California: FBI investigating cyberattacks targeting California Democrat: report | The Hill

The FBI has opened up an investigation into cyberattacks that targeted a California Democrat who eventually lost a tight House primary race earlier this year, according to Rolling Stone, citing a source close to the campaign. The inquiry centers on distributed denial of service (DDoS) attacks against the campaign website for Bryan Caforio, who finished third in the June primary. He was running in California’s 25th Congressional District, which is represented by Republican Rep. Steve Knight and is considered a seat that Democrats could flip in November. The attacks involved creating artificially heavy traffic on his website that forced the hosting company to block access to bryancaforio.com four times before the primary, including during a crucial debate and in the week before the primary. No website data was accessed from the site during the attacks.

Vermont: Secretary Of State: Hacking Attempt ‘That Said Russian Federation’ Raised Concerns | WBUR

The Vermont Secretary of State told On Point that in late August hackers used three different methods to attempt to access Vermont’s online voter registration database. One of the attempts came from Russia. “We experienced scans,” Vermont Secretary of State Jim Condos said. “Our logs of the system showed where they were coming from. The one that raised our attention, if you want to call it, was the one that said ‘Russian Federation,’ and we forwarded that on to Department of Homeland Security.” None of the attacks were successful. The attempts were first reported by NBC News. Condos revealed the Russian attempt to On Point. The Department of Homeland Security said in an intelligence assessment obtained by NBC News that it’s aware of growing “cyberactivity targeting election infrastructure in 2018. … Numerous actors are regularly targeting election infrastructure, likely for different purposes, including to cause disruptive effects, steal sensitive data and undermine confidence in the election.”

National: Blockchain Might Make Voting Worse — Not Better: Crypto Researchers | CCN

Three researchers with the Initiative for CryptoCurrencies and Contracts (IC3) are questioning whether, as some proponents claim, blockchain technology will be able to change the internet voting sector for the better. In an article published by Business Insider, the scholars argue that while blockchain technology might serve to revolutionize other industries, internet voting might be a sector that doesn’t benefit from the technology at all, and could potentially even be harmed by it. The researchers start off by acknowledging that they understand why blockchain technology is being considered as an option to optimize internet voting. There is little doubt in the fact that the cryptocurrency world has attracted billions of dollars for legitimate reasons and that it has clear potential to revolutionize everything from the global payments sector, to logistics, to retail, to land ownership rights, among other sectors.

National: Experts say latest Russia case exposes US election vulnerabilities | The Hill

The indictment of a Russian national accused of trying to interfere in U.S. elections shows that not enough has been done to stop the country from launching a multimillion-dollar effort to influence American voters, experts say. Both officials and experts have been warning for months that Russia is trying to influence voters after the country successfully launched a cyber and disinformation campaign in the 2016 election. They say Friday’s indictment of a Russian national, revealing details of the alleged attempts to sway the public, combined with a U.S. intelligence warning of ongoing influence campaigns, is arguably the strongest message to date that the U.S.’s penalties against the country haven’t been enough to shut down the campaigns.

National: Pros to government: If your defenses fail, think pen and paper | The Washington Post

After a cyberattack forced a local Alaska government to disconnect its computer systems from the Internet this summer, employees were ready with a Plan B. They picked up pens and paper — and even resorted to typewriters — so that the government could continue its daily work, from collecting property taxes to checking out books at public libraries. They had practiced for this kind of scenario, which helped ensure the multipronged malware attack did not grind public business to a halt, said Eric Wyatt, the Matanuska-Susitna Borough IT director. “Having these plans and being able to go to paper and pen and manual methods was very helpful,” he said. “We could keep our doors open and continue to provide service to our citizens.” The focus of government cybersecurity has largely centered on developing cutting-edge solutions — and shoring up basic vulnerabilities — to prevent attacks on IT systems. But as more and more government business moves online, there’s a growing call among security pros and government officials for a different, albeit slightly more fatalistic, approach. Public agencies, this cohort says, should just assume they will be hacked — and practice how to carry out essential functions without Internet access or even computers in some cases.

National: 5 Risks We Face with E-Voting Technology | Techspective

Technology brings with it a number of conveniences, but it also opens up opportunities for scammers and hackers to take advantage of people through tech fraud. That crime involves using technology in a variety of possible ways to mislead people, steal data, shut down systems and more. Increasingly over the past several years, tech fraud has influenced voter fraud, which also manifests in many ways. People may use fake information at the polls, try to vote more than once or otherwise wrongfully attempt to swing votes in a certain direction. Unfortunately, e-voting could facilitate both tech fraud and election fraud if the platforms aren’t sufficiently locked down.

National: The AI Threat to Democracy | ExtremeTech

Strolling the leafy suburbs of Austin, Texas, one could be forgiven for thinking democracy is in a robust state of health. The trees are changing color and the world appears largely in order, the outcome of inevitable forces leading to ever greater levels of comfort, luxury, and efficiency. But as the historians are fond of reminding us, there’s nothing inevitable about democracy. Other, less equitable systems of government have historically been far more representational of human affairs. And the democratic liberal order has never been more fragile. Democracies have always had their opponents, but for the first time in history, the principal threat to it comes from shifting technological sands rather than power-hungry despots. As some of more perceptive among us have begun shouting from the rooftops, the rise of strong artificial intelligence could well send the spool of democracy unraveling across the floor.

National: McAfee CTO raises concerns about election cyber security | Computer Weekly

Cyber security concerns around voting should be around the processes involved rather than just the electronic equipment used, according to Steve Grobman, senior vice-president and chief technology officer at security firm McAfee. Underlining this issue, he discussed a recent discovery by McAfee of a “big gap” in the security of the way US local jurisdictions communicate with their constituencies. Because US elections are decentralised, being run at a state and local level rather than at a federal level, with every state and locality choosing how to do things, there is very little uniformity. “We have found two big issues with the way local jurisdiction communicate with their constituencies,” said Grobman. Although these issues are US-specific, he told Computer Weekly that the issue is likely to be global given that the failings in the US are underpinned by a lack of cyber security skills, which is a challenge facing most countries around the world.

Minnesota: Cyber Security Experts say 2-Factor Authentication Crucial To Election Security | KSTP

Cyber security election experts say some Minnesota counties are not doing enough to protect their systems from hackers. A simple security measure of two-factor authentication used to protect emails, bank accounts and social media pages could help safeguard county computers from potential hacker stealing login information. Those experts say this is so important because this closely watched mid-term election is a prime target for hackers trying to disrupt the democratic process at all levels. “In 2016, we saw similar attacks and attempts to steal information log-in credentials and (that) might be valuable to someone who wants to influence the election,” said Reed Southard, a Harvard University researcher.

New Jersey: Is your vote safe? Just 1 New Jersey county can back it up on paper | Asbury Park Press

Nearly all of New Jersey’s 11,000 voting machines are vulnerable to election hacking that could change the outcome of elections across the state, but that is not the worst part of the nightmare scenario feared by security experts. Because the computer-drive voting machines are paperless, no one would know for certain if votes had been changed, the experts say. A USA TODAY NETWORK New Jersey review found that election officials in all counties test the machines for a host of technical issues — do the voting machines turn on, do they correctly count test votes, for example — but there is no independent test that deems them hack-proof. The Network asked for simple proof that the machines were digitally secure: Did independent security experts certify the hardware and software as secure, much the same way a bank or business ensures its money transactions are protected from outsiders?

Editorials: America’s Elections Could Be Hacked. Go Vote Anyway. | The New York Times

Will November’s election be hacked? A quick sampling of news stories over the past couple of years offers little comfort. In the months before the 2016 presidential election, Russian hackers tried to infiltrate voting systems in dozens of states. They succeeded in at least one, gaining access to tens of thousands of voter-registration records in Illinois. In April, the nation’s top voting-machine manufacturer told Senator Ron Wyden, of Oregon, that it had installed remote-access software on election-management systems that it sold from 2000 to 2006. Senator Wyden called it “the worst decision for security short of leaving ballot boxes on a Moscow street corner.” At a hacking convention last summer, an 11-year-old boy broke into a replica of Florida’s state election website and altered the vote totals recorded there. It took him less than 10 minutes. All along, the nation’s top intelligence and law-enforcement officials have been sounding the alarm, warning that Russia is engaged in a “24-7 365-days-a-year” effort to disrupt the upcoming midterm elections and imploring Congress and the White House to take more decisive action.

National: Here’s How Russia May Have Already Hacked the 2018 Midterm Elections | Newsweek

It’s not easy to get in to see Diane Ellis-Marseglia, one of three commissioners who run Bucks County, Pennsylvania. Security is tight at the Government Administration Building on 55 East Court Street in Doylestown, a three-story brick structure with no windows, where she has an office. It also happens to be where officials retreat on election night to tally the votes recorded on the county’s 900 or so voting machines. Guards at the door X-ray bags and scan each visitor with a wand.Unfortunately, Russian hackers won’t need to come calling on Election Day. Cyberexperts warn that they could use more sophisticated means of changing the outcomes of close races or sowing confusion in an effort to throw the U.S. elections into disrepute. The 2018 midterms offer a compelling target: a patchwork of 3,000 or so county governments that administer elections, often on a shoestring budget, many of them with outdated electronic voting machines vulnerable to manipulation. With Democrats on track to take control of the U.S. House of Representatives and perhaps even the Senate, the ­political stakes are high. … The U.S. certainly hasn’t forced the Russians to look hard for places to strike. The midterm elections are rich in targets. Bucks County is ­hardly unique in relying on easily hacked voting machines, whose results could determine control of Congress or individual states. About 30 percent of America’s voting machines are as outdated and nearly unprotected as those in Bucks County, says Marian Schneider, a former Pennsylvania deputy secretary for elections and administration and now president of Verified Voting, a national election-­integrity advocacy group. Ballotpedia, a nonprofit website that tracks elections, lists nearly 400 congressional and top state official races this November as competitive enough to be considered battleground contests.

National: States Step Up Election Cybersecurity as Federal Efforts Stall | Bloomberg

States have taken it upon themselves to bolster cyber defenses for the midterm elections instead of waiting for Congress to act. “Cybersecurity is now our focus, it’s what keeps many of us as secretaries of states and local officials up at night,” said Jim Condos, president of the National Association of Secretaries of State and Vermont Secretary of State. Hacks of states’ voter registration systems, voting machines or vote reporting systems could lead to rigged vote counts, confusion at polling booths and public distrust of results, according to interviews with voting advocacy groups, former and current Department of Homeland Security officials, and state election officials. Two dozen states lack several of the strongest measures that could protect them against cyber attacks: mandating voting machines that leave a paper trail and requirements for a post-election audit to check for accuracy of the system.

Maryland: In Wake of Russian Meddling, Critics Say Maryland’s Online Ballot System Is Potential Target – NBC4

Requests for absentee ballots are on the rise ahead of the November election — the first general contest since learning of Russian efforts to access voting systems, including those right here in the Washington area. But critics, including a host of computer security experts, say a system designed to make voting easier also makes it more of a target for hackers intending to interfere in U.S. elections. Maryland officials, however, argue those concerns are hypothetical and say they’ve put the necessary safeguards in place. At issue is Maryland’s online ballot delivery system, which allows any voter to request and download an absentee ballot from the internet. Maryland doesn’t allow residents to vote online, so users of this system must mail in their ballots.’ 

Verified Voting in the News: State has new laws and the Air National Guard to help secure 2018 midterm election | TechRepublic

Changes to election procedures and assistance from the Washington Air National Guard are underway, as Washington state prepares for the 2018 midterm elections. After learning that it was one of the 21 states whose voter registration database was targeted, Washington is taking extra measures to stay secure. While Washington’s voter registration database wasn’t breached, rumors are swirling that those states targeted in 2016 could be targeted again in 2018, according to Danielle Root, voting manager at the Center for American Progress. “Many national security experts and officials have warned that 2016 was likely a testing ground for Russia,” said Root, so states must stay vigilant. Voter registration databases are an obvious target for attack, said Dan Weiske, advisor to the National Cybersecurity Center. “Any of the publicly connected systems, like the registration systems, are going to be the largest areas of attack and the highest risk,” said Weiske. “There’s a lot of data that sits on those, and it’s accessible by the public.”

Europe: Fearing election hacking, EU leaders to ready sanctions | EURACTIV

EU leaders agreed at a summit on Thursday (18 October) to impose sanctions to stiffen their response to cyber attacks and to rush through new curbs on online campaigning by political parties to protect next year’s European election from interference. In the conclusions of the European Council meeting, EU leaders agreed that the new measures to tackle cybersecurity, disinformation and data manipulation “deserve rapid examination and operational follow-up”. They called for “measures to combat cyber and cyber-enabled illegal and malicious activities” and to “work on the capacity to respond to and deter cyber-attacks through EU restrictive measures should be taken forward, further to the 19 June 2017 Council conclusions.” Negotiations on running proposals are meant to be concluded by the end of the legislative term next year.

National: US voter records from 19 states sold on hacking forum | ZDNet

The voter information for approximately 35 million US citizens is being peddled on a popular hacking forum, two threat intelligence firms have discovered. “To our knowledge this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data,” said researchers from Anomali Labs and Intel471, the two companies who spotted the forum ad. The two companies said they’ve reviewed a sample of the database records and determined the data to be valid with a “high degree of confidence.” Researchers say the data contains details such as full name, phone numbers, physical addresses, voting history, and other voting-related information. It is worth noting that some states consider this data public and offer it for download for free, but not all states have this policy.

National: DHS finds increasing attempts to hack U.S. election systems ahead of midterms | NBC

The Department of Homeland Security says it’s working to identify who — or what — is behind an increasing number of attempted cyber attacks on U.S. election databases ahead of next month’s midterms. “We are aware of a growing volume of cyber activity targeting election infrastructure in 2018,” the department’s Cyber Mission Center said in an intelligence assessment issued last week and obtained by NBC News. “Numerous actors are regularly targeting election infrastructure, likely for different purposes, including to cause disruptive effects, steal sensitive data, and undermine confidence in the election.” The assessment said the federal government does not know who is behind the attacks, but it said all potential intrusions were either prevented or mitigated.

National: U.S. Still Hasn’t Finalized Election Security Plans—and the Midterms Are Weeks Away | Daily Beast

The midterms are less than a month away. But working groups inside the intelligence community charged with overseeing election security are still trying to finalize plans for countering foreign interference in the 2018 elections, three senior officials involved with the efforts told The Daily Beast. The issue came up in a meeting this month that included current senior intelligence officials and former officials who were asked to attend and provide advice. The Federal Bureau of Investigation and the National Security Agency were pinpointed as two of the departments that had made the most progress. The Department of Homeland Security, however, is lagging behind, according to officials inside the meeting.

National: How hackable are American voting machines? It depends who you ask | ABC

To hear Alex Halderman tell it, hacking the vote is easy. The University of Michigan professor is on a crusade to demonstrate how vulnerable American voting machines are, and some of his arguments are quite compelling. He has rigged mock elections. He has testified to the machines’ vulnerabilities in Congress and in court. He has even managed to turn a commonly used voting machine into an iteration of the classic arcade game Pac-Man. “They’re just computers at the end of the day,” said Halderman, who told the Senate Intelligence Committee last year that states should move back to paper ballots. “Often with voting machines, when you open it up, it’s not that different from a desktop PC or mobile device. The only difference is that it’s going to be 10 years out of date, or sometimes 20 years.”

Editorials: Bill to reform government, elections should be the top item on the agenda in 2019 | Tiffany Muller/The Hill

Americans don’t believe that their government works for them. And they’re right. They also know that all of the money spent in politics affects every decision made in Washington – and it’s not to the benefit of everyday, working families. Instead, mega donors and special interests have access and influence to lawmakers, members of the administration, and other decision makers that the rest of us don’t.  At best, there’s an uneven playing field stacked in favor of the biggest donors. At worst, this corrupt pay to play system means that politicians are doing the bidding for the individual and corporate special interests who fund and support their campaigns at the expense of the American people. 

Pennsylvania: House panel holds hearing on election security | WHTM

The House State Government Committee held a hearing Monday to discuss lingering issues with Pennsylvania’s election system. Committee chair Daryl Metcalfe raised concerns about non-citizens being able to vote after the Department of State found that thousands of potential non-citizens… were registered due to a technical glitch. “All of the talk about Russia’s interference with our elections. there’s real interference with our elections by foreign nationals in the state of Pennsylvania and those foreign nationals are here legally, but registering illegally,” Metcalfe said.

Europe: Conference on election security begins in Brussels | Euronews

A two-day conference on election interference begins in Brussels today. The event will gather leading experts and political figures from around the world to discuss questions relating to election security. The conference will also focus on how to tackle the associated challenges, particularly in view of the upcoming 2019 European Parliament elections. “We have to recognize that these elections have not happened since 2014, which in many ways was a simpler time,” Liisa Past, from the McCain Institute, told Good Morning Europe.

National: More Senate Democrats back alternative to Secure Elections Act | FCW

For much of the past year, Sen. Ron Wyden’s (D-Ore.) Protecting American Votes and Elections Act has taken a backseat to the Republican-led, bipartisan-crafted Secure Elections Act in the election security debate on Capitol Hill. Boosters for the bipartisan effort continue to work to get their bill passed during  the upcoming lame duck session. However, its stall out amid the perceived watering down of security provisions at the request of states in August combined with increasingly sunny forecasts for Democrats in the upcoming midterm elections may have provided an opening for consideration of alternative legislation. On Oct. 11, Wyden’s bill picked up four more Democratic co-sponsors in the Senate, with Tammy Duckworth (Ill.), Tammy Baldwin (Wis.), Maria Cantwell (Wash.) and Gary Peters (Mich.) all signing on.

National: Online voting is a security nightmare, say experts | Fast Company

Online banking, ecommerce, e-filing taxes. Moving print documents and in-person services online–even those full of sensitive information–has been an inexorable trend for decades. And voting has moved in that direction too, in 32 U.S. states and several countries, starting in those simpler times of the 1990s and early 2000s. That was a giant security blunder, according to a new report from tech and election experts that urges a return to good old paper ballots. “This is a position consistently that computer scientists have been saying for a decade, and computer scientists are the ones who you think would be the most favorable to the idea [of online voting] because, we invent the things.” So says Jeremy Epstein, vice chair of the U.S. Technology Policy Council at the ACM, billed as the largest association of computing experts.

National: Election security groups warn of cyber vulnerabilities for emailed ballots | The Hill

Election security groups are sounding the alarm about emailed ballots ahead of the November midterm elections, warning in a new report that PDF and JPEG ballot attachments sent to election officials could be exploited by hackers. The organizations, including watchdog group Common Cause, issued a report Wednesday that found election workers who receive emailed ballots are at risk of clicking on unsafe attachments, sent from unknown sources, that could contain malware. “In jurisdictions that receive ballots by PDF or JPEG attachment, election workers must routinely click on documents from unknown sources to process emailed or faxed ballots, exposing the computer receiving the ballots — and any other devices on the same network — to a host of cyberattacks that could be launched from a false ballot laden with malicious software,” the report says. “An infected false ballot would enter the server like any other ballot, but once opened, it would download malware that could give attackers backdoor access to the elections office’s network.”

National: Can Elections Be Hacked? Online Voting Threatens 32 States, Report Says | Newsweek

Voters cast a minimum of 100,000 ballots using insecure internet methods in the 2016 election, highlighting an overlooked threat to election integrity, according to a report released Wednesday. Thirty-two states permit some voters—primarily overseas military personnel—to return ballots by email, fax or internet, according to “Email and Internet Voting: The Overlooked Threat to Election Security,” a report produced by the Association for Computing Machinery, Common Cause, the National Election Defense Coalition and R Street. “There are two concerns with email voting,” in which ballots and voter identification information are typically attached as a PDF or JPEG. “One—the ballots can be intercepted and undetectably altered or deleted. This hack was performed at DEF CON in August. And it’s something academics have long known,” Susannah Goodman, one of the authors of the report, told Newsweek. “Second—emailed ballots can be easily spoofed in a spear phishing attack designed to put malware on a county election official’s computer.”

National: To Deter Foreign Hackers, Some States May Also Be Deterring Voters | NPR

A number of states are blocking web traffic from foreign countries to their voter registration websites, making the process harder for some U.S. citizens who live overseas to vote, despite the practice providing no real security benefits. On its face, the “geo-targeting” of foreign countries may seem like a solid plan: election officials around the country are concerned about foreign interference after Russia’s efforts leading up to the 2016 election, so blocking traffic to election websites from outside the United States might seem like an obvious defense starting point. But cybersecurity experts and voting rights advocates say it’s an ineffective solution that any hacker could easily sidestep using a virtual private network, or VPN, a commonly-used and easily-available service. Such networks allow for a computer user to use the Internet and appear in a different location than they actually are.

National: Why federal courts may become the next front in the battle to secure our elections | The Hill

Last week, a team of security researchers who run the DefCon hacking convention released a report on voting machines in use around the country that contain structural flaws ripe for exploitation by hackers. Among its dismaying findings, DefCon reported a flaw in one widely used voting tabulator that, if hacked, “could enable an attacker to flip the Electoral College and determine the outcome of a presidential election.” Though it’s been nearly two years since the 2016 election, there remains a startling gap between the well understood need to secure our elections against cyberattacks and the reality on the ground. Computer security experts and leading intelligence and law enforcement voices have sounded the alarm on the persistent and serious threats facing election systems. Yet the actors best positioned to take broad action — state governments, Congress, and election system vendors — have moved slowly, and in some cases stalled.

Texas: Can Hackers Mess With Texas’s Elections? | Texas Monthly

When we think about those who defend the territorial integrity of our nation and state, we tend to imagine well-equipped members of the U.S. armed forces, or perhaps a square-jawed detachment of Texas Rangers. Increasingly, however, the twenty-first century battle for control of the American homeland is being fought in the computerized elections systems overseen by our humble county clerks.

Here in Texas, votes in federal and state elections are tallied independently by 254 local officials, one in each county seat, from big cities like Houston and Dallas to tiny courthouse towns like Tahoka and Floydada. If a hostile country decides to hack an election in Texas, that means pitting Russia’s (or Iran’s or North Korea’s or China’s) most skilled hackers against a group of officials and volunteers who may not even know their way around an iPhone. “We’re asking county clerks, and for that matter local poll workers, to defend against a nation-state adversary,” says Dan Wallach, computer science professor at Rice and expert on election security issues. “That’s not a fair fight.”