Europe: The EU doesn’t really have a plan to stop its elections being hacked | WIRED

It was a treasure trove of information: nearly 20,000 emails and 8,000 attachments, sent by and to the Democratic National Committee (DNC), the body which runs the United States’ Democratic party, found its way into the hands of WikiLeaks and were unleashed on the world in late July 2016. The emails were siphoned off DNC servers over the course of a two-month period, but dated back to January 2015, and included private conversations that torpedoed the campaign of Democratic presidential nominee Hillary Clinton, and eventually helped elevate Donald Trump to the White House. It wasn’t just in the United States that the ramifications of this unprecedented leak of internal correspondence – which in July 2018 US special counsel Robert Mueller attributed to 12 members of the Russian military – were felt. Something seismic shifted underfoot. While nefarious nation states had been propping up or supporting campaigns aimed at promoting their goals in third countries for decades, this was the most overt attempt at changing the course of history in favour of a third party. And it worked.

Germany: Government races to boost cyber defences after breach | Computer Weekly

The German government is seeking to improve its cyber defences in the wake of the country’s largest data breach of its kind, which exposed the personal data of hundreds of politicians. The move comes after it was revealed that an unnamed teenager was responsible for the breach, which affected German chancellor Angela Merkel, federal president Frank Walterand and Greens party leader Robert Habeck. The hacked data, comprising about 1,000 records belonging to celebrities and journalists as well as politicians, included contacts’ email addresses, private chats, mobile numbers, photographs and credit card details. However, the German information security agency (BSI) said no government networks were affected and a government spokesperson said no sensitive data from the chancellor’s office had been leaked.

Israel: Admitting flaws, election committee ‘devising plan’ to thwart foreign meddling | The Times of Israel

Israel’s Central Elections Committee said Wednesday that it is devising a detailed plan of action to thwart attempts by foreign countries to meddle in the April 9 Knesset elections, following a reported alert from the head of the Shin Bet security agency that such attempts are being made by a country that cannot be named by orders from the military censor. “Together with security bodies, we learned what happened in other countries and we are devising a plan of action,” the body in charge of organizing the national ballot said in a statement. The statement came a day after reports that Shin Bet chief Nadav Argamon had warned a foreign state “intends to intervene” through cyberattacks in Israel’s elections. The name of the state was gagged by the military censor.

Germany: Shaken by massive leak, Germany warns of hacking risk in European election | Politico

Lawmakers need to brace for hacking attempts ahead of a European election and get better at protecting their information online, Germany’s interior minister warned in the aftermath of a breach that exposed the private data of almost 1,000 German politicians. “We’re facing European elections in May of this year,” Horst Seehofer told journalists Tuesday. “I don’t want to conjure up or predict anything, but we have to brace ourselves for preventing attempts to influence those elections.” Seehofer announced efforts to increase cybersecurity awareness among public figures and Germany’s general population, in addition to plans for a yet-to-be-developed “early warning system” that could alert authorities and individuals about their private information being shared online.

Israel: Shin Bet says it can foil foreign election meddling amid scare | Associated Press

Israel’s Shin Bet security service assured the public Wednesday it was well prepared to thwart any foreign intervention in the country’s upcoming elections, after its director warned a world power was making such efforts. The statement followed reports that Shin Bet chief Nadav Argaman recently told a closed audience that a foreign country was trying to intervene in the April elections and that operatives were trying to meddle via hackers and cyber technology. “The Shin Bet would like to make clear that the state of Israel and the intelligence community have the tools and capabilities to identify, monitor and thwart foreign influence efforts, should there be any,” it said. “The Israeli defense apparatus is able to guarantee democratic and free elections are held in Israel.” Argaman did not say for whose benefit the alleged meddling was being done. Initial reports about his comments were placed under a military gag order that was later lifted, though the naming of the country is question is still prohibited.

National: House Democrats’ first bill aims big on election security | The Washington Post

House Democrats came out swinging on election security in their first bill of the new Congress on Friday, promising at least $120 million for new voting machines — so long as they use paper ballots rather than digital ones. The move suggests the new House majority plans to push for the strongest election security measures they can get rather than seek compromise with the GOP-controlled Senate or the Trump administration. The paper ballot mandate puts the new House majority at odds with the Department of Homeland Security, which has left the door open for machines that record votes digitally but print out a physical paper trail so votes can be audited if there’s any suspicion of hacking. It also tees up a fight with the Republican-controlled Senate, which has been wary of imposing strict requirements on states.

Australia: Electoral systems get 24×7 monitoring for 2019 election | iTnews

Australia’s electoral systems will be actively monitored around the clock by a new security operations centre during the upcoming federal election. The Australian Electoral Commission has put out the call for vendors capable of providing “short-term, event based security monitoring” of its internal systems in a bid to protect against unauthorised interference. The centre would be used to detect “common or generic system or network compromises or compromise attempts against the AEC’ systems” in the lead up to, during and following the election. It will also spot “defined specific compromise attempts against electoral systems”, according to a brief posted on the digital marketplace late last month.

Canada: Former national security adviser questions feds’ plan to prevent election meddling | CTV

Prime Minister Justin Trudeau’s former national security adviser is questioning whether federal departments are prepared for the risk of election meddling in 2019 and whether the federal Liberals’ legislation meant to tackle foreign interference goes far enough. “I don’t think that the reports that were issued by the government—by [the Communications Security Establishment (CSE)]—is comprehensive enough. I’m not sure the legislation that we have in place deals with all of this,” Richard Fadden said on CTV’s Question Period. “It goes to the issue again, of fake news. This is a different version of fake news, and we haven’t come to grips with it yet,” said Fadden, who also advised former Conservative prime minister Stephen Harper, and previously headed up CSIS, Canada’s spy agency.

Israel: The main cyber threats against Israel’s upcoming election | Haaretz

It’s Election Day April 9 and you’re told when you come to cast your ballot, “Sorry, you don’t appear on the voter rolls – you can’t vote.” Before that you’ve been deluged by text messages from a candidate, but they’ve been sent by his rivals in the hope you’ll protest the annoyance by voting against. The next day, the Central Elections Committee says it’s having trouble collecting the results. These things may not happen when Israelis go to the polls, but the odds are growing that at least some of them will. More than at any time in the past, Israel’s election system is exposed to a cybersecurity risk during the campaigning, including the process of vote counting. The Israeli cybersecurity company Check Point Software Technologies has crafted a study noting the likely threats based on the experience of other countries’ elections in recent years and suggests steps Israel can take to prevent them.

National: House Democrats unveil election security, voting measures in sweeping anti-corruption bill | The Hill

House Democrats on Friday unveiled several election security measures as part of their first sweeping legislation of the session. The bill, H.R. 1, or the For the People Act, mandates that states use paper ballots in elections, which must also be hand-counted, or by “optical character recognition device,” the bill states. Rep. John Sarbanes (D-Md.) introduced the legislation, which he and other Democrats have described as a comprehensive anti-corruption package that will set the tone for their time in control of the House. The bill will also allow the Election Assistance Commission (EAC) — the small federal agency tasked with helping officials carry out elections — to hand out funding to states for the improvement of their elections systems. The Department of Homeland Security would also be required to conduct a threat assessment ahead of elections and that voting systems be tested nine months before any national election.

National: House Democrats’ First Bill Would Dramatically Boost Election Security | Gizmodo

The first bill introduced by House Democrats is a whopping 570-page voting reform package that offers, in part, significant financial support to state election agencies seeking to shore up their security through use of risk-limiting audits and the timely exchange of threat information. It would also require an intelligence community assessment ahead of federal elections, accompanied by recommendations to address potential threats from multiple agencies, including the Department of Homeland Security. Perhaps most important, the bill requires states to use paper ballots, long considered the only true bulwark against election interference. The bill, known as H.B. 1 or the “For The People Act,” would further help participant states fund the replacement of outdated voting systems that experts assess may be vulnerable to remote intrusion and on-site tampering; security clearances could be expedited to help state election officials gain access more quickly to classified details about election threats; and would require the testing of voting machines nine months prior to any ballot being cast.

Canada: Senator’s personal data leaked online in apparent Twitter hack | CTV

Conservative Senator Linda Frum’s Twitter account was hacked Sunday night, with those responsible sharing personal information including her drivers license and using racial slurs in their tweets. “hi linda, can u drive us to the mall please?” read one tweet. The tweet then shared an image of both the front and back of her drivers license, showing personal information including her address. No motive for the hack was made readily apparent, but the perpetrators tweeted that they “don’t appreciate corrupt politicians” and included an emoji of the Palestinian flag. The group of hackers linked accounts and referred to themselves as the “spank gang,” claiming to “run twitter.” The hacking comes just days after a high profile hacking incident in Germany, where multiple politicians and officials – including German Chancellor Angela Merkel – had personal details dumped online.

Germany: Hackers Leak Details of German Lawmakers, Except Those on Far Right | The New York Times

After hackers, later determined to be working for Russia, broke into Parliament’s main computer network three years ago, the government vowed to fortify its cybersecurity. The authorities schooled lawmakers about changing passwords, using two-step identification and other measures to protect online data. But on Friday, nearly 1,000 lawmakers and other prominent Germans, including rappers, journalists and internet personalities, awoke to find links to their street and email addresses, private chats from social media, bank account details and pictures of their children published on Twitter, in another major breach aimed at the country’s political establishment. All those attacked had a history of criticizing the far right, whose politicians appeared to be spared, raising suspicion that the hacker or hackers were sympathetic to their agenda, though the authorities said they had no indication yet who was behind the attack.

National: Cyber Threats and the Mid-Term U.S. Elections | Council on Foreign Relations

In 2018, the United States—for the first time in its history—held elections amidst wide-ranging efforts to protect this vital democratic process from foreign cyber threats. The Russian hacking and disinformation operations during the 2016 elections caught government officials, political campaigns, and voters unprepared and caused unprecedented controversies. For the 2018 mid-term elections, actions by local, state, and federal governments, the private sector, and civil society attempted to prevent the U.S. body politic from again being damaged by foreign cyber intrusions and information warfare. The 2018 elections ended without the cyber crises that marked the 2016 elections, but this outcome should not obscure the difficulties encountered this year in protecting U.S. elections from cyber threats. Despite progress, 2018 ended with the United States facing a daunting, unfinished policy agenda on strengthening election cybersecurity and responding to cyber-enabled disinformation campaigns aimed at dividing citizens and discrediting democracy.

Germany: ‘Mass hack attack’ against politicians raises eyebrows in Berlin | Euractiv

Hackers posted personal data, including credit card details and mobile phone numbers, of hundreds of German politicians, national media reported on Friday (4 January). All major German parties except for the far-right AfD have been affected, the report said. The identity of the hackers and their motive are not known yet. The data, published on a Twitter account seen by EURACTIV, also included addresses, personal letters, and copies of identity cards, the public broadcaster said. The data was spread on Twitter before Christmas, staged as an advent calendar, but the breach was not noticed until Thursday evening. The operator of the account in question claims to be based in Hamburg and had more than 17.000 followers as of Friday morning. Reuters was not immediately able to confirm the report as it was initially open if all data is authentic.

National: The 2018 Midterms Weren’t Hacked. What Does That Mean For 2020? | NPR

Leading up to Nov. 6, 2018, anyone with a stake in American democracy was holding their breath. After a Russian effort leading up to 2016 to sow chaos and polarization, and to degrade confidence in American institutions, what sort of widespread cyberattack awaited the voting system in the first national election since? None, it seems. High turnout overwhelmed election administrators, causing some voters to wait hours to cast ballots. Florida maintained its reputation as a state that’s been working out the kinks in its voting system for nearly two decades. And a congressional race in North Carolina is still up in the air as the state’s Board of Elections investigates alleged election fraud by a political operative. But an operation like the one Russia waged two years ago?

National: Election security bills face hurdles in 2019 | FCW

House Democrats will likely push new election security legislation in 2019 when they take over the majority, but obstacles remain in the Senate and the White House. On the administrative side, the Department of Homeland Security and state governments will look to build on cooperative efforts that resulted in the apparently successful 2018 mid-term elections. In the wake of the 2016 elections, state governments, experts and members of Congress have beat the drum for federal legislation to comprehensively address critical cybersecurity flaws in the nation’s election systems. Even after an infusion of $380 million in leftover Help America Vote Act grant funding earlier this year, many states say they continue to face major funding challenges. Earlier this year, Rep. Bennie Thompson (D-Miss.), incoming chair for the House Homeland Security Committee, called the grants “a drop in the bucket” compared to what is needed to secure election systems nationwide. Thompson filed legislation in February that would establish an ongoing pot of money for states to draw from through 2025, phase out reliance on paperless voting machines and boost the number of states who use risk limiting audits to ensure the integrity of election results.

Pennsylvania: National experts collaborate at Penn State to address election security | Penn State University

On Dec. 3, dozens of experts from across the country met at the Penn Stater Hotel and Conference Center for the first Penn State Symposium on Election Security. The event was co-hosted by the College of Engineering, Penn State Law and the School of International Affairs, as well as the Penn State Institute for Networking and Security Research and the Institute for CyberScience. The symposium allowed for experts from disciplines as diverse as public policy and cybersecurity to collaborate on solutions to election security threats. “This event brought together some of the thought leaders in elections security from around the nation, and highlighted the problems and importance of vigilance in protecting our democracy,” said Patrick McDaniel, director, Institute for Network and Security Research, and one of the event’s organizers. “It also led to concrete plans for taking action in the future, in which Penn State will play a central role.”

Georgia: State has not followed good election security practices, cyber expert says | StateScoop

Georgia Secretary of State Brian Kemp’s Nov. 3 accusation that Democrats attempted to hack the state’s voter registration database three days before a gubernatorial election he would go on to win was blasted at the time by cybersecurity experts, who said Kemp offered little evidence to support his claim. Six weeks later, a report confirming that Kemp made his accusation based on a single piece of flimsy evidence, and that no law-enforcement investigations ever took place, strongly suggests Georgia has ignored good election security practices, an expert in the field told StateScoop. Eric Hodge, the director of election security services for the security firm CyberScout, responded to a Dec. 14 report by the Atlanta Journal-Constitution that found that Kemp’s claim that Democrats tried to hack the state voter file was based on a lone email to a Democratic volunteer from a software developer who said he found vulnerabilities in the database. In his capacity as secretary of state, Kemp, who resigned Nov. 8, was Georgia’s top elections official, leading to criticisms about whether he should oversee an election for governor in which he was also the Republican candidate.

National: New report on Russian disinformation, prepared for the Senate, shows the operation’s scale and sweep | The Washington Post

A report prepared for the Senate that provides the most sweeping analysis yet of Russia’s disinformation campaign around the 2016 election found the operation used every major social media platform to deliver words, images and videos tailored to voters’ interests to help elect President Trump — and worked even harder to support him while in office. The report, a draft of which was obtained by The Washington Post, is the first to study the millions of posts provided by major technology firms to the Senate Intelligence Committee, led by Sen. Richard Burr (R-N.C.), its chairman, and Sen. Mark Warner (Va.), its ranking Democrat. The bipartisan panel hasn’t said whether it endorses the findings. It plans to release it publicly along with another study later this week.

National: Federal Election Commission could give lawmakers new tools against hacking | The Washington Post

The Federal Election Commission will vote today on whether lawmakers can use leftover campaign cash to secure their personal tech devices and email accounts against hackers. The proposal, from Sen. Ron Wyden (D-Ore.), comes amid rising concern that Kremlin-linked hackers are targeting the personal email accounts and other data of lawmakers and their office and campaign staffs. Hacked information from those personal accounts could be used for blackmail or as a jumping-off point to break into email accounts for campaigns, congressional offices or even federal agencies. More importantly, hackers could strategically release hacked information to upend a political campaign, as Russia did with hacked emails from the Hillary Clinton campaign and the Democratic National Committee in 2016, or to sway a political or policy debate.  

National: Despite Inactivity During Midterm Elections, Hackers Are Likely To Ramp Up Attacks In 2020 | Wall Street Journal

Hackers were less active than security experts had anticipated during last month’s midterm elections, but the federal government should still continue its assistance to state and local election security, according to Judd Choate, director of the division of elections at Colorado’s department of state. “Many states need money, they need assistance,” Mr. Choate told security experts Tuesday at the WSJ Pro Cybersecurity Executive Forum in New York. Russian hackers’ dialed back their activity this year after attempting to interfere in the 2016 election and leaking stolen emails from Hillary Clinton’s campaign, he said. Despite the lack of high-profile cyber threats around this year’s midterm elections, there are signs that hackers will use more sophisticated tactics to interfere in 2020, officials said. Robby Mook, campaign manager for Mrs. Clinton’s 2016 campaign, predicted that attackers will deploy so-called deep fake videos to sow confusion around the next presidential election, using artificial intelligence to create doctored videos and images that appear realistic.

Indonesia: Protecting Indonesian elections from cyberattacks | Antara

Cyberattacks have threatened elections in several countries, and one of the major hacking cases was alleged foreign interference using cyber networks during the US presidential elections in 2016. Any form of interference in the election results, be it through money politics or cyberattacks, could endanger democratic well-being of the targeted country. Hence, cybersecurity must be taken seriously to take precautionary measures and prevent threat of cyberattacks. On April 17, 2019, Indonesia will hold simultaneous presidential and legislative elections believed to be among the most complex and largest elections in the world. Indonesia is the world`s fourth most populous nation, with some 260 million people, and the world`s largest archipelagic country, with over 17 thousand islands. Four months prior to the elections, cyberattacks have already increased in Indonesia, according to the National Cyber and Encryption Agency (BSSN).

National: Pressure mounts on election security as 2020 approaches | The Hill

Pressure is already mounting on Congress to secure the 2020 presidential race from foreign cyberattacks or interference just weeks after the midterm elections. Lawmakers expressed frustration at failing to pass a bill during the current session, but are vowing to resume their work in January. “Yeah, it’s next Congress,” Sen. James Lankford (R-Okla.) told The Hill last week. Lankford and Sen. Amy Klobuchar (D-Minn.) in 2017 introduced the bipartisan Secure Elections Act, seen as the best shot of passing legislation before the midterms. “[Klobuchar] and I are not going to drop it, we’re going to keep working it through, but it’s not going to be the next two weeks,” Lankford vowed. Lawmakers, though, will take up their work with less time to bridge differences and before the 2020 cycle moves to full swing. And there may be new questions for lawmakers to address.

Canada: Cybersecurity chief says jury still out on whether Russian disinformation bots are having any impact | The Province

‘Not everything is blatantly false,’ says Scott Jones. ‘Sometimes it’s a slight manipulation of the facts — just enough to sow division’. The head of Canada’s new cybersecurity centre says the jury is still out on whether state-sponsored disinformation campaigns are actually having any impact on voters’ intentions, but that Canadians should still use a “critical eye” when they read news online. “There’s a lot of research going on in terms of what the effect could be,” said Scott Jones, the head of the Communications Security Establishment’s newly-established Cyber Centre, at a press conference last week.

National: The 2018 midterm elections weren’t marred by foreign meddling. That doesn’t mean the U.S. election system is secure | MinnPost

Leading up to this year’s midterm election, scores of U.S. senators, intelligence officials, and security experts were sounding the alarm: do nothing, and what happened in 2016 will happen again. “We know foreign adversaries are still targeting our upcoming elections,” said Sen. Amy Klobuchar in a letter dated May 9. “The open question is, how serious are we about preventing it from happening again?” The wide-ranging campaign carried out by the government of Russia, in concert with other non-governmental entities, to influence the 2016 presidential election shocked the U.S. political and media establishment. It exposed vulnerabilities seemingly everywhere, from social media, where foreign operatives ginned up division on Facebook, to the political parties, where top officials’ emails were hacked and released, to the infrastructure of the voting process itself, which experts worried was weak and could be manipulated.

National: DNC ramps up 2020 cyber protections, NRCC falls victim to hackers | Politico

The Democratic National Committee wants to significantly expand and improve its cybersecurity program in the lead-up to the 2020 presidential election, and its top security officials are considering everything from simulated cyberattacks on the Democratic ecosystem to enhanced training for DNC staffers who want to work with the party’s outside vendors and sister committees. “The question is, how are we going to take what we did and supersize it?” DNC Chief Security Officer Bob Lord told Eric for a story out today. Lord produced a short cybersecurity checklist for midterm campaigns, and he recently met with former campaign staffers to gather feedback about improving it. The midterms didn’t see massive cyberattacks like the 2016 campaign, which meant that many of the DNC’s procedures weren’t tested. But DNC Chief Technology Officer Raffi Krikorian did notice one problem on Election Day: too many people jumping in whenever they saw suspicious cyber activity. “We were all trying to swarm around the soccer ball [and] being like, ‘I can help with that, too!’” said Krikorian. The need to clarify roles and responsibilities is one reason why Krikorian wants to convene tabletop exercises before 2020. Simulations are “definitely not something we did in preparation for this cycle,” he said, “but that would be a clear opportunity moving forward.”

National: Emails of top National Republican Congressional Committee officials stolen in major 2018 hack | Politico

The House GOP campaign arm suffered a major hack during the 2018 midterm campaigns, exposing thousands of sensitive emails to an outside intruder, according to three senior party officials. The email accounts of four senior aides at the National Republican Congressional Committee were surveilled for several months, the party officials said. The intrusion was detected in April by an NRCC vendor, who alerted the committee and its cybersecurity contractor. An internal investigation was initiated, and the FBI was alerted to the attack, said the officials, who requested anonymity to discuss the incident. However, senior House Republicans — including Speaker Paul Ryan of Wisconsin, Majority Leader Kevin McCarthy of California and Majority Whip Steve Scalise of Louisiana — were not informed of the hack until Politico contacted the NRCC on Monday with questions about the episode. Rank-and-file House Republicans were not told, either.

National: Rosenstein urges tech to step up against disinformation | The Hill

Deputy Attorney General Rod Rosenstein on Thursday said social media companies need to protect their platforms from disinformation campaigns and properly police false or misleading content or they will face government regulation. “I think the companies now do understand if they do not take it upon themselves to self-regulate — which is essentially the theme of my talk today — they will face the potential of government regulation,” he said. Rosenstein’s remarks come amid fears that Iran and other countries are looking to take a page from Russia’s 2016 playbook and carry out sophisticated disinformation campaigns in the next presidential campaign.

Maryland: Federal team finds no intrusion on Maryland election systems | Associated Press

A U.S. Department of Homeland Security team found no evidence of intrusion on Maryland’s election system after the FBI told state officials that a company hosting certain elections systems had been acquired by a firm partly owned by a Russian oligarch. Still, the state’s elections board announced Thursday it will transition to a new data center “out of an abundance of caution.” The Hunt and Incident Response Team from the National Cybersecurity and Communications Integration Center was deployed in August to offices in Annapolis, Maryland, at the request of state officials to examine the state’s election infrastructure network enclave, which is hosted and maintained by Annapolis, Maryland-based ByteGrid. “During the course of the on-site engagement, HIRT did not positively identify any threat actor activity on the MDSBE, ByteGrid, or Enclave networks,” concluded the 15-page report released at the elections board’s meeting Thursday.