Microsoft disclosed Thursday that it identified and helped thwart hacking attempts on three congressional candidates earlier this year, marking the first publicly known hacking efforts targeting candidates in the 2018 midterm elections. “Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” Tom Burt, Microsoft’s vice president for security and trust, said at the Aspen Security Forum. “And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections,” he added. Burt said that Microsoft and the government were able to take the domain down and block the phishing messages.
The Voting News
The Justice Department on Thursday issued a wide-ranging report describing the cyber threats facing the United States and the department’s tactics for investigating, disrupting and deterring those risks. Most significantly, the report contains the first public description of how the DOJ will assess and respond to foreign influence operations like Russia’s 2016 election meddling. “That policy reflects an effort to articulate neutral principles so that when the issue that the government confronted in 2016 arises again — as it surely will — there will be a framework to address it,” Deputy Attorney General Rod Rosenstein said in unveiling the report at the Aspen Security Forum.
National: How is it even possible that most state election offices are still security nightmares? | BGR
Well, this is reassuring. The midterms are almost upon us, the country is still reeling from the revelations associated with hackers meddling in the 2016 presidential election. And, somehow, most states still have glaring security holes in their election offices that will probably stay that way through the midterms. That’s according to a new report from Politico, which found via a survey of all 50 states that few are planning to shore up their systems before November. Even after getting their share of $380 million in funding Congress appropriated for election security in March. “Only 13 states said they intend to use the federal dollars to buy new voting machines,” Politico reports. “At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability.
Whatever President Trump says or un-says, it’s clear that election authorities in the U.S. and around the world have faced and will continue to face an onslaught of hacking attacks. While it’s unclear if hackers have been able to actually manipulate vote tallies, anyone from a Russian agent to a “400-pound” hacker sitting on his bed can easily seed mayhem and doubt by knocking voter registration sites offline or posting forged announcements of election results. Now San Francisco-based cloud security provider Cloudflare is offering a free service, called the Athenian Project, to any U.S. election authority for the 2018 polls. About 70 agencies, including 10 state election authorities as well as county- and city- level bodies have signed up, the company announced today. (If other companies are also providing pro-bono election security services, please let me know!) Cloudflare CEO Matthew Prince acknowledges that these are just a “drop in the bucket” out of the over 8,500 election authorities in the US, and he said that any other ones are welcome to join.
National: “Don’t count Russia out,” experts warn on election hacking amid relative calm | Fast Company
As the 2018 midterm election season heats up across the country, U.S. government officials say they’ve yet to see digital attacks by Russia on the scale of the 2016 presidential election–but cybersecurity experts warn that it’s too early to tell, noting that it’s still early in the election cycle. “Right now, there are no indications that Russia is targeting the 2018 U.S. midterms at a scale or scope to match their activities in 2016,” Homeland Security Secretary Kirstjen Nielsen told the National Association of Secretaries of State on Saturday.
National: New voting machines are important, but here are three other ways states are investing in election security | StateScoop
In the past eight days, federal officials — including Dan Coats, the director of national intelligence; Kirstjen Nielsen, the homeland security secretary; and Christopher Krebs, the homeland security undersecretary for cybersecurity — have warned that the Russian hackers who attempted to meddle in the 2016 election are on the prowl again. Depending on who you ask, state election officials are either implementing sweeping new security measures or making minimal progress in safeguarding voters ahead of this November’s general election. Every state has claimed its piece of the $380 million the federal Election Assistance Commission offered for new security measures, and several states’ top election officials have told Congress they’re using the money to harden the firewalls around their voter registration files and to replace antiquated ballot equipment with new machines that offer paper records.
In a party-line vote, House Republicans on Thursday blocked a Democratic effort to boost election security funding. The vote was on a procedural motion by Democrats intended to add $380 million for state election security grants in 2019 to a larger spending package. That spending legislation, which includes nearly $59 billion for the Interior Department, Environmental Protection Agency and Treasury Department, was approved, 217-199. Democratic lawmakers chanted “USA! USA!” on the House floor as they sought to support the bill, but Republicans insisted that those grants do not need additional funding given that as states have not yet used up all the money previously allocated to the program. “Over the past decade you’ve seen billions of dollars funded, by Republicans and Democrats, in our bipartisan appropriations each year to do exactly that, secure elections here at home,” House Ways and Means Committee Chairman Kevin Brady (R-TX) said, according to The Washington Post.
This fall, millions of Americans may head to the polls only to find their names aren’t on voter registration lists anymore. These voters may have to cast provisional ballots. Or worse, they could be turned away from the polls altogether. The cause? Voter purges — an often-flawed method of cleaning up voter registration lists by deleting names from voter rolls. Purges, of course, aren’t necessarily a bad thing. State and local election officials have a real need to ensure voting lists are accurate and up-to-date. During the course of a lifetime, people move. Sometimes people change their names. And inevitably, people die. Voter rolls should reflect those changes. But purges are a growing threat that we’ve found may imperil the right to vote for millions of Americans in the midterm elections in November.
California will be staying in one piece, at least for now, after the state’s supreme court ruled that a proposal to divide California into three cannot be placed on the ballot in November. Tim Draper, a wealthy venture capitalist, has spent years arguing that the Golden State would be better off as several smaller states. He says California is too large to be governed effectively and that splitting up would result in “better decision making and real solutions closer to home.” This year, he got enough signatures to put it before voters — although experts said that even if the proposal passed, it would face a range of daunting legal and political hurdles. Then the Planning and Conservation League (PCL), a nonprofit environmental group in California, filed a lawsuit to block the measure from getting to a vote.
The fate of about 1.4 million people will be at stake in November as Florida voters decide whether most convicted felons should have the right to vote. With the election less than four months away, supporters are organizing a statewide campaign to win voter approval of Amendment 4, which got on the ballot after an effective grass-roots organizing effort that lasted for several years. But passage is far from assured in a deep purple and closely-divided state where midterm or non-presidential elections typically draw low turnouts, where President Donald J. Trump remains popular, and where some voters may simply be turned off by a fatigue-inducing list of 13 ballot questions.