Georgia: Without disclosing evidence, Kemp accuses Georgia Democrats of hacking | Atlanta Journal Constitution

Just two days before the election, Georgia Secretary of State Brian Kemp’s office launched an investigation Sunday into the Democratic Party after an alleged attempt to hack the state’s voter registration system. Kemp, who is the Republican candidate for governor on Tuesday’s ballot, didn’t provide any evidence of hacking when his office announced the probe. He faces Democrat Stacey Abrams in the election. The Democratic Party of Georgia called the allegation “100 percent false” and “an abuse of power” by Kemp’s office. A computer scientist and an attorney suing Kemp said his office’s accusation of hacking is a distraction from a report that voter information is vulnerable on the state’s registration website. The Secretary of State’s Office said the system remains secure and voter information wasn’t breached.

Georgia: Kemp’s Aggressive Gambit to Distract from Election Security Crisis | WhoWhatWhy

When Georgia Democrats were alerted to what they believe to be major vulnerabilities in the state’s voter registration system Saturday, they contacted computer security experts who verified the problems. They then notified Secretary of State Brian Kemp’s lawyers and national intelligence officials in the hope of getting the problems fixed. Instead of addressing the security issues, Kemp’s office put out a statement Sunday saying he had opened an investigation that targets the Democrats for hacking. Kemp’s statement has become top news nationwide, but the context and background have yet to be reported — so we are providing it below. By the time Democrats reached out to the experts, Kemp’s office and the Federal Bureau of Investigation had already been alerted to the problem on Saturday morning by David Cross of the Morrison Foerster law firm. Cross is an attorney for one of the plaintiffs in a lawsuit against Kemp and other elections officials concerning cyber weaknesses in Georgia’s election system. A man who claims to be a Georgia resident said he stumbled upon files in his My Voter Page on the secretary of state’s website. He realized the files were accessible. That man then reached out to one of Cross’s clients, who then put the source and Cross in touch on Friday. The next morning, Cross called John Salter, a lawyer who represents Kemp and the secretary of state’s office. Cross also notified the FBI.

Kentucky: Online voter registration left system vulnerable to attack | Louisville Courier Journal

Heralded as the state voting system’s “most transformational reform to date,” the ability for Kentuckians to register to vote online also made them vulnerable to attack. A ProPublica investigation found that as recently as this week, a computer server powering Kentucky’s voter registration website was inadvertently exposing sensitive back-end files to hackers. Kentucky introduced online voter registration in 2016. At the time, Secretary of State Alison Lundergan Grimes said the move would pave the way for increased participation in elections. … “FTP is a 40-year-old protocol that is insecure and not being retired quickly enough,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology in Washington, D.C., and an advocate for better voting security. “Every communication sent via FTP is not secure, meaning anyone in the hotel, airport or coffee shop on the same public Wi-Fi network that you are on can see everything sent and received. “And malicious attackers can change the contents of a transmission without either side detecting the change.”

Wisconsin: Elections Commission shuts down dormant file sharing service after reporter inquiry | Milwaukee Journal Sentinel

State elections officials eliminated an unused, password-protected file sharing service to further protect the state’s election system from hackers. The move came after a reporter with the nonprofit journalism organization ProPublica inquired about whether the service was susceptible to hacking, according to Wisconsin Elections Commission spokesman Reid Magney. The organization’s scrutiny of the security of Wisconsin’s election system comes days before Tuesday’s midterm elections and amid concerns that the Russian-based interference in the 2016 general election could return this year. In the 2016 election, Russians attempted to hack elections systems in Wisconsin and 20 other states ahead of the presidential election. 

National: The Vulnerabilities of Our Voting Machines | Scientific American

A few weeks ago computer scientist J. Alex Halderman rolled an electronic voting machine onto a Massachusetts Institute of Technology stage and demonstrated how simple it is to hack an election. In a mock contest between George Washington and Benedict Arnold three volunteers each voted for Washington. But Halderman, whose research involves testing the security of election systems, had tampered with the ballot programming, infecting the machine’s memory card with malicious software. When he printed out the results, the receipt showed Arnold had won, 2 to 1. Without a paper trail of each vote, neither the voters nor a human auditor could check for discrepancies. In real elections, too, about 20 percent of voters nationally still cast electronic ballots only. As the U.S. midterm elections approach, Halderman, among others, has warned our “outmoded and under-tested” electronic voting systems are increasingly vulnerable to attacks. They can also lead to confusion. Some early voters in Texas have already reported votes they cast for Democratic U.S. Senate challenger Beto O’Rourke were switched on-screen to incumbent Republican Sen. Ted Cruz. There’s no evidence of hacking, and the particular machines in question are known to have software bugs, which could account for the errors.

National: Mystery of the Midterm Elections: Where Are the Russians? | The New York Times

Shane Huntley has seen every form of state-sponsored cyberattack, first as an Australian intelligence officer and now as director of Google’s most advanced team of threat detectors. So when he was asked what surprised him the most about the 2018 midterm elections, his response was a bit counterintuitive. “The answer is surprisingly little on the hacking front, at least compared to two years ago.” He paused, and added: “And that reassures some people, and it scares some people.” He is right. From the cyberwar room that the Department of Homeland Security runs round the clock in a bland office building in Arlington, Va., to Microsoft’s threat-assessment center at the other end of the country, in Redmond, Wash., every form of digital radar is being focused on Russia, especially its military-intelligence unit, formerly known as the G.R.U.

National: Campaign cybersecurity poses next major challenge for federal election officials | The Hill

Federal officials say they want to help political campaigns guard against against cyberattacks, but are struggling to figure out how. Election officials said this week that while much of the attention since 2016 has focused on protecting voting systems, campaigns remain highly susceptible to cyber intrusions. However, those same officials have no means of directly communicating with the hundreds, if not thousands, of candidates about how best to address cyber threats. Robert Kolasky, director of the Department of Homeland Security’s (DHS) National Risk Management Center, said DHS has resorted to contacting the Republican and Democratic national committees to try to reach campaigns. And even then federal officials aren’t able to reach everyone. Few campaigns reach out to DHS about cybersecurity issues, Kolasky told reporters on Tuesday, adding that candidates are more likely to contact the FBI or their national committees when they notice something has gone wrong.

Editorials: Election Security is an Immediate National Security Concern | Scott Holcomb/Just Security

Election security continues to be an issue of national security. Russia attacked the United States in 2016, and it is doing so again now. I am from Georgia, and my home state is one of the most vulnerable in the nation. It is so bad that citizen activists filed a lawsuit to try to force Georgia to take action and secure its outdated and insecure voting machines that lack a paper trail. But in September, U.S. District Judge Amy Totenberg ruled that, despite valid and serious election security concerns, Georgia can continue using touchscreen voting machines for the midterm elections this year. These machines are known to be vulnerable to hacking—an ever more serious concern following Russia’s 2016 attacks and the assaults it continues to wage today, none of which have been sufficiently addressed.

National: Fewer than half of US states have undergone federal election security reviews ahead of midterms | ABC

With only a week left before the 2018 midterm elections, fewer than half of U.S. states have submitted to a Department of Homeland Security assessment of their vulnerabilities to vote hacking. Under the department’s National Protection and Programs Directorate, the agency branch that coordinates cyber protection of U.S. infrastructure, a team of DHS officials are prepared to examine statewide election systems. They can check for cybersecurity vulnerabilities and run in-person exercises like phishing tests to ensure election officials are prepared to guard against attempts to hack their email accounts. The Department of Homeland Security has already provided or is scheduled to provide the service, which is free for states that request it, to only 21 states, a department spokesman told ABC News, concerning election experts who fear some states may not be aware of potential vulnerabilities.

National: 14 States Forgo Paper Ballots, Despite Security Warnings | Government Technology

Just days before a pivotal midterm congressional election, dozens of jurisdictions around the country go to polls without a paper backup for electronic voting systems. The shortfall comes despite nearly two years of warnings from cybersecurity experts that in the absence of a paper backup system, voters’ intentions cannot be verified in case of a cyberattack that alters election databases. Fourteen states will conduct the midterm elections where voters will register their choices in an electronic form but will not leave behind any paper trail that could be used to audit and verify the outcome. Delaware, Georgia, Louisiana, New Jersey and South Carolina have no paper backup systems anywhere in the state. Nine other states have several jurisdictions without a physical alternative to electronic records — Arkansas, Florida, Indiana, Kansas, Kentucky, Mississippi, Pennsylvania, Tennessee and Texas. Experts have urged states to have backup systems after officials from U.S. intelligence agencies and the Department of Homeland Security said that Russian entities scanned election systems in at least 21 states before the 2016 election in an attempt to breach. Seven states had their computer systems breached to various degrees, officials have said. Illinois has said its voter registration system was breached. But officials have said no votes were altered.

National: Are elections any more secure than in 2016? | GCN

To help shore up the nation’s election infrastructure, Congress repurposed $380 million of leftover funding from the 2002 Help America Vote Act into grant funding for states to improve election security. States collectively invested an additional $19 million in matching funds for the same purpose. States could use the grants to replace old voting machines, upgrade election-related computer systems to address vulnerabilities identified by the Department of Homeland Security, implement post-election audits, provide cybersecurity training for state and local election officials or other activities that are specifically tailored to addressing cybersecurity needs.According to the Election Assistance Commission, 41 states used 36.3 percent of those funds to directly improve election cybersecurity. An additional 27.8 percent of the funding went to purchase new voting equipment while another 13.7 percent went to upgrade voter registration systems. Only 5.6 percent of the funds were used to implement post-election audits. However, it’s important to understand that these upgrades and expenditures are expected to take place over the course of the next two to three years; relatively little of the work is being completed before the midterm elections.

National: Center for Internet Security looks to expand threat sharing program to political campaigns | CyberScoop

While hundreds of millions of dollars in federal money have been allocated for securing state election infrastructure this year, political campaigns are often cash-strapped operations short on cybersecurity expertise. “Especially in the early phases of the campaign, it is not staffed by professional IT and certainly not cybersecurity people,” said John Gilligan, the executive chairman of the nonprofit Center for Internet Security (CIS). When a candidate decides to run, the campaign might acquire a few computers and start building databases without prioritizing cybersecurity, Gilligan said Tuesday at the Center for Strategic and International Studies. CIS, which runs a center for sharing threat data with state and local officials, is looking to extend its information-sharing initiative to campaigns. The goal is to chip away at the security-resource deficit facing candidates, as numerous tech companies are trying to do by offering free security services to campaigns.

National: 81.5M Voter Records For Sale On Dark Web Ahead Of Midterm Elections | Forbes

The quarterly incident response (IR) threat report from Carbon Black isn’t usually such an exciting read, aggregating as it does data from across a number of partners in order to provide actionable intelligence for business leaders. The latest report, published today, is a politically charged exception. Not only does it reveal that nation-state politically motivated cyberattacks are on the up, with China and Russia responsible for 41.4% of all the reported attacks, but that voter databases from Alabama to Washington (and 18 others) are for sale on the dark web. These databases cover 21 states in all, with records for 81,534,624 voters that include voter IDs, names and addresses, phone numbers and citizenship status. Tom Kellerman, Carbon Black’s chief cybersecurity officer, describes the nation-state attackers as not “just committing simple burglary or even home invasion, they’re arsonists.” Nobody relishes their house burning down, even figuratively speaking. Which is why, according to another newly published report, this time from Unisys, suggests one in five voters may stay at home during the midterms as they fear their votes won’t count if systems suffer a cyberattack.

Oregon: Phishing attempts on Oregon election officials increase | Associated Press

Oregon’s paper-ballot voting system in the state has never been more accurate or secure, though the number of phishing attempts targeting election officials has increased, the state’s elections director said. Oregon Elections Director Steve Trout said he himself has been hit by a dozen phishing attempts since July. In all of 2017, he had only one or two. Phishing is an attempt to trick people into sharing sensitive information such as passwords and usernames, often by inducing them to click on a bogus link or by pretending to be an entity. The FBI and U.S. Department of Homeland Security officials advised Trout and others attending a security summit this week that there has been a huge increase in phishing attempts in the nation, targeting elections officials and other critical infrastructure such as energy and banking sectors, Trout told journalists Tuesday.

National: Cyber Interference in Elections and Federal Agency Action | Harvard Law Review

Pop quiz: which part of the federal government is tasked with preventing cyber interference in our elections? Congress has refused to say. We have reached a point of a significant gap between an important federal need and existing federal power. And in the absence of that federal power, federal agencies have stepped into the gap and extended their authority into domains unanticipated by Congress. Of course, there is clear statutory guidance for some aspects of protecting election integrity. We can think about preventing campaign interference in our elections. Portions of that job fall squarely within the domain of the Federal Elections Commission, which enforces campaign finance laws. We can also think about prosecution or punishment of those who engage in either foreign campaign interference, like the Justice Department’s recent criminal indictment of a Russian woman with interference in the 2018 midterm elections, or foreign cyber interference, like actions from the Obama and Trump administrations to sanction those who interfere with election systems in the United States. But that’s focused on punishing election interference that has already occurred.

National: Security researchers, voting vendors clash anew | Politico

A group of security researchers and voting technology vendors trying to hash out cybersecurity requirements for voting systems once again butted heads over whether to require vendors to let anyone test their products. The subject arose during a teleconference late last week of the Voluntary Voting System Guidelines cyber working group. When election security consultant Neal McBurnett suggested that the new guidelines require vendors to make products available for open-ended vulnerability testing, Joel Franklin of voting giant Election Systems & Software shot back with a question: “Is there other software tied to critical infrastructure software that’s open to public OEVT?” Franklin said he wasn’t dismissing the value of OEVT. “I’m just wondering if we’re putting an undue burden on voting systems when there are computers in nuclear security and every other critical infrastructure industry” that aren’t available for OEVT.

National: DHS: Election officials inundated, confused by free cyber-security offerings | ZDNet

lection officials across the US are inundated and confused by the plethora of free cyber-security offerings that the private sector has made available in the past months, a Department of Homeland Security official said last week. … But while the actions of these companies were driven by a desire to help, a DHS official says these free offerings have managed to create confusion with some election officials. “So what we’ve seen is a lot of the cyber-security companies and the IT companies offering free services, which I think is a great move forward,” said Christopher Krebs, Under Secretary for National Protection and Programs Directorate at the DHS, in an interview on the Cyberlaw Podcast, last week.

National: Experts assess voting security as midterm elections approach | Princeton University

Since the adoption of electronic voting machines in the 1990s, election experts have argued that paper records are critical for auditing elections and detecting potential tampering with vote tallies. The issue gained new prominence following the 2016 elections, which spurred multiple investigations into allegations of Russian interference in the electoral process. In a panel discussion hosted by Princeton’s Center for Information Technology Policy (CITP), experts examined the state of U.S. election security. The moderator Ed Felten, the Robert E. Kahn Professor of Computer Science and Public Affairs and director of CITP, opened the discussion by noting that “Princeton has quite a bit of expertise in this area.” He cited two faculty members working in election technology and policy, Andrew Appel and Jonathan Mayer. Appel, the Eugene Higgins Professor of Computer Science, recently served as a member of the National Academies’ Committee on the Future of Voting, while Mayer, assistant professor of computer science and public affairs, recently developed bipartisan election security legislation as a staffer in the United States Senate. Also on the panel was Marian Schneider, a former Pennsylvania elections official and the president of Verified Voting, a nonprofit organization that aims to improve election security practices.

Iowa: State’s shield against election cyberattacks: paper ballots | The Gazette

Iowa officials say they are using old-school technology — namely paper ballots — to thwart cyberterrorists employing sophisticated methods from trying to hack into the state’s voting systems. Iowa officials held a Statehouse news conference Monday to assure voters who already are casting early ballots in the run-up to the Nov. 6 general election that steps are being taken to ensure the integrity of the process and trust in the final outcome. “We vote on paper ballots,” said Iowa Secretary of State Paul Pate, who is on that ballot because he faces a challenge from Democrat Deidre DeJear. “This a crucial security measure. You can’t hack a paper ballot.” The state of Iowa’s computer systems face thousands of attacks on a daily basis, said Jeff Franklin of the Iowa Office of the Chief Information Officer. However, there is no evidence of any unauthorized intrusions into the election system, he noted, mainly because outside of voter registration very little of Iowa’s process or voting equipment is web-based.

National: DHS ‘more prepared’ than ever to secure midterm elections, Nielsen says | Politico

The Department of Homeland Security is “more prepared than we’ve ever been” to ensure the security of the Nov. 6 midterm elections, Homeland Security Secretary Kirstjen Nielsen said Sunday. “The goal here … is absolutely to assure Americans that their votes will count and their votes will be counted correctly,” Nielsen told “Fox News Sunday.” “We are constantly monitoring, constantly working with them, sharing information.” Among other measures , Nielsen said, her department will be establishing a “virtual situation room.” “We will be setting up a virtual situation rom on Election Day so we can very quickly support any incident response that’s needed and so we can share any information,” Nielsen said.

National: Under Attack: How Election Hacking Threatens the Midterms | PCMagazine

In March, officials from 38 states packed into a conference hall in Cambridge, Massachusetts, for a two-day election simulation exercise that was run like a war game. More than 120 state and local election officials, communications directors, IT managers, and secretaries of state ran drills simulating security catastrophes that could happen on the worst Election Day imaginable. The tabletop exercise began each simulation months before the Nov. 6 midterm elections, accelerating the timeline until states were countering attacks in real time as voters went to the polls. Organized by the Defending Digital Democracy (D3P) project at Harvard, a bipartisan effort to protect democratic processes from cyber and information attacks, the drills forced participants to respond to one nightmare scenario after another—voting machine and voter database hacks, distributed denial of service (DDoS) attacks taking down websites, leaked misinformation about candidates, fake polling information disseminated to suppress votes, and social media campaigns coordinated by nation-state attackers to sow distrust.

National: Researcher finds trove of political fundraising, old voter data on open internet | CyberScoop

A consulting firm that works with Democratic campaigns unknowingly left sensitive fundraiser information and credentials to old voter record databases open on the internet, according to a report published on Wednesday. Cybersecurity company Hacken says it discovered an unprotected network-attached storage (NAS) device managed by Rice Consulting, a Maryland firm that provides fundraising and mass communication to Democratic clients. Authentication was reportedly disabled on the NAS, and Hacken says that it was indexed by Shodan, an Internet-of-Things search engine. With its contents publicly accessible, the NAS revealed details about Rice Consulting’s clients as well as details about “thousands of fundraisers,” Hacken says. Those details include names, phone numbers, emails, addresses and companies. There were apparently also contracts, meeting notes, desktop backups and employee details. Rice Consulting did not respond to an email request for comment on the Hacken report. When CyberScoop called the firm, the person who answered said “There’s no one here who can tell you anything,” and hung up.

Editorials: The case for white hat hacking of our election software | Chris Wysopal/The Hill

Congress did not pass the bipartisan Secure Elections Act. This means in the two years since Russian interference disrupted our election systems, we have failed to improve security around the technologies that support our election processes. Legislating a fix to the problem is proving futile. It’s time to ask ourselves – as citizens, elected leaders, technologists and those interested in protecting our democracy – what else we can do to improve election security. A recent report delivered to Capitol Hill found that “election machines used in more than half of U.S. states carry a flaw disclosed more than a decade ago that makes them vulnerable to a cyberattack,” according The Wall Street Journal. Shouldn’t we view our elections through the lens not just of security, but safety? Think about it this way: we have the NTSB for travel, the FDA for food, OSHA for workplace safety. We would scarcely accept 50 percent of cars on the road to be faulty or 50 percent of food on grocery store shelves to be tainted.

National: The 2018 midterm elections are already hacked. You just don’t know it yet. | Vox

One evening last May in Knoxville, Tennessee, during the night of the local primary election, Dave Ball, the assistant IT director for Knox County, settled into the Naugahyde chair of his dusty home office and punched away at his desktop computer. Ball’s IT staff had finished a 14-hour day, running dress rehearsals to prepare for the ritual chaos of election night. In a few minutes, at exactly 8 pm, the county’s incoming precinct results would become visible to the public online. Curious, Ball typed in the address for the Knox County election website. At 7:53, the website abruptly crashed. Staring back at Ball was a proxy error notice, a gray message plastered against a screen of purgatorial white. It read simply, “Service Unavailable.” Across East Tennessee, thousands of Knox County residents who eagerly awaited the results saw the same error message — including at the late-night election parties for various county candidates, where supporters gathered around computers at Knoxville’s Crowne Plaza Hotel and the nearby Clarion Inn and Suites. Ball was scowling at the screen when the phone on his table buzzed. It was a message from a staffer, still on duty at the IT department: “We’ve got a problem here,” it read. “Looks like a DDOS.” Ball still remembers his next, involuntary exclamation: “Oh, shit.”

National: Mitigating Election Security Risks Rely on System Resiliency, Auditability | Government CIO

A continuous increase of data breaches, the 2016 election interferences and financial security concerns are causing a riff in the public’s cybersecurity trust in government and industry, and could impact whether people show to vote. That’s according to global IT company Unisys’ annual security index, a look at global and national security concerns. The index is a calculated score out of 300 that measures consumer concerns over time across eight areas of security in four categories: national security, financial security, internet security and personal security. This year’s index is 173, same as last year, but 32 percent higher than 10 years ago, according to the report. And the highest security concerns people have are around identity theft and bankcard fraud. In fact, identity theft was one of the top eight security threats measured, coming before national security (including terrorism), disasters and epidemics, financial obligations, bankcard fraud, viruses and hacking, online transactions and personal safety.

National: Security firm finds county election websites lack cybersecurity protections | The Hill

Many county election websites are lacking basic cybersecurity measures that could leave voters vulnerable to misinformation, security firm McAfee said Wednesday. McAfee threat researchers looked at county websites in 20 states and found that many county sites used .com domains instead of .gov ones, which are required to be thoroughly vetted as being official sites by government officials. Researchers found that Minnesota had the highest percentage of non-.gov domains for county election sites at 95.4 percent, followed by Texas at 95 percent and Michigan with 91.2 percent. Steve Grobman, the senior vice president and chief technology officer at McAfee, noted in a blog post that .com and other domains can be bought by anyone, meaning that misinformation about elections could be more easily shared with potential voters.

National: Mega Millions is Safer than Our Election System | The Weekly Standard

Elections security experts say that it is too late to do much to protect our voting systems against tampering for the midterms. The Department of Homeland Security’s efforts to spur ballot integrity upgrades are focused on 2020, but being future-minded is only an illusion: The hackers will always be ahead. When you’re talking about a set of processes as varied as how different states and districts vote—whether they still use outdated and vulnerable machines that leave no paper trail, or store their registration data insecurely online—there’s really no way to either prevent—or detect—ballot interference with anything like absolute certainty. Russians allegedly hacked Illinois and Arizona’s voter databases mere months before the 2016 presidential election. When DHS first detected these attacks it was too late to prevent them, only soon enough to seal up the vulnerabilities. Except that, even if elections officials had wanted to secure their online voter registration rolls in response to the attack, the law wouldn’t have let them.

National: Paper and the Case for Going Low-Tech in the Voting Booth | WIRED

In September 2017, barely two months before Virginians went to the polls to pick a new governor, the state’s board of elections convened an emergency session. The crisis at hand? Touchscreen voting machines. They’d been bought back in the early aughts, when districts across the country, desperate to avoid a repeat of the 2000 “hanging chads” fiasco, decided to go digital. But the new machines were a nightmare, prone to crashes and—worse—hacking. By 2015, Virginia had banned one of the dodgiest models, but others were still in use across the state. Now, with the gubernatorial election looming, officials were concerned that those leftover machines were vulnerable.

They had good reason. Evidence of Russian interference in the US democratic process was mounting. And at the DefCon security conference that summer, whitehat hackers had broken into every electronic voting machine they tried, some in a matter of minutes. (One model had as its hard-coded password “abcde.”) “That really triggered us to action,” recalls Edgardo Cortés, at the time Virginia’s top elections official. So, at the emergency session, he and his colleagues instituted a blanket ban on touchscreen machines. But what next? Virginia officials needed a superior voting technology. They settled on paper. When considered as a form of tech, paper has a killer feature set: It’s intuitive, it doesn’t crash, and it doesn’t need a power source. You can tally ballots rapidly using low-tech scanners, and if it’s necessary to double-check the results (as was the case with several down-ticket contests in Virginia), you can do a manual recount. Paper isn’t perfect, but it’s better than the alternative.

National: U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections | The New York Times

The United States Cyber Command is targeting individual Russian operatives to try to deter them from spreading disinformation to interfere in elections, telling them that American operatives have identified them and are tracking their work, according to officials briefed on the operation. The campaign, which includes missions undertaken in recent days, is the first known overseas cyberoperation to protect American elections, including the November midterms. The operations come as the Justice Department outlined on Friday a campaign of “information warfare” by Russians aimed at influencing the midterm elections, highlighting the broad threat the American government sees from Moscow’s influence campaign.

National: Google steps up security efforts as most campaigns use its email services | The Washington Post

Google has been stepping up its efforts to protect political campaigns against phishing attacks — one of the most pressing threats facing candidates as hackers continue to target them via email. U.S. political campaigns overwhelmingly use Google as their email provider, according to data collected by anti-phishing start-up Area1 Security. Of the 1,460 candidates the company is tracking who are running for the Senate, House of Representatives or governor, 65 percent use Google as their email provider. The 2018 midterms will be the first test of the security measures Google and other tech companies have adopted since Russian hackers successfully spear phished Hillary Clinton campaign chair John Podesta. Hackers stole more than 50,000 of his emails after a click on a “change password” button on an email disguised as a security alert from Google.