The Homeland Security Department may not wait for a legislative push before starting a bug bounty program, Secretary John Kelly told lawmakers Tuesday. Bug bounties are cash rewards organizations offer to ethical hackers who spot exploitable flaws in their systems. They’re common at major tech companies and have been done in pilot form at the Defense Department and several of the military services. … During Tuesday’s hearing, Kelly also told lawmakers he may reconsider a decision made late in the Obama administration to designate state and local election systems as critical infrastructure. Critical infrastructure is an official DHS designation that makes it easier for the department to provide resources and other aid. Kelly signaled early in his term he supported the designation. He may reconsider the designation, though, in light of “a large amount of pushback” from state-level officials and some members of Congress, he said. State officials consider the designation a federal power grab and worry it could undermine the nonpartisan image of election contests. The National Association of Secretaries of State called on DHS to rescind the designation in February.
Russian hacking of the 2016 U.S. election included sophisticated targeting of state officials responsible for voter rolls and voting procedures, according to a top secret U.S. intelligence document that was leaked and published this week, revealing another potential method of attempted interference in the vote. The month-old National Security Agency document outlined activities including impersonating an election software vendor to send trick emails to more than 100 state election officials. Analysts at the NSA believed the hackers were working for the Russian military’s General Staff Main Intelligence Directorate, or GRU, according to the document. The document’s publication on Monday by The Intercept, a news outlet that focuses on security issues, received particular attention because an intelligence contractor, Reality Leigh Winner, was charged the same day with leaking it.
Leaning back in his chair, Jonathan Mattingly swings his legs up onto his desk, presses a key on his laptop and changes the results of the 2012 elections in North Carolina. On the screen, flickering lines and dots outline a map of the state’s 13 congressional districts, each of which chooses one person to send to the US House of Representatives. By tweaking the borders of those election districts, but not changing a single vote, Mattingly’s maps show candidates from the Democratic Party winning six, seven or even eight seats in the race. In reality, they won only four — despite earning a majority of votes overall. Mattingly’s election simulations can’t rewrite history, but he hopes they will help to support democracy in the future — in his state and the nation as a whole. The mathematician, at Duke University in Durham, North Carolina, has designed an algorithm that pumps out random alternative versions of the state’s election maps — he’s created more than 24,000 so far — as part of an attempt to quantify the extent and impact of gerrymandering: when voting districts are drawn to favour or disfavour certain candidates or political parties.
Officials in some states are trying to figure out whether local election offices were targeted in an apparent effort by Russian military intelligence to hack into election software last fall. The efforts were detailed in a recently leaked report attributed to the U.S. National Security Agency. North Carolina is checking on whether any local systems were breached, while the revelation prompted an election security review in Virginia. Both are considered presidential battleground states. In Illinois, officials are trying to determine which election offices used software from the contractor that the report said was compromised.
This Monday, The Intercept broke the story of a leaked classified NSA report [pdf link] on an email-based attack on a various US election systems just before the 2016 US general election. The NSA report, dated May 5, 2017, details what I would assume is only a small part of a more comprehensive investigation into Russian intelligence services’ “cyber operations” to influence the US presidential race. The report analyzes several relatively small-scale targeted email operations that occurred in August and October of last year. One campaign used “spearphishing” techniques against employees of third-party election support vendors (which manage voter registration databases for county election offices). Another — our focus here — targeted 112 unidentified county election officials with “trojan horse” malware disguised inside plausibly innocuous-looking Microsoft Word attachments. The NSA report does not say whether these attacks were successful in compromising any county voting offices or what even what the malware actually tried to do.
A leaked intelligence document outlining alleged attempts by Russian military intelligence to hack into U.S. election systems is the latest evidence suggesting a broad and sophisticated foreign attack on the integrity of the nation’s elections. And it underscores the contention of security experts and computer scientists that the highly decentralized, often ramshackle U.S. election system remains profoundly vulnerable to trickery or sabotage. The document, purportedly produced by the U.S. National Security Agency, does not indicate whether actual vote-tampering occurred. But it adds significant new detail to previous U.S. intelligence assessments that alleged Russia-backed hackers had compromised elements of America’s electoral machinery. It also suggests that attackers may also have been laying groundwork for future subversive activity. The operation described in the document could have given attackers “a foothold into the IT systems of elections offices around the country that they could use to infect machines and launch a vote-stealing attack,” said J. Alex Halderman, a University of Michigan computer scientist. “We don’t have evidence that that happened,” he said, “but that’s a very real possibility.”
National: Latest NSA Leak Reveals Exactly the Kind of Cyberattack Experts Had Warned About | MIT Technology Review
The details of an apparent Russian state-sponsored cyberattack on local election officials and a vendor of U.S. voting software are shocking—but they shouldn’t be surprising. In fact, experts had been warning for months before the 2016 election about exactly the type of attack that was revealed Monday in leaked NSA documents. According to the documents, the purpose of the attack, which occurred last August, was “to obtain information on elections-related software and hardware solutions.” The attackers “likely used data obtained from that operation to create a new email account and launch a voter-registration themed spear-phishing campaign targeting U.S. local government organizations.” The NSA’s analysis does not draw any conclusions about whether the attack affected voting outcomes in the presidential election in November, or any other national or local races. But targeting voter registration systems is widely seen as one of the most effective ways to use a cyberattack to disrupt the electoral process. An adversary with access to voter registration information could, for example, delete names from the voter roll or make other modifications to the data that could cause chaos on Election Day. (See “How Hackers Could Send Your Polling Station Into Chaos.”)
In the wake of a leaked intelligence document describing Russian attempts to hack voting systems, Department of Homeland Security Secretary John Kelly doubled down on maintaining the designation of voting systems as critical infrastructure. Kelly told the Senate Homeland Security and Governmental Affairs Committee on June 6 that despite pushback he’s received from state and local election officials — as well as “many members of Congress” — he would support the designation put in place by his predecessor Jeh Johnson. “I don’t believe we should” back off on the critical infrastructure designation, he testified, adding that he plans to meet with state officials next week to further discuss how DHS can make sure states’ election systems are protected. “We’re here to help,” he said. “There is nothing more fundamental to our democracy than voting.”
Russian military hackers said to have infiltrated the U.S. election system would have had several potential avenues to influence U.S. elections — including by tampering with voting rolls, interference that could have had an important impact in swing states. Whether or not this happened isn’t outlined in a leaked National Security Agency report that led to the arrest Monday of a federal contractor with top-secret security clearance. There has been no evidence votes were changed in the 2016 presidential election, though officials in North Carolina are actively investigating attempts to compromise the state’s electronic poll book software. Online news site The Intercept said the report it obtained said Russian military intelligence executed a cyber attack on VR Systems, a Florida-based U.S. supplier of voting software. Hackers used the VR Systems account to send deceptive emails to more than 100 local election officials in the days leading up to the November presidential election, according to The Intercept.
The top Democrat on the Senate Intelligence Committee told USA TODAY on Tuesday that Russian attacks on election systems were broader and targeted more states than those detailed in an explosive intelligence report leaked to the website The Intercept. “I don’t believe they got into changing actual voting outcomes,” Virginia Sen. Mark Warner said in an interview. “But the extent of the attacks is much broader than has been reported so far.” He said he was pushing intelligence agencies to declassify the names and number of states hit to help put electoral systems on notice before midterm voting in 2018. “None of these actions from the Russians stopped on Election Day,” he warned.
National: Democrats warned of potential hacking of voter registration systems before 2016 election | McClatchy
It wasn’t just the National Security Agency that knew about Russian attempts to infiltrate U.S. voting systems. In the weeks leading to the 2016 presidential election, the then-leader of the Democratic National Committee warned the Department of Homeland Security that voter registration and absentee voting lists might have been sabotaged. Donna Brazile, who was serving as the party’s acting chairwoman, said she also urged Republican National Committee Chairman Reince Priebus to learn more about the possible problems and to sign a joint statement with her, raising these concerns to DHS. Priebus declined, Brazile told McClatchy on Tuesday. “There is fear that the goal of a hacker attack on the voter list is to delete or alter names or other information and cause incidents at the polling stations,” Brazile wrote in an Oct. 18 letter to Priebus, now President Donald Trump’s chief of staff.
Democrats would need to flip 24 seats to retake the U.S. House in 2018. But at least two-thirds of that tally may be permanently out of reach, thanks to a dirty geographical trick played by Republican lawmakers in 2010. That’s according to a new Brennan Center analysis of gerrymandering — the process lawmakers use to draw legislative districts for their own partisan advantage. A bit of background before we delve into the nitty-gritty. Every 10 years, congressional districts are redrawn following the Census. On paper, this is done to ensure the people’s House is representative of the country’s people — states gain or lose districts based on population changes, and district boundaries shift to reflect our ever-changing demographics.
Russian hackers attacked at least one U.S. voting software supplier days before last year’s presidential election, according to a government intelligence report leaked Monday that suggests election-related hacking penetrated further into U.S. voting systems than previously known. The classified National Security Agency report, which was published online by The Intercept, does not say whether the hacking had any effect on election results. But it says Russian military intelligence attacked a U.S. voting software company and sent spear-phishing emails to more than 100 local election officials at the end of October or beginning of November. U.S. intelligence agencies declined to comment. However, the Justice Department announced Monday it had charged a government contractor in Georgia with leaking a classified report containing “Top Secret level” information to an online news organization. The report the contractor allegedly leaked is dated May 5, the same date as the document The Intercept posted online.
Russia’s military intelligence agency launched an attack before Election Day 2016 on a U.S. company that provides voting services and systems, according to a top secret report posted Monday by The Intercept. … J. Alex Halderman, a computer security expert from the University of Michigan, is among those who have been sounding the alarm for years. “It’s highly significant that these attacks took place, because it confirms that Russia was interested in targeting voting technology, at least to some extent. I hope further investigation can shed more light on what they intended to do and how far they got,” he says. Halderman and others note that local election officials often contract with private vendors, such as VR Systems, to program their voting equipment. He says if those vendors are hacked, then malware could easily be spread to local election offices and ultimately to individual voting machines. Jeremy Epstein, another voting security expert, said that even though the NSA report describes efforts to hack into voter registration systems, once a hacker has access to a local election office’s computers, they can potentially infect other aspects of the election. “If I was a Russian trying to manipulate an election, this is exactly how I would do it,” he says.
National: Reality Winner accused of leaking NSA file about Russia hacking US election | The Guardian
Three days before Americans voted last November, Reality Winner joked with her sister online that Moscow’s efforts to influence the US presidential election could have an upside for her as a keen weightlifter. “When we become the United States of the Russian Federation,” she said on Facebook, “Olympic lifting will be the national sport.” Seven months later, Winner, 25, called home to Texas on Saturday to let her family know that the Russian hacking saga had ended up landing her in a far more serious situation. “She said that she had been arrested by the FBI and that she couldn’t really talk about it,” her mother, Billie Winner-Davis, told the Guardian in a telephone interview. “I am still in shock.”
An intelligence contractor was charged with sending a classified report about Russia’s interference in the 2016 election to the news media, the Justice Department announced Monday, the first criminal leak case under President Trump. The case showed the department’s willingness to crack down on leaks, as Mr. Trump has called for in complaining that they are undermining his administration. His grievances have contributed to a sometimes tense relationship with the intelligence agencies he now oversees. The Justice Department announced the case against the contractor, Reality Leigh Winner, 25, about an hour after the national-security news outlet The Intercept published the apparent document, a May 5 intelligence report from the National Security Agency. The report described two cyberattacks by Russia’s military intelligence unit, the G.R.U. — one in August against a company that sells voter registration-related software and another, a few days before the election, against 122 local election officials.
National: Who Won the Election? NSA Report Suggests Russia Might Have Hacked Voting System | Newsweek
Russian military intelligence attempted to cyber-attack a U.S. voting software supplier and more than 100 local election officials in the days leading up to the 2016 presidential election, The Intercept reported Monday. While there is no indication that voting machines or the result of the election were tampered with, this is the first report of its type to raise serious questions about whether Russian hackers attempted to breach the voting system. According to an NSA document acquired by The Intercept, Russian military intelligence cyber-attacked a U.S. voting software supplier, using information gained in that attack to “launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.”
Susan Rice, former President Obama’s national security adviser, on Sunday dismissed Russian President Vladimir Putin’s denials that Russia meddled in the 2016 U.S. presidential election. “Frankly, he’s lying,” Rice said on ABC’s “This Week.” “The reality is — as all of our intelligence agencies have come together to affirm with high confidence — the Russian government at the highest levels was behind the very unprecedented effort to meddle in our 2016 presidential election.” Rice said the country needs to understand how and why that happened. The country also needs to find out whether there is “any evidence to suggest that there were those on the American side who facilitated that meddling,” she said, referring to allegations that members of President Trump’s campaign colluded with Moscow.
National: Trump Appears Unlikely to Hinder Comey’s Testimony About Russia Inquiry | The New York Times
President Trump does not plan to invoke executive privilege to try to prevent James B. Comey, the former F.B.I. director, from providing potentially damaging testimony to Congress on statements the president made about an investigation into his former national security adviser, two senior administration officials said Friday. Mr. Trump could still move to block the testimony next week, given his history of changing his mind at the last minute about major decisions. But legal experts have said that Mr. Trump has a weak case to invoke executive privilege because he has publicly addressed his conversations with Mr. Comey, and any such move could carry serious political risks. One of the administration officials said Friday evening that Mr. Trump wanted Mr. Comey to testify because the president had nothing to hide and wanted Mr. Comey’s statements to be publicly aired. The officials spoke on the condition of anonymity because they did not want to be identified discussing a decision that had not been announced.
Vladimir Putin has given his broadest hint yet that Russia may have played a role in the hacking of western elections but emphatically denied that his government was involved. Speaking at the St Petersburg economic forum, the Russian president acknowledged that it was “theoretically possible” that “patriotic” Moscow hackers might have interfered in foreign polls. Asked on Thursday if Russia would meddle in Germany’s election later this year, Putin said: “If [hackers] are patriotically minded, they start to make their own contribution to what they believe is the good fight against those who speak badly about Russia. “Is that possible? Theoretically, that’s possible,” he said.
The March for Truth, the latest in what has become nearly weekly demonstrations of various stripes against the Trump administration, drew a sign-waving crowd to the Washington Monument on Saturday to protest possible collusion between associates of President Trump and Russian officials in the 2016 election. As new revelations have continued to emerge five months into the administration — the latest involving reported efforts by Jared Kushner, Mr. Trump’s son-in-law and adviser, to create a secret back channel to Russia — the protest was organized on Twitter under the banner #MarchforTruth. The several dozen demonstrators in Washington said they were demanding a well-staffed, independent commission, removed from the White House’s influence, to investigate the possibility of collusion. They also called for Mr. Trump to release his tax returns, saying the documents could shed light on any connections to Russia.
Shifting from his previous blanket denials, President Vladimir V. Putin of Russia suggested on Thursday that “patriotically minded” private Russian hackers could have been involved in cyberattacks last year that meddled in the United States presidential election. While Mr. Putin continued to deny any state role in the hacking, his comments, made to reporters in St. Petersburg, Russia, departed from the Kremlin’s previous position: that Russia had played no role whatsoever in the hacking of the Democratic National Committee and that, after Donald J. Trump’s victory, the United States had become the victim of anti-Russia hysteria among crestfallen Democrats. Asked about suspicions that Russia might try to interfere in the coming elections in Germany, Mr. Putin raised the possibility of attacks on foreign votes by what he portrayed as free-spirited Russian patriots. Hackers, he said, “are like artists” who choose their targets depending how they feel “when they wake up in the morning.” Any such attacks, he added, could not alter the result of elections in Europe, America or elsewhere.
Russian President Vladimir Putin conceded for the first time that perhaps computer hackers from his country actually had worked to undermine Democratic candidate Hillary Clinton in the 2016 election. The concession comes as the Trump administration is preparing to restore Russian diplomats’ access to two luxury East Coast vacation properties a few months after the Obama administration took them away as punishment for Russian interference in the election. Speaking to reporters in St. Petersburg, Putin continued to insist that there had been no government-sponsored effort to attack Clinton and the Democratic National Committee — a claim the entire U.S. Intelligence Community rejects. However, he said, “patriotic” Russian hackers might have taken it upon themselves to stand up for their country against someone, as Putin put it, “who say bad things” about it.
The House Intelligence Committee issued subpoenas Wednesday for testimony, documents and business records from former national security adviser Michael Flynn and President Trump’s personal attorney, Michael Cohen, as part of an investigation into Russian interference in last year’s presidential election. “As part of our ongoing investigation into Russian active measures during the 2016 campaign, today we approved subpoenas for several individuals for testimony, personal documents and business records,” said a joint statement from Reps. Mike Conaway, R-Texas, and Adam Schiff, D-Calif., who are leading the House committee’s inquiry. “We hope and expect that anyone called to testify or provide documents will comply with that request, so that we may gain all the information within the scope of our investigation. We will continue to pursue this investigation wherever the facts may lead.”
National: Trump administration moves to return Russian compounds in Maryland and New York | The Washington Post
The Trump administration is moving toward handing back to Russia two diplomatic compounds, near New York City and on Maryland’s Eastern Shore, that its officials were ejected from in late December as punishment for Moscow’s interference in the 2016 presidential election. President Barack Obama said Dec. 29 that the compounds were being “used by Russian personnel for intelligence-related purposes” and gave Russia 24 hours to vacate them. Separately, Obama expelled from the United States what he said were 35 Russian “intelligence operatives.”
National: Hillary Clinton: Russia Got Help From Americans in Election Meddling | Wall Street Journal
Hillary Clinton on Wednesday said she believes that Russians likely received help from inside the U.S. on how to effectively use the information that intelligence agencies say was gathered to meddle in last year’s presidential election, which she lost to President Donald Trump. “The Russians, in my opinion and based on the intel and counterintel people I’ve talked to, could not have known how best to weaponize that information unless they had been guided,” said Mrs. Clinton at the Code technology conference in Rancho Palos Verdes, Calif. Mrs. Clinton added that the guidance would likely have come from Americans and people with polling and data information.
During a lull between elections, the Supreme Court is taking on a hot-button political issue that could change the way legislative lines are drawn across the country. It’s called gerrymandering — a term that arises from a district shaped like a salamander that was drawn during the 1810 term of Massachusetts Gov. Elbridge Gerry. Two hundred years later, legal experts are still divided on the racial and partisan considerations at issue. Earlier this month, Justice Elena Kagan, writing for the majority of the Supreme Court, tore up two congressional district maps in North Carolina, holding that they amounted to an unconstitutional racial gerrymander. “A state may not use race as the predominant factor in drawing district lines,” she wrote, referencing a 1993 court standard, “unless it has a compelling reason.”
National: Rep. Adam Schiff says alleged Russian meddling in election was an effort to destroy American democracy | Los Angeles Times
Rep. Adam Schiff (D-Burbank) said Tuesday that the alleged Russian meddling in last year’s presidential election was about far more than favoring one candidate over another. He said it was an effort to undermine the foundation of American democracy in order to prop up an authoritarian regime in Moscow. “Now if you look at this as just a one-off intervention, you might be inclined to dismiss the greater significance of it, or if you listen to the president, you might be inclined to dismiss this as simply efforts to relitigate a lost election,” Schiff told several hundred people at UC Irvine. “But the significance is really far greater. Quite separate and apart from the desire of the Russians to help Donald Trump and hurt Hillary Clinton was a more fundamental objective, and that was really to tear down at our democracy.”
It’s time to fix the voting process. American voting systems have improved in recent years, but they collectively remain a giant mess. Voting is controlled by states, and typically administered by counties and local governments. Voting laws differ depending on where you are. Voting machines vary, too; there’s no standard system for the nation. Accountability is a crapshoot. In some jurisdictions, voters use machines that create electronic tallies with no “paper trail”—that is, no tangible evidence whatsoever that the voter’s choices were honored. A “recount” in such places means asking the machine whether it was right the first time. We need to fix all of this. But state and local governments are perpetually cash-starved, and politicians refuse to spend the money that would be required to do it.
Hackers will target American voting machines—as a public service, to prove how vulnerable they are. When over 25,000 of them descend on Caesar’s Palace in Las Vegas at the end of July for DEFCON, the world’s largest hacking conference, organizers are planning to have waiting what they call “a village” of different opportunities to test how easily voting machines can be manipulated. Some will let people go after the network software remotely, some will be broken apart to let people dig into the hardware, and some will be set up to see how a prepared hacker could fiddle with individual machines on site in a polling place through a combination of physical and virtual attacks.