber Command creates new malware sharing portal with National Guard | Mark Pomerleau/The Fifth Domain

A new portal created by U.S. Cyber Command and the National Guard provides a two-way interface for sharing malware and gain better insights into cyber threats facing the nation, according to a June 9 release from the command. This portal, called Cyber 9-Line, allows participating Guard units from their perspective states to quickly share incidents with Cyber Command. Cyber Command’s elite Cyber National Mission Force, which conducts operations aimed at disrupting specific nation state actors, is then able to provide analysis on the malware and offer feedback to the states to help redress the incident. “This level of cooperation and feedback provides local, state and Department on Defense partners with a holistic view of threats occurring in the United States and abroad,” said Brig. Gen. William Hartman, commander of the Cyber National Mission Force and the lead for Cyber Command’s election security group. “Dealing with a significant cyber incident requires a whole-of-government defense, bidirectional lines on communication and data sharing enables the collective effort to defend elections.”

National: Minuscule number of potentially fraudulent ballots in states with universal mail voting undercuts Trump claims about election risks | Elise Viebeck/The Washington Post

As nearly every state expands its capacity for absentee voting this year, President Trump and his GOP allies have attacked the process as prone to rampant fraud. But a Washington Post analysis of data collected by three vote-by-mail states with help from the nonprofit Electronic Registration Information Center (ERIC) found that officials identified just 372 possible cases of double voting or voting on behalf of deceased people out of about 14.6 million votes cast by mail in the 2016 and 2018 general elections, or 0.0025 percent. The figure reflects cases referred to law enforcement agencies in five elections held in Colorado, Oregon and Washington, where all voters proactively receive ballots in the mail for every election. The minuscule rate of potentially fraudulent ballots in those states adds support to assertions by election officials nationwide that with the right safeguards, mail voting is a secure method for conducting elections this year amid the threat of the novel coronavirus — undercutting the president’s claims. Until now, the polarized debate about ballot fraud has largely featured individual anecdotes from around the country of attempts to vote illegally. The voting figures from the three states examined by The Post provide a robust data set to measure the prevalence of possible fraud.

National: Online Voting System Used in Florida and Elsewhere Has Severe Security Flaws, Researchers Find | Kim Zetter/OneZero

New research shows that an internet voting system being used in multiple states this year is vulnerable to hacking, and could allow attackers to alter votes without detection. On Sunday, researchers published a report that details how votes in OmniBallot, a system made by Seattle-based Democracy Live, could be manipulated by malware on the voter’s computer, insiders working for Democracy Live, or external hackers. OmniBallot is currently used in Colorado, Delaware, Florida, Ohio, Oregon, Washington, and West Virginia. Though online voting has typically been used by overseas military and civilian voters, it could expand to more voters in the future due to the pandemic. The researchers found that bad actors could gain access to ballots by compromising Democracy Live’s network or any of the third-party services and infrastructure that the system relies on, including Amazon, Google, and Cloudflare. “At worst, attackers could change election outcomes without detection, and even if there was no attack, officials would have no way to prove that the results were accurate,” the researchers, Michael Specter at the Massachusetts Institute of Technology and J. Alex Halderman of the University of Michigan, write. “No available technology can adequately mitigate these risks, so we urge jurisdictions not to deploy OmniBallot’s online voting features.”

National: Study finds vulnerabilities in online voting tool used by several states | Maggie Miller/The Hill

Researchers with the Massachusetts Institute of Technology (MIT) and the University of Michigan found multiple security vulnerabilities in an online voting tool being used by at least three states. The study evaluated Democracy Live’s OmniBallot, a program that Delaware, New Jersey and West Virginia are using to allow military personnel and voters with disabilities to cast ballots amid the COVID-19 pandemic. The company also has a contract with the Defense Department to provide ballots to military personnel overseas. According to the paper published Sunday, the system opens up the voting process to a range of vulnerabilities that could lead to election interference. “We conclude that using OmniBallot for electronic ballot return represents a severe risk to election security and could allow attackers to alter election results without detection,” the researchers wrote.

National: Hackers Are Already Screwing With the 2020 Election | Eric Lutz/Vanity Fair

Donald Trump has spent months promulgating bad-faith attacks on remote voting, masking his fears that high turnout could favor his Democratic opponent with unfounded claims that it would result in widespread fraud. “WE CAN NEVER LET THIS TRAGEDY BEFALL OUR NATION,” he tweeted of mail-in voting last month. But while the president’s attacks on proposals to ensure votes can be safely cast amid the coronavirus pandemic may be obvious lies, some remote voting measures have raised legitimate concerns about the risk of foreign interference. With COVID-19 almost certain to remain an enormous public health issue through election day in November, several states—including ones led by Republicans—have sought to expand access to mail-in voting. A handful are going even further, experimenting with or ramping up online voting. According to the New York Times, the latter is potentially vulnerable to hacking, with researchers warning that online voting could present opportunities for foreign manipulation. “Online voting raises such severe risks that, even in a time of unrest and pandemic, these jurisdictions are taking a major risk of undermining the legitimacy of their election results,” University of Michigan computer science professor J. Alex Halderman told the Times.

National: DARPA wants hackers to try to crack its new generation of super-secure hardware | Joseph Marks/The Washington Post

The Pentagon’s top research agency thinks it has developed a new generation of technology that will make voting machines, medical databases and other critical digital systems far more secure against hackers. Now, the Defense Advanced Research Projects Agency, which helped invent GPS and the Internet, is launching a contest for ethical hackers to try to break into that technology before it goes public. DARPA is offering the hackers cash prizes for any flaws they find using a program called a “bug bounty.” The new technology is based on re-engineering hardware, such as computer chips and circuits, so that the typical methods hackers use to undermine the software that runs on them become impossible. That’s far different from the standard approach to cybersecurity, in which tech companies release a never-ending stream of software patches every time bad guys discover a new bug.

National: COVID-19 Adds to US Election Security Challenges: Report | Ishita Chigilli Palli/GovInfo Security

The global COVID-19 pandemic has created a new series of cybersecurity challenges for election officials across the U.S., including concerns about the security of mail-in ballots and whether attackers will target vulnerable networks for those local election workers still working remotely, according to a new report. The Brennan Center for Justice, a nonpartisan law and public policy institute connected to New York University Law School, released a report on Friday urging Congress to provide states with the required resources to ensure more secure election process. “Effective digital resiliency plans can ensure that operations continue and eligible citizens are able to exercise their right to vote even in the face of cyberattacks or technical malfunctions,” according to the report.

National: Chinese and Iranian APT Groups Targeted US Presidential Campaigns | Kelly Sheridan/Dark Reading

Google’s Threat Analysis Group (TAG) recently saw a China-linked cyberattack group targeting Joe Biden’s 2020 presidential campaign staff, and an Iran-linked attack group targeting Donald Trump’s campaign staff. Both incidents involved phishing; neither one indicated a compromise. TAG director Shane Huntley posted a tweet about the findings late last week. Both campaigns were notified of the attempts and informed federal law enforcement, he wrote. This isn’t the first time that attackers have attempted to infiltrate the Trump campaign: Last year, Microsoft found a group seemingly linked to the Iranian government targeted Trump’s 2020 reelection efforts. Because this year’s elections are only a few months away, this discovery isn’t surprising. If the Trump and Biden campaigns represent the major political parties on November 3, there will be more intelligence value placed on their communications, says Charles Ragland, security engineer at Digital Shadows.

National: As states explore online voting, new report warns of ‘severe risk’ | Susan Miller/GCN

As states look for alternatives to in-person voting in the event the coronavirus flares again in the fall, researchers at MIT released a report on the security of OmniBallot, an internet voting and ballot delivery system that been used by the military and overseas and disabled voters in approximately 600 jurisdictions. The platform was developed by Democracy Live, a company providing cloud-based voting technologies, that describes its OmniBallot Online product as an electronic, fully accessible ballot solution for vote-by-mail and absentee voters as well as for those covered by the Uniformed and Overseas Citizens Absentee Voting Act. Qualified voters can use the service to print their ballots, fill them out and mail them or deliver them in person. An online ballot marking version is used by disabled voters who use it to electronically select candidates, print the completed ballot and then mail it in or deliver it. This year, however, three states are allowing some voters to use the web application to return their ballots online, MIT researchers said.

National: Rights Groups Say Age-Based Laws on Absentee Voting Are Unconstitutional | Travis Bubenik/Courthouse News

As the coronavirus pandemic continues to prompt concerns about the safety of in-person voting, a coalition of voting rights groups argues in a new report that Texas, South Carolina and multiple other U.S. states are violating the U.S. Constitution by only letting older citizens vote by mail. In the report released Thursday, the Voting Rights Project at the University of California Los Angeles, the National Vote at Home Institute and other groups claim that placing age restrictions on absentee voting violates the 26th Amendment, which guarantees Americans the right to vote at the age of 18. “These laws use age to create two classes of voters – one with easier access to the ballot box than the other – and work to abridge the voting rights of younger voters,” the groups behind the report said in a statement. The coalition is pushing for “immediate litigation” against states with age restrictions on absentee voting.

National: U.S. states see major challenge in delivering record mail ballots in November | Jason Lange/Reuters

With a health crisis expected to drive a surge in mail voting in November, U.S. election officials face a major challenge: Ensure tens of millions of ballots can reach voters in time to be cast, and are returned in time to be counted. Recent presidential nomination contests and other elections held in the midst of the coronavirus pandemic – a warm-up for the Nov. 3 general election if COVID-19 remains a threat – showed some states have been overwhelmed by the sudden rush to vote by mail. Nearly half of U.S. states allow voters to request absentee ballots less than a week before their elections. Even under normal circumstances, that often is too little lead time to guarantee voters will receive their ballots and have sufficient time to return them, election experts and state officials say. In Ohio, for example, whose nearly all-mail election on April 28 was marred by ballot delivery delays, Republican Secretary of State Frank LaRose has asked state lawmakers to change the deadline for voters to request a mail ballot to one week before an election, up from three days currently. “It is not logistically possible” for all voters asking for ballots at the last minute to get them in time to return them by mail, LaRose told Reuters. “That relies on a lot of luck.”

National: Report details new cyber threats to elections from COVID-19 | Maggie Miller/The Hill

Election officials face a wide range of new cybersecurity threats stemming from voting changes spurred by the coronavirus pandemic, according to a report released Friday. The report, compiled by New York University’s Brennan Center for Justice, lays out threats such as attempts to target election officials working on unsecured networks at home, recovering from voter registration system outages and securing online ballot request systems. “Voters are already placing increased demands on online registration systems and mail ballot options,” the authors wrote in the report. “At the same time, the risk of cyberattacks from foreign state and nonstate actors alike remains.” Lawrence Norden, director of the Brennan Center’s Election Reform Program and a co-author of the report, told The Hill that election officials were already faced with cybersecurity threats, but they’re now also facing COVID-19 challenges. “Now that we are past the primaries in a lot of states, there is time to return our attention again to cybersecurity, and obviously the threat hasn’t gone away just because we are dealing with COVID-19 in the United States,” Norden said.

National: Amid Pandemic and Upheaval, New Cyber Risks to the Presidential Election | David E. Sanger, Nicole Perlroth and Matthew Rosenberg/The New York Times

With the general election less than 150 days away, there are rising concerns that the push for remote voting prompted by the pandemic could open new opportunities to hack the vote — for President Vladimir V. Putin of Russia, but also others hoping to disrupt, influence or profit from the election. President Trump has repeatedly said that mail-in ballots invite voter fraud and would benefit Democrats. It is a baseless claim: Mail-in voting has resulted in little fraud in the five states that have used it for years, and a recent study at Stanford University found that voting by mail did not advantage either party and might increase voter turnout for both parties. But there are different worries. The rush to accommodate remote voting is leading a small number of states to experiment with or expand online voting, an approach the Department of Homeland Security deemed “high risk” in a report last month. It has also put renewed focus on the assortment of online state voter registration systems, which were among the chief targets of Russian hackers in 2016. Their security is central to ensuring that, come November, voters actually receive their mail-in ballots or can gain access to online voting. While Russian hackers stopped short of manipulating voter data in 2016, American officials determined the effort was likely a dry run for future interference. To head off that threat, last summer the Department of Homeland Security hired the RAND Corporation to re-evaluate the nation’s election vulnerabilities, from poll booths to the voter registration systems. RAND’s findings only heightened the longstanding fears of government officials: State and local registration databases could be locked by hackers demanding ransomware or manipulated by outside actors.

National: GOP recruits army of poll watchers to fight voter fraud no one can prove exists | Jane C. Timm/NBC

Republicans are recruiting an estimated 50,000 volunteers to act as “poll watchers” in November, part of a multimillion-dollar effort to police who votes and how. That effort, coordinated by the Republican National Committee and President Donald Trump’s re-election campaign, includes a $20 million fund for legal battles as well as the GOP’s first national poll-patrol operation in nearly 40 years. While poll watching is an ordinary part of elections — both parties do it — voting rights advocates worry that such a moneyed, large-scale offensive by the Republicans will intimidate and target minority voters who tend to vote Democratic and chill turnout in a pivotal contest already upended by the coronavirus pandemic. Some states allow poll monitors to challenge a voter’s eligibility, requiring that person’s ballot undergo additional vetting to be counted. In Michigan, for example, a challenged voter will be removed from line and questioned about their citizenship, age, residency and date of voter registration if, according to election rules, a vote challenger has “good reason” to believe they are not eligible. They are required to take an oath attesting that their answers are true and are given a special ballot.

National: How to Protect Your Vote – a technical report on Democracy Live OmniBallot | Michael A. Specter and J. Alex Halderman/Internet Policy Research Initiative at MIT

See the full technical report on OmniBallot here

Today, MIT and University of Michigan researchers released a report on the security of OmniBallot, an Internet voting and ballot delivery system produced by Democracy Live. This system has been deployed in Delaware, West Virginia, and other jurisdictions. Our goal is to provide election officials and citizens the information they need to ensure that elections are conducted securely. Based on our findings, we have specific recommendations for both governments and individual voters.

National: Attempted hacks of Trump and Biden campaigns reveal a race to disrupt the 2020 general election | Joseph Marks/The Washington Post

It’s official: The race to hack the 2020 general election is in full swing. Iran tried to hack into Gmail accounts used by President Trump’s reelection campaign staff, the leader of Google’s threat-hunting team revealed in a tweet. China, meanwhile, tried to hack staff for former vice president Joe Biden, the presumptive Democratic presidential nominee, Shane Huntley said. The hackers didn’t successfully breach those accounts. But these nation state-backed hacking campaigns are likely to be the just the beginning of a general election campaign that will be ripe for disruption by U.S. adversaries. “It’s no surprise the Chinese and Iranian governments are trying to compromise our 2020 presidential campaigns through cyberattacks. Their goal is simple: suck up information about our candidates’ campaigns and then create conflict and chaos in our election,” Matt Rhoades, who managed Mitt Romney’s 2012 campaign and helped launch a bipartisan group aimed at preventing election hacking, told me. Officials with the Department of Homeland Security and U.S. intelligence have been warning for years that Russia and other nations will try to use hacking and disinformation to undermine the 2020 contest in a replay of operations from the last presidential race, which leaked reams of embarrassing information about Democratic nominee Hillary Clinton in an effort to help Donald Trump.

National: George Floyd protests created surge in voter registrations, groups say | Brian Schwartz/CNBC

Voter registrations, volunteer activity and donations for groups linked to Democratic causes are surging in the midst of protests following the death of George Floyd, according to voting advocacy groups. This surge in registrations could end up being one of the factors that helps tip the election between apparent Democratic nominee Joe Biden and President Donald Trump. The efforts are by groups including Latino voter registration organizations, Rock the Vote and one co-chaired by former first lady Michelle Obama. Latino voter registration groups in recent weeks have noticed an uptick in their communities mobilization to vote, particularly from younger voters. The leaders of these organizations said that many are registering after nationwide outrage directed at police brutality and the spread of the coronavirus pandemic, which has left over 100,000 dead and tens of millions jobless in the United States. Unemployment rates for Hispanic and black workers remained high at 17.6% and 16.8%, respectively, even after the nation added 2.5 million jobs last month.

National: Turnout surges after states expand mail-in voting | Max Greenwood/The Hill

States that moved to rapidly expand mail-in balloting amid the coronavirus pandemic are seeing some of their highest levels of voter turnout in years, even as President Trump looks to clamp down on such efforts. In at least four of the eight states that held primaries on Tuesday, turnout surpassed 2016 levels, with most of the votes being cast via mail, according to an analysis of election returns by The Hill. Each of those states took steps earlier this year to send absentee ballot applications to all of their registered voters. In Iowa, for instance, total turnout reached 24 percent, up from about 15 percent in the state’s 2016 primaries and its highest ever turnout for a primary. But more strikingly, of the roughly 524,000 votes cast, some 411,000 of them came from absentee ballots – a nearly 1,000 percent increase over 2016 levels. The high turnout could encourage more states to take similar steps ahead of the November general elections. Trump has resisted such efforts, even threatening last month to hold up federal funding to Michigan and Nevada over state election officials’ decisions to send mail-in ballot applications to registered voters.

National: Report highlights voting inequities in tribal communities | Felicia Fonseca/Associated Press

Native American voting rights advocates are cautioning against states moving to mail-in ballots without opportunities for tribal members to vote safely in person. In a wide-ranging report released Thursday, the Native American Rights Fund outlined the challenges that could arise: online registration hampered by spotty or no internet service, ballots delivered to rarely-checked Post Office boxes and turnout curbed by a general reluctance to vote by mail. “We’re all for increased vote by mail,” said Jacqueline De Leon, a staff attorney with the group and a member of Isleta Pueblo in New Mexico. “We’re absolutely against all vote by mail. If there are no in-person opportunities, then Native Americans will be disenfranchised because it will be impossible for some of them to cast a ballot.” A few states automatically mail ballots to every eligible voter. Others are drawing up plans to rely more heavily on a mail-in system for this year’s elections amid the coronavirus pandemic and with social distancing guidelines in mind. Native Americans are reluctant to embrace the system because of cultural, historical, socioeconomic and language barriers, and past experiences, the report said.

National: Chaos in primary elections offers troubling signs for November | Joseph Marks/The Washington Post

Sometimes-chaotic primary elections across eight states and the District of Columbia foreshadowed challenges that could undermine the security and legitimacy of the general election in November. There were signs of dangerous shortcuts and workarounds, especially in the District where officials couldn’t get mail-in ballots out to everyone who requested them and resorted to accepting emailed ballots. Security experts warn such ballots are highly vulnerable to hacking because voters can’t verify they were recorded accurately. That was the biggest security concern on a night that was also marked by hours-long lines for in-person voting, last-minute extensions for absentee voting, and anxiety about going to the polls during the coronavirus pandemic and nationwide protests against police violence, which prompted curfews in some places including Washington and Philadelphia. The good news was that Department of Homeland Security officials said they hadn’t seen any signs of cyberattacks or significant disinformation campaigns from Russia or elsewhere as of a midday briefing. But they warned that disinformation attacks in particular might take more time to identify. Overall, the day produced a middling report card for election officials, with one big note: Needs improvement before November.

National: Presidential Campaigns Targeted by Suspected Chinese, Iranian Hackers | Robert McMillan/Wall Street Journal

Campaign staffers working on the presidential campaigns of Donald Trump and Joe Biden have been targeted with online attacks coming from Iran and China respectively, Google said, in a sign that the meddling four years ago in the U.S. presidential election by Russia could be pursued more widely this time. Google said Thursday that the staffers were targeted with so-called phishing attacks that often are an attempt to gain access to online email accounts. They raise the specter of a repeat of the 2016 campaign, during which Russian hackers stole information from Democratic staffers and posted them online. While neither China nor Iran are thought to have previously engaged in the kind of hacking and public dumping of emails that disrupted Hillary Clinton’s presidential campaign four years ago, some cybersecurity experts believe that Russia’s success in 2016 may spur copycat activity. The fact that the attacks targeted campaign staff should put campaigns on alert for a possible attempt to hack and dump information, said Graham Brookie, director of the Atlantic Council’s Digital Forensic Research Lab. “It should be a major red flag.”

National: Senate panel approves legislation requiring campaigns to report foreign election help | Manu Raju and Jeremy Herb/CNN

The Senate Intelligence Committee quietly approved on Wednesday a measure that would require presidential campaigns to report offers of foreign election influence to federal authorities, a move taken in response to Russian election interference in 2016 and one that could draw the attention of President Donald Trump, committee sources say. Senate Republicans, however, are preparing to remove the provision from the bill when it heads to the Senate floor. The committee adopted the measure behind closed doors in a classified setting, adding it to the Intelligence Authorization Act, a bill setting policy for the intelligence community. The amendment was offered by Sen. Mark Warner of Virginia, the committee’s top Democrat and the author of the standalone legislation, and GOP Sen. Susan Collins of Maine. It passed 8-7, with Collins joining the panel’s seven Democrats.

National: Confusion, long lines at some poll sites as eight U.S. states vote during coronavirus pandemic | John Whitesides and Jarrett Renshaw/Reuters

Confusion, complaints of missing mail-in ballots and long lines at some polling centers marred primary elections on Tuesday in eight states and the District of Columbia, the biggest test yet of voting during the coronavirus outbreak. The most extensive balloting since the pandemic sparked lockdowns in mid-March served as a dry run for the Nov. 3 general election. It offered a glimpse of the challenges ahead on a national scale if that vote is conducted under a lingering threat from COVID-19. All of the states voting on Tuesday encouraged or expanded mail-in balloting as a safe alternative during the outbreak, and most sharply reduced the number of in-person polling places as officials struggled to recruit workers to run them. That led to record numbers of mail-in ballots requested and cast in many states, along with complaints over not receiving requested ballots and questions about where to vote after polling places were consolidated. Pennsylvania and three of the other states voting – Indiana, Maryland and Rhode Island – had delayed their nominating contests from earlier in the year to avoid the worst of the coronavirus outbreak that has killed more than 106,000 people in the United States. Iowa, Montana, New Mexico, South Dakota and the District of Columbia also voted on Tuesday.

National: Google: Biden and Trump campaigns targeted by separate spearphishing campaigns | Shannon Vavra/CyberScoop

Hackers linked with China and Iran have been sending malicious spearphishing emails to staff on Joe Biden and President Donald Trump’s campaigns respectively, according to a researcher with Google’s Threat Analysis Group. Chinese government-linked hackers have been targeting Biden’s staffers, whereas Iranian government-linked hackers have been targeting Trump’s campaign, according to Shane Huntley, the Director of Google’s Threat Analysis Group. There is no evidence that the hacking attempts have resulted in compromises, Huntley said. This is just the latest warning from security researchers and the U.S. intelligence community that foreign government-backed hackers are interested in targeting various U.S. presidential campaigns during the 2020 election cycle, in what is turning out to be a tumultuous year for American citizens amid economic turmoil, the coronavirus pandemic, and mass protests about racism. “The Trump campaign has been briefed that foreign actors unsuccessfully attempted to breach the technology of our staff,” the Trump campaign told CyberScoop in a statement. “We are vigilant about cybersecurity and do not discuss any of our precautions.”

National: Trump’s Attacks on Vote-by-Mail Worry Some Election Officials | Matt Vasilogambros/Stateline

There is growing concern among election officials and experts that the increasingly partisan debate around voting by mail could sow doubt in the results of the presidential election. For months, President Donald Trump has been one of the loudest opponents to vote by mail, which experts agree is a safe alternative to in-person voting during the novel coronavirus outbreak. There is little evidence it leads to voter fraud or benefits one party over another. “Mail-in ballots are a very dangerous thing,” Trump told reporters last month, despite evidence to the contrary. “They’re subject to massive fraud.” Trump has voted by mail several times, including in Florida’s primary earlier this year. By attacking mail-in voting with unsubstantiated claims, some officials and experts fear, the president’s outbursts could threaten the integrity of the general election by dissuading voters from participating and diminishing Americans’ trust in the legitimacy of the results. His narrative has consequences, said Marian Schneider, president of the election security nonprofit Verified Voting. It could lead to some Americans doubting the outcome of the November election, she said.