The Voting News

California: Documents Reveal Successful Cyberattack in California Congressional Race | Rolling Stone

FBI agents in California and Washington, D.C., have investigated a series of cyberattacks over the past year that targeted a Democratic opponent of Rep. Dana Rohrabacher (R-CA). Rohrabacher is a 15-term incumbent who is widely seen as the most pro-Russia and pro-Putin member of Congress and is a staunch supporter of President Trump. The hacking attempts and the FBI’s involvement are described in dozens of emails and forensic records obtained by Rolling Stone. The target of these attacks, Dr. Hans Keirstead, a stem-cell scientist and the CEO of a biomedical research company, finished third in California’s nonpartisan “top-two” primary on June 5th, falling 125 votes short of advancing to the general election in one of the narrowest margins of any congressional primary this year. He has since endorsed Harley Rouda, the Democrat who finished in second place and will face Rohrabacher in the November election. Read More

National: Hackers are out to jeopardize your vote | MIT Technology Review

Russian hackers targeted US electoral systems during the 2016 presidential election. Much has been done since then to bolster those systems, but J. Alex Halderman, director of the University of Michigan’s Center for Computer Security and Society, says they are still worryingly vulnerable (see “Four big targets in the cyber battle over the US ballot box”). MIT Technology Review’s Martin Giles discussed election security with Halderman, who has testified about it before Congress and evaluated voting systems in the US, Estonia, India, and elsewhere.

Lots of things, from gerrymandering to voter ID disputes, could undermine the integrity of the US electoral process. How big an issue is hacking in comparison?

Things like gerrymandering are a question of political squabbling within the rules of the game for American democracy. When it comes to election hacking, we’re talking about attacks on the United States by hostile foreign governments. That’s not playing by the rules of American politics; that’s an attempt to subvert the foundations of our democracy. Read More

National: DHS works to strengthen election security on heels of bipartisan legislation | BiometricUpdate

What one congressional observer called, “a day late and a dollar short,” the bipartisan Prevent Election Hacking Act of 2018 (HR 6188) was recently introduced and referred to the House Committee on House Administration. If passed, it would “direct the Secretary of [the Department of] Homeland Security [DHS] to establish a program to improve election system cybersecurity by facilitating and encouraging assessments by independent technical experts to identify and report election cybersecurity vulnerabilities, and for other purposes.” An industry cybersecurity official said on background to Biometric Update that, “HR 6188’s potentially ground breaking — sorry, overstated deliberately — concept of outsourcing cybersecurity execution to the private sector is something worth looking into.” Read More

National: Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms | Dark Reading

Two 11-year-old budding hackers last week at DEF CON in Las Vegas used SQL injection attack code to break into a replica of the Florida Secretary of State’s website within 15 minutes, altering vote count reports on the site. Meanwhile, further down the hall in the adult Voting Machine Hacking Village at Caesars Palace, one unidentified hacker spent four hours trying to break into a replica database that housed the real, publicly available state of Ohio voter registration roll. He got as far as the secured server — penetrating two layers of firewalls with a Khali Linux pen testing tool — but in the end was unable to grab the data from the database, which included names and birthdates of registered voters. “He got to the secure file server but didn’t know how to write the query to pull the data out,” says Alon Nachmany, solution engineer with Cyberbit, which ran the voter registration database simulation. That he got as close to the data as he did was no small feat, however. “He got very far, but he didn’t have the skill needed to pull the file itself,” Nachmany says. Read More

California: Legislature approves new Office of Elections Cybersecurity to repel attacks and combat disinformation | StateScoop

California is poised to officially create an Office of Elections Cybersecurity, a new bureau dedicated to combating cyberattacks directed at the state’s voting systems and correcting disinformation directed at voters. The new agency, which will be housed under the secretary of state’s office, was approved this week by both houses of the state legislature. The Office of Elections Cybersecurity will be responsible for disseminating information on cyberthreats against voting systems to county- and city-level elections officials. It is also designed to be a point of contact for federal officials to coordinate responses and to oversee cybersecurity training for local boards of elections, which are often less equipped than larger government agencies to fend off threats from foreign intelligence agencies. Federal officials have said that Russian hackers attempted to penetrate voter registration systems in at least 21 states — including California — during the 2016 presidential race, and have said this year that Kremlin-backed actors continue to target U.S. election infrastructure. Read More

California: Voting Machines Aren’t the Only Vectors for Attack, California Election Officials Say | Government Technology

California election officials are guarding their voting machines and registration lists against Russian hackers — although no one has spotted any. “I operate under the assumption that hacking is actually happening and California is a target,” Secretary of State Alex Padilla says. “This year, there’s a big focus on several congressional races that could determine the House majority. The stakes in California have national implications.” But would the Russians actually try to change election outcomes? “I have no doubt that if they could, they would,” says Padilla, a Democrat who’s heavily favored to win reelection in November. Hacking into California’s voting system and altering votes, however, is considered by most experts to be practically impossible. That’s because voting machines aren’t hooked up to the internet. State law forbids it. A hacker might attack one machine but couldn’t reach into the entire vote-collecting system. Read More

Delaware: Voting machine bid data is released to public | Delaware First Media

Common Cause Delaware has posted a link to bid data the First State received to replace its current voting machines. Six vendors, Electec Election Services, Dominion Knowlink, Election Systems & Software, Everyone Counts, Hart InterCivic and Tenex Software Solutions submitted bids. Jennifer Hill of Common Cause says some of these companies have had problems in other states. She said a city in Kansas using an ES&S system faced issues during a primary last week. “There were election night reporting delays that they could not explain,” she said. “So, you know those are the things that we hope will be looked at before our you know our state invests $8 or $10 or $13 million in a voting system.” Read More

Georgia: Voter records exposure raises election security concerns | SC Magazine

Despite Georgia Secretary of State Brian Kemp’s contentions that reports questioning the security of the state’s election systems are fake news, a breach discovered in 2016 exposed the records of more than six million George voters, according to a lawsuit. “The data was open to anyone in the world who had an internet connection,” said Marilyn Marks, executive director of the Coalition for Good Governance, one of the plaintiffs in the suit cited by CNN. “Even when confronted with a security disaster, she noted, Kemp, who’s currently running at a GOP gubernatorial candidate, blamed “managers under his supervision for their incompetence and [left] the security disaster without so much as a forensic review of the impacts of the security failures.” Read More

Georgia: Concerns over Georgia’s election security grow | WGCL

Concerns over Georgia’s election security are growing as November’s election draws closer. To advocate for you, we asked for a sit-down with the man running Fulton County’s elections. CBS46 obtained new details about the extent of suspected Russian probing of some of Fulton County’s website, and what going to paper ballots might really entail. Robert Mueller’s indictment of a dozen Russians fueled the fire. “I think the Russians were mostly focused on public opinion through social media,” said Richard Barron, the Fulton County director of registration and elections. Still, court documents reveal several Russian operatives checked out websites for Georgia and, specifically, Fulton and Cobb counties. Since we’re advocating for transparency, we wanted to find out what that really means. Read More

Iowa: Secretary of State Pate says hackers cannot alter votes on paper ballots | Radio Iowa

Secretary of State Paul Pate — the commisioner of Iowa elections — said Tuesday there is no way for hackers to alter votes in Iowa because every one of the state’s voters cast a paper ballot. “In Iowa, we don’t vote on the internet…so you can’t be voting from Moscow, Russia. You can’t. The only ones that I would let vote from Moscow are the folks from Moscow, Iowa,” Pate said. “That’s it.” Pate spoke yesterday on The Des Moines Register’s Soapbox at the Iowa State Fair. Pate warned the crowd “bad actors” on social media platforms like Twitter and Facebook may try to sow doubt about election results. Read More