National: Fear and hacking on the campaign trail: Will votes be secure? | McClatchy

Is it time to panic about Election Day? Not about the choices for president, but about whether the votes that millions of Americans will cast Nov. 8 will be secure. “My level of concern is pretty high,” said Thomas Hicks, chairman of the Election Assistance Commission, an independent, bipartisan group created to develop guidelines after the disputed 2000 presidential election. Experts are warning that in a year of unending political drama, still more might be in store, from Russian hackers to obsolete voting machines prone to breakdowns, all with the potential for causing considerable political chaos. … Nervousness over the apparatus by which the next president will be chosen seemed inevitable. Computer-security experts have long expressed concerns about the vulnerabilities of state voter-registration rolls and the frailties of older voting machines.

National: What if: Hacks, email leaks could sway election weeks away | Associated Press

Brace for a stream of digital leaks and shenanigans by Election Day. Whether it’s newly disclosed Democratic Party emails or someone tampering with voting machines, this year’s presidential election could come with hacking intrigue like none before it. Consider messages stolen from the Democrats by suspected Russian-linked hackers and posted online in the summer by the self-described…

National: Can cybersecurity save the November elections? | CSO Online

The Federal Bureau of Investigation’s disclosure earlier this month that foreign hackers had infiltrated voter registration systems in Illinois and Arizona came as no surprise to some cybersecurity experts. “Given where cybercrime has gone, it’s not too surprising to think about how information risks might manifest themselves during the election season to cause some level of either potential disruption, change in voting, or even just political fodder to add the hype cycle,” says Malcolm Harkins, chief security and trust officer at network security firm Cylance. Growing concern that hackers sponsored by Russia or other countries may be attempting to disrupt the presidential election is certainly not far-fetched, given the recent data breach at the Democratic National Committee headquarters. In fact, hacking an election is shockingly easy, according to a report by the Institute for Critical Infrastructure Technology, a cybersecurity think tank. In most cases, electronic voting systems “are nothing but bare-bone, decade old computer systems that lack even rudimentary endpoint security,” according to the report. Security vulnerabilities are discussed every four years, but little attention is given to the problem. “It’s time for a complete overhaul in the electoral process’ cyber, technical and physical security,” the report concludes.

National: National Association of Secretaries of State names members of election security group | FCW

After reports of possible hacks by foreign entities on U.S. voting systems and massive data theft from political party databases, the Department of Homeland Security is assembling a group of state and federal officials who will explore ways to protect the integrity of U.S. election systems. On Aug. 31, the National Association of Secretaries of State named four representatives to DHS’ Election Infrastructure Cybersecurity Working Group: Denise Merrill, Connecticut’s secretary of state and the association’s president; Connie Lawson, Indiana’s secretary of state and the association’s president-elect; and NASS Elections Committee Co-Chairs Alex Padilla, California’s secretary of state, and Brian Kemp, Georgia’s secretary of state. Other participants in the group include the Election Assistance Commission, the National Institute of Standards and Technology, the Justice Department, the FBI and the Defense Department’s Federal Voting Assistance Program, the official said.

National: Intelligence community investigating covert Russian influence operations in the United States | The Washington Post

U.S. intelligence and law enforcement agencies are probing what they see as a broad covert Russian operation in the United States to sow public distrust in the upcoming presidential election and in U.S. political institutions, intelligence and congressional officials said. The aim is to understand the scope and intent of the Russian campaign, which incorporates cyber-tools to hack systems used in the political process, enhancing Russia’s ability to spread disinformation. The effort to better understand Russia’s covert influence operations is being spearheaded by James R. Clapper Jr., the director of national intelligence. “This is something of concern for the DNI,” said Charles Allen, a former longtime CIA officer who has been briefed on some of these issues. “It is being addressed.”

Editorials: Tighten ballot security | USA Today

Fears that the Russians could hack the voting system on Nov. 8 and wreak havoc in the presidential election are running high amid suspicions that Russians hacked into computers at the Democratic National Committee and after foreign intruders managed to get into voter registration databases in Arizona and Illinois. While computer scientists and election experts will never say never, hacking the actual voting systems is highly implausible. But if the worst happened — hackers seeking to manipulate the outcome — you’d want a foolproof backup system. Yet voting systems in nearly a third of the states lack a key safeguard: a paper record of individual votes. Five states — Delaware, Georgia, Louisiana, New Jersey and South Carolina — use paperless electronic voting machines as their primary equipment statewide. Nine others, including swing states Pennsylvania and Virginia, use them in some counties, according to a report by the Brennan Center for Justice.

National: Cybersecurity firm finds evidence of Russian tie to hacks of vote systems in Arizona and Illinois | McClatchy DC

The Russian internet nodes used to hack into voting systems in Illinois and Arizona were also used in recent penetrations of Turkey’s ruling party, the Ukrainian Parliament and a political party in Germany, a U.S. cybersecurity firm said Friday. Individuals using Russian infrastructure “are looking to manipulate multiple countries’ democratic processes,” said an alert from ThreatConnect, an Arlington, Virginia, firm that tracks digital intrusions. The company said, however, that it still did not have enough information to attribute the attacks to any individual or country. Russian President Vladimir Putin, meanwhile, told the Bloomberg news agency that a public leak of more than 19,000 emails siphoned from computers at the Democratic National Committee earlier in the summer was for the public good. He denied, however, that Russia had perpetrated the hack. “Listen, does it even matter who hacked this data?’’ Putin told Bloomberg in Vladivostok, the Pacific port. “The important thing is the content that was given to the public.”

National: 5 Steps To Make U.S. Elections Less Hackable | Defense One

Voting machine vulnerabilities go well beyond what most voters know, warns Dan Zimmerman, a computer scientist who specializes in election information technology. There probably is not time to fix all of those vulnerabilities by November. But there are still things election officials could do to reduce the hack-ability of the U.S. presidential election. Here are his five steps for making the U.S. election less hackable.

1. More federal oversight (and not just on Election Day)

This week’s report sophisticated actors in Russia trying to penetrate voter databases sounded alarm bells about the U.S. election being hacked. Zimmerman, who works with Free & Fair, a company that provides election-related IT services, says that because most electronic voting machines are not connected to the internet, the threat of remote hacking from Russia is small. The machines are far from secure, however.

Louisiana: State’s voter record firewall is low tech | The Advocate

The “right to vote” in America has been taking something of a licking recently. Last week Yahoo reported that the FBI was trying to find out how Internet hackers accessed hundreds of thousands of voter registration records in Illinois and Arizona. As if a further reminder was needed in the age of Julian Assange and Edward Snowden, the unauthorized access to voter records underscored the vulnerability of the nation’s computer system and the impact that exposure could have on constitutional institutions, said Louisiana Secretary of State Tom Schedler. He and other officers of the National Association of Secretaries of State on Aug. 15 discussed cyber security with U.S. Secretary of Homeland Security Jeh Johnson. Johnson offered assistance, perhaps making voting records part of the nation’s secured infrastructure.

National: Security Experts Voice Fears About Election Result Accuracy, Integrity | eWeek

The U.S. election system will likely face a significant trial this year, thanks to a summer of startling revelations including nation-state-linked attacks targeting the Democratic National Committee and state voter databases, along with a statement of no-confidence by the Republican nominee. The result has been a slew of media stories positing how the election could be hacked. The ongoing cyber-attacks and raised doubts will put states’ choice of voting technology under the microscope, with a focus on the security of voting systems and the ability to audit the results produced by those balloting systems, according to election security experts. Unfortunately, while all but five states now have at least some systems with a verifiable paper trail, more than half do not have meaningful post-election audits, according to Verified Voting, a group focused on improving election-system integrity and accuracy. “We would like to see post-election audits everywhere,” Pamela Smith, director of the group, told eWEEK. “There is actual research showing that being able to conduct a robust audit in a public way brings confidence in the election. A voter-verifiable paper ballot is a tool to instill confidence that the election has come to true result.”

National: Hackers hit Arizona, Illinois voter databases | USA Today

A suspected Russian hacker probed a voter registration database in Arizona and another unidentified attacker gained entry to one in Illinois this summer, election officials said, prompting the FBI to warn states their election boards should conduct vulnerability scans. The systems that count votes in elections were not compromised, officials said, and the hacks don’t appear to be politically motivated. Still, the breaches add to concerns such attacks could exploit the personal data of millions of voters for monetary or political gain. Those worries have been running high after July reports that the Democratic National Committee’s email system had been hacked, a breach U.S. intelligence officials believe was perpetrated by the Russian government. “We’re all very aware that it’s less than 80 days before an important election,” said Pamela Smith with Verified Voting, a non-partisan, non-profit organization that advocates for election transparency.

National: Concerns Mount Over Foreign Cyberattacks on US Election Day | VoA News

As Democrats in the U.S. Congress call for the Federal Bureau of Investigation to investigate concerns that Russia may be trying to manipulate the November general election with cyberattacks, government officials are wrestling with new challenges to ensure accurate results. In a letter dated Saturday to FBI Director James Comey, Senate Minority Leader Harry Reid of Nevada said the threat of Russia tampering with the elections “is more extensive than widely known.” “The prospect of a hostile government actively seeking to undermine our free and fair elections represents one of the gravest threats to our democracy since the Cold War,” Reid added. Reid’s letter was followed by one from four Democrats who asked the FBI to investigate whether officials of Republican presidential nominee Donald Trump’s campaign may have conspired with Russia to carry out recent hacks against the Democratic National Committee and Democratic Congressional Campaign Committee to “interfere with the U.S. presidential election.”

National: US election 2016: Why hackers could tip the result | The Independent

Reports this week of Russian intrusions into US election systems have startled many voters, but computer experts are not surprised. They have long warned that Americans vote in a way that’s so insecure that hackers could change the outcome of races at the local, state and even national level. Multibillion-dollar investments in better election technology after the troubled 2000 presidential election count prompted widespread abandonment of flawed paper-based systems, such as punch ballots. But the rush to embrace electronic voting technology – and leave old-fashioned paper tallies behind – created new sets of vulnerabilities that have taken years to fix. “There are computers used in all points of the election process, and they can all be hacked,” said Princeton computer scientist Andrew Appel, an expert in voting technologies. “So we should work at all points in that system to see how we make them trustworthy even if they do get hacked.”

National: Hacks of state voting systems reveal US vulnerabilities in 2016 | CS Monitor

Soon after the 2000 presidential elections went to a recount, Americans got acquainted with an exotic new vocabulary – hanging chads and butterfly ballots – and what lawmakers saw as a modern solution to the nightmare of punchcard voting systems: electronic voting machines. In 2002, Congress passed the Help America Vote Act, pouring nearly $3 billion into an effort to get states to adopt those machines. More than a decade and a half later, those same electronic machines are still around in many states. And the system arising from the 2002 congressional fix is now at the heart of growing concerns over the integrity of this year’s elections, with cybersecurity experts suggesting that it is an easy target for hackers. Federal authorities are beginning to get involved. But the best insurance for election integrity – a system that uses paper to back up electronic results – may require new federal funding. Not all of the country is on equally precarious footing. Partly because of bad experiences with glitches in electronic voting machines, some localities have been shifting in recent years toward paper-backed systems.

South Carolina: Computer science professor says South Carolina voting machines vulnerable | WSPA

A USC Computer Science professor says South Carolina’s voter registration system and voting machines are vulnerable to hackers. Dr. Duncan Buell says South Carolina’s registration system is a possible target since it’s online. The FBI recently announced that Russian hackers had targeted the voter registration systems in Illinois and Arizona, with a hacker actually stealing the personal information of up to 200,000 voters in Illinois. The South Carolina State Election Commission says the voter registration system could be hacked, since it is online and anything online is vulnerable, but it has its own in-house computer security experts and works with vendors and the state’s computer security agency to protect the system. The Election Commission says the actual voting machines are much less vulnerable because they’re never connected to the internet or to each other. That doesn’t make them 100 percent safe, but it does lessen the chances of being hacked.

National: FBI Chief Responds to Concern Over Cyberthreats to US Election System | ABC

The FBI has responded to recent concerns about U.S. voting systems being targeted for cyberattacks as Election Day approaches, saying the agency takes the threat “very, very seriously” and is working to “equip the rest of our government with options.” FBI Director James Comey addressed the issue while speaking to government and private-industry experts attending the Symantec Government Symposium in Washington, D.C. “We take very seriously any effort by any actor,” he said, “to influence the conduct of affairs in our country, whether that’s an election or something else.” His comments come one day after news surfaced about FBI warnings to the states that hackers had infiltrated one state board of election and targeted another.

National: Did Russia really hack U.S. election systems? | Foreign Policy

When an FBI alert to state election authorities warning them of hacking leaked to the media this week, the result was one of studied panic. Two voter registration databases in Arizona and Illinois had been penetrated, and some experts saw it as confirmation that Russia had escalated its campaign of hacking U.S. political organizations. Russian President Vladimir Putin just “unleashed the hounds” on the U.S. election system, one industry executive declared. So far, there is scant evidence that hackers working on behalf of Russian intelligence penetrated two fairly inconsequential voter databases in Arizona and Illinois. The FBI told election authorities in Arizona that Russian hackers were responsible for stealing a set of user credentials but provided no details about whether it was a criminal or state-sponsored group. In a letter to the FBI on Monday, Senate Minority Leader Harry Reid asked the bureau to investigate whether Russia is attempting to manipulate results of November’s elections. Russian efforts to do so are “more extensive than is widely known and may include the intent to falsify official election results,” he wrote.

National: White House Asks ‘Deception Committee’ to Study Russian Hacks | NBC

The committee traditionally has advised the DNI on foreign attempts to thwart U.S. intelligence through trickery. But in the cyber era, the committee has increasingly looked at how nation states use computer attacks to conduct espionage and spread propaganda. Russia, China, North Korea, Iran are primary subjects, the officials said. The consensus among U.S. intelligence analysts is that Russia is seeking to undermine confidence in the U.S. system, using the hacks into the Democratic National Committee, state election systems and other targets that have yet to be made public, as part of a larger campaign. Whether Russia can directly manipulate voting machines or “hack” into election systems, they say, is not clear and is mainly outside the jurisdiction of U.S. intelligence. Intelligence analysts are uncertain about the Russian government’s intentions relating to U.S. politics, but they don’t believe Russia is actively trying to favor Republican Donald Trump, as some have suggested. Instead, Russia may be trying to foment chaos. “Let’s just throw some spaghetti on the wall, and whatever sticks, sticks,” said one senior Congressional aide briefed on intelligence, describing a likely scenario.

California: After recent national attacks, is California’s election system hacker-proof? | Press Enterprise

California elections officials are confident that the state’s voter data and election technology is secure enough to withstand cyber attacks such as those Russian hackers recently carried out against Arizona and Illinois. “We are agile and always evaluating and adapting our security posture to protect the confidentiality of voter data and to protect the integrity of our elections,” said Sam Mahood, a spokesman for California Secretary of State Alex Padilla. Mahood declined to provide specifics, but said there is no evidence of a successful hack of the state’s systems. “In California, voting systems – the equipment that you’ll see at polling places – cannot be connected to the Internet at any time,” Mahood said in an emailed statement. “All electronic voting systems must have a paper trail that can be audited.”

National: Analysis: Could hackers tip an American election? You bet | Chicago Tribune

Reports this week of Russian intrusions into U.S. election systems have startled many voters, but computer experts are not surprised. They have long warned that Americans vote in a way that’s so insecure that hackers could change the outcome of races at the local, state and even national level. Multibillion-dollar investments in better election technology after the troubled 2000 presidential election count prompted widespread abandonment of flawed paper-based systems, such as punch ballots. But the rush to embrace electronic voting technology – and leave old-fashioned paper tallies behind – created new sets of vulnerabilities that have taken years to fix. “There are computers used in all points of the election process, and they can all be hacked,” said Princeton computer scientist Andrew Appel, an expert in voting technologies. “So we should work at all points in that system to see how we make them trustworthy even if they do get hacked.”

National: Democrats ask FBI: Did Donald Trump aides’ Russia connections lead to cyberattacks? | CBS

Top House Democrats are asking the FBI to investigate whether connections between Donald Trump’s campaign aides and Russian interests led to the cyberattacks at the Democratic National Committee and Democratic Congressional Campaign Committee. “We are writing to request that the FBI assess whether connections between Trump campaign officials and Russian interests may have contributed to these attacks in order to interfere with the U.S. presidential election,” the lawmakers wrote in a letter sent to FBI Director James Comey on Tuesday. The letter was signed by Rep. Elijah Cummings, D-Maryland, ranking member on the House Oversight and Government Reform Committee; Rep. John Conyers, D-Michigan, ranking member on the House Judiciary Committee; Rep. Eliot Engel, D-New York, ranking member on the House Foreign Affairs Committee; and Rep. Bennie Thompson, D-Mississippi, ranking member on the Homeland Security Committee.

National: Russia-Backed DNC Hackers Strike Washington Think Tanks | Defense One

Last week, one of the Russia-backed hacker groups that attacked Democratic computer networks also attacked several Russia-focused think tanks in Washington, D.C., Defense One has learned. The perpetrator is the group called COZY BEAR, or APT29, one of the two groups that cybersecurity company CrowdStrike blamed for the DNC hack, according to founder Dmitri Alperovitch. CrowdStrike discovered the attack on the DNC and provides security for the think tanks. Alperovitch said fewer than five organizations and 10 staffers researching Russia were hit by the “highly targeted operation.” He declined to detail which think tanks and researchers were hit, out of concern for his clients’ interests and to avoid revealing tools and techniques or other data to hackers. CrowdStrike alerted the organizations immediately after the company detected the breaches and intruders were unable to exfiltrate any information, Alperovitch said.

National: Comey: FBI takes election tampering ‘very seriously’ | Politico

One day after reports the FBI had warned states of potential hacks on their election systems, Director James Comey declined to address the bureau’s investigation, simply insisting he takes the matter “very seriously.” The FBI alert — sent Aug. 18 and revealed publicly on Monday — sparked fears that recent cyberattacks on voter databases in Illinois and Arizona were harbingers of a nationwide hacking assault on state voting systems, possibly linked to Russia. “It won’t surprise you that I’m not going to give an answer that touches on any particular matter we’re looking at,” Comey said Tuesday at a conference hosted by digital security firm Symantec.

Arizona: State elections department to increase computer security | Arizona Daily Star

State election officials are looking at an additional level of security after fears earlier this year that the voter database had been hacked. Matt Roberts, spokesman for the secretary of state’s office, said Monday the agency wants to implement “two-factor authentication” before anyone can get access to the list of registered voters. That would involve users providing more than just the sign-in name and password now required. The move follows what Roberts said was the FBI telling state officials nearly two months ago there was a “credible threat” that the database had been compromised. He said the state took the database offline and then examined it to see if any malware had been uploaded into it. “We were unable to find any of that,” Roberts said.

National: Hack Brief: As FBI Warns Election Sites Got Hacked, All Eyes Are on Russia | WIRED

In any other year, hackers breaking into a couple of state government websites through common web vulnerabilities would hardly raise a blip on the cybersecurity community’s radar. But in this strange and digitally fraught election season, the breach of two state board of election websites not only merits an FBI warning—it might just rise to the level of an international incident. On Monday, an FBI alert surfaced warning state boards of election to take precautions against hackers after two election board websites were breached in recent months. According to Yahoo News, those breaches likely targeted Arizona and Illinois board of election sites, both of which admitted earlier this summer that they’d been hacked. Cybersecurity researchers are already speculating that the attacks link to Russia, pointing to the string of recent, likely Russian attacks that have hit the Democratic National Committee and the Clinton campaign. “Someone is trying to hack these databases, and they succeeded in exfiltrating data, which is significant in itself,” says Thomas Rid, a cybersecurity-focused professor in the War Studies department at King’s College of London and author of Rise of the Machines. “In the context of all the other attempts to interfere with this election, it’s a big deal.”

National: FBI says foreign hackers penetrated state election systems | Yahoo

The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials. The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility of cyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections. Those concerns prompted Homeland Security Secretary Jeh Johnson to convene a conference call with state election officials on Aug. 15, in which he offered his department’s help to make state voting systems more secure, including providing federal cyber security experts to scan for vulnerabilities, according to a “readout” of the call released by the department.

National: Harry Reid Cites Evidence of Russian Tampering in U.S. Vote, and Seeks F.B.I. Inquiry | The New York Times

The Senate minority leader, Harry Reid of Nevada, asked the F.B.I. on Monday to investigate evidence suggesting that Russia may try to manipulate voting results in November. In a letter to the F.B.I. director, James B. Comey Jr., Mr. Reid wrote that the threat of Russian interference “is more extensive than is widely known and may include the intent to falsify official election results.” Recent classified briefings from senior intelligence officials, Mr. Reid said in an interview, have left him fearful that President Vladimir V. Putin’s “goal is tampering with this election.” News reports on Monday said the F.B.I. warned state election officials several weeks ago that foreign hackers had exported voter registration data from computer systems in at least one state, and had pierced the systems of a second one. The bureau did not name the states, but Yahoo News, which first reported the confidential F.B.I. warning, said they were Arizona and Illinois. Matt Roberts, a spokesman for Arizona’s secretary of state, said the F.B.I. had told state officials that Russians were behind the Arizona attack.

National: Stealing Voter Files Was Shockingly Easy for These Hackers | The Daily Beast

The FBI says that computer hackers accessed, and in one case stole, voter registration files in two states, potentially compromising personal information and putting crucial election data at risk just three months before voters head to the polls. And if that weren’t unsettling enough, the techniques that the hackers used were neither sophisticated nor particularly hard to employ, proving that it’s not just high-end hackers from foreign governments, like the ones believed to be targeting U.S. political organizations, that elections officials need to worry about in the runup to November. “I don’t think anyone can assume that these vulnerabilities would be unique to these states,” Pamela Smith, the president of Verified Voting, a nonprofit group that advocates transparency and security in U.S. elections, told The Daily Beast. “This is a time when assuming is not the best thing to do.”

National: How Electronic Voting Could Undermine the Election | The Atlantic

It’s 2016: What possible reason is there to vote on paper? When we use touchscreens to communicate, work, and shop, why can’t we use similar technology to vote? A handful of states, and many precincts in other states, have already made the switch to voting systems that are fully digital, leaving no paper trail at all. But this is despite the fact that computer-security experts think electronic voting is a very, very bad idea. For years, security researchers and academics have urged election officials to hold off on adopting electronic voting systems, worrying that they’re not nearly secure enough to reliably carry out their vital role in American democracy. Their claims have been backed up by repeated demonstrations of the systems’ fragility: When the District of Columbia tested an electronic voting system in 2010, a professor from the University of Michigan and his graduate students took it over from more than 500 miles away to show its weaknesses; with actual physical access to a voting machine, the same professor—Alex Halderman—swapped out its internals, turning it into a Pac Man console. Halderman showed that a hacker who has access to a machine before election day could modify its programming—and he did so without even leaving a mark on the machine’s tamper-evident seals. But it wouldn’t even take a full-fledged cyberattack on an electronic voting system to throw a wrench in a national election. Even the specter of the possibility that the American electoral system is anything but trustworthy provides ammunition to skeptics to call foul if an election doesn’t go their way.

Arizona: Russian hackers targeted Arizona election system | The Washington Post

Hackers targeted voter registration systems in Illinois and Arizona, and the FBI alerted Arizona officials in June that Russians were behind the assault on the election system in that state. The bureau described the threat as “credible” and significant, “an eight on a scale of one to 10,” Matt Roberts, a spokesman for Arizona Secretary of State Michele Reagan (R), said Monday. As a result, Reagan shut down the state’s voter registration system for nearly a week. It turned out that the hackers had not compromised the state system or even any county system. They had, however, stolen the username and password of a single election official in Gila County. … This spring, a DHS official cautioned that online voting is not yet secure. “We believe that online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results,” said Neil Jenkins, an official in the department’s Office of Cybersecurity and Communications.