The Voting News

West Virginia: Hacking attempt reported against West Virginia’s mobile voting app | Benjamin Freed/StateScoop

The FBI is investigating an alleged hacking attempt against the mobile app that West Virginia officials used to collect ballots from some overseas voters during the 2018 election cycle, the Justice Department announced Tuesday. Mike Stuart, the U.S. attorney for West Virginia, said that during last year’s election cycle, his office received a report from West Virginia Secretary of State Mac Warner pertaining to an “attempted intrusion by an outside party” to access the app, Voatz, which Warner’s office has heralded as the future of voting for expat U.S. citizens, especially deployed members of the military. The attempt, Stuart continued, appeared to be unsuccessful, with no actual intrusion or effect on the 144 ballots that were cast in last year’s general election. “No penetration occurred and the security protocols to protect our election process worked as designed,” Warner said at a press conference Tuesday in Charleston, the state capital. Still, Warner said, the attempted intrusion was referred to the FBI for investigation as a “deterrent” against attempts by outside actors to interfere with the state’s election process.

Full Article: Hacking attempt reported against West Virginia's mobile voting app.

National: Former officials flag disinformation as top threat to U.S. elections | Derek B. Johnson/FCW

Two top former national security officials believe that disinformation campaigns may pose a greater long-term threat to election infrastructure than cybersecurity risks. “Securing the voting apparatus … that’s hugely important, but that to me at least is one bin of the problem,” said former Director of National Intelligence James Clapper while speaking at an Oct. 2 Washington Post event. “The other bin is what I would call, for lack of a better term, intellectual security, meaning how do you get people to question what they read, see and hear on the internet? And this where the Russians exploited our divisiveness by using social media, so that part of the problem I’m not sure about.” Clapper said that when it comes to protecting voting machines and other election infrastructure, agencies like the FBI, Department of Homeland Security, National Security Agency and others have “done a lot” since 2016.

Full Article: Former officials flag disinformation as top threat to U.S. elections -- FCW.

National: US Officials Not Taking Putin Election Comments Lightly | Jeff Seldin/VoA News

U.S. security officials are not laughing at the latest comments by Russian President Vladimir Putin about the Kremlin’s attempts to interfere in U.S. elections. Putin, speaking at an economic forum in Moscow Wednesday, dismissed U.S. allegations that Russia meddled in both the 2016 U.S. presidential election and the 2018 mid-term election as “ridiculous.” “Or it would be ridiculous if it was not that sorrowful, because all we see now in the U.S. domestic politics ruins Russia-U.S. relations, and I am sure it harms the United States itself, too,” Putin said. “I’m telling you as a secret – yes, we will definitely do it (meddle in next year’s U.S. presidential election) in order to deliver you the best of fun,” Putin joked with the audience. “Just don’t tell anyone.” Despite Putin’s comments, U.S. security and intelligence officials have said, consistently, that they have seen indications Russia will try to interfere with the upcoming 2020 presidential elections.

Full Article: US Officials Not Taking Putin Election Comments Lightly | Voice of America - English.

National: US diplomats told Zelenskiy that Trump visit was dependent on Biden statement | Julian Borger and Lauren Gambino/The Guardian

US diplomats told Ukraine’s president, Volodymyr Zelenskiy, that a prestigious White House visit to meet Donald Trump was dependent on him making a public statement vowing to investigate Hunter Biden’s company, and a Ukrainian role in the 2016 elections, according to texts released on Thursday night. The texts, released by three congressional committees holding impeachment hearings, show that the diplomats made clear that any improvement in Kyiv’s relations with Washington would be dependent on Zelenskiy’s cooperation in Trump’s quest to find damaging material about son of his leading political opponent, and on the Democrats in general. In August, Zelenskiy’s government became aware, through a US press report, that military aid for its struggle with Russia, had been withheld by Trump, in an apparent effort to increase the pressure on the Ukrainian government. The texts are exchanges from July to early September between three US diplomats – Gordon Sondland, the ambassador to the European Union, Kurt Volker, the then special envoy on Ukraine, and Bill Taylor, the acting ambassador to Kyiv. Trump’s personal lawyer, Rudy Giuliani and a Zelenskiy aide, Andrey Yermak, also make brief appearances in the correspondence.

Full Article: US diplomats told Zelenskiy that Trump visit was dependent on Biden statement | US news | The Guardian.

Editorials: Democrats Must Act Now to Deter Foreign Interference in the 2020 Election | Thomas Wright/The Atlantic

Democrats face a national-security problem without parallel in the annals of American democracy. The president of the United States, Donald Trump, has made clear not only that he will remain passive in the face of foreign interference in the 2020 U.S. election—a threat his current and former directors of national intelligence have called the most serious facing the country—but also that he will actually solicit such interference if it serves his interests. We know of at least one case—when he asked President Volodymyr Zelensky of Ukraine to launch an investigation into former Vice President Joe Biden as a personal favor—but there may well be others. Parts of the U.S. government, such as the Department of Homeland Security and the FBI, as well as state authorities, are working to prevent foreign interference in American elections, but even with a Herculean effort, the country’s defenses against political warfare, especially in the cyber domain, are weak and porous. Such attacks are easy to execute, but difficult and expensive to thwart. The threat is evolving and will be different than it was in 2016. There are many targets.

Full Article: Democrats Can Stop Political Interference in 2020 - The Atlantic.

Editorials: Voting machines pose a greater threat to our elections than foreign agents | Lulu Friesdat/The Hill

As the election security conversation widens beyond Russia, to include countries like Iran and China, it’s important to examine how security flaws in our country’s voting equipment increase the vulnerability of our elections. In 2010 a university cyber team conducted a test attack on an internet voting pilot project in Washington, D.C. The team successfully picked the winner of the election remotely from its Michigan lab. Writing about the attack, computer science professor J. Alex Halderman said, “Within 36 hours of the system going live, our team had … the ability to change votes.” In follow-up testimony, Halderman offered some chilling details: “While we were in control of these systems, we observed other attack attempts originating from computers in Iran and China. These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have soon succeeded.” Security experts have long warned that short passwords provide easy targets, but hackers at DEF CON, an annual security convention, recently found U.S. election systems with no passwords at all.  How did the security bar get set so low?

Full Article: Voting machines pose a greater threat to our elections than foreign agents | TheHill.

Colorado: Secretary of State’s QR code election security measure adopted | Teresa L. Benns/Del Norte Prospector

According to a Sept. 16 news release on the Colorado Secretary of State’s (SoS) website, Secretary of State Jena Griswold announced that Colorado will stop using ballots with QR codes, a marking used to track packages and other materials pictured above. The removal of QR codes from ballots will increase the security of vote tabulation and ensure voters can accurately verify that their ballots are correctly marked. With foreign countries actively trying to exploit voting vulnerabilities, this is a first-in-the nation added security measure. Marilyn Marks, who advocates for voting integrity nationwide, came to Saguache County in 2011 to investigate the irregular county election held in 2010. During that time, she also monitored an election held in Chaffee County where the QR code question was first raised. “Chaffee ballots are identifiable by both the voter and the government,” Marks said in an Aug. 9, 2012 Center Post-Dispatch article. (QR) codes on the ballot can be traced back to the voter in what Marks says is a very sophisticated process that could not have been detected by most voters or watchers.

Full Article: Del Norte Prospector | SoS QR code election security measure adopted.

Georgia: Previously redacted Georgia election security document made public | Mark Niesse/The Atlanta Journal-Constitution

The Georgia secretary of state’s office acknowledged Thursday that a vendor had improperly redacted a purchasing document detailing security features of the state’s new $107 million voting system. The unredacted 143-page document was posted on the secretary of state’s website Thursday. The document, which explains “high level security” of the state’s new voting check-in iPads, doesn’t compromise the integrity of the system, according to the secretary of state’s office. The document was made public “in the spirit of good governance and transparency” after the secretary of state’s office was alerted about the redactions, said Deputy Secretary of State Jordan Fuchs. “Our new voting system, including new Poll Pads, are our most secure system to date,” Fuchs said. The iPads will be provided by a company called KnowInk, which is working with Dominion Voting Systems to install the new voting technology statewide before the March 24 presidential primary.

Full Article: Previously redacted Georgia election security document made public.

North Carolina: Toss-up State to Use Vulnerable Tech in 2020 | Jack Lowenstein/WhoWhatWhy

The 2020 election is expected to once again be razor-close and, in light of Russian attempts to hack the vote in 2016, making it secure is of paramount importance. That is why North Carolina’s recent decision to open the door for unverifiable barcode election technology is raising eyebrows in the election integrity community. At the end of a 30-month process, the North Carolina State Board of Elections recently approved three new voting systems to replace decades-old technology in the state. However, state election officials also did something else: With their selection, they approved the use of barcode voting technology. Election integrity advocates, cybersecurity experts, and even two members of the five-member state board have strongly objected to the use of this technology. With the 2020 presidential election on the horizon — and North Carolina expected to be in play — the decision of state officials to choose voting systems that do not leave behind a verifiable paper trail creates major concerns for election transparency advocates.

Full Article: Toss-up State to Use Vulnerable Tech in 2020 - WhoWhatWhy.

Ohio: House Lawmakers Approve Civilian Cyber Reserve | Jim Provance/Toledo Blade

The Ohio House on Wednesday voted unanimously to create a civilian cyberforce within the Ohio National Guard to respond to cyberattacks against elections systems, governments, businesses, and critical infrastructure. Senate Bill 52, sponsored by Sen. Theresa Gavarone (R., Bowling Green), now returns to the Senate for consideration of House changes. The bill passed the upper chamber unanimously earlier this year. A city’s mayor could ask the governor to call out the Ohio Cyber Reserve if the city finds itself in over its head in fending off or mitigating a ransomware attack or other cyberintrusion, much as governments can now ask for help after natural disasters. “By their nature, elections are vulnerable to threats both foreign and domestic,” Rep. Doug Green (R., Mt. Orab) said. “Creating the Ohio Cyber Reserve allows for preparedness in mitigating those cyberattacks and ensures Ohio’s voters that their elections are secure and accessible.”

Full Article: Ohio House Lawmakers Approve Civilian Cyber Reserve.

Pennsylvania: Green Party’s Jill Stein threatens legal challenge to Philadelphia’s new, $29M voting machines | Jonathan Lai/Philadelphia Inquirer

Jill Stein, the 2016 Green Party presidential candidate, threatened Wednesday to take legal action to block Philadelphia from using its new voting machines if the Pennsylvania Department of State continues to allow their use. The machines, which cost the city $29 million, are slated to be used in next month’s election. But Stein said they violate the terms of a settlement she reached with the state late last year stemming from her 2016 recount battle. “We will seek relief in the court if this unverified, unauditable, hackable, expensive machine is not promptly decertified,” Stein, flanked by about two dozen supporters, said outside the federal courthouse in Center City. That agreement settled Stein’s effort in 2016 to seek a recount and forensic audit of voting machines in Pennsylvania and elsewhere after Donald Trump’s victory that year. (Stein, an activist and physician from Massachusetts, received 0.82% of the vote in Pennsylvania.) Under the settlement, the plaintiffs must first notify the Pennsylvania Department of State in writing of potential violations of the agreement; the department then has 30 days to respond before Stein and other plaintiffs can take the matter to court.

Full Article: Green Party’s Jill Stein threatens legal challenge to Philly’s new, $29M voting machines.

West Virginia: Attempted hack of military app investigated | Steve Allen Adams/The Intermountain

Federal and state officials announced this week an FBI investigation into an attempted hack on the new app for overseas deployed military voters and their families and warned others not to make the attempt. Mike Stuart, U.S. attorney for the Southern District of West Virginia, and Secretary of State Mac Warner held a press conference at the Robert C. Byrd Courthouse in downtown Charleston. According to Warner, there was an attempt to hack the Secure Military Voting Application during the 2018 elections. The mobile app allows deployed military and their families to download an app and vote for candidates after they apply to use the app and are approved. “In last year’s election, we detected activity that may have been an attempt to penetrate West Virginia’s mobile voting process,” Warner said. “No penetration occurred and the security protocols to protect our election process worked as designed.” During the mobile voting process, the virtual ballot is encrypted and secured utilizing blockchain technology, then sent to the voter’s county clerk in West Virginia where their ballot is printed and tabulated. West Virginia was the first state to use mobile voting, first in a pilot project during the 2018 primary election, then a full rollout for any county that wanted to participate in the 2018 general election.

Full Article: Attempted hack of military app investigated | News, Sports, Jobs - The Intermountain.

West Virginia: FBI called in to investigate 2018 Mountain State mobile voting system hacking | Shaun Nichols/The Register

The state of West Virginia says someone attempted to hack its citizens’ votes during the 2018 mid-term elections. A statement issued this week by US Attorney Mike Stuart of the Southern District of West Virginia revealed that the FBI has been called in and is actively investigating at least one attempt to tamper with election results. “My office instituted an investigation to determine the facts and whether any federal laws were violated. The FBI has led that investigation,” Stuart said. “That investigation is currently ongoing and no legal conclusions whatsoever have been made regarding the conduct of the activity or whether any federal laws were violated.” According to the US attorney, the unknown hacker, only referred to as an ‘outside party’ tried (and failed) to get access to the mobile voting system the state used for military service members stationed overseas.

Full Article: FBI called in to investigate 2018 Mountain State mobile voting system hacking • The Register.

India: Election Commission releases new cybersecurity guidelines | Samaya Dharmaraj/OpenGov Asia

The Election Commission of India (ECI) recently released a document outlining cybersecurity guidelines for the upcoming Assembly elections. All Indian states have received detailed cybersecurity guidelines, which include a special audit of all ICT applications hosted by the chief electoral officer, cyber hygiene for the electoral staff, and detailed application/infrastructure level guidelines. According to the document, ECI has taken several steps to ensure cyber safety for the Lok Sabha (House of the People) Elections. ECI has created clear regulations for cybersecurity and educated its entire electoral staff through several workshops. One of its major initiatives was to revamp old applications, reduce the number of applications, and consolidate them into a few manageable ones. Furthermore, all applications have been built with cybersecurity measures in design by default. The core principles are to reduce the attack surface area, deploy defence-in-depth, and to fix security issues correctly.

Full Article: Indian Election Commission releases new cybersecurity guidelines | OpenGov Asia.

Mexico: Mexicans living abroad could cast their vote online for the first time in 2021 | Alexandra Mendoza/The San Diego Union-Tribune

Mexicans living abroad could cast their vote online as soon as the 2021 midterm elections. For almost 15 years, voters wanting to participate in Mexican elections from outside the country voted by mail. The new process of voting online will have to go through several tests to make sure it is error free, according to Enrique Andrade, a counselor with Mexico’s National Electoral Institute (INE). “It’s not something simple,” he said during a recent visit to San Diego. “It’s going to depend a lot on the trust in the system”. In the 2018 elections, about 182,000 Mexicans registered to vote from abroad and 54 percent cast their ballots. In 2012, almost 60,000 Mexicans registered to vote, with 69 percent participating in the election. Last year was the third time that Mexicans were allowed to vote from abroad, but the first one in which they could apply for the credential to vote in the consulate.

Full Article: Mexicans living abroad could cast their vote online for the first time in 2021 - The San Diego Union-Tribune.

National: Hacker conference report details persistent vulnerabilities to US voting systems | Maggie Miller/The Hill

U.S. voting systems remain vulnerable to cyberattacks three years after documented efforts to penetrate election machines, according to a report released Thursday. The report is based on the findings of the white-hat hacker DEF CON Voting Village, an annual gathering of hackers that uses election machines to find vulnerabilities that could allow someone to interfere with the voting process. This year’s event allowed hackers to test voting equipment, including e-poll books, optical scan paper voting devices and direct recording electronic voting machines — all certified for use in at least one U.S. voting jurisdiction. “Voting Village participants were able to find new ways, or replicate previously published methods, of compromising every one of the devices in the room in ways that could alter stored vote tallies, change ballots displayed to voters, or alter the internal software that controls the machines,” the report said. Despite the “disturbing” findings of the report, the authors wrote that the findings were “not surprising,” particularly in light of the fact that many of the election equipment cyber vulnerabilities found were “reported almost a decade earlier.” Equipment that was tested included those made by leading voting machines companies Election Systems and Software (ES&S) and Dominion Systems.

Full Article: Hacker conference report details persistent vulnerabilities to US voting systems | TheHill.

National: Some Voting Machines Still Have Decade-Old Vulnerabilities | Lily Hay Newman/WIRED

In three short years, the Defcon Voting Village has gone from a radical hacking project to a stalwart that surfaces voting machine security issues. This afternoon, its organizers released findings from this year’s event—including urgent vulnerabilities from a decade ago that still plague voting machines currently in use. Voting Village participants have confirmed the persistence of these flaws in previous years as well, along with a raft of new ones. But that makes their continued presence this year all the more alarming, underscoring how slow progress on replacing or repairing vulnerable machines remains. Participants vetted dozens of voting machines at Defcon this year, including a prototype model built on secure, verified hardware through a Defense Advanced Research Projects Agency program. Today’s report highlights detailed vulnerability findings related to six models of voting machines, most of which are currently in use. That includes the ES&S AutoMARK, used in 28 states in 2018, and Premier/Diebold AccuVote-OS, used in 26 states that same year.

Full Article: Some Voting Machines Still Have Decade-Old Vulnerabilities | WIRED.

National: Hacking 2020 voting systems is a ‘piece of cake’ | Lisa Vaas/Naked Security

It’s still child’s play to pick apart election systems that will be used in the 2020 US presidential election, as ethical hackers did, once again, over the course of two and a half days at the Voting Village corner of the DefCon 27 security conference in August. The results are sobering. This is the third year they’ve been at it, and security is still abysmal. On Thursday, Voting Village organizers went to Capitol Hill to release their findings, in an event attended by election security funding boosters Sen. Ron Wyden and Rep. Jackie Speier. In a nutshell: in August, hackers easily compromised every single one of the more than 100 machines to which they were given access, many with what they called “trivial attacks” that required “no sophistication or special knowledge on the part of the attacker.” They didn’t get their hands on every flavor of voting system in use in the country, but every one of the machines they compromised is currently certified for use in at least one voting jurisdiction, including direct-recording electronic (DRE) voting machines, electronic poll books, Ballot Marking Devices (BMDs), optical scanners and hybrid systems.

Full Article: Hacking 2020 voting systems is a ‘piece of cake’ – Naked Security.

National: With Sanctions on Russians, U.S. Warns Against Foreign Election Meddling | Lara Jakes/The New York Times

The United States issued new economic sanctions on Monday against seven Russians linked to an internet troll factory in what Secretary of State Mike Pompeo called a warning to foreigners who seek to interfere in American elections. The penalties were announced as Congress is investigating whether President Trump tried to enlist Ukraine’s leader in a political smear campaign against one of his top Democratic challengers in 2020, former Vice President Joseph R. Biden Jr. “We have been clear: We will not tolerate foreign interference in our elections,” Mr. Pompeo said in a sharp statement. “The United States will continue to push back against malign actors who seek to subvert our democratic processes,” Mr. Pompeo continued, “and we will not hesitate to impose further costs on Russia for its destabilizing and unacceptable activities.” The Treasury Department said the sanctions sought to punish attempts to influence the 2018 midterm elections, in which Democrats won control of the House. Early last year, the Justice Department indicted 13 Russians and companies linked to the Internet Research Agency on charges of meddling in the 2016 presidential election.

Full Article: With Sanctions on Russians, U.S. Warns Against Foreign Election Meddling - The New York Times.

National: Trump told Russian officials in 2017 he wasn’t concerned about Moscow’s interference in U.S. election | Shane Harris, Josh Dawsey and Ellen Nakashima/The Washington Post

President Trump told two senior Russian officials in a 2017 Oval Office meeting that he was unconcerned about Moscow’s interference in the 2016 U.S. presidential election because the United States did the same in other countries, an assertion that prompted alarmed White House officials to limit access to the remarks to an unusually small number of people, according to three former officials with knowledge of the matter. The comments, which have not been previously reported, were part of a now-infamous meeting with Russian Foreign Minister Sergei Lavrov and Russian Ambassador Sergey Kislyak, in which Trump revealed highly classified information that exposed a source of intelligence on the Islamic State. He also said during the meeting that firing FBI Director James B. Comey the previous day had relieved “great pressure” on him. A memorandum summarizing the meeting was limited to a few officials with the highest security clearances in an attempt to keep the president’s comments from being disclosed publicly, according to the former officials, who spoke on the condition of anonymity to discuss sensitive matters. The White House’s classification of records about Trump’s communications with foreign officials is now a central part of the impeachment inquiry launched this week by House Democrats. An intelligence community whistleblower has alleged that the White House placed a record of Trump’s July 25 phone call with Ukraine’s president, in which he offered U.S. assistance investigating his political opponents, into a code-word classified system reserved for the most sensitive intelligence information.

Full Article: Trump told Russian officials in 2017 he wasn’t concerned about Moscow’s interference in U.S. election - The Washington Post.