National: My Conversation With a Leading Election Technology Researcher Should Terrify You | Patriot NOT Partisan

Def Con is a 25 year old hacking convention where the worlds best hackers come together often highlighting security vulnerabilities in technology. This year, Def Con made news by raising awareness of our voting machine insecurities by challenging hackers to hack into the voting machines commonly used in this country for elections. These Def Con hacks took place in the “Voting Village”. I spoke with Voting Village organizer and leading election technology researcher, Harri Hursti, about the results of the experiment and the challenges we face in securing our elections in the future.

AM: Tell me about Def Con and the “Voting Village” and the role you played in the experiment.

HH: I was the co-organizer of the Village along with professor Matt Blaze.

AM: What was the main purpose of this exhibition?

HH: Education. We wanted to let the security community learn more about the machines and the designs. So far, only a very small group of people have been allowed to study and research these machines. As a result there was a lot of misinformation, rumors and false claims, and finding proven facts was difficult. The broader community which has 1st hand experience can help the public and the policy makers to get the facts known and drive better policies and practices to secure the elections.

Georgia: Election hacking suit over Georgia race could be sign of what’s to come | USA Today

First elections, then probes into hacking. Now, the lawsuits over election hacking. A group of Democrat and Republican voters in Georgia is suing the state to overturn its fiercely fought June special election, saying evidence the state’s voter database was exposed to potential hackers for at least eight months invalidates the results. The lawsuit, which went to pre-trial conferences this week, could be a sign of disputes to come as revelations mount about the vulnerability of the U.S. election system and Russian attempts to infiltrate it. “As public attention finally starts to focus on the cybersecurity of election systems, we will see more suits like this one, and eventually, a woke judge will invalidate an election,” said Bruce McConnell, vice president of the EastWest Institute and former Department of Homeland Security deputy undersecretary for cybersecurity during the Obama administration. Plaintiffs argue the disclosure in August 2016 by Logan Lamb, a Georgia-based computer security expert, that much of Georgia’s voting system was inadvertently left out in the open on the Internet without password protection from August 2016 to March 2017 should make the results moot. What’s more, Georgia’s use of what the plaintiffs say are insecure touch-screen voting computers, which they claim don’t comply with Georgia state requirements for security testing, means the election results couldn’t legally be certified, they say.

Editorials: Utah needs to think about security above all as it buys new voting machines | Robert Gehrke/The Salt Lake Tribune

State elections officials held an open house earlier this month to demonstrate five election systems vying to replace the voting machines that have been chugging away for the past 13 years. Just a few days earlier, a group of hackers in Las Vegas took part in a demonstration of their own, designed to show how easily they could exploit the machines used around the country and potentially compromise our elections process. The results were alarming. The first voting machine was hacked within 90 minutes. By the end of the afternoon, all five had been compromised. One was reprogrammed to play Rick Astley’s 1987 hit “Never Gonna Give You Up.” The whole thing had been Rick Rolled. … Barbara Simons, president of Verified Voting, has been sounding the alarm about voting machine security — or lack thereof — for years. But even she was skeptical before the DefCon hacker exercise that the hackers would be able to compromise the machines. She was wrong. And the Russian interest in hacking election equipment makes her doubly concerned.

National: For decade-old flaws in voting machines, no quick fix | The Parallax

Hackers rocked the voting machines this summer. On July 28, at the first DefCon “village” dedicated to exposing weaknesses in electronic voting machines—and the first coordinated, research-based assault on EVMs in the United States since 2007—it took visitors just 80 minutes to hack the first machine. The hackers proceeded to find and penetrate multiple security vulnerabilities in each of the village’s 20 machines, representing five voting machine models, calling into question how secure machine-assisted elections are. Rep. Will Hurd (R-Texas) and Rep. Jim Langevin (D-R.I.), two of Congress’ senior cybersecurity experts, visited the village and later told hackers that they were “surprised” by how easy it was to hack voting machines. Langevin promised during the first on-stage appearance of sitting Congressmen at DefCon that when they return to Washington, D.C., “this is going to be a primary topic of conversation.”

Illinois: Information about 1.8 million Chicago voters exposed on Amazon server | USA Today

Names, addresses, dates of birth and other information about Chicago’s 1.8 million registered voters was left exposed and publicly available online on an Amazon cloud-computing server for an unknown period of time, the Chicago Board of Election Commissions said. The database file was discovered on Friday by a security researcher at Upguard, a company that evaluates cyber risk. The company alerted election officials in Chicago on Saturday and the file was taken down three hours later. The exposure was first made public on Thursday. The database was not overseen by the Chicago Board of Election but instead Election Systems & Software, an Omaha, Neb.-based contractor that provides election equipment and software.

National: Russian Cyberattack Targeted Elections Vendor Tied To Voting Day Disruptions | NPR

When people in several North Carolina precincts showed up to vote last November, weird things started to happen with the electronic systems used to check them in. “Voters were going in and being told that they had already voted — and they hadn’t,” recalls Allison Riggs, an attorney with the Southern Coalition for Social Justice. The electronic systems — known as poll books — also indicated that some voters had to show identification, even though they did not. Investigators later discovered the company that provided those poll books had been the target of a Russian cyberattack. There is no evidence the two incidents are linked, but the episode has revealed serious gaps in U.S. efforts to secure elections. Nine months later, officials are still trying to sort out the details. … At first, the county decided to switch to paper poll books in just those precincts to be safe. But Bowens says the State Board of Elections & Ethics Enforcement got involved “and determined that it would be better to have uniformity across all of our 57 precincts and we went paper poll books across the county.”

Editorials: Our Hackable Democracy | Sue Halpern/The New York Review of Books

The recent news that thirty electronic voting machines of five different types had been hacked for sport at the Def Con hackers’ conference in Las Vegas, some in a matter of minutes, should not have been news at all. Since computerized voting was introduced more than two decades ago, it has been shown again and again to have significant vulnerabilities that put a central tenet of American democracy—free and fair elections—at risk. The Def Con hacks underscored this. So did the 2016 presidential election, in which the voter databases of at least twenty-one and possibly thirty-nine states, and one voting services vendor, came under attack from what were apparently Russian hackers. Last September, then-FBI Director James Comey vowed to get to the bottom of “just what mischief” Russia was up to, but, also sought to reassure lawmakers that our election system remained secure. “The vote system in the United States…is very, very hard for someone to hack into because it’s so clunky and dispersed,” Comey told the House Judiciary Committee. “It’s Mary and Fred putting a machine under the basketball hoop in the gym. These things are not connected to the Internet.” Comey was only partially correct. Clunky and dispersed, American elections are run by the states through three thousand individual counties, each one of which is responsible for purchasing and operating the voting machines set up by Mary and Fred. But Comey missed a central fact about many of those machines: they run on proprietary, secret, black-box software that is not immune to hacking, as Def Con demonstrated. 

National: Could voting fraud panel create an easy target for hackers? | Associated Press

Officials from both parties had a consistent answer last year when asked about the security of voting systems: U.S. elections are so decentralized that it would be impossible for hackers to manipulate ballot counts or voter rolls on a wide scale. But the voter fraud commission established by President Donald Trump could take away that one bit of security. The commission has requested information on voters from every state and recently won a federal court challenge to push ahead with the collection, keeping it in one place. By compiling a national list of registered voters, the federal government could provide one-stop shopping for hackers and hostile foreign governments seeking to wreak havoc with elections. “Coordinating a national voter registration system located in the White House is akin to handing a zip drive to Russia,” said Kentucky Secretary of State Alison Lundergan Grimes, a Democrat who has refused to send data to the commission.

National: Voting System Hacks Prompt Push for Paper-Based Voting | Information Week

Calls for paper-based voting to replace computer-based systems at the DEF CON hacker conference have intensified in the wake of a wave of voting machine hacks earlier this month. … “It’s undeniably true that systems that depend on software running in a touchscreen voting machine can’t be relied on,” Voting Village organizer Matt Blaze said in a Facebook Live feed hosted by US congressmen Will Hurd (R-Texas) and James Langevin (D-R.I.), in the aftermath of the DEF CON hacks. “We need to switch to systems that don’t depend on software,” said Blaze, a renowned security expert who is a computer science professor at the University of Pennsylvania. Blaze recommends OCR-based systems using paper ballots that provide an audit trail for counting and confirming votes. … “We know that computers can be hacked. What surprised me is that they did it so quickly” with the voting machines at DEF CON, says computer scientist Barbara Simons, president of Verified Voting. “One of the things that 2016 made quite clear is that we have very vulnerable voting systems and we don’t do a good job” of protecting them, Simons says. “So we exposed ourselves, and we haven’t taken the necessary steps to protect ourselves.”

National: States ramping up defenses against election hacks | The Hill

States across the nation are ramping up their digital defenses to prevent the hacking of election systems in 2018. The efforts come in the wake of Russia’s interference in the 2016 presidential election, which state officials say was a needed wake up call on cybersecurity threats to election systems and infrastructure. … Security experts are still divided over the extent of hacking risks to actual voting machines. Some say that because many different voting machines are used across the country and because they are not connected to the internet, that would make any large scale attack hard to carry out. … But others contend that digital voting machines are vulnerable and could be targeted to influence actual election outcomes. “Some election functions are actually quite centralized,” Alex Halderman, a University of Michigan computer science professor, told the Senate Intelligence Committee in June. “A small number of election technology vendors and support contractors service the systems used by many local governments. Attackers could target one or a few of these companies and spread malicious code to election equipment that serves millions of voters.”

National: To Fix Voting Machines, Hackers Tear Them Apart | WIRED

The toughest thing to convey to newcomers at the DefCon Voting Village in Las Vegas this weekend? Just how far they could go with hacking the voting machines set up on site. “Break things, just try to pace yourself,” said Matt Blaze, a security researcher from the University of Pennsylvania who co-organized the workshop. DefCon veterans were way ahead of him. From the moment the doors opened, they had cracked open plastic cases and tried to hot-wire devices that wouldn’t boot. Within two minutes, democracy-tech researcher Carsten Schürmann used a novel vulnerability to get remote access to a WINVote machine. The Voting Village organizers—including Harri Hursti, an election technology researcher from Finland, and Sandy Clark from the University of Pennsylvania—had set up about a dozen US digital voting machines for conference attendees to mess with. Some of the models were used in elections until recently and have since been decommissioned; some are still in use. Over three days, attendees probed, deconstructed and, yes, even broke the equipment in an effort to understand how it works and how it could be compromised by attackers. Their findings were impressive, but more importantly, they represented a first step toward familiarizing the security community with voting machines and creating momentum for developing necessary defenses.

Tennessee: Personal Info of 650,000 Voters Discovered on Electronic Poll Book Sold on Ebay | Gizmodo

When 650 thousand Tennesseans voted in the Memphis area, they probably didn’t expect their personal information would eventually be picked apart at a hacker conference at Caesars Palace Las Vegas. … When US government workers decommission old voting equipment and auction them off to the public, they’re supposed to wipe voter information from the device’s memory. But hackers given access to an ExpressPoll-5000 electronic poll book—the kind of device used to check in voters on Election Day—have discovered the personal records of 654,517 people who voted in Shelby Country, Tennessee. It’s unclear how much of the personal information wasn’t yet public. Some of the records, viewed by Gizmodo at the Voting Village, a collection of real, used voting machines that anyone could tinker with at the DEF CON hacker conference in Las Vegas, include not just name, address, and birthday, but also political party, whether they voted absentee, and whether they were asked to provide identification. 

National: DEFCON Hackers Found Many Holes in Voting Machines and Poll Systems | IEEE Spectrum

E-voting machines and voter registration systems used widely in the United States and other countries’ elections can readily be hacked—in some cases with less than two hours’ work. This conclusion emerged from a three-day-long hackathon at the Def Con security conference in Las Vegas last weekend. Some of those hacks could potentially leave no trace, undercutting the assurances of election officials and voting machine companies who claim that virtually unhackable election systems are in place. … “These people who hacked the e-poll book system, when they came in the door they didn’t even know such a machine exists. They had no prior knowledge, so they started completely from scratch,” says Harri Hursti, Hacking Village co-coordinator and data security expert behind the first hack of any e-voting system in 2005.

National: Hacking voting machines takes center stage at DEFCON | Tech Target

“Anyone who says they’re un-hackable is either a fool or a liar.” Jake Braun, CEO of Cambridge Global Advisors and one of the main organizers of the DEFCON Voting Village, said the U.S. election industry has an attitude similar to what had been seen with the air and space industry and financial sectors. Companies in those sectors, Braun said, would often say they were un-hackable their machines didn’t touch the internet and their databases were air-gapped —  until they were attacked by nation-states with unlimited resources and organized cybercrime syndicates and they realized they were “sitting ducks.” … Candice Hoke, law professor and co-director of the Center for Cybersecurity and Privacy Protection, said in a DEFCON talk the laws surrounding investigations of potential election hacking were troublesome. “In some states, you need evidence of election hacking in order to begin an investigation. This is an invitation to hackers,” Hoke said. “We all know in the security world that you can’t run a secure system if no one is looking.”

National: Hackers at DefCon conference exploit vulnerabilities in voting machines | USA Today

It took less than a day for attendees at the DefCon hacking conference to find and exploit vulnerabilities in five different voting machine types. “The first ones were discovered within an hour and 30 minutes. And none of these vulnerabilities has ever been found before, they’ll all new,” said Harri Hursti, co- coordinator of the event. One group even managed to rick-roll a touch screen voting machine, getting it to run Rick Astley’s song “Never Gonna Give You Up,” from 1987. … The groups weren’t able change votes, noted Hursti, a partner at Nordic Innovation Labs and an expert on election security issues. “That’s not what we’re trying to do here today. We want to look at the fundamental compromises that might be possible,” he said.

National: Hackers descend on Las Vegas to expose voting machine flaws | Politico

Election officials and voting machine manufacturers insist that the rites of American democracy are safe from hackers. But people like Carten Schurman need just a few minutes to raise doubts about that claim. Schurman, a professor of computer science at the University of Copenhagen in Denmark, used a laptop’s Wi-Fi connection Friday to gain access to the type of voting machine that Fairfax County, Virginia, used until just two years ago. Nearby, other would-be hackers took turns trying to poke into a simulated election computer network resembling the one used by Cook County, Illinois. …  Before the 2016 election, former FBI Director James Comey assuaged fears by telling Congress that the system was so “clunky” — comprised of a mishmash of different kinds of machines and networks, with each state’s results managed by a consortium of state and county officials — that its overall integrity was fairly safe. Election security advocates aren’t as confident. Barbara Simons, Board Chair of Verified Voting, a nonprofit that since 2003 has studied U.S. elections equipment, said that the vulnerabilities on display in Las Vegas only served to reiterate a need for the country to adopt a nationwide system of verifiable paper ballots and mandatory, statistically significant audits. While numerous states have starting moving in this direction, Simons worries it’s not enough.

National: These Hackers Reveal How Easy It Is To Hack US Voting Machines | Forbes

In a muggy little room in the far corner of Caesar’s Palace, wide-eyed and almost audibly buzzing is Carsten Schurmann. The German-born hacker has just broken into a U.S. voting machine with his Apple Mac in a matter of minutes. He can turn it on and off, he can read all the information stored within and if he felt like it, he could probably change some votes if the system was in use. “This is insane,” he says. But today, that machine is not in use, it’s being opened up for anyone to try what Schurmann did. A host of technically-minded folk have gathered at DEF CON’s Voting Machine Village, where they’re tinkering with more than 25 commonly used systems used across American elections. They might just save the next election from Russian hackers. Those machines are, co-organizer Matt Blaze says, horribly insecure. Blaze’s hope is the public will be made aware of their many, many flaws, and demand elections be protected from outside, illegal interference, following the much-documented attempts by Russia to install Donald Trump as president.

National: Hackers Scour Voting Machines for Election Bugs | VoA News

Hackers attending this weekend’s Def Con hacking convention in Las Vegas were invited to break into voting machines and voter databases in a bid to uncover vulnerabilities that could be exploited to sway election results. The 25-year-old conference’s first “hacker voting village” opened on Friday as part of an effort to raise awareness about the threat of election results being altered through hacking. Hackers crammed into a crowded conference room for the rare opportunity to examine and attempt to hack some 30 pieces of election equipment, much of it purchased over eBay, including some voting machines and digital voter registries that are currently in use.

National: Hackers breach each of dozens voting machines brought to conference | The Hill

One of the nation’s largest cybersecurity conferences is inviting attendees to get hands-on experience hacking a slew of voting machines, demonstrating to researchers how easy the process can be. “It took me only a few minutes to see how to hack it,” said security consultant Thomas Richards, glancing at a Premier Election Solutions machine currently in use in Georgia. The DEF CON cybersecurity conference is held annually in Las Vegas. This year, for the first time, the conference is hosting a “Voting Machine Village” where attendees can try to hack a number of systems and help catch vulnerabilities. The conference acquired 30 machines for hackers to toy with. Every voting machine in the village was hacked.

National: U.S. elections are an easier target for Russian hackers than once thought | Los Angeles Times

When Chris Grayson pointed his Web browser in the direction of Georgia’s elections system earlier this year, what he found there shocked him. The Santa Monica cybersecurity researcher effortlessly downloaded the confidential voter file of every registered Georgian. He hit upon unprotected folders with passwords, apparently for accessing voting machines. He found the off-the-shelf software patches used to keep the system secure, several of which Grayson said could be easily infected by a savvy 15-year-old hacker. “It was like, holy smokes, this is all on the Internet with no authentication?” Grayson said in an interview. “There were so many things wrong with this.” … Among the most alarmed have been pedigreed computer security scholars, who warn that a well-timed hack of a vendor that serves multiple states could be enough to cause chaos even in systems that were thought to be walled off from one another. And they say security lapses like those in Georgia reveal the ease with which hackers can slip in.

Editorials: Is Harris County’s vote safe from the Russians? | Dan Wallach/Houston Chronicle

Last September, in the run-up to the election, we learned that Russians had attempted to attack 33 states’ voter registration databases, later revised upward to 39 states. I was asked to testify about this in Congress, and my main concern was that the Russians might attempt to simply delete voters altogether, creating electoral chaos. All the pieces were in place, but the election came and went without wide-scale problems. What happened? We know that the Obama and Putin had a “blunt” meeting at the G20 that same September, so it’s possible that Obama was able to rattle Putin enough to make him pull back. Maybe Putin decided that leaking stolen emails was good enough. We may never know the full story, but what is clear is that we need to adequately defend ourselves against future nation-state attacks on our elections, whether from Russia or elsewhere. As James Comey warned the Senate Intelligence Committee recently, “They will be back.”

Estonia: Internet Voting System to Get New Hacking Defenses | Bloomberg

Estonia, the only country in the world where voters elect their leaders through online balloting, is taking steps to fend off potential hacking attacks as cyber-security fears intensify. A software overhaul for the system, introduced in 2005, is ready for testing before local elections in October, according to Tarvi Martens, the National Electoral Committee’s head of e-voting. The upgrade includes anti-tampering features known as end-to-end verifiability that addresses security concerns from groups such as the Organization for Security and Cooperation in Europe, he said. “End-to-end verifiability is the ‘Holy Grail’ for electronic voting,” Martens said this month in a phone interview. “When we talk about international criticism, the new software now addresses it.”

Verified Voting in the News: Exit Interview: Verified Voting’s Pam Smith | electionlineWeekly

This interview with Pam Smith was posted electionlineWeekly. on July 6, 2017.

In recent weeks we’ve said good-bye to some leaders in the elections field and this week completes our unfortunate trifecta of departing “election geeks”. Pam Smith has stepped down as the president of Verified Voting. Smith joined Verified Voting in 2004, and served as its president for 10 years. She was an outspoken advocate for the nonpartisan, nonprofit organization that focuses on accuracy, transparency and verifiability of elections. If you had a question about election technology or audits, Smith was the go-to source. Good luck Pam. We will miss your willingness to go on the record and talk about voting technology.

You are leaving the field at an interesting time, to say the least, why now?

Why, is something going on? Just kidding. Actually, I hope I’m not leaving altogether. I started out as an advocate before I came to Verified Voting, and I’ll likely stay one. And as anyone knows who works in elections, once it’s in you, you can’t ever really let it go!

But your point is a good one. Enormous progress has been made in moving toward getting the tools in place that enable officials around the country to demonstrate the correctness of election outcomes.

The work isn’t done yet. But what’s different today from when I started is that on major networks, in op-ed columns, in legislatures and around the coffee table, there’s awareness that we need to take steps to ensure our election systems are reliable. People are saying it out loud. It feels like the effort has a full head of steam now, and that was always one of my goals.

Georgia: Voters, Colorado nonprofit sue to overturn special election results in Georgia’s 6th Congressional District | Colorado Politics

A group of Georgia voters and a Colorado-based watchdog organization filed a lawsuit late Monday asking a judge to overturn the results of last month’s 6th Congressional District special election and scrap the state’s voting system, Colorado Politics has learned. The complaint, filed in Fulton County Superior Court, alleges that state and local election officials ignored warnings for months that Georgia’s centralized election system — already known for potential security flaws and lacking a paper trail to verify results — had been compromised and left unprotected from intruders since at least last summer, casting doubt on Republican Karen Handel’s 3.8-point win over Democrat Jon Ossoff in the most expensive House race in the nation’s history. … The plaintiffs — including Colorado nonprofit Coalition for Good Governance and Georgia voters from both major political parties and a conservative third party — charge that recent revelations about a security hole on a computer server used to run Georgia elections only amplified longstanding concerns about the state’s antiquated voting equipment and its susceptibility to hackers. “We aren’t questioning one candidate over another,” lead plaintiff Donna Curling told Colorado Politics. “We’re saying it’s impossible to know.”

Georgia: Many Troubling, Unanswered Questions about Voting Machinery in Georgia House Runoff | Alternet

The results from Georgia’s sixth district congressional race are odd. Jon Ossoff, the Democratic newcomer who ran against Republican former Secretary of State Karen Handel, won the absentee vote 64% to 36%. That vote was conducted on paper ballots that were mailed in and scanned on optical scanners. Ossoff also won the early voting 51% to 49%. Those results closely mirror recent polls that had him ahead by 1-3 points. In the highest of those polls, he was ahead by 7% with 5% undecided and a 4% margin of error. On Election Day, Handel pulled out a whopping 16 percent lead, for a crushing 58% to 42% division of the day’s votes. That means that all 5% of the undecided voters broke for Handel, the poll was off by its farthest estimate and another 3.5% of Ossoff’s voters switched sides into her camp. All this despite Ossoff’s intensive door-to-door ground offensive that Garland Favorito, who lives in the heart of the sixth district called the “most massive operation” he’s ever seen. Favorito is the founder of VoterGA, a nonpartisan election reform group. He said Handel had signs up, but her canvassing operation didn’t approach Ossoff’s.

National: Were Voting Machines Actually Breached? DHS Would Rather Not Know | TPM

Pressure to examine voting machines used in the 2016 election grows daily as evidence builds that Russian hacking attacks were broader and deeper than previously known. And the Department of Homeland Security has a simple response: No. DHS officials from former secretary Jeh Johnson to acting Director of Cyber Division Samuel Liles may be adamant that machines were not affected, but the agency has not in fact opened up a single voting machine since November to check. Asked about the decision, a DHS official told TPM: “In a September 2016 Intelligence Assessment, DHS and our partners determined that there was no indication that adversaries were planning cyber activity that would change the outcome of the coming US election.” … Computer scientists have been critical of that decision. “They have performed computer forensics on no election equipment whatsoever,” said J. Alex Halderman, who testified before the Senate Intelligence Committee last week about the vulnerability of election systems. “That would be one of the most direct ways of establishing in the equipment whether it’s been penetrated by attackers. We have not taken every step we could.”

National: Homeland Security Never Checked Whether Hacking Changed Votes | Care2

This week, leaders from the Department of Homeland Security (DHS) testified to Congress that the Russian government hacked into electronic systems connected with the 2016 election in at least 21 states. Though they acknowledged that some systems had been breached and even altered, they also said that hackers were unable to change the vote counts. While it is certainly reassuring to know that vote counts weren’t tampered with (it’s a message they’ve stressed in light of previous leaks, too,) there’s one problem with the DHS’s proclamation: the agency hasn’t actually conducted any audits to confirm this belief. … With all due respect to the DHS, the government didn’t expect their systems to be as vulnerable to hacking as it has already proven to be. If hackers were able to get into voter systems, how can we be so confident that that’s as far as they got without – you know – actually checking?

National: Russia’s still targeting U.S. elections, King warns, and experts say we’re not prepared | Portland Press Herald

For weeks, U.S. Sen. Angus King has been telling anyone who’ll listen that the biggest, most worrisome thing about Russian interference in the 2016 election isn’t getting enough attention and has nothing to do with President Trump. King has warned in congressional hearings, television appearances and interviews with reporters that Moscow tried and is still trying to compromise American voting systems – and that if nothing’s done it might very well change the results of an election. … While intelligence officials say there is no evidence that vote counts were changed last November, a leading expert on security threats to voting machines said this possibility cannot be excluded without a forensic audit of the results. Even voting and vote counting machines that are not connected to the internet can be and could have been compromised when they received software programming them to display or recognize this year’s ballots, said J. Alex Halderman, director of the University of Michigan Center for Computer Security and Society.

National: State and local election systems easy prey for Russians hackers | McClatchy

Local officials consistently play down suspicions about the long lines at polling places on Election Day 2016 that led some discouraged voters in heavily Democratic Durham County, N.C., to leave without casting a ballot. Minor glitches in the way new electronic poll books were put to use had simply gummed things up, according to local elections officials there. Elections Board Chairman William Brian Jr. assured Durham residents that “an extensive investigation” showed there was nothing to worry about with the county’s new registration software. He was wrong. What Brian and other election officials across eight states didn’t know until the leak of a classified intelligence is that Russian operatives hacked into the Florida headquarters of VR Systems, Inc., the vendor that sold them digital products to manage voter registrations. … David Jefferson, a computer scientist at the Lawrence Livermore National Laboratory in California who has acted in his personal capacity in trying to safeguard election integrity, said he believes it is “absolutely possible” that the Russians affected last year’s election. “And we have done almost nothing to seriously examine that,” he said. “The Russians really were engaged in a pattern of attacks against the machinery of the election, and not merely a pattern of propaganda or information warfare and selective leaking,” said Alex Halderman, a University of Michigan computer science professor. “The question is, how far did they get in that pattern of attacks, and were they successful?”

National: We just learned the government knows Russia will sabotage the next election. Now what? | The Washington Post

The Senate Intelligence Committee held a hearing this morning on Russian efforts to interfere in the 2016 election, and on what the government knows about Russian intentions to meddle in future contests. The Committee heard from three federal officials, two from the Department of Homeland Security, and one from the FBI. Together, those officials made clear that not only did Russians peddle in propaganda and fake news in an effort boost the fortunes of Donald Trump over Hillary Clinton in 2016; they also penetrated election systems via cyber warfare. But they also hinted at another important truth, which a forward looking one. Here it is: The very core of our democracy is at extraordinary risk if we are not prepared to prevent Russian interference in our next election, which is less than 18 months away.