Editorials: How to Protect the Midterms From Hackers | Bloomberg

Some 13 weeks till Election Day, and “The warning lights are blinking red,” says the U.S. director of national intelligence. “I cannot emphasize enough the vulnerability,” says Senator Marco Rubio. “We could be just a moment away from it going to the next level,” says the FBI director. On Thursday, the Trump administration’s national security team held a joint press conference to underscore the threat. They’re all worried about foreign countries meddling in the midterms, just as Russia did in 2016. And with good reason: Although election security hasn’t been a notable priority for this administration — it has evidently held just two meetings on the topic since taking office — there’s every reason to think more attacks are imminent. What’s the proper response? Precaution, not panic. In particular, three problems need attention. 

Georgia: Election officials knew system was at risk before 2016 vote | McClatchy

Georgia election officials got a friendly warning in August 2016 that their electronic voting system could be easily breached. But less than a month before the November election, a state cybersecurity official fretted that “critical vulnerabilities” persisted, internal emails show. The emails, obtained through a voting security group’s open records request, offer a glimpse into a Georgia election security team that appeared to be outmatched even as evidence grew that Russian operatives were seeking to penetrate state and county election systems across the country. “I am sure that you are aware that these are opportunities for malicious users to gather account credentials,” William Moore, a cybersecurity official on a Kennesaw State University team tasked with running Georgia’s election system, wrote to a colleague in October. Officials at Kennesaw’s Center for Election Systems were struggling to respond to the report of a cyber watchdog who nosed around the system to test its defenses two months earlier and wound up gaining access to a colossal, 15-gigabyte store of confidential material, including voter data and passwords to the system.

New Jersey: State sought more money to protect voting machines from hackers. Republicans in Congress said no. | NJ.com

New Jersey’s voting machines are among the nation’s most vulnerable to hacking, and state officials asked Congress for more money to protect their equipment. Republicans who run the show in Washington said no. Both the House and Senate declined to allocate millions of dollars in grants to states when they passed spending bills funding the Election Assistance Commission for the 12-month period beginning Oct. 1. “This is going to be an ongoing need and election officials are going to need a regular stream of funds to combat the threats and defend their systems,” said David Becker, executive director and founder of the Center for Election Innovation and Research, a Washington research group. …  State Attorney General Gurbir Grewal sought more federal help. “I strongly believe that the federal government should be doing more, not less, to ensure our democratic institutions are free from foreign intrusion, and I’m disappointed that Congress disagrees,” he said.

National: DEF CON plans to show US election hacking is so easy kids can do it | The Register

DEF CON Last year, the hackers at DEF CON showed how shockingly easy it was to crack into voting machine software and hardware. Next week, the 2018 conference’s Vote Hacking Village will let kids have a shot at subverting democracy. Beginning on Friday, August 10, teams in three age ranges, 8-11, 12-14 and 15-16, will be let loose on replica American government websites that report election results. In elections in the Ukraine and Ghana, these were hacked to spread confusion about the voting process and its results – and the village’s organizers hope the youngsters can do the same with US-style tech. “It’s just so easy to hack these websites we thought the grown-up hackers in the vote hacking village wouldn’t find it interesting,” Jake Braun, cofounder of the Vote Hacking Village and executive director of the University of Chicago Cyber Policy Initiative, told The Register. “When I was discussing it with a colleague, they noted ‘it would be child’s play’ and I said ‘good f**king point!’ and started planning the event with the Capture the Packet crew and the r00tz Asylum group, which trains young hackers.”

National: Russia Is ‘Keyboard Click’ From Major Election Hack, Coats Warns | Bloomberg

Russian efforts to interfere in upcoming U.S. midterm elections have yet to reach the intensity of the Kremlin’s campaign to disrupt the 2016 presidential vote, but they’re only “a keyboard click away” from a more serious attack, Director of National Intelligence Dan Coats said. “We have not seen that kind of robust campaign from them so far,” Coats said in a briefing at the White House on Thursday. Coats was among five top national security leaders — including National Security Adviser John Bolton, FBI Director Christopher Wray, Homeland Security Secretary Kirstjen Nielsen and General Paul Nakasone, director of the National Security Agency — who blasted Russian efforts to interfere in U.S. elections. The White House is looking to tamp down criticism that President Donald Trump has appeared reluctant to hold Russia accountable for election tampering. He provoked an uproar at the July summit with Vladimir Putin in Helsinki by casting doubt on U.S. intelligence findings that Russia interfered in the 2016 election.

National: How the U.S. Is Fighting Russian Election Interference | The New York Times

Senior Trump administration officials warned on Thursday that Russia is trying to interfere in November’s midterm elections and the 2020 presidential election and vowed to combat Moscow’s aggression. The high-profile alarm sounded at the daily White House briefing was striking for the officials’ unequivocal warnings, a departure from President Trump’s fumbling acknowledgments that Moscow undertook an influence campaign in 2016 to exploit partisan divisions in the American electorate and sow discord. “This is a threat we need to take extremely seriously and to tackle and respond to with fierce determination and focus,” said the F.B.I. director, Christopher A. Wray. 

National: Trump knocked by both parties as not doing securing US elections | Associated Press

As alarms blare about Russian interference in U.S. elections, the Trump administration is facing criticism that it has no clear national strategy to protect the country during the upcoming midterms and beyond. Both Republicans and Democrats have criticized the administration’s response as fragmented, without enough coordination across federal agencies. And with the midterms just three months away, critics are calling on President Donald Trump to take a stronger stand on an issue critical to American democracy. “There’s clearly not enough leadership from the top. This is a moment to move,” said Maryland Sen. Chris Van Hollen, head of the Democratic Senatorial Campaign Committee. “I don’t think they are doing nearly enough.”

National: The DNC Enlists Kids in Its Fight Against Hackers | WIRED

Voting systems in the United States are so woefully hackable, even an 8-year-old could do it. At least, that’s the conceit of a competition cosponsored by the Democratic National Committee at next week’s Def Con hacker conference in Las Vegas. The contest will include children, ages 8 to 16, who will be tasked with penetrating replicas of the websites that secretaries of state across the country use to publish election results. They’ll vie for $2,500 in prize money, $500 of which will come from the DNC and be awarded to the child who comes up with the best defensive strategy for states around the country. The DNC’s chief technology officer, Raffi Krikorian, says he was inspired to team up with Def Con after scoping out an event at last year’s conference called Voting Village, where attendees—grown-ups this time—got to hack into various models of voting machines and find flaws. “We wanted to figure out how we could use this to our advantage,” Krikorian tells WIRED. “Let’s get those lessons back to secretaries of state.”

Zimbabwe: Cyber crooks hack Zimbabwe’s official poll site | CAJ News

Cybercriminals have hacked into the website of the Zimbabwe Electoral Commission (ZEC) in the latest crisis to batter elections held in the country earlier this week. A day after soldiers killed at least three people in post-election violence in the capital Harare, ZEC confirmed it had to take its website (https://www.zec.org.zw) down after it was hacked into. “Our website was hacked and we had to take it down minutes after discovering it was compromised,” said Qhubani Moyo, the ZEC spokesperson. He announced the hacking to media in Harare on Thursday.

National: Senate Republicans block additional funding for election security | FCW

Senate Republicans successfully beat back another attempt by Democrats to extend hundreds of millions of dollars in grant funding to assist states and localities looking to upgrade the security of their election systems. Sen. Patrick Leahy (D-Vt.) introduced an amendment to “minibus” appropriations legislation that would have allocated $250 million in federal funding to replace outdated and insecure voting machines, provide security training for election workers, upgrade voter registration software and fund other state and local initiatives related to election security. Sen. James Lankford (R-Okla.), one of the original co-sponsors of the Secure Elections Act that initially proposed grant funding to states, took to the floor to oppose the amendment. Lankford said he was opposing the measure because Congress voted in favor of giving $380 million to states earlier this year.

National: As midterm elections approach, a growing concern that the nation is not protected from Russian interference | The Washington Post

Two years after Russia interfered in the American presidential campaign, the nation has done little to protect itself against a renewed effort to influence voters in the coming congressional midterm elections, according to lawmakers and independent analysts. They say that voting systems are more secure against hackers, thanks to action at the federal and state levels — and that the Russians have not targeted those systems to the degree they did in 2016. But Russian efforts to manipulate U.S. voters through misleading social media postings are likely to have grown more sophisticated and harder to detect, and there is not a sufficiently strong government strategy to combat information warfare against the United States, outside experts said. Despite Facebook’s revelation this week that it had closed down 32 phony pages and profiles that were part of a coordinated campaign, technology companies in general have struggled to curb the flow of disinformation and hacking and have received little guidance from the U.S. government on how to do so.

National: Senate rejects additional election security spending even as experts warn of growing foreign threat | ABC

Even as experts on cybersecurity and foreign interference told lawmakers Wednesday that the threat from Russia and other states seeking to influence American democracy is getting worse, the Senate failed to approve $250 million for state election security in the coming fiscal year. The specialists were testifying about the threat specifically as it relates to social media, but they were arguing that the U.S. government needs to mount a more aggressive and comprehensive approach to counter threats from foreign governments’ efforts to undermine U.S. institutions including elections. “As we focus on the past, we are missing what is happening and what will happen again,” Laura Rosenberger, director of the Alliance for Securing Democracy and a fellow at the German Marshall Fund, told the Senate Intelligence Committee.

National: The Government Needs Better Data to Stop Election Meddling | Nextgov

Online platforms need to be more transparent with government to help fight increasingly sophisticated online misinformation campaigns led by Russia and other adversaries, social media experts and internet analysts told lawmakers on Wednesday. Government leaders must also make it clear to adversaries there will be consequences if they attempt to disrupt elections, they said. Nearly two years after officials first uncovered Russia’s attempts to meddle in the U.S. election, the conversation on Capitol Hill is shifting away from what happened in 2016 to how to stop similar campaigns in the years ahead. In their testimony before the Senate Intelligence Committee, witnesses said Russian attempts to influence American politics continue even today and the government has a responsibility to lessen the impact of information warfare on society. They said that role could include alerting the public when influence attempts are uncovered, deterring foreign leaders from engaging in such campaigns and identifying potential threats in new technologies like artificial intelligence before bad actors can exploit them. 

National: Campaigns Grapple With Cybersecurity as Russian Threat Looms | Roll Call

Amid increased warnings of Russian interference in the midterm elections — and evidence that hackers are targeting candidates — congressional campaigns are trying to balance cybersecurity with the demands of competitive contests. That’s especially difficult for small House campaigns. But experts warn that such campaigns, particularly in competitive races, are prime targets for hackers and foreign adversaries. Take Minnesota’s 8th District, one of 10 Toss-up House contests according to Inside Elections with Nathan L. Gonzales, where two Democrats have noticed Russian interest in the open-seat race. Traffic originating from Russia started increasing on Joe Radinovich’s campaign website around the time the Democratic-Farmer-Labor Party was conducting its endorsement process in the 8th District in northeastern Minnesota.

Editorials: Russia Attacks America’s Election System. Trump Shrugs. | The New York Times

With fewer than 100 days to go until the midterms, the evidence continues to pile up that America’s electoral system remains a hot target for hackers, most notably agents of the Russian government. Last Thursday, Senator Claire McCaskill, the Missouri Democrat up for re-election this year, confirmed that she was one of two or possibly three congressional candidates whose computer networks had been unsuccessfully targeted by the Russians last year. The phishing attack, which occurred last August, was thwarted by Microsoft, which subsequently alerted her to the attempt. “While this attack was not successful, it is outrageous that they think they can get away with this,” said Ms. McCaskill in a statement. Three days later, Senator Jeanne Shaheen, a New Hampshire Democrat, acknowledged that, in an unrelated episode, her office also had been a target of multiple spear-phishing attacks, the origins of which have yet to be officially determined. The effort bears similarities to Russia’s handiwork, but the matter is still under investigation. Ms. Shaheen said she had been told that this problem “is widespread, with political parties across the country, as well as with members of the Senate.” (Ms. Shaheen, a staunch critic of President Vladimir Putin of Russia, also received a phone call in November from someone impersonating a Latvian official and hoping to gain inside information on American sanctions against Russia. 

National: Whoever Is Trying to Hack America’s Elections Is Getting Smarter | Vanity Fair

Earlier this month, when Facebook executives were asked whether the company had detected any sign of foreign interference in the rapidly approaching 2018 midterm elections, the company hedged. “We know that Russians and other bad actors are going to continue to try to abuse our platform,” Nathaniel Gleicher, Facebook’s head of cybersecurity policy, told reporters on a call. “We are continually looking for that type of activity, and as and when we find things, which we think is inevitable, we’ll notify law enforcement, and where we can, the public.” As it turns out, Facebook was already well on its way to identifying a new threat. On Tuesday, the company announced it had detected a campaign to influence November elections by targeting divisive social issues, similar to the effort put forth by the Kremlin-linked Internet Research Agency in the run-up to the 2016 election. “We’re still in the very early stages of our investigation and don’t have all the facts—including who may be behind this,” the company wrote in a blog post. But, the post continued, “It’s clear that whoever set up these accounts went to much greater lengths to obscure their true identities than the Russian-based Internet Research Agency has in the past.”

National: The McCaskill Hack May Have Been Averted, But Cybersecurity Gaps Remain on Capitol Hill | Government Technology

That could mean the money Congress poured into improved training and a more robust information security posture for staff is working. But the legislative branch is still playing catch up to get ahead of threats. McCaskill’s staff may have been better prepared than others on Capitol Hill. She has advocated improved information security fluency and, as the top Democrat on the Senate Homeland Security and Governmental Affairs Committee, she has pushed for a more robust information security workforce. The House mandated information security training for all employees in early 2015. All staffers who have a House network username and password must complete annual training.

National: DHS launches a new cyber hub to coordinate against threats to US infrastructure | TechCrunch

Among the many things the current administration has been criticized for is its lack of a unified strategy to combat cyber threats, especially in light of ongoing election interference and psy ops perpetrated by Russia. The Department of Homeland Security is advancing the ball with the creation of the National Risk Management Center, intended on protecting critical infrastructure from attacks and subversion by online adversaries. The NRMC was announced today at a cyber summit in New York held by the agency, where DHS Secretary Kirstjen Nielsen explained the purpose and justification for this new entity. Remarkably, she directly contradicted the ongoing soft-pedaling by the Executive of Russian operations targeting the country. “Let me be clear: Our intelligence community had it right. It was the Russians. It was directed from the highest levels. And we cannot and will not allow it to happen again,” she said.

National: Pence says ‘Russia meddled’ in 2016 elections, explains security plans | CNBC

Vice President Mike Pence described several new initiatives meant to prevent cyberattacks against U.S. elections systems on Tuesday. The Federal Bureau of Investigation has formed a foreign influence task force, he said, aimed at investigating sources of nation-state backed election influence. DHS has launched the elections information sharing and analysis center, which includes participation from U.S. secretaries of state with the goal of sharing threat information to “help prevent attacks before they happen.” Pence said the moves would “elevate American security.”

Vermont: Ahead of Primary, Officials Tighten Election Security | NECN

Primary day in Vermont is Aug. 14, with a host of races on the ballot — including Democrats making their pick for their gubernatorial candidate in November, and the incumbent Republican governor facing a challenge from within his own party. Behind the scenes, election officials say they are increasingly focused on securing the vote from hackers. Even in tiny Montpelier, so far from Washington, election meddling is on the mind of some voters, after near-daily headlines of Russia’s campaign to influence the 2016 elections. “Hopefully they have better things to do,” voter Bill Provost said of election hackers from Russia or elsewhere.

Wisconsin: Activists push Wisconsin to audit voting machines in advance of 2018 midterms | Daily Dot

As reports of Russian interference in the 2016 election (and continued potential interference in American election matters) keep bubbling up, Wisconsin, a key swing state, has learned its voting machines appear to be vulnerable to hacking. Five elections experts told the Wisconsin Center for Investigative Journalism that the state’s voting systems are able to be hacked, the Wisconsin Center for Investigative Journalism reports. According to the report, our increasingly “modern” voting systems are subject to a variety of issues that can affect election outcomes. While outside hacking is one possibility, human error, dust bunnies on the machines’ optical scanners, and other issues are commonplace. A number of activists are pushing for more stringent election audits in order to ensure that votes are counted accurately and reflect voters’ choices.

Voting Blogs: Time Running Out to Secure Against 2018 Election Cyberattacks | Democracy Chronicles

In a wide-ranging set of indictments handed down on July 13, 2018, the U.S. Department of Justice (DOJ) charged 12 Russian intelligence officers with brazenly attacking U.S. election infrastructure during the 2016 presidential election. On that same day, Director of National Intelligence Dan Coats sounded the alarm that Russia is continuing its cyberattacks on the United States, ominously stating that “the warning lights are blinking red again,” just as they were before the terrorist attacks of 9/11. Coats went on to say that the nation’s election systems and other digital infrastructure are “literally under attack.” Yet, in the face of overwhelming evidence, for more than a year-and-a-half, President Donald Trump has cast doubt on these consistent warnings. It now is incumbent on Congress, key members of the administration, state and local officials, and other stakeholders to take aggressive steps within their respective purviews to secure our election infrastructure.

National: The fight over election security comes to the Senate floor | The Washington Post

The Senate could be headed for a showdown this week over funding for state election security. Democrats are pushing for a floor vote on an amendment that would set aside an additional $250 million in grants for states to upgrade their voting systems and make other improvements. But they face firm opposition from Republicans, who say the initial round of funding Congress provided states earlier this year is sufficient. A similar amendment was rejected by the House two weeks ago in a party-line vote. Election security funding is fast emerging as a political hill Democrats are willing to die on. Although the amendment is unlikely to pass in the GOP-controlled Senate, Democrats can use it to hammer President Trump at a time when the White House is frantically trying to patch up the damage from his recent flip-flopping on the threat from Russia. Democrats are also hoping that a floor fight over the merits of grant money could make Republicans look like they’re standing in the way of resources state officials say they need to protect the vote. Whether that will help Democrats come November is unclear, but public polling has showed strong majorities of Americans want to see more action from the administration on election security.

National: How the Russian government used disinformation and cyber warfare in 2016 election – an ethical hacker explains | phys.org

The Soviet Union and now Russia under Vladimir Putin have waged a political power struggle against the West for nearly a century. Spreading false and distorted information – called “dezinformatsiya” after the Russian word for “disinformation” – is an age-old strategy for coordinated and sustained influence campaigns that have interrupted the possibility of level-headed political discourse. Emerging reports that Russian hackers targeted a Democratic senator’s 2018 reelection campaign suggest that what happened in the lead-up to the 2016 presidential election may be set to recur. As an ethical hacker, security researcher and data analyst, I have seen firsthand how disinformation is becoming the new focus of cyberattacks. In a recent talk, I suggested that cyberwarfare is no longer just about the technical details of computer ports and protocols. Rather, disinformation and social media are rapidly becoming the best hacking tools. With social media, anyone – even Russian intelligence officers and professional trolls – can widely publish misleading content. As legendary hacker Kevin Mitnick put it, “it’s easier to manipulate people rather than technology.”

National: Voting-machine makers are already worried about Defcon | Engadget

Last year, Defcon’s Voting Village made headlines for uncovering massive security issues in America’s electronic voting machines. Unsurprisingly, voting-machine makers are working to prevent a repeat performance at this year’s show. According to Voting Village organizers, they’re having a tough time getting their hands on machines for white-hat hackers to test at the next Defcon event in Las Vegas (held in August). That’s because voting-machine makers are scrambling to get the machines off eBay and keep them out of the hands of the “good guy” hackers. Village co-organizer Harri Hursti told attendees at the Shmoocon hacking conference this month they were having a hard time preparing for this year’s show, in part because voting machine manufacturers sent threatening letters to eBay resellers. The intimidating missives told auctioneers that selling the machines is illegal — which is false.

Editorials: Replace Georgia’s risky touchscreen voting machines | Richard DeMillo/Atlanta Journal Constitution

s the 2016 cyber-attacks on U.S. elections continue unabated this election year, most everyone agrees that Georgia’s aging, insecure voting machines must be replaced with a new system to increase public confidence. Georgia legislators tried this spring to authorize purchase of a new system, but the flawed legislation failed. That’s a good thing. It would have made the situation worse, not better. In the wake of this failure, Secretary of State Brian Kemp formed a blue-ribbon Commission on Secure, Accessible and Fair Elections (SAFE) to study the options for Georgia’s next voting system. In short, the Secretary set up a way for Georgia to dig itself out of its election integrity hole and leapfrog to the front of the pack nationwide. At SAFE’s first meeting, Mr. Kemp sabotaged his own commission. The laudable goal of that meeting was to describe Georgia’s current system. Briefing slides are available online. Not apparent in the published material is a disturbing pattern of giving SAFE false and misleading information. If not corrected, the Commission’s recommendations will be as flawed as other efforts to fix the current system. Here are five egregious examples of such misinformation.

Wisconsin: Election voting systems still vulnerable to hacking | Milwaukee Journal Sentinel

Visiting Wisconsin on June 28, President Donald Trump tweeted “Russia continues to say they had nothing to do with meddling in our Election!” It was not the first time the president cast doubt on Russian interference in the 2016 election, contradicting conclusions of the FBI, CIA and National Security Agency, as well as reports by bipartisan committees in both chambers of Congress.  But Russians have been testing the vulnerability of elections in Wisconsin and other states for years, and top U.S. intelligence officials have warned the 2018 midterm elections are a potential target of Russian cyber attacks and disinformation.  A key swing state, Wisconsin was the scene of Russian measures in 2016 that utilized social media and also probed the websites of government agencies.

National: Russians Are Targeting Private Election Companies, Too — And States Aren’t Doing Much About It | FiveThirtyEight

The American election system is a textbook example of federalism at work. States administer elections, and the federal government doesn’t have much say in how they do it. While this decentralized system has its benefits, it also means that there’s no across-the-board standard for election system cybersecurity practices. This lack of standardization has become all the more apparent over the past two years: Hackers probed 21 state systems during the lead-up to the 2016 election and gained access to one. But the federal government and states don’t appear to have made great strides to ensure that this doesn’t happen again. To do so, they’d need to deal with not only their own cybersecurity deficits but also those of the private companies that help states administer elections.

National: Russian Hackers Targeted The Most Vulnerable Part Of U.S. Elections. Again. | NPR

When Russian hackers targeted the staff of Sen. Claire McCaskill, D-Mo., they took aim at maybe the most vulnerable sector of U.S. elections: campaigns. McCaskill’s Senate staff received fake emails, as first reported by The Daily Beast, in an apparent attempt by Russia’s GRU intelligence agency to gain access to passwords. McCaskill released a statement confirming the attack but said there is no indication the attack was successful. “Russia continues to engage in cyber warfare against our democracy. I will continue to speak out and press to hold them accountable,” McCaskill said. “I will not be intimidated. I’ve said it before and I will say it again, Putin is a thug and a bully.”

National: Jeanne Shaheen: Senators targeted in “widespread” hacking attempts by Russia | CBS

Amid ongoing concern over continued efforts by Russian hackers to infiltrate U.S. election systems, Democratic Sen. Jeanne Shaheen of New Hampshire says that her office has been the subject of at least one phishing attack targeting email accounts and social media profiles. Shaheen’s experience comes after fellow Democratic Sen. Claire McCaskill of Missouri said that Russian hackers tried unsuccessfully to infiltrate her office’s computer network. Shaheen worries that the issue is more widespread than many think. “There has been one situation that we have turned over to authorities to look into, and we’re hearing that this is widespread, with political parties across the country, as well as with members of the Senate,” Shaheen told “Face the Nation” on Sunday.