National: Can your vote be hacked—after you cast it? | The Parallax

In early August, Donald Trump began expressing fear that the U.S. presidential election would be “rigged” against him. “I’m afraid the election is going to be rigged, I have to be honest,” Trump told an audience in Columbus, Ohio. While much has been written about his remarks—as well as several others he made in the weeks following the Democratic National Convention—it remains an open question whether electronic databases storing votes can be hacked and manipulated. Voting has entered the digital era on two fronts. Electronic voting machines and, in some locations, Internet voting have introduced numerous opportunities for hackers to alter voting records. It is the security of massive spreadsheets recording the will of the people that concerns Richard Forno, a computer security expert who recently thrust himself into the national debate over the hackability of U.S. elections by publishing a column on the subject. “Everyone’s focusing on the edges of the network, the voting machines, but no one’s looking at the databases,” Forno, a career computer security expert and currently the director of the Graduate Cybersecurity Program at the University of Maryland at Baltimore County, tells The Parallax.

National: House homeland security chairman urges Obama administration to secure election system | InsideCyberSecurity

House Homeland Security Chairman Michael McCaul (R-TX) is urging the Obama administration to act quickly to secure the nation’s election system amid allegations of Russian hacker interference, rejecting concerns that the move would be a federal takeover over a system managed at the state and local level. “We can’t afford to let a foreign government attack our country – our election system,” McCaul said today at the Internet Security Alliance conference on Capitol Hill. “We can’t afford to let a foreign government attack our country – our election system,” McCaul said today at the Internet Security Alliance conference on Capitol Hill. McCaul referred to a “debate going on within the administration” over designating the national election system as critical infrastructure, which would allow the Department of Homeland Security to provide assistance under a national program for a coordinated response to risks to critical industry sectors.

National: FBI trying to build legal cases against Russian hackers: sources | Reuters

The Federal Bureau of Investigation is intensifying efforts to find enough evidence to enable the Justice Department to indict some of the Russians that U.S. intelligence agencies have concluded are hacking into American political parties and figures, U.S. law enforcement and intelligence officials said on Thursday. Building legal cases is difficult, largely because the best evidence against foreign hackers is often highly classified, they said. Still, some White House and State Department officials think legal action is the best way to respond to what they said are growing Russian attempts to disrupt and discredit the November elections, without sparking an open confrontation with Russian President Vladimir Putin. “Doing nothing is not an option, because that would telegraph weakness and just encourage the Russians to do more meddling, but retaliating in kind carries substantial risks,” said one U.S. official involved in the administration’s deliberations. Russia has denied it sponsors or encourages any hacking activity.

National: Can the vote really be hacked? Here’s what you need to know | CS Monitor

Recent cyberattacks on state voter databases and the Democratic National Committee are raising fresh concerns that hackers could manipulate the upcoming presidential election. … “When people hear how the Russians have infiltrated political parties or state election sites, they immediately jump to, ‘Oh, they can flip votes and change the result of an election,’ ” said Lawrence Norden, deputy director of the Democracy Program at New York University’s Brennan Center for Justice. That’s much easier said than done, said Mr. Norden. State boards of elections and law enforcement officials are working to protect the vote, and election officials do have measures in place to safeguard elections. For instance, the Department of Homeland Security said it will monitor closely for suspected breaches on voting systems and work with election boards to bolster their security. Still, according to Norden and other experts, more needs to be done. Here’s a closer look at potential problems at today’s ballot box and some solutions to harden the vote against hackers.

National: Hackers are already shaping U.S. election coverage with data leaks | Computerworld

Hackers are becoming a major source of political leaks in this year’s presidential race. Case in point: On Tuesday, stolen emails from former secretary of state Colin Powell became headline news after a mysterious site with possible ties to Russian cyber spies gave them to the press. Since then, media outlets have been pointing out juicy details found in the emails. For example, Powell called Clinton “greedy” and her rival Donald Trump a “national disgrace.” The incident has security experts worried that hackers are manipulating U.S. media outlets to influence this year’s election. “The media is certainly being used as a battlefield here,” said Rich Barger, CIO with security firm ThreatConnect.

National: DHS won’t define election systems as critical before November | FedScoop

The Department of Homeland Security will not classify election systems as critical infrastructure before the November presidential election, DHS Assistant Secretary for Cybersecurity Andy Ozment said at the Billington Cybersecurity Summit Tuesday. “This is not something we’re looking to in the near future. This is a conversation we’re having in the long term with state and local government, who are responsible for voting infrastructure,” said Ozment, a former senior director for cybersecurity on the National Security Council. “We’re focused right now on what we can usefully offer that local and state government will find valuable.”

National: NSA Chief: Potential Russian Hacking of U.S. Elections a Concern | NBC

The head of the National Security Agency said Tuesday that the potential for Russia to harm the U.S. electoral process in the upcoming general election is a concern. Cybersecurity officials have become increasingly worried about the issue in the wake of revelations that Russia-based hackers were behind two recent hacking attempts into state voter registration databases. One incident included stealing information from roughly 200,000 Illinois voting records. In another attempt in Arizona, cyber criminals used malware to try and breach voting records, forcing state officials to disable online voting registration for nine days as they investigated the unsuccessful hacking.

National: Possible Russian Meddling with US Elections Worries Key Defense Officials | VoA News

Top U.S. defense officials insist they are not turning a blind eye to fears that Russian hackers are trying to hijack upcoming U.S. presidential and local elections. Still, the scope of the threat and just how the U.S. plans to respond remain unclear. “This continues to be an issue of great focus,” said Adm. Michael Rogers, who serves as both National Security Agency Director and chief of the Defense Department’s Cyber Command. “I’m not going to characterize this activity,” Rogers told members of the Senate Armed Services Committee on Tuesday, but added “I think there are scenarios where you could see capability applied.” The question was first raised by Senate Armed Services Committee Chairman John McCain, a long-time Republican senator from Arizona who is running for reelection … “They need not attack every county in every state,” said Rice University Professor Dan Wallach. “It’s sufficient for them to go after battleground states where a small nudge can have a large impact.”

National: Guccifer 2.0 drops more DNC docs | Politico

The hacker persona Guccifer 2.0 has released a new trove of documents that allegedly reveal more information about the Democratic National Committee’s finances and personal information on Democratic donors, as well as details about the DNC’s network infrastructure. The cache also includes purported memos on tech initiatives from Democratic vice presidential nominee Tim Kaine’s time as governor of Virginia, and some years-old missives on redistricting efforts and DNC donor outreach strategy. DNC interim chair Donna Brazile immediately tied the leak to GOP presidential nominee Donald Trump. “There’s one person who stands to benefit from these criminal acts, and that’s Donald Trump,” she said in a statement Tuesday night, adding that Trump has “embraced” Russian President Vladimir Putin and “publicly encouraged further Russian espionage to help his campaign.”

Washington: Update to Online Search Tool Exposed Voter Info | Government Technology

Some personal voter information could have been gleaned from Washington’s online search tool for several months because of a problem with an update of the system, state elections officials said Friday. That problem was fixed shortly after it was pointed out in a complaint to the state Office of Cyber Security by Tina Podlodowski, the Democratic candidate for secretary of state. Podlodowski, who has criticized incumbent Republican Secretary of State Kim Wyman over voter data security, said Friday the problem was brought to her attention by “a couple of concerned citizens” and she confirmed it by checking her own registration information online.

Washington: Secretary of state learns of online data issue from opponent | KING5

A design flaw in Washington’s online voting tool, MyVote, exposed some voter information that should not have accessible. The secretary of state’s office says the glitch has since been fixed. But, in an election year twist, the Democratic candidate for secretary of state, Tina Podlodowski, alerted the state’s cyber security office to the problem. Podlodowski is challenging incumbent Secretary of State Kim Wyman, a Republican. Podlodowski says a concerned citizen brought the glitch to her attention, prompting her to send an email to Washington’s Chief Information Security Officer. According to the secretary of state’s office, the software issue allowed access to personal information including email address, and phone number, as well as some contact information for military voters. The information was not visible on screen, but could be read through computer coding.

National: Politicians, Experts Suspect Russia of Hacking US Political System | VoA News

The controversy still rages over Russia’s possible hacking into computer systems used by American political entities. Defense Secretary Ash Carter has warned Russia not to try to interfere with the U.S. general election in November. Yet Republican presidential candidate Donald Trump says he doubts that Russia is involved. The election — the heart of U.S. democracy — is at the center of the debate. But before we tell you how … a little background. The system is decentralized. Votes are collected where people live, and then each state sets up its own security, in its own electoral system, to tabulate its votes. This method is intended to reduce fraud. So imagine the shock when the FBI told Arizona election officials that Russians had hacked into their system. Experts also blame Russia for hacking into Democratic party emails.

National: America can’t promise secure vote | McClatchy

Is it time to panic about Election Day? Not about the choices for president, but about whether the votes that millions of Americans will cast Nov. 8 will be secure. “My level of concern is pretty high,” said Thomas Hicks, chairman of the Election Assistance Commission, an independent, bipartisan group created to develop guidelines following the disputed 2000 presidential election. Experts are warning that in a year of unending political drama, still more might be in store, from Russian hackers to obsolete voting machines prone to breakdowns, all with the potential for causing considerable political chaos. … Computer security experts have long expressed concerns about the vulnerabilities of state voter registration rolls and the frailties of older voting machines. “Flipped votes, freezes, shutdowns, long lines and in the worst-case scenarios, lost votes and erroneous tallies,” is how a report last year, “America’s Voting Machines At Risk,” described the recurring problems of older machines. It was written by the Brennan Center for Justice, a nonpartisan public policy and legal research center at the New York University School of Law.

National: Hacking the election is nearly impossible. But that’s not Russia’s goal. | The Hill

Elections authorities and cyber security experts say a concerted effort to alter the outcome of November’s elections through a cyber attack is nearly impossible, even after hackers gained access to voter registration databases in at least two states. But some of those same experts say hackers with ties to Russia aren’t aiming to change election results; instead, their goal is to create a perception that the results are in question, and to undermine confidence in American democracy. “Russian tampering with elections is not new. It’s only new to the U.S.,” said Chris Porter, who runs strategic intelligence for the cybersecurity firm FireEye Horizons. He pointed to Ukraine, Bulgaria, Romania and the Philippines, where Russian-backed hackers have gained access to electoral systems in recent years.
“It’s just enough create scandal,” Porter said. “That’s sufficient for Russian aims.” Last month, officials in Arizona and Illinois discovered their voter registration systems had been hacked, a leak that put thousands of voter registration records up for sale on the black market. In January, more than 17 million voter registration records from Washington, Delaware, Rhode Island and Ohio were stolen.

Editorials: Hacking The US Election: How The Worlds Of Cyberwarfare And Politics Are Colliding Spectacularly | Kalev Leetaru/Forbes

Headlines have buzzed over the past few months with a series of cyberattacks targeting the American political system leading up to the presidential election this November. While initially dismissing the attacks as simple data breaches that would have little impact on electoral integrity, the administration is increasingly voicing concern that the breaches have been part of an orchestrated campaign to sow doubt and disarray in the American political system. Of particular concern is the release of stolen material to shift the balance of public opinion towards or against the candidates, while at the same time creating a steady drumbeat of doubt around the security of the voting system such that in the case of a tight race the losing candidate could claim that voting was rigged.

Editorials: Fears of Russian cyberattacks are legitimate | Jed Babbin/Washington Times

The statement, “The people who cast the votes decide nothing. The people who count the votes decide everything” is usually attributed to the late Soviet dictator Joseph Stalin. Whoever said it, that thought is probably in the mind of Russian President Vladimir Putin as November 8 approaches. For months, the reported hacking into Democratic National Committee emails and the release of confidential DNC documents has been linked to possible Russian cyber attacks. Last week it was revealed that U.S. law enforcement and intelligence agencies are investigating what may be a broadly-based covert Russian cyber operation designed to discredit and possibly interfere with ballot counting in the November election. The election processes in Arizona and Illinois have reportedly been subjected to attempted or successful cyberattacks probably performed by the Russians. The FBI has reportedly alerted all state and local officials to the possibility of cyberattacks on the voting process.

Voting Blogs: Election Verification Network’s Top Ten List on Election Security | Election Academy

There’s been a lot of attention recently in the media on potential threats to the election system from hackers – but the focus has tended to be on what might happen or who plans to get involved. What’s been lacking up until now is a sense of what can be done about it; namely, what concrete steps that election officials across the nation can do to harden their systems. Fortunately, members of the Election Verification Network (EVN) have worked together to develop a “Top Ten list” that is intended to be an intensely practical guide for offices seeking to do something right now:

The ten recommendations below address these concerns by providing specific steps election officials and individuals can take during the next few weeks to reduce risk and improve public confidence in the upcoming elections. Because of local laws and regulations, not every suggestion will be appropriate to every election jurisdiction.

Ohio: Officials say elections under close security | Toledo Blade

Reports that a foreign government is suspected of attempting to hack into American election systems have generated interest and cautious concern, at most, among Ohio elections officials. And the person at the top of the state’s election bureaucracy warned that it should not become a justification for a federal takeover. State and local elections officials said the elections process is already under close security scrutiny, is kept unconnected to the Internet, and — most importantly — maintains a paper database. “You don’t have to worry about our server being hacked because our server is not hooked up to the Internet and it can’t be by law,” said Gina Kaczala, the Republican director of the Lucas County Board of Elections. “The secretary of state is taking everything seriously and they do take tight control.”

Washington: Challenger Podlodowski discovers open door into state’s voter database | Seattle Post Intelligencer

A yawning back-end pathway into the state’s voter registration database, through which private information could have been accessed, has been closed, thanks to the candidate challenging Secretary of State Kim Wyman. “Anyone with basic programming skills and knowledge about these weaknesses could conceivably (access) this data, look up and harvest private data from millions of Washingtonians,” Tina Podlodowski wrote Wednesday to the state’s chief information security officer (CISO). The information accessible via the back-end pathway included voters’ personal cell phone numbers, personal email addresses, ballot delivery types, and the coding used to message military and overseas voters.
Wyman’s office, without mentioning Podlodowski, put out a release Friday, saying: “The situation has been quickly rectified.” David Ammons, chief communications office for the secretary of state, later confirmed that the problem was first identified in a letter from Podlodowski.

National: U.S. officials investigating hacking into more state election systems | CBS News

U.S. officials are expanding their investigation into the hacking of state election systems as officials believe more states beyond just Arizona and Illinois were affected, a government official has confirmed to CBS News. Law enforcement officials were summoned to Capitol Hill to brief House and Senate leaders on the investigation into the cyberattack on election systems, CBS News’ Jeff Pegues reports. Sources tell CBS News that the Department of Homeland Security will soon send out an alert to election officials across the country about the intrusions. The alert is expected to offer states specific assistance and detail preventative measures they can take to make their systems more secure. Officials declined to offer specifics, and called the investigation “highly confidential.” While U.S. officials are looking into whether Russia is tampering with the election process, FBI Director James Comey predicted Thursday that the cyberattacks won’t change the outcome of the election race.

National: Hack the vote: Experts say the risk is real | CSO Online

You should be worried about the November election. Not so much that the candidates you support won’t win, but about the risk that the “winners” may not really be the winners, due to hackers tampering with the results. Or, that even if the winners really are the winners, there will be enough doubt about it to create political chaos. This is not tinfoil-hat conspiracy theory. The warnings are coming from some of the most credible security experts in the industry. Richard Clarke, former senior cybersecurity policy adviser to presidents Bill Clinton and George W. Bush, wrote recently in a post for ABC News that not only are US election systems vulnerable to hacking, but that it would not be difficult to do so. “The ways to hack the election are straightforward and are only slight variants of computer system attacks that we see every day in the private sector and on government networks in the US and elsewhere around the world,” he wrote, adding that, “in America’s often close elections, a little manipulation could go a long way.”

National: DHS fights election hacking fears as experts warn of vulnerabilities | KUTV

The Department of Homeland Security (DHS) has offered assistance to state officials attempting to prevent hacking of voting systems, but experts say the equipment remains highly vulnerable to manipulation with two months until Election Day. Amid reports of hackers accessing voting data in Arizona and Illinois, DHS Secretary Jeh Johnson held a conference call with secretaries of state from across the country last month. DHS is considering whether to declare election systems “critical infrastructure,” a move that would give the government the same level of oversight of elections that it has over the financial system and power grids. … “Hacking elections is easy,” a new report from the Institute for Critical Infrastructure Technology (ICIT) states bluntly. “Electronic voting machines are black-box, unsecured endpoints that feature vulnerabilities that would be scandalous in any other sectors,” said James Scott, senior fellow at ICIT and co-author of the report, “such as a lack of native security applications, open networked connections, a non-verifiable chain of custody, a reliance on personnel who are not trained to practice even basic cyber-hygiene, and other critical vulnerabilities.” The ICIT report lays out a number of potential threats, most related to voting machines being antiquated and poorly-secured devices that lack some of the basic safeguards home PCs now have.

National: U.S. Voting System So ‘Clunky’ It Is Insulated From Hacking, FBI Director Says | Wall Street Journal

The head of the Federal Bureau of Investigation sought to calm fears that Russians or others could electronically sabotage the nation’s election in November, saying the 50-state voting system is so dispersed and “clunky” it would be difficult for hackers to affect the outcome. Appearing at a panel with other senior US intelligence officials on Thursday, FBI Director James Comey was asked about the concerns that hackers acting on behalf of the Russian government might try to manipulate the presidential election. Such concerns have grown in recent weeks, after the FBI issued an alert to state officials about the possibility of hackers penetrating state election computer systems. In Arizona, a hacker obtained one of two credentials needed to access the state’s voter-registration system.

Editorials: How Russia could spark a U.S. electoral disaster | Anne Applebaum/The Washington Post

“U.S. investigates potential covert Russian plan to disrupt November elections.” To those unused to this kind of story, I can imagine that headline, from The Post this week, seemed strange. A secret Russian plot to throw a U.S. election through a massive hack of the electoral system? It sounds like a thriller, or a movie starring Harrison Ford. In fact, the scenario under investigation has already taken place, in whole or in part, in other countries. Quite a bit of the story is already unfolding in public; strictly speaking, it’s not “secret” or “covert” at all. But because most Americans haven’t seen this kind of game played before (most Americans, quite wisely, don’t follow political news from Central Europe or Ukraine), I think the scenario needs to be fully spelled out. And so, based on Russia’s past tactics in other countries, assuming it acts more or less the same way it acts elsewhere, here’s what could happen over the next two months:

1. Trump, who is advised by several people with Russian links, will repeat and strengthen his “the election is rigged” narrative. The “polls are lying,” the “real” people aren’t being counted, the corrupt elites/Clinton clan/mainstream media are colluding to prevent him from taking office. Trump will continue to associate himself with Brexit — a vote that pollsters really did get wrong — and with Nigel Farage, the far-right British politician who now promotes Trump (and has, incidentally, just been offered his own show on RT, the Russian state-sponsored TV channel).

National: Could Russia Really Tamper With the U.S. Election? | Observer

On Monday, the Washington Post reported that some election officials and intelligence officials have doubts about the ability of systems in the USA’s states and provinces to defend themselves against a sustained attack by a state-level actor. “America doesn’t have its act together,” Ion Sancho, a Florida election supervisor, fretted to the paper. “We need a plan.” Despite the warnings, it would be incredibly difficult for a foreign power to directly tamper with a U.S. state’s election results. Still, voter rolls themselves could be vulnerable in a number of states. Under the Help America Vote Act of 2002, each state must have one centralized, digital database of voters. One way that a malicious actor could impact an election (presidential or otherwise) would be to tamper with the registrations of a demographic group associated with the opponent of a candidate favored by the adversary.

National: Clinton Campaign Says There Is a “Direct Link” Between Trump and Russian Hackers | Mother Jones

A Hillary Clinton campaign spokesman says a new article in the New York Observer establishes a “direct link” between the Donald Trump campaign and the hacker or hackers who have recently penetrated the Democratic National Committee, the Democratic Congressional Campaign Committee, and other high-profile Democratic officials. On Tuesday, the Observer published a piece maintaining that the DCCC had coordinated—presumably improperly—with the Hillary Clinton campaign in 2015. The story, written by a freelance contributor named Michael Sainato, cited “an internal DCCC memo” leaked to the Observer from Guccifer 2.0—the handle of the hacker or hackers who have successfully targeted these Democratic committees. The Observer is owned by Trump’s son-in-law, Jared Kushner, who has been a top adviser to the Republican presidential nominee. … In an email to Mother Jones, Fallon elaborated on his tweet: “Guccifer 2.0 is known to be the Russians. And now that they are leaking materials obtained from their hacking to Trump adviser Jared Kushner’s newspaper, that’s a pretty direct link between Trump and the Russians behind this hack.”

National: US Lawmakers Wary of Russian Cyberattacks as Elections Near | VoA News

U.S. lawmakers of both political parties told VOA they have no reason to doubt that Russian hackers are targeting America’s voting infrastructure with the possible intent of disrupting or undermining confidence in the November elections. “I don’t think it’s a stretch because Russia’s been engaged in cyberattacks against the United States,” said Republican Senator John Cornyn of Texas. “These are well known to our national security experts. So no, it does not surprise me.” “We know Russia has been very active in cyberattacks in the United States, and we know that they mine for information all the time,” said Senator Ben Cardin, a Maryland Democrat. “Nothing surprises me about Russia.”

National: Defense Secretary Warns Russia to Stay Out of U.S. Elections | The New York Times

Defense Secretary Ashton B. Carter lashed out at Russia on Wednesday, accusing the government of President Vladimir V. Putin of demonstrating a “clear ambition to erode” international order and warning Russia to stay out of the American elections. Speaking on Wednesday at Oxford University in England, Mr. Carter used language that evoked a time before the fall of the Berlin War, when leaders in Washington and Moscow were entrenched global adversaries. “The United States does not seek a cold, let alone a hot, war with Russia,” Mr. Carter said. “But make no mistake, we will defend our allies, the principled international order, and the positive future it affords all of us.” He also warned Moscow that Washington “will not ignore attempts to interfere with our democratic processes.” The F.B.I. is investigating whether Russia hacked into computer systems of the Democratic National Committee. Mr. Carter accused Russia of “undercutting the work and contributions of others rather than creating or making any positive contributions on its own,” and said that Moscow was sowing “instability rather than cultivating stability.”

National: Top spy: ‘Russians hack our systems all the time’ | The Hill

Russian hackers are constantly targeting U.S. computer networks, the nation’s top intelligence official said Wednesday, in an apparent tip of his hand toward blaming Moscow for recent attacks on Democratic Party institutions. “The Russians hack our systems all the time,” Director of National Intelligence James Clapper said at the Intelligence and National Security Summit in Washington. “Not just government but also corporate and personal systems.” “So do the Chinese and others, including non-state actors,” he added. Clapper declined to specifically address the hacks of Democratic groups, which have been traced to hackers with suspected Russian ties. But he referred to comments previously made by President Obama that “experts have attributed this to the Russians.”

Russia: Is Moscow meddling in the presidential election? | USA Today

Rep. Adam Schiff, the top Democrat on the House Intelligence Committee, is calling on President Obama to retaliate against Russia for interference in the presidential election — meddling the California congressman says is designed both to “sow discord” in American politics and to help elect Donald Trump. “What makes this new and troubling is not just the intelligence-gathering of hacking into a political party,” Schiff told Capital Download on Wednesday, “but the attempt to interfere with the election process by dumping information in an effort, I think, to be disruptive, to sow discord in the United States, to cause people to question both the fairness of elections and maybe even the election results, as well as to potentially tip things in the direction of a favored candidate by the Kremlin.”