In June 2016, five months before the American presidential election, Julian Assange made a bold prediction during a little-noticed interview with a British television show. “WikiLeaks has a very big year ahead,” he said, just seconds after announcing that the website he founded would soon be publishing a cache of emails related to Hillary Clinton. He was right. But an indictment unsealed on Thursday charging Mr. Assange with conspiring to hack into a Pentagon computer in 2010 makes no mention of the central role that WikiLeaks played in the Russian campaign to undermine Mrs. Clinton’s presidential chances and help elect President Trump. It remains unclear whether the arrest of Mr. Assange will be a key to unlocking any of the lingering mysteries surrounding the Russians, the Trump campaign and the plot to hack an election. The Justice Department spent years examining whether Mr. Assange was working directly with the Russian government, but legal experts point out that what is known about his activities in 2016 — including publishing stolen emails — is not criminal, and therefore it would be difficult to bring charges against him related to the Russian interference campaign. Numerous significant questions are left unanswered, including what, if anything, Mr. Assange knew about the identity of Guccifer 2.0, a mysterious hacker who American intelligence and law enforcement officials have identified as a front for Russian military intelligence operatives.Full Article: After Arrest of Julian Assange, the Russian Mysteries Remain - The New York Times.
The Voting News
Former FBI Director James Comey said the U.S. remains unprepared for another attack on its elections and faulted the attorney general for suggesting that the government was “spying” on Donald Trump’s presidential campaign in 2016. Echoing the findings of U.S. intelligence agencies, Comey said Russia intervened in the 2016 election to damage American democracy, undermine Democratic nominee Hillary Clinton and bolster Trump. Russian officials have denied the accusations. But Comey said Trump’s “denial of a fundamental attack” on the U.S. means “we’re inviting it to happen again with our president’s silence.” The former FBI leader also said he was concerned by Attorney General William Barr’s comments on Wednesday that he’s starting his own inquiry into counterintelligence decisions that may have amounted to political espionage, including actions taken during the Russia probe in 2016. “I really don’t know what he’s talking about when he talks about spying on the campaign,” Comey said. “The FBI and Department of Justice conduct court-ordered surveillance. If the attorney general has come to the belief that that should be called spying, wow, that’s going to inspire a whole lot of conversations in the Department of Justice.”Full Article: Cybersecurity - Bloomberg.
Voters could get the chance to check their electronic ballot for accuracy before turning it in under a proposed bill. HB 543, sponsored by Rep. Tony Lovasco, R-O’Fallon, would require electronic voting machines to print out a paper ballot that could be reviewed by the voter. That paper ballot would also be available to those checking ballots during recounts. The bill also works to phase out electronic voting machines that directly record results without producing some sort of physical copy. As the machines die out due to age or malfunction, the bill states that they would not be replaced. The bill would make paper ballots the “official ballot” except for those submitted by electronic machines that have not yet been replaced.Full Article: Lawmakers discuss return to paper ballots | State News | columbiamissourian.com.
Ohio: Thousands of voters given wrong polling location by Secretary of State website | Fayette Advocate
An apparent error on the Ohio Secretary of State’s website has caused thousands of voters to have the wrong polling location listed on their voter registration. According to the Pickaway County Board of Elections, “a large majority” of their county’s registered voters have been given the misinformation by the Secretary of State through the state’s official website voter registration portal. “We send a file to the Ohio Secretary of State and it appears they have addresses for several precincts incorrect,” Michele Lockard, director of the Pickaway County Board of Elections wrote in an email to a voter who inquired about the issue Thursday morning. It is unclear exactly how many voters have been impacted by the error, but Lockard said that she, herself, was also affected. It was also not made immediately clear to the Advocate if Pickaway County was the only county impacted by the error. The county has 34,339 registered voters.Full Article: Thousands of voters given wrong polling location by Secretary of State website - Fayette Advocate.
Pennsylvania: Philadelphia commissioner breaks silence to criticize voting machine decision and call for new selection | Philadelphia Inquirer
Philadelphia City Commissioner Anthony Clark, who rarely says anything at board meetings and has a reputation for not showing up to work, suddenly spoke up Wednesday to say he favors invalidating the city’s choice of voting machines and restarting the selection process. His comments, which caught nearly everyone by surprise, were delivered almost casually during the commissioners’ weekly meeting, after City Controller Rebecca Rhynhart urged the elections officials to nullify the controversial selection of new systems. “Today I request that this body vacate the commissioners’ earlier decision and draft and reissue a new, fair” request for proposals, Rhynhart said after calling the selection process opaque and biased. “Please don’t deny Philadelphia’s voters a true voice in the selection of these machines.” Clark, who had not spoken publicly about the decision and did not cast a vote when the commissioners chose the system, responded: “Well, I’d just like to say that I do support your recommendation. That’s all I have to say at this time.” Advocates have for months implored Philadelphia election officials to select a hand-marked paper ballot system rather than the ES&S ExpressVoteXL system that was chosen Feb. 20 have accused the commissioners of illegally selecting that machine and called for that vote to be nullfied.Full Article: Philly commissioner breaks silence to criticize voting machine decision and call for new selection.
A denial of service (DoS) attack against the official online election results service is under investigation in Finland. The National Bureau of Investigation (KRP) on Wednesday reported that the attack took place last weekend, stressing that the attack can have no impact whatsoever on the election results as the targeted service is not related to the casting or counting of votes. The short and low-volume attack caused intermittent disruptions to the results service in the wee hours of last weekend, Arto Jääskeläinen, the head of electoral administration at the Ministry of Justice, told Lännen Media. The service on vaalit.fi is used primarily by small news outlets, he added to Helsingin Sanomat. YLE, Helsingin Sanomat and other major outlets, in turn, have an agreement in place that provides them access to the results data through a secure connection.Full Article: DoS attack against election results portal under investigation in Finland.
India: The first day of voting in India is dotted with glitches in the electronic voting machines | Business Insider India
The general election has only just begun and reports of Electronic Voting Machine (EVM) malfunctions are flying in from multiple corners of the country. Butchirajupalem in Visakhapatnam and Cooch Behar in West Bengal were one of the first constituencies to halt voting because the EVM machines stopped working. One of the poll booths in Ghaziabad in Uttar Pradesh and two booths in Hyderabad, Telangana are also reported facing problems with their voting machines a while later. But most of the EVM malfunctions are being reported in Odisha and Andhra Pradesh. In Andhra Pradesh, Telugu Desam Party and the YSR Congress Party (YSRCP) are reporting EVM malfunctions. YSRCP is reporting that as many as 99 of the polling booths aren’t working. Tensions between both political parties have resulted in violent clashes and ransacking of poll booths.Full Article: Lok Sabha Election 2019 - The first day of voting in India is dotted with glitches in the electronic voting machines.
While the 2019 Knesset elections had some unprecedented cyber issues, future elections will have even more, cyber expert and founder and editor-in-chief of Cybertech Magazine Amir Rapaport says. Speaking to The Jerusalem Post on Wednesday, Rapaport divided the impact of cyber on the elections into three spheres. He said that Israel’s Central Elections Committee, in coordination with the Israel National Cyber Directorate (INCD) and other agencies (the Shin Bet Israel Security Agency is known to have a heavy role), seem to have succeeded in protecting from actual hacking of physical election systems. To that extent, no one has called into question the voter totals produced by the committee based on accusations of a cyber attack. (There are some minor controversies, but not related to the cyber sphere.) Further, some of the dark scenarios to prevent voters from reaching the polling stations, including the hacking of trains and other public transit, did not transpire.Full Article: Cyber expert: Future elections will have even more cyber issues - Israel Elections - Jerusalem Post.
Despite clear and compelling evidence of a Russian plot to disrupt the 2016 presidential election, partisanship has all but killed any chance that Congress will pass legislation to shore up election security before voters cast their ballots next year. Republicans and Democrats in Congress largely agree with Special Counsel Robert Mueller’s finding that Russia tried to meddle in U.S. democracy — and that foreign interference remains a serious threat. “Russia’s ongoing efforts to interfere with our democracy are dangerous and disturbing,” said Senate Majority Leader Mitch McConnell, R-Kentucky, after Mueller finalized his investigation last month. But McConnell has made it clear that he’s unlikely to allow the Senate to vote on any election-related legislation for the foreseeable future. Republican Sen. Roy Blunt of Missouri, who chairs the Senate Rules Committee that has jurisdiction over election security legislation, blames House Democrats for McConnell’s hardline stance. Blunt said Democrats overreached in January when they passed H.R. 1, a sweeping measure focused on voting rights, campaign finance, and government ethics.Full Article: Partisan Congress resists election security upgrades for 2020 | McClatchy Washington Bureau.
National: Registered to vote? Your state may be posting personal information about you online. | The Washington Post
Americans routinely hemorrhage personally identifiable information (PII) across social media and other websites. On almost a weekly basis, PII bleeds out in dramatic breaches like the recent one at Toyota that exposed 3.1 million customers or another at Georgia Tech in which an “unknown outside entity” illegally accessed data for more than 1 million students, faculty members and alumni. Some 26 million Americans were victims of identity theft in 2016, according to the Bureau of Justice Statistics. One way thieves, scammers and psychopaths perform reconnaissance on their victims is to find them via Google or social media. A fair start — but information on the Internet is often inaccurate. If I were a malicious actor looking for a victim’s PII, I’d begin where the data is government-certified. Tax records and housing data are PII treasure troves but not all records are digitized. Political contributions can be valuable — if a person gave money to a candidate over a certain amount. Yet, an exposed area still exists. States hold important personal records of American voters through their secretary of state (SOS) websites. In most states, some or all of this information is accessible to anyone with an Internet connection. I have an Internet connection. And until recently, I ran the open source intelligence division at a cybersecurity firm. So, I tried to access all 50 states’ (and the District’s) online voter registration systems. In the process, I was able to obtain personal information about the citizens of 40 different states, from Alaska to Arkansas, West Virginia to Wisconsin, New Mexico to North Carolina. In some states, that PII included personal addresses, historic voter data and race.Full Article: Registered to vote? Your state may be posting personal information about you online. - The Washington Post.
The founder of Craigslist and the Global Cyber Alliance are teaming up to provide free cyber defense toolkits to election officials, nonprofit election rights groups and the media modeled after the ones GCA recently pioneered for small businesses. Craig Newmark Philanthropies is offering GCA more than $1 million for the project, and GCA is netting $1.5 million from other sources, the groups are announcing today. “Elections bodies and the media are facing increasingly sophisticated cyberattacks that can impair the exercise of democracy and affect election results, and they are not prepared to deal with the threat,” Phil Reitinger, president and CEO of the GCA, told MC. The idea is to assemble a set of immediately available resources, rather than just advice. “I’ve been lucky enough to do well and put my money where my mouth is and help protect the people who protect our country,” Newmark told MC.Full Article: Cybersecurity toolkits ahead for elections and media people - POLITICO.
The abrupt ouster of Homeland Security Secretary Kirstjen Nielsen could be a blow to the department’s efforts to bolster America’s defenses against growing cybersecurity threats, former officials from the department, advocates and lobbyists say. “The worst-case scenario is that our adversaries use this moment of leadership transition, and use it as a Trojan Horse to launch some sort of attack,” Caitlin Durkovich, former DHS assistant secretary for infrastructure protection for the Obama administration, said in an interview. “Who’s to say that the new acting secretary’s priorities aren’t different and that there will be the same emphasis on cyber when there’s such an emphasis on immigration?” said Durkovich, who now works with risk advisory firm Toffler Associates. Nielsen may be most remembered as the face of President Donald Trump’s most hard-line immigration policies. But over her 16-month tenure, cyber specialists and federal officials have applauded her relentless championing of cybersecurity priorities. She frequently warned that increasing threats of hijacking critical infrastructure—from the electric grid to voting machines—were a greater threat to America’s security than terrorism.Full Article: Nielsen Firing Leaves Cybersecurity Concerns Without a Champion.
National: ‘We can’t confirm him,’ Pat Roberts warns of potential Kobach nomination for DHS | The Kansas City Star
One of the GOP senators from Kris Kobach’s home state said Tuesday that the Senate would not be able to confirm the Kansas Republican if President Donald Trump taps him for a cabinet post. Kobach, the former Kansas secretary of state, has been mentioned as a potential candidate for an array of immigration-related positions since President Donald Trump pulled his nominee for the director of Immigration Customs Enforcement and announced the departure of Secretary of Homeland Security Kirstjen Nielsen. But Sen. Pat Roberts, R-Kansas, said he doesn’t believe the Republican-controlled Senate could confirm his fellow Kansan, who has gained national notoriety for championing stronger restrictions on immigration. “Don’t go there. We can’t confirm him,” Roberts whispered to The Kansas City Star when asked about Kobach Tuesday on his way into a Senate vote. “I never said that to you,” Roberts added, despite the fact that another reporter was present and The Star had not agreed to an off record conversation.Full Article: Pat Roberts: Senate can’t confirm Kris Kobach for DHS | The Kansas City Star.
With looming fears of foreign interference in last year’s midterm elections, Congress rushed to send almost $6.2 million to help Alabama secure its voting system. But the state did not spend a dime of it, according to a report this month from the U.S. Election Assistance Commission, which disbursed the funds. The money came from the so-called omnibus spending bill approved in March 2018. But Alabama Secretary of State John Merrill said the money did not come in time to spend before the November midterm election. In order to spend federal grant money, he told FOX10 News, the state has to going through a competitive bidding process and get companies on an approved vendor list, among other requirements. “That’s an arduous process, at best,” he said. “We’re not gonna get in a hurry because someone thinks we should be in a hurry to spend it.”Full Article: Alabama failed to spend federal grants for election security | News | fox10tv.com.
California: Hackers attacked California DMV voter registration system marred by bugs, glitches | Los Angeles Times
California has launched few government projects with higher stakes than its ambitious 2018 program for registering millions of new voters at the Department of Motor Vehicles, an effort with the potential to shape elections for years to come. Yet six days before the scheduled launch of the DMV’s new “motor voter” system last April, state computer security officials noticed something ominous: The department’s computer network was trying to connect to internet servers in Croatia. “This is pretty typical of a compromised device phoning home,” a California Department of Technology official wrote in an April 10, 2018, email obtained by The Times. “My Latin is a bit rusty, but I think Croatia translates to Hacker Heaven.” Although the email described the incident as the DMV system attempting “communication with foreign nations,” a department spokesperson later insisted voter information wasn’t at risk. The apparent hacking incident was the most glaring of several unexpected problems — never disclosed to the public — in rolling out a project that cost taxpayers close to $15 million. The Times conducted a four-month review of nearly 1,300 pages of documents and interviewed state employees and other individuals who worked on the project — most of whom declined to be identified for fear of reprisal. Neither the emails nor the interviews made clear who was ultimately responsible for the botched rollout, though an independent audit is expected to be released in the coming days.Full Article: Hackers attacked California DMV voter registration system marred by bugs, glitches - Los Angeles Times.
Critics of Georgia’s outdated voting system told a judge on Tuesday that a new system outlined by lawmakers has many of the same fundamental flaws and is unconstitutional. A law signed last week by Gov. Brian Kemp provides specifications for a new voting system. Bids are due later this month, and state officials say they plan to implement the new system in time for next year’s presidential election. Lawyers for the Coalition for Good Governance and for a group of voters, who had filed a lawsuit challenging Georgia’s election system, told U.S. District Judge Amy Totenberg they plan to ask her initially to stop the state from using the current machines for special and municipal elections scheduled this year. Ultimately, they said, they want her to prohibit the state from using the current paperless machines, as well as the ballot-marking machines provided for in the new law. Lawyers for the state argued complaints about the current voting system have been made irrelevant by the new law and that complaints about ballot-marking machines can’t be considered yet because the state hasn’t even selected a new system.Full Article: Critics say new voting system planned for Georgia is flawed | WSB-TV.
On Tuesday, the Davidson County Board of Commissioners unanimously voted in favor of a resolution that asks the General Assembly to delay decertification of voting machines until the 2022 election. Davidson County uses direct record electronic voting machines that use electronic tabulation with a touch screen. A law passed in 2013 will decertify any system that doesn’t use paper ballots after Dec. 1. Jon Myers, chairman of the Davidson County Board of Elections, said the state prefers paper ballots because there are some who do not have confidence in the electronic voting system and that they would rather have individuals mark a ballot by hand. The county, along with 21 others, may have its voting machines decertified later this year. In the resolution, the Davidson County Board of Elections states that if its current equipment were decertified, the board would not have enough time for accurate testing, training and deployment in time for the elections in March 2020. “The legislation regarding the voting equipment requires that we test equipment before we can purchase,” Myers said. “So we would be required to test in the November municipal election before we can order. Even at best, there’s no way we could order before mid-November. … I think it’s a very difficult, if not impossible timeline to meet.”Full Article: County approves resolution regarding voting equipment - News - The Dispatch - Lexington, NC.
Europe: Member states test their #CybersecurityPreparedness for fair and free 2019 EU elections | EU Reporter
The European Parliament, the EU member states, the European Commission and the EU Agency for cybersecurity (ENISA) have organized an exercise to test the EU’s response to and crisis plans for potential cybersecurity incidents affecting the EU elections. The objective of the exercise, which took place today in the European Parliament, was to test how effective EU member states and the EU’s response practices and crisis plans are and to identify ways to prevent, detect and mitigate cybersecurity incidents that may affect the upcoming EU elections. This exercise is part of the measures being implemented by the European Union to ensure free and fair elections in May 2019. Digital Single Market Vice President Andrus Ansip said:”We must protect our free and fair elections. This is the cornerstone of our democracy. To secure our democratic processes from manipulation or malicious cyber activities by private interests or third countries, the European Commission proposed in September 2018 a set of actions. Together with the EU Member States, and other EU institutions we are implementing these actions. We also decided to test our cybersecurity vigilance and readiness towards secure, fair and free EU elections 2019 by organising the first in its kind EU exercise on elections. I believe that this is an important step forward for more resilient EU elections in a connected society.”Full Article: Member states test their #CybersecurityPreparedness for fair and free 2019 EU elections : EU Reporter.
Editorials: Canada’s federal election could be under attack. Are we prepared? | Wesley Wark/The Globe and Mail
Canadians have witnessed a steady drumbeat of stern warnings about likely foreign interference in the coming federal election. The Minister for Democratic Institutions, Karina Gould, sounded the latest alarm in a news conference Monday, in which she delivered the latest report on election threats authored by the government’s cybersecurity agency, the Communications Security Establishment (CSE), which laid out the potential for a sophisticated, co-ordinated and determined effort by foreign state actors to maliciously interfere in the upcoming election. “Nothing is more important to this government than protecting our democracy and ensuring that our next election is fair, free and secure,” Ms. Gould said. Her concern around the Canadian federal election is based on the rising tempo of foreign interference in elections globally, and of technological change that has made cyber meddling easier and cheaper. CSE argues that for foreign adversaries, the potential benefits of cyber electoral interference – which can range from sowing confusion and loss of faith in politics, to trying to steer an election – far outweigh the costs. The threat was basically non-existent in the 2015 federal election, and the true scale of the threat to the 2019 election and our ability to meet it remain to be seen. But there have been some positive developments around our readiness. There’s more public attention than ever on the issue, and intelligence capabilities to detect and assess threats have been increased substantially. A system to alert the public has been created, based on an intelligence fusion centre and a senior panel of government officials who can independently ring the alarm bells.Full Article: Canada’s federal election could be under attack. Are we prepared? - The Globe and Mail.
The National Bureau of Investigation NBI is looking into the circumstances around an apparent cyber attack against Finland’s election information systems. It happened over the weekend, when the official results service was hit by a denial of service attack. The service sends results to the media, among others. The incident is being investigated as ‘grave telecommunications harassment’ under Finnish law. “The preliminary investigation is at an early stage, so the exact type of criminal charge might become more accurate as the investigation progresses” says Marko Leponen from the NBI’s Cyber Centre. “The authorities have prepared for this type of suspected cyber crime in the elections. In general, attacks on public services are quite common, and especially current or publicly available services are often attractive targets” Leponen explains. Meanwhile more than 1.5 million eligible Finns voted in advance of the general election, as the early voting period came to a close on Monday night.Full Article: Cyber attack on election system, as 1.5 million Finns vote in advance | News Now Finland.