Finland: ‘We are constantly one step behind’: Finland worries about cyber warfare in shadow of Russia | The Independent

Finland, on the northern edge of Europe and with a population of fewer than 5.5 million, may not seem an obvious player in struggles of geopolitics. But being situated in the shadow of its giant neighbour, Russia, has meant that the country has been inevitably drawn into the world of hybrid warfare. Helsinki was the focus of global attention as the venue of the summit between Vladimir Putin and Donald Trump, with questions inevitably raised over claims that the Russian president had placed his man in the White House through manipulation of the US election. Away for the limelight Helsinki has become the base for a major cyber-defence programme for the west with the establishment of the Nato-backed European Centre for Excellence for Countering Hybrid Threat, which has received funding and resources from the US, Britain, France and Nordic states.

National: Congress falls flat on election security as midterms near | The Hill

Congress has failed to pass any legislation to secure U.S. voting systems in the two years since Russia interfered in the 2016 election, a troubling setback with the midterms less than six weeks away. Lawmakers have repeatedly demanded agencies step up their efforts to prevent election meddling but in the end struggled to act themselves, raising questions about whether the U.S. has done enough to protect future elections. A key GOP senator predicted to The Hill last week that a bipartisan election security bill, seen as Congress’s best chance of passing legislation on the issue, wouldn’t pass before the midterms. And on Friday, House lawmakers left town for the campaign trail, ending any chance of clearing the legislation ahead of November. Lawmakers have openly expressed frustration they were not able to act before the 2018 elections.

National: Election Security Remains Just as Vulnerable as in 2016 | Electronic Frontier Foundation

The ability to vote for local, state, and federal representatives is the cornerstone of democracy in America. With mid-term congressional elections looming in early November, many voices have raised concerns that the voting infrastructure used by states across the Union might be suspect, unreliable, or potentially vulnerable to attacks. As Congress considers measures critical to consumer rights and the functioning of technology (net neutrality, data privacy, biometric identification, and surveillance), ensuring the integrity of elections has emerged as a matter of crucial importance. On the one hand, the right to vote may not be guaranteed for many people across the country. Historically, access to the ballot has been hard fought, from the Revolution and the Civil War to the movement for civil rights that compelled the Voting Rights Act (VRA). But recent restrictions on voting rights that have proliferated since the Supreme Court struck down the VRA’s pre-clearance provisions in 2013. Coupled with procedural impediments to voting, unresolved problems continue to plague the security of the technology that many voting precincts use in elections. With mid-term elections in just two months, Secretaries of State should be pressed to do their jobs and increase security before voters cast their ballots.

National: Def Con researchers came to Washington to poke holes in voting machine security | The Washington Post

Not long ago, lawmakers might have been wary about showcasing the work of hackers who specialize in penetrating voting equipment. But on Thursday, organizers from the Def Con Voting Village — a collection of security researchers who hack election systems in hopes of making them more secure — received a warm welcome on Capitol Hill. The organizers were in town to unveil a new report identifying vulnerabilities in several widely used voting machines they tested during the Def Con hacking conference in Las Vegas over the summer, including a flaw in a vote tabulator that could allow a malicious actor to hack it remotely. They presented their findings in a meeting hosted by Rep. Jackie Speier (D-Calif.) and attended by staffers from the offices of Sen. Amy Klobuchar (D-Minn.), who is sponsoring an election security bill, and several other Democrats. The event highlights how the cybersecurity experts behind the Voting Village, which is only in its second year, are reaching beyond the niche and often apolitical community of Def Con in hopes of influencing the debate over how to secure the country’s election systems. The issue has received a wave of new attention since the 2016 election, when Russian hackers probed election administration systems in 21 states. 

National: Voting Machines Are Still Absurdly At Risk | WIRED

While Russian interference operations in the 2016 US presidential elections focused on misinformation and targeted hacking, officials have scrambled ever since to shore up the nation’s vulnerable election infrastructure. New research, though, shows they haven’t done nearly enough, particularly when it comes to voting machines. The report details vulnerabilities in seven models of voting machines and vote counters, found during the DefCon security conference’s Voting Village event. All of the models are in active use around the US, and the vulnerabilities—from weak password protections to elaborate avenues for remote access—number in the dozens. The findings also connect to larger efforts to safeguard US elections, including initiatives to expand oversight of voting machine vendors and efforts to fund state and local election security upgrades.

Florida: The Voting Security Issues Florida Is Facing This Election Season | WLRN

Two years ago, “spearphishing attacks” -emails targeted towards specific individuals with the intent to steal data for malicious purposes- flooded the inboxes of election officials in several Florida counties. This year, as Florida prepares for the general elections in November, issues around voting security have been front and center. In August, Sen. Bill Nelson claimed Russian hackers had gained access to valuable data on state voters. There has been no evidence found that Florida’s voting system was compromised in 2016, but the attempts to breach systems have led to the state receiving $19 million in federal money for election security.

Texas: Paper Ballots Could Ease Election-Hacking Fears, But Computers Will Always Be Part Of Counting Votes | Texas Standard

There’s a question that moves in parallel with the increased use of computerized voting machines – can your vote be hacked? It’s a question that was put to the test in the 2016 presidential election cycle, when Russia was found to be influencing voters in the election, but not the voting machines themselves. Some say the risk of vote-hacking could be reduced by using paper ballots in addition to electronic vote-counters. Hovav Shacham is a professor of computer science at the University of Texas at Austin. He has specialized in computer security and the voter security for over a decade. “I think the question we need to ask is not just how vulnerable the actual systems are, but how much confidence can voters have that their vote really is recorded and counted just as they cast it,” Shacham says.

National: Defcon Voting Village report: bug in one system could “flip Electoral College” | Ars Technica

Today, six prominent information-security experts who took part in DEF CON’s Voting Village in Las Vegas last month issued a report on vulnerabilities they had discovered in voting equipment and related computer systems. One vulnerability they discovered—in a high-speed vote-tabulating system used to count votes for entire counties in 23 states—could allow an attacker to remotely hijack the system over a network and alter the vote count, changing results for large blocks of voters. “Hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election,” the authors of the report warned.

National: DEF CON hackers’ dossier on US voting machine security is just as grim as feared | The Register

Hackers probing America’s electronic voting systems have painted an astonishing picture of the state of US election security, less than six weeks before the November midterms. The full 50-page report [PDF], released Thursday during a presentation in Washington DC, was put together by the organizers of the DEF CON hacking conference’s Voting Village. It recaps the findings of that village, during which attendees uncovered ways resourceful miscreants could compromise electoral computer systems and change vote tallies. In short, the dossier outlines shortcomings in the electronic voting systems many US districts will use later this year for the midterm elections. The report focuses on vulnerabilities exploitable by scumbags with physical access to the hardware. “The problems outlined in this report are not simply election administration flaws that need to be fixed for efficiency’s sake, but rather serious risks to our critical infrastructure and thus national security,” the report stated. “As our nation’s security is the responsibility of the federal government, Congress needs to codify basic security standards like those developed by local election officials.”

National: Hackers warn about election security ahead of midterms | CNN

The vulnerabilities in America’s voting systems are “staggering,” a group representing hackers warned lawmakers on Capitol Hill on Thursday — just over a month before the midterm elections. The findings are based on a project at the Voting Village at the Def Con hacking conference held in Las Vegas last month, where hackers were invited to attempt to break into voting machines and other equipment used in elections across the country. The hacking group claims they were able to break into some voting machines in two minutes and that they had the ability to wirelessly reprogram an electronic card used by millions of Americans to activate a voting terminal to cast their ballot. “This vulnerability could be exploited to take over the voting machine on which they vote and cast as many votes as the voter wanted,” the group claims in the report.

National: Questions on Pompeo’s certainty about secure midterms | Politico

Secretary of State Mike Pompeo on Wednesday said there was “no question” the U.S. midterm elections would be safe from foreign interference, a level of certitude that is … shall we say, not widely shared? “That’s a dangerous level of confidence for someone in that position to have,” Alex Halderman, a University of Michigan computer science professor at the forefront of the election security debate, told MC. Halderman said that perhaps intelligence sources might not see any indications of foreign planning to further disrupt elections, but “frankly, you don’t know what you don’t know.” Democratic Rep. Mike Quigley said this about Pompeo: “I wish I could be so confident.” Robert Johnston, credited with discovering the DNC hack while working at CrowdStrike and now CEO of Adlumin, told MC there are already signs Russia has interfered in the 2018 races. Some of the suspect incidents have surfaced in California’s congressional races and the U.S. Senate.

Mississippi: Hackers attempt cyber attacks on state voting system | WMC

How safe is the ballot you will be casting during the November 6 election? Secretary of State Delbert Hosemann maintains that your ballot will be safe from hackers, but he reveals that there are thousands of attempts each month to try to penetrate the Statewide Election Management System. In the past few weeks, the agency that oversees elections reports that hackers have attempted to get into the systems of circuit clerks and election commissioners. “They are sending out emails to my circuit clerks and my election commissioners telling them to open this invoice from a former employee who’s no longer employed here,” said Hosemann. “So I will tell you that’s the level of attempts we have going on.”

Canada: Elections Canada preps for spring vote as MPs set deadline for new law | iPolitics

Canada’s Chief Electoral Officer has revealed that the federal elections agency intends to be ready for an election by next April, five months before the fixed election date for 2019. Chief Electoral Officer Stéphane Perrault outlined the timetable as he informed a Commons committee this week that a sweeping bill to overhaul the Canada Elections Act and upgrade cybersecurity would have to clear Parliament by December to give his office time to prepare. “For the next election, given the environment, I very much look forward to having this legislation passed,” Perrault told the Commons Standing Committee on Procedure and House Affairs, which began reviewing Bill C-76 last May.

Latvia: How do you Russia-proof an election? Educate your voters, says Latvian official | CBC

Countering attempts by Russia and other actors to meddle in the democracies of other countries requires more than just stronger cyber defences and better election monitoring, Latvia’s deputy minister of defence said Thursday. It also demands stronger societies and better-informed citizens able to withstand an onslaught of disinformation, rumours and outright fabrications, said Janis Garisons in an interview Thursday with CBC News. Latvia, which has faced cyber attacks on its infrastructure and frequent disinformation campaigns for years, has learned a lot about how to protect itself, said Garisons. “Without general resilience in the long term, I think it will be very difficult to resist,” he said.

National: The dark web is where hackers buy the tools to subvert elections | CBS

Voter data and the digital weapons hackers use to subvert elections are bought and sold daily on a corner of the internet known as the dark web. It is a network of websites that is tough to access but functions much like the internet we use every day. You can buy everything from guns and drugs to botnets and ransomware. And cyber-criminals can purchase voter records and hacking tools.The dark web is not accessible using typical web browsers like Chrome or Safari. Instead, you are required to log on using a virtual private network, or VPN, and the Tor web browser. Tor is an acronym for “the onion router.” Every computer has an identifying IP address, and the Tor browser can help shield your machine’s location by sending info through several layers of servers.

National: FEC data shows candidates hit snooze button on hacker threat, saying defending cyberattacks is hard | McClatchy

With some 40 days remaining to the crucial midterm elections, signs of digital meddling in campaigns are mounting. But most candidates have spent little or nothing on cybersecurity, and say it’s too hard and expensive to focus on hacking threats with all the other demands of running for office. Only six candidates for U.S. House and Senate spent more than $1,000 on cybersecurity through the most recent Federal Election Commission filing period. Yet those who monitor intrusions and digital mayhem say hackers are active. And various reports cite at least three candidates still in races or ousted in primaries were suffering attempted breaches of their campaigns. “We get things literally every day to my team … to investigate everything from phishing attacks to ‘We think our data was breached’ to ‘We think there was a denial of service attack’ to ‘Someone’s listening on our cell phones.’ So we get, like, the whole range of things every single day,” said Raffi Krikorian, chief technology officer for the Democratic National Committee, the party’s governing body.

Maryland: Questions arise about Russian connection to Maryland election system | WBMA

With the midterm elections just over a month away, there is heightened concern about the security of America’s voting process, following recent revelations by the FBI that a software company — which runs part of Maryland’s voter registration system — was purchased by Russian oligarch Vladimir Potanin, believed to have close ties to President Vladimir Putin. “So, the fact that one of his friends, one of his business, wealthy friends, is buying up (a) company that does business with our Board of Election(s) is a matter of major security interest here,” said Sen. Ben Cardin, D-Md. The company, Bytegrid, is responsible for voter registration, online ballot delivery and unofficial election night results, and while there’s been no evidence of wrongdoing, Cardin says change is needed now.

National: The Crisis of Election Security | The New York Times

It was mid-July 2016 when Neil Jenkins learned that someone had hacked the Illinois Board of Elections. Jenkins was a director in the Office of Cybersecurity and Communications at the Department of Homeland Security, the domestic agency with a congressional mandate to protect “critical infrastructure.” Although election systems were not yet formally designated as such — that wouldn’t happen until January 2017 — it was increasingly clear that the presidential election was becoming a national-security issue. Just a month before, Americans had been confronted with the blockbuster revelation that Russian government actors had hacked the Democratic National Committee’s servers and stolen private email and opposition research against Donald Trump, the Republican presidential candidate. And now, it emerged, someone was trying to infiltrate the election system itself. The Illinois intruders had quietly breached the network in June and spent weeks conducting reconnaissance. After alighting on the state’s voter-registration database, they downloaded information on hundreds of thousands of voters. Then something went wrong, and the attackers crashed a server, alerting officials to their presence.

National: Election security bill won’t pass ahead of midterms, says key Republican | The Hill

Sen. James Lankford (R-Okla.) said Tuesday that a bipartisan election security bill won’t be passed by Congress ahead of November’s midterm elections. Lankford told The Hill that the text of the bill, known as the Secure Elections Act, is still being worked out. And with the House only being in session for a limited number of days before the elections, the chances of an election security bill being passed by then are next to none. “The House won’t be here after this week so it’s going to be impossible to get passed,” Lankford said of the bill.

National: Why lawmakers’ personal accounts are a prime target for foreign hackers | The Washington Post

Foreign government hackers are continuing their assault on the personal email accounts used by lawmakers and congressional staff — and cybersecurity experts are warning that Congress is ill-equipped to deal with the problem. The issue got fresh attention last week, when Sen. Ron Wyden (D-Ore.) revealed — and Google later confirmed — that an unspecified number of senators’ and Senate staff members’ private email accounts were targeted by foreign hackers, as my colleague Karoun Demirjian reported. In a letter to Senate leadership, Wyden said the Senate sergeant-at-arms, the chamber’s main cybersecurity authority, wouldn’t assist them because the cyberattacks didn’t involve official accounts or devices. The threats against personal accounts are well known. The major hacks of Democratic officials during the 2016 election involved nonofficial emails, and officials as high-ranking as White House Chief of Staff John F. Kelly have had their personal accounts hacked. But Congress hasn’t taken action to safeguard their own despite intelligence officials’ warnings that foreign adversaries are still trying to disrupt U.S. politics. The risks hackers will steal or leak information only increase the longer lawmakers wait to secure their personal accounts, said Daniel Schuman, co-founder of the Congressional Data Coalition, which seeks to improve the way Congress stores and shares information online.

National: Report outlines keys to election security | MIT News

The most secure form of voting technology remains the familiar, durable innovation known as paper, according to a report authored by a group of election experts, including two prominent scholars from MIT. The report, issued by the National Academies of Science, Engineering, and Medicine, is a response to the emerging threat of hackers targeting computerized voting systems, and it comes as concerns continue to be aired over the security of the U.S. midterm elections of 2018. The U.S. has a decentralized voting system, with roughly 9,000 political jurisdictions bearing some responsibility for administering elections. However, for all that variation, and while many questions are swirling around election security, the report identifies some main themes on the topic.

National: Congress poised to allow DHS to take the lead on federal cybersecurity | The Washington Post

After years of debate, Congress is poised to vote on legislation that would cement the Department of Homeland Security’s role as the government’s main civilian cybersecurity authority. The Cybersecurity and Infrastructure Security Agency Act, which has been in the works since the Obama administration, would give the department a stand-alone cybersecurity agency with the same stature as other DHS units, such as the Federal Emergency Management Agency. The Senate could vote on the bill, which passed in the House last year, as early as this week as it takes up a slew of cybersecurity-related legislation. Approving the legislation would mark a major shift in Congress’s views on whether DHS should lead the government’s efforts to protect federal computer networks, power plants and other critical infrastructure from digital attacks. Attempts to make DHS the government’s civilian cybersecurity hub have stalled amid resistance from some lawmakers who say the relatively young agency isn’t as well equipped to deal with cyberthreats as the National Security Agency or the FBI.

Pennsylvania: Election security commission releases initial report | StateScoop

A 21-member panel of elected officials, former U.S. Justice department officers and nonprofit leaders convened in May by the University of Pittsburgh to review Pennsylvania’s election security issued its preliminary report Tuesday, landing on a increasingly common conclusion for states reviewing their voting processes: buy new ballot equipment that produces a paper record for each voter. The Commission on Pennsylvania’s Election Security, run out of Pitt’s Institute for Cyber Law, Policy and Security, made two other broad recommendations in its preliminary report, calling on state and federal lawmakers to provide additional funding to help the commonwealth’s 67 counties buy new voting machines, and asking elections officials to scrutinize the cybersecurity practices of the vendors they work with. But the top-line item is the swift replacement of the direct-recording electronic machines — also known as DREs — that don’t produce printed backups of ballots, and that 83 percent of Pennsylvania voters currently use. DREs are frequently cited by election-security analysts as being particularly vulnerable to tampering because they cannot be audited following an election.

Pennsylvania: Panel urges aid for counties to buy new voting machines | The Times

A commission studying voting machine vulnerabilities in Pennsylvania released an interim report on Tuesday that recommends the state and federal governments help counties purchase more secure machines in time for elections in 2019. “The vast majority of Pennsylvania’s voting machines are vulnerable to electronic manipulation and have no paper backups to ensure the integrity of elections,” David Hickton, director of the University of Pittsburgh’s Institute for Cyber Law, Policy and Security, and a former U.S. attorney for the Western District of Pennsylvania in Pittsburgh, said in a statement. Hickton and Grove City College President Paul McNulty assembled the Blue Ribbon Commission on Pennsylvania’s Election Security earlier this year to, according to the statement, “assess the cybersecurity of Pennsylvania’s election architecture, including voting machines and back-end systems, registration systems and resiliency and recovery in the instance of a cyberattack.”

National: If There Is Meddling With The Midterms, Local Voting Officials May Be To Blame | Buzzfeed

The good news is that the thousands of county and municipal governments that administer elections across the US have a variety of effective cybersecurity programs available to them, free of charge. The bad news is that the vast majority don’t use any of them. In the complex debate about US election security, the focus tends to be on campaigns, parties, states, voting equipment manufacturers, and national trends. But the literal administration of elections, like the printing of ballots, coordinating poll workers, and organizing polling places, falls to more than 10,000 county clerks and local municipalities, according to the nonprofit organization Verified Voting. And those are the people the Department of Homeland Security would like to sign up for its cybersecurity program.

Latvia: How to Russia-Proof an Election | Bloomberg

A nondescript office in Riga’s communist-era Institute of Mathematics and Computer Science may be Latvia’s last line of defense against threats to next month’s general election. There, the nation’s 29-strong CERT cyber-security group is bracing for its biggest test to date: repelling attempts by Russia to sway the voting process. Having studied meddling in the U.S. and fellow European Union members like Germany, the team is schooling state employees on suspicious emails and website links that could be phishing attempts, all the while receiving “threat feeds” from NATO and allied countries. Elsewhere, the government is working with Facebook Inc. and Twitter Inc. to stem the spread of fake news. Ballots at the Oct. 6 vote will be scanned electronically and can be counted by hand, should concerns arise at any precinct, adding an extra layer of security.

National: Hacks, Security Gaps And Oligarchs: The Business Of Voting Comes Under Scrutiny | NPR

It’s been a tough couple of years for the business of voting. There’s the state that discovered a Russian oligarch now finances the company that hosts its voting data. Then there’s the company that manufactures and services voter registration software in eight states that found itself hacked by Russian operatives leading up to the 2016 presidential election. And then there’s the largest voting machine company in the country, which initially denied and then admitted it had installed software on its systems considered by experts to be extremely vulnerable to hacking. Private companies play a crucial role in elections, from printing and designing ballots, to manufacturing voting machines, to hosting results websites. The industry exists because the local and state governments who run elections don’t have the resources or expertise to maintain all aspects of an election themselves.

National: Election Security Can Be as Simple as Preserving Paper | Inside Science

Joseph Stalin, no friend of free elections, is credited with saying it was not the people who cast the votes that decide elections. It’s the people who count them. Since the 2016 presidential election, considerable thought — but not much money — has gone into seeing if he’s wrong. According to an expert interviewed by NPR, it would cost at most $400 million to make states with vulnerable systems more secure, but a bill to do that died in Congress last month. There have been some changes in voting procedures, but whether the changes will be enough to block foreign and domestic interference with the upcoming midterm elections is simply unknown.

National: Inside Facebook’s Election ‘War Room’ | The New York Times

Sandwiched between Building 20 and Building 21 in the heart of Facebook’s campus, an approximately 25-foot-by-35-foot conference room is under construction. Thick cords of blue wiring hang from the ceiling, ready to be attached to window-size computer monitors on 16 desks. On one wall, a half-dozen televisions will be tuned to CNN, MSNBC, Fox News and other major networks. A small paper sign with orange lettering taped to the glass door describes what’s being built: “War Room.” Although it is not much to look at now, as of next week the space will be Facebook’s headquarters for safeguarding elections. More than 300 people across the company are working on the initiative, but the War Room will house a team of about 20 focused on rooting out disinformation, monitoring false news and deleting fake accounts that may be trying to influence voters before elections in the United States, Brazil and other countries.

California: Democrat hit with DDoS attacks during failed primary bid: report | The Hill

The campaign website of a Democratic congressional candidate in California was taken down by cyberattacks several times during the primary election season, according to cybersecurity experts. Rolling Stone reported on Thursday that cybersecurity experts who reviewed forensic server data and emails concluded that the website for Bryan Caforio, who finished third in the June primary, was hit with distributed denial of service (DDoS) attacks while he was campaigning. The attacks, which amount to artificially heavy website traffic that forces hosting companies to shut down or slow website services, were not advanced enough to access any data on the campaign site, but they succeeded in blocking access to bryancaforio.com four times before the primary, including during a crucial debate and in the week before the election.