National: Russian government hackers penetrated DNC, stole opposition research on Trump | The Washington Post

Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach. The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts. The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some GOP political action committees, U.S. officials said. But details on those cases were not available. A Russian Embassy spokesman said he had no knowledge of such intrusions. Some of the hackers had access to the DNC network for about a year, but all were expelled over the past weekend in a major computer cleanup campaign, the committee officials and experts said.

National: Online voting is a cybersecurity nightmare | The Daily Dot

It’s easy to get excited about internet voting. Social media, Skype, online banking—these types of tools and services have expanded our voices, connected us the world over, and added convenience and efficiency to our lives. Who wouldn’t want to see elections benefit from these kinds of advances? But internet voting isn’t online banking or video calling or…

National: Expert on DNC hack: ‘That’s straight up cyberwar’ | Tech Insider

One day after a number of documents supposedly stolen during a hack on the Democratic National Committee servers were posted online, a cybersecurity expert says it is a clear act of “cyberwar.” “It’s really strange for a Russian intelligence agency,” Dave Aitel, an ex-NSA research scientist who’s now CEO of Immunity, told Tech Insider. “That’s straight up cyberwar.” At least two different groups associated with the Russian government were found inside the networks of the DNC over the past year, reading emails, chats, and downloading private documents, as was reported on Tuesday. The hack, which was investigated by the FBI and cybersecurity firm Crowdstrike, was linked to Russia through a lengthy technical analysis, which was detailed on the firm’s blog. Aitel called the analysis “pretty dead on.”

National: Lone wolf claims responsibility for DNC hack, dumps purported Trump smear file | Ars Technica

In an intriguing follow-up to Tuesday’s report that Russian hackers gained access to Democratic National Committee servers, an anonymous blogger has claimed he alone was responsible for the breach and backed up the claim by publishing what purport to be authentic DNC documents taken during the online heist. In a blog post published Wednesday, someone with the handle Guccifer 2.0 published hundreds of pages of documents that the author claimed were taken during a lone-wolf hack of the DNC servers. One 231-page document purports to be opposition research into Donald Trump, the presumptive Republican nominee. Other files purport to be spreadsheets that included the names and dollar amounts of large DNC donors. Yet another document purportedly came from the computer of presumptive Democratic nominee Hillary Clinton while she was secretary of state. “Worldwide known cyber security company CrowdStrike announced that the Democratic National Committee (DNC) servers had been hacked by ‘sophisticated hacker groups,” Wednesday’s blog post stated. “I’m very pleased the company appreciated my skills so highly))) But in fact, it was easy, very easy.”

Russia: Russia denies DNC hack and says maybe someone ‘forgot the password’ | The Washington Post

When Russia faces uncomfortable accusations from abroad, the Kremlin normally lashes back with official declarations and scornful comments on state television. But when the Democratic National Committee and cybersecurity experts told The Washington Post that Russian government hackers had stolen an entire database of opposition research on presumptive GOP presidential nominee Donald Trump, officials here met the accusations with little more than a simple denial and a shrug. “Usually these kinds of leaks take place not because hackers broke in, but, as any professional will tell you, because someone simply forgot the password or set the simple password 123456,” German Klimenko, Putin’s top Internet adviser, said in remarks carried by the RIA Novosti state news agency. “Well, it’s always simpler to explain this away as the intrigues of enemies, rather than one’s own incompetence.”

District of Columbia: Glitch believed to be based in mobile app erases some D.C. voters’ party affiliation | The Washington Post

Voters reported multiple problems in casting ballots in the District on Tuesday, raising the possibility that technical issues could mar a citywide election for the second year in a row. An unknown number of D.C. voters who went to the polls discovered that their party affiliation had changed — without their authorization. Three voters interviewed by The Post said they were told their registration was no longer Democrat but “N-P,” meaning no party, preventing them from casting regular ballots counted on Election Day. The Distrtict has a closed primary; only voters registered as Democrats, Republicans and D.C. Statehood Green party members can participate.

Russia: Opposition Primaries Undermined by Website Hacks | The Moscow Times

Russia’s Central Election Commission (CEC) has ruled the final results of the Democratic Coalition’s online primaries void after their website came under attack from hackers. Personal data belonging to thousands of opposition voters was leaked online after the coalition’s website was targeted. The CEC ruled that it was impossible to establish any final results. “Due to external access to the server resulting in the unauthorized collection of data, the CEC believes it was impossible to continue safe and reliable voting procedures in these primaries,” said the Electoral Commission in a statement posted on the VKontakte page of the PARNAS opposition party. The hackers gained access to voters’ names, dates of birth, email addresses and phone numbers. The information, which was later released online, also contained account passwords and information on cast ballots.

Mexico: Second online leak exposes data for over 2 million Mexicans | Fusion

The personal information of more than 2 million Mexicans was found online last week by the same man who recently discovered a previous data breach exposing the voting registration records of 93.4 million Mexicans. Chris Vickery, an internet data-breach researcher for MacKeeper, told Fusion he found a new database with over 2 million entries through the search engine Shodan.io. He said he found the database through a “random search,” similar to the one that previously lead to his March discovery of an open Amazon server hosting addresses, names and other personal information for more than 70% of Mexico’s population. Vickery said the new database was hosted on a server owned by U.S. company Digital Ocean, which offers online storage and transfer solutions to clients. Vickery says he again alerted Mexico’s electoral authority, INE, which launched an inquiry and confirmed that the voting registry for the northern state of Sinaloa had been exposed online. The database was taken down by Digital Ocean last Friday. The company did not immediately respond to Fusion’s request for comment. Mexican officials have launched an investigation into how the breach happened.

National: Presidential candidates may be vulnerable to foreign hackers, US says | Associated Press

The United States sees evidence that hackers, possibly working for foreign governments, are snooping on the presidential candidates, the nation’s intelligence chief said on Wednesday. Government officials are working with the campaigns to tighten security as the race for the White House intensifies. The activity follows a pattern set in the last two presidential elections. Hacking was rampant in 2008, according to US intelligence officials, and both Barack Obama and Mitt Romney were targets of Chinese cyber-attacks four years later. Despite that history, cyber experts say neither Donald Trump’s nor Hillary Clinton’s campaign networks are secure enough to eliminate the risk. “We’ve already had some indications” of hacking, James Clapper, the director of national intelligence, said Wednesday at a cybersecurity event at the Bipartisan Policy Center in Washington. He said the FBI and the Department of Homeland Security were helping educate the campaigns. Of the attacks, Clapper predicted, “we’ll probably have more”.

Arizona: Threat of hackers keeps Arizona’s online voting program small | KPHO

Thousands of Arizona service members were offered the chance to cast a ballot over the internet in Tuesday’s special election, but state and county officials say the threat of hackers makes widespread online voting unlikely anytime soon. Election officials sent ballots to more than 4,000 Arizonans stationed out-of-state or overseas ahead of the election, either by mail or through the state’s relatively new online process. The number of ballots cast online wasn’t immediately available, but five counties distributed at least 2,172 electronic ballots, according to the Arizona Secretary of State’s Office. “I mean these people are overseas serving our country, serving us, so we want to make sure they’re able to vote,” said Maricopa County Recorder’s Office spokesperson Elizabeth Bartholomew. Maricopa County sent 1,205 electronic ballots to Arizonans in several countries, according to state data.

Philippines: Cyber Menace And Elections In The Philippines | Eurasia Review

A controversial political leader, Rodrigo Duterte, has won the recently held presidential elections in The Philippines. He had undertaken an extremely inflammatory campaign, propagating draconian measures for handling issues related to drugs and crime. This 71-year-old leader, who has been a long-time mayor of the southern city of Davao, had used highly filthy and cuss-filled language during the election campaign. Although he spoke against laws on human rights and abused the Pope, he still won with a large popular support. Because of Duterte’s maverick approach and obvious comparisons with the US Presidential hopeful Donald Trump, media attention during this election remained focused more on various theatrics. Now, after the heat and dust of the election is over, it is important to analyse a few issues that did not receive adequate attention during the campaign phase, but which are vital not only from the perspective of The Philippines but globally as well. One such issue is cyber-attack on the database of The Philippines Election Commission. This attack is considered as the worst ever government data breach anywhere in the world.

Florida: How a security pro’s ill-advised hack of an elections site backfired | Ars Technica

A Florida man has been slapped with felony criminal hacking charges after gaining unauthorized access to poorly secured computer systems belonging to a Florida county elections supervisor. David Michael Levin, 31, of Estero, Florida, was charged with three counts of unauthorized access to a computer, network, or electronic device and released on $15,000 bond, officials with the Florida Department of Law Enforcement said. According to a court document filed last week in Florida’s Lee County and a video it cited as evidence, Levin logged in to the Lee County Elections Office website using the pilfered credentials of Sharon Harrington, the county’s supervisor of elections. Levin, who authorities said is the owner of a security firm called Vanguard Cybersecurity, also allegedly gained access to the website of Florida’s Office of Elections. Levin posted a YouTube video in late January that showed him entering the supervisor’s username and password to gain control of a content management system used to control leeelections.com, which at the time was the official website for the elections office. At no time did anyone from the county authorize Levin to access the site, officials said.

Florida: Man Arrested, Allegedly Failed to Report Website Flaws | Digital Trends

A Florida cybersecurity researcher has been arrested after he allegedly found security vulnerabilities in a local elections website that left usernames and passwords at risk and failed to report the flaws ethically. David Levin, who is the chief technology officer of pen-testing firm Vanguard Cybersecurity, was testing the Lee County elections website for SQL injection vulnerabilities in December. He was reportedly using Havij, a free SQL testing software. Levin claimed that the website was largely unencrypted and he could, if he wished, have stolen personal data that it had stored, including usernames and passwords, according to reports. Levin went on to publish a video online in January with local politician Dan Sinclair, who will be running for supervisor of elections in the county, where they revealed the vulnerabilities. Police subsequently issued a warrant for his arrest on three counts of third-degree felony property crimes. He turned himself in and was later released on $15,000 bail.

National: Election fraud feared as hackers target voter records | The Hill

A series of data breaches overseas are spurring concerns that hackers could manipulate elections in the United States.Since December, hundreds of millions of voters in the U.S., the Philippines, Turkey and Mexico have had their data discovered on the web in unprotected form. In some instances, legitimate security researchers found the information, but in others, malicious hackers are suspected of pilfering the data for criminal purposes.The data breaches are raising questions as the U.S. considers whether to move toward electronic balloting. More people than ever are using the internet to register to vote and to request mail-in ballots. Some states have even become vote-by-mail only in recent years. “If you can’t keep the voter registration records safe, what makes you think you can keep the votes safe?” asked Pamela Smith, president of election watchdog Verified Voting.For a politically inclined hacker, insecure voter data could “very easily” create a pathway to “massive” voter fraud, said Joseph Kiniry, CEO of Free & Fair, which advocates for secure digital election systems. “If you can go in there and delete rows based on someone’s name or political affiliation, we will have a massively screwed up election process on the day,” he said.

Florida: Cybersleuth’s hacking of elections websites draws criminal charges | Tampa Bay Times

The young cybersleuth says he exposed security lapses on Florida elections websites, but the state says he committed a crime. David Levin, 31, of Estero, a political consultant and owner of a computer security firm, was booked Wednesday on three felony charges of unauthorized access to computer systems. Each count carries a maximum five-year prison sentence. The Florida Department of Law Enforcement said Levin illegally gained internal access to websites of the state Division of Elections and the Lee County elections office, which together hold data on more than 12 million Florida voters. The FDLE said that after Levin gained access to the Lee County site in December, he used the login credentials of supervisor of elections Sharon Harrington to access the state elections website.

National: Voter ID Laws May Have Actually Increased The Likelihood Of Voter Fraud—By Hackers | Fast Company

Over the past 16 years, only 10 cases of voter impersonation—out of 146 million registered voters—have ever been identified. And yet each election, a vocal political contingent made up primarily of Republicans complains about an alleged epidemic of voter fraud and impersonation. To combat it, they propose—and in many cases successfully pass—laws requiring voters to provide verification of their identity with an ID card, along with verbal confirmation of various pieces of personal data, before they are permitted to vote. As election officials become more reliant on electronic databases, the potential for hackers to commit voter manipulation and election fraud has gone way up. But it’s these very voter ID laws that are partly to blame, despite legislators’ claims that they would make elections safer, according to Joseph Kiniry, CEO of Free and Fair, a provider of secure election services and systems. “The best thing [hackers] could do is to screw up that data prior to the election,” says Kiniry.

West Virginia: High court rejects suit over online voter registration | The Herald Dispatch

A lawsuit filed Tuesday against clerks in Cabell and Kanawha counties questioning whether or not they had the right to deny online voter registration was rejected by the West Virginia Supreme Court later Tuesday afternoon. Cabell County Clerk Karen Cole said she received an official statement Tuesday afternoon from the West Virginia Supreme Court saying the petition filed by the American Civil Liberties Union of West Virginia had been rejected. … The online registration was rolled out at the end of September after the Legislature passed a bill in 2013 allowing it. To register online, including changing an address or party affiliation, residents must have a driver’s license and the last four digits of their Social Security number. A person’s signature is then pulled from the Division of Motor Vehicles website to authorize the changes. Majestro said these steps provide more than enough security measures to ensure voter fraud does not take place.

Philippines: National Bureau of Investigation says it’s nearly Impossible for hackers to alter poll results–NBI | Inquirer

NEARLY impossible. This was how the head of the National Bureau of Investigation cybercrime division replied to the question of whether or not it was possible for hackers to alter the results of the May 9 national elections. “It’s really difficult and nearly impossible to influence the results of the elections through hacking,” NBI head agent Ronald Aguto told the Inquirer in an interview on Tuesday. Several sectors have expressed concerns about the integrity of the election results after hackers successfully broke into the Commission on Elections’ (Comelec) voters database. The hackers then uploaded at least 55 million voter’s personal details on the Internet. Personal details such as voters’ full names, birth dates, addresses, registration details such as precinct numbers and voter identification numbers were made public on the net. Also, individual information such as height, weight and passport number, fingerprint and topography were also included.

Singapore: Online voting not feasible for overseas Singaporeans: Chan Chun Sing | The Online Citizen

On 6 April in Parliament, it was decided that online voting for Singaporeans living abroad using the SingPass portal still remained unfeasible due to concerns over authenticity of votes and the privacy of voters. This decision comes in response to queries from Non-Constituency Member of Parliament (NMP) Dennis Tan with regard to whether online voting will be implemented for overseas Singaporeans. Minister in the Prime Minister’s Office Chan Chun Sing said in Parliament that while a system of online voting was considered by the Elections Department, the traditional tried and tested voting method still had the upper hand. Using paper ballots at polling stations still stayed the “simplest and most transparent method of voting that can ensure the integrity and secrecy of our voting process,” according to Mr Chan.

Bulgaria: Online Voting to be Tested in 2018 | Novinite

Remote online voting will have its first experimental introduction starting 2018, Bulgarian lawmakers decided on Wednesday. The emergency session of full Parliament, that has been holding marathon debates and votes since Tuesday to pass a final version of the new Electoral Code, was the first to set a clear timetable for e-voting after the latter was overwhelmingly approved in a referendum last year. A total of three tests will be held throughout 2018, each in a single Bulgarian region. If they prove successful, online voting will be officially introduced as a legitimate means to take part in an election for the 2019 European Parliament vote. By 2018, electoral officials will have to organize at least three simulations of online voting with fictitious parties, coalitions and candidates.

Mexico: Mexico’s Entire Voter Database Was Leaked to the Internet | Gizmodo

Every modern presidential election is at least in part defined by the cool new media breakthrough of its moment. In 2000, there was email, and by golly was that a big change from the fax. The campaigns could get their messages in front of print and cable news reporters — who could still dominate the campaign narrative — at will, reducing what had been a 24-hour news cycle to an hourly one. The 2004 campaign was the year of the “Web log,” or blog, when mainstream reporters and campaigns officially began losing any control they may have had over political news. Anyone with a computer could weigh in with commentary, news and, often, searing criticism of mainstream reporters and politicians — “Media Gatekeepers be damned!” Then 2008: Facebook made it that much easier for campaigns to reach millions of people directly, further reducing the influence of newspaper, magazine and television journalists. In 2012, Twitter shrank the political news cycle to minutes if not seconds, exponentially adding to the churn of campaign news.

New Zealand: Online voting trial canned | IT Brief NZ

The online voting trial for this year’s local body elections are not going ahead, the Government has announced. Associate Local Government Minister Louise Upston says there is more work to be done to ensure a trial of online voting meets public and government expectations. “Public confidence in local elections is fundamentally important. Given real concerns about security and vote integrity, it is too early for a trial,” says Upston. “Due to timing restrictions, preparations for the proposed trial have not yet met the legislative requirements and cannot guarantee public confidence in the election results,” she explains.

New Zealand: Government scraps e-voting trial | The Register

New Zealand’s online voting trial, slated for local government elections this year, has collapsed with the national government scrapping the plan. Associate minister for local government Louise Upton yesterday sent a statement to Radio NZ saying they couldn’t “meet legislative requirements” in time for the elections. Last November, the NZ government published a requirements document that stated the local governments involved in the trial had to get independent assurance that their proposed solutions meet both national and local government technical requirements, including the security and accuracy of the system.

New Zealand: Online voting trial axed amid security concerns | Newshub

Two councils that signed up to trial online voting at this year’s elections are disappointed at the Government’s decision to can it. Associate Local Government Minister Louise Upston says more work needs to be done and there are “real concerns” about security and vote integrity. “Due to timing restrictions, preparations for the proposed trial have not yet met the legislative requirements and cannot guarantee public confidence in the election results. “Security testing has been planned but has not yet occurred. Without seeing the results of testing, we cannot be confident the systems are secure enough and the trial could not be authorised.”

Philippines: Electoral records breached in ‘largest ever’ government hack | The Guardian

The personal information of more than 50 million Filipinos has been exposed in a breach of the Philippine electoral commission. According to security researchers at Trend Micro, the hack contains a huge amount of very sensitive personal data, including the fingerprints of 15.8 million individuals and passport numbers and expiry dates of 1.3 million overseas voters. The website of the Commission on Elections, Comelec, was initially hacked on March 27, by a group identifying itself as Anonymous Philippines, the local fork of the wider hacker collective. The homepage was defaced with a message accusing Comelec of not doing enough to ensure the security of voting machines used in the country’s upcoming election.

New Zealand: Time is running out for go-ahead for online voting trials | Manuwatu Standard

Online voting trials are looking increasingly unlikely to take place at October’s local body elections in Palmerston North, Whanganui and six other centres. The Department of Internal Affairs will only say a decision is expected to be announced “shortly”. But at least one Palmerston North City councillor is concerned that with six months to go, time is running out. The council has set aside $100,000 in the budget included in its proposed Annual Plan that is out for consultation. Cr Aleisha Rutherford, who pushed for Palmerston North to sign up for the online trial, said councillors were telling residents who asked in discussions about the Annual Plan that it was “highly unlikely” the money would be spent.

Philippines: Hackers Expose Massive Voter Database – Worst Government Data Breach, Ever? | TechWeek

The breach could be the biggest-yet hack of government-held data, according to Trend Micro. A breach of the Philippines’ Commission on Elections (Comelec) affecting about 55 million people could be the largest hack of government-held data ever, according to security specialists. Government representatives have downplayed the seriousness of the breach, which took place late last month, but IT security firm Trend Micro said its analysis of the exposed data found that it included sensitive information such as passport numbers and fingerprint records. “Every registered voter in the Philippines is now susceptible to fraud and other risks,” Trend said in an advisory. “With 55 million registered voters in the Philippines, this leak may turn out as the biggest government related data breach in history.”

Philippines: 55 Million Exposed After Hack of Philippine Election Site | SecurityWeek

A cyber-attack on the website of the Philippines Commission on Elections (Comelec) has resulted in personally identifiable information (PII) of roughly 55 million people being leaked online. While there are no exact details on the number of affected people, it appears that hackers managed to grab the entire voter database, which includes information on the 54.36 million registered voters for the 2016 elections in the Philippines. Information on voters abroad also leaked, along with other sensitive data. Should the data in this leak prove genuine, it would make the breach one of the largest so far this year, on par with the recent hack of a database apparently containing details of almost 50 million Turkish citizens, which determined Turkey’s authorities to launch a probe into the incident. It would also be the largest breach after the Office of Personnel Management attack last year.

Mexico: Hacker claims he helped Enrique Peña Nieto win Mexican presidential election | The Guardian

A digital dark arts campaign by mercenary hackers helped Enrique Peña Nieto win Mexico’s 2012 presidential election, according to an imprisoned Colombian hacker who says he was involved. Andrés Sepúlveda, an online campaign strategist, claimed he had also helped to manipulate elections in nine countries across Latin America by stealing data, installing malware and creating fake waves of enthusiasm and derision on social media. In an interview with Bloomberg Businessweek, the Colombian – who is currently serving a 10-year prison sentence – boasted of his ability to hack into campaign networks and manipulate opinion. “My job was to do actions of dirty war and psychological operations, black propaganda, rumours – the whole dark side of politics that nobody knows exists but everyone can see,” the 31-year-old told Bloomberg.

Mexico: How to Hack an Election | Bloomberg

It was just before midnight when Enrique Peña Nieto declared victory as the newly elected president of Mexico. Peña Nieto was a lawyer and a millionaire, from a family of mayors and governors. His wife was a telenovela star. He beamed as he was showered with red, green, and white confetti at the Mexico City headquarters of the Institutional Revolutionary Party, or PRI, which had ruled for more than 70 years before being forced out in 2000. Returning the party to power on that night in July 2012, Peña Nieto vowed to tame drug violence, fight corruption, and open a more transparent era in Mexican politics. Two thousand miles away, in an apartment in Bogotá’s upscale Chicó Navarra neighborhood, Andrés Sepúlveda sat before six computer screens. Sepúlveda is Colombian, bricklike, with a shaved head, goatee, and a tattoo of a QR code containing an encryption key on the back of his head. On his nape are the words “” and “” stacked atop each other, dark riffs on coding. He was watching a live feed of Peña Nieto’s victory party, waiting for an official declaration of the results. When Peña Nieto won, Sepúlveda began destroying evidence. He drilled holes in flash drives, hard drives, and cell phones, fried their circuits in a microwave, then broke them to shards with a hammer. He shredded documents and flushed them down the toilet and erased servers in Russia and Ukraine rented anonymously with Bitcoins. He was dismantling what he says was a secret history of one of the dirtiest Latin American campaigns in recent memory.