National: Hacking the vote: Threats keep changing, but election IT sadly stays the same | Ars Technica

The outcome of the 2016 presidential election is history. But allegations of voter fraud, election interference by foreign governments, and intrusions into state electoral agencies’ systems have since cast a pall over the system that determines who makes the laws and enforces them in the United States. Such problems will not disappear no matter what comes out of a presidential commission or a Congressional hearing. “Amazon will not go out of business because one percent of its transactions are fraudulent,” said David Jefferson, a visiting computer scientist at Lawrence Livermore National Laboratory and chairman of the Verified Voting Foundation, a non-governmental organization working toward accuracy, integrity, and verifiability of elections. “That’s not the case for elections.” Jefferson’s words came during his talk at the latest edition of DEFCON, the annual infosec event. Election hacks naturally became something of an overarching theme within the Caesar’s Palace convention center this summer. In fact, there was an entire room dedicated solely to testing the reliability of US electronic voting systems. Called “Voting Village,” the space was filled with more than 25 pieces of electoral hardware—voting machines and other electronic election-management equipment—in various stages of deconstruction. Any curious conference attendee, no matter where they fell within the conference’s wide technical skill spectrum, could contribute to the onslaught of software and hardware hacks targeting the machines in this de facto lab.

National: The three kinds of election-hacking threats | Slate

It’s been almost a year since Election Day 2016, but the campaign news hasn’t stopped. Oct. 30 brought the first indictments in special counsel Robert Mueller’s investigation into possible collusion between the Russian government and the Trump campaign. On Tuesday and Wednesday, representatives from Facebook, Google, and Twitter faced congressional grilling over widespread Russian influence on their platforms. Also on Wednesday, the Wall Street Journal reported that the Department of Justice is considering charging Russian government officials for crimes related to the Democratic National Committee hack. Amid the flurry, it’s easy to blur these conversations—especially because they all seem to feature Russia. But the election-hacking conversation desperately needs to be untangled. Whatever other revelations may come, it helps to remember that election hacking is really about three separate threats: hacking voters, hacking votes, and causing disruption or chaos. … The second threat is of manipulated votes—essentially, that voting machines will be hacked. The Department of Homeland Security found no evidence that malicious actors successfully compromised any vote-tallying machines in 2016. However, a leaked NSA document from this summer shows that Russian hackers targeted and compromised a Florida-based voting-equipment vendor and then used the stolen credentials to target local election officials. Thankfully, the compromised vendor, VR Systems, doesn’t run any vote-tabulation equipment. However, its digital access and proximity to local election officials—who work with those who do program voting machines—is worrying.

National: Local voting districts seen as crucial to election security | Associated Press

Last November, election officials in a small Rhode Island town were immediately suspicious when results showed 99 percent of voters had turned down a noncontroversial measure about septic systems. It turned out an oval on the electronic ballot was misaligned ever so slightly and had thrown off the tally. The measure actually had passed by a comfortable margin. The scary part: The outcome might never have raised suspicion had the results not been so lopsided. … States vary widely in what they are doing to tighten security. Colorado and Rhode Island have adopted more rigorous statistical methods for double-checking the votes, while others are making or weighing changes to their voting technology. “Always, there’s been a hypothetical. But clearly, now it is a real threat,” said Noah Praetz, election director for Cook County, Illinois. “The fact that we now have to defend against nation-state actors — Russia, China, Iran. It’s a very different ballgame now.”

National: Homeland Security cyber unit on alert for Election Day | The Hill

Russia’s intervention in the 2016 presidential election yielded an unexpected result for officials at the Department of Homeland Security (DHS): it has put them in the driver’s seat for protecting future elections from cyberattacks. Since January, officials at the agency have grappled with how to work with state and local election officials to share information on imminent threats and develop response plans for when things go awry. The effort has spawned tensions with state officials, who are wary of a “federal takeover” of elections and have panned the slow pace at which the federal government offered up details on the Russia threat. Homeland Security has pressed forward, standing up a special council in October to engage with election officials on potential threats and how to defend against and respond to them. 

North Carolina: Counties OK to use elections software targeted by hackers | News & Observer

Voting software that’s been under a cloud for months can be used in elections next week. The State Board of Elections & Ethics Enforcement is appealing an administrative law judge’s decision Friday allowing counties to use software from a company called VR Systems that checks voters’ registration information. Durham was using VR software on Election Day last year when a malfunction forced the county to switch to paper poll books. The glitch halted voting in some areas, and eight precincts extended voting hours. The state elections board doesn’t want counties to use the software. The board hasn’t certified it, as required by law. In a court complaint, VR Systems said the elections board improperly revoked its license, and that some counties still want to use its product. The company’s court complaint said Mecklenburg County used VR software in the September primaries, and Nash County used it in October, without problems and despite the state prohibition.

National: Senators release new election cybersecurity bill | The Hill

Sens. Martin Heinrich (D-N.M.) and Susan Collins (R-Maine) introduced a multifaceted election cybersecurity bill Tuesday, including a bug bounty program for systems manufacturers and a grant program for states to upgrade technology. “While the Intelligence Committee’s investigation is still ongoing, one thing is clear: The Russians were very active in trying to influence the 2016 election and will continue their efforts to undermine public confidence in democracies,” said Collins in a statement celebrating the bill. “The fact that the Russians probed the election-related systems of 21 states is truly disturbing, and it must serve as a call to action to assist states in hardening their defenses against foreign adversaries that seek to compromise the integrity of our election process.”

Georgia: Attorney General Quits Representing Election Officials In Lawsuit After Server Wiped | Associated Press

The Georgia attorney general’s office will no longer represent state election officials in an elections integrity lawsuit in which a crucial computer server was quietly wiped clean three days after the suit was filed, The Associated Press has learned. The lawsuit aims to force Georgia to retire its antiquated and heavily criticized touchscreen election technology, which does not provide an auditable paper trail. The server in question was a statewide staging location for key election-related data. It made national headlines in June after a security expert disclosed a gaping security hole that wasn’t fixed for six months after he first reported it to election authorities. Personal data was exposed for Georgia’s 6.7 million voters as were passwords used by county officials to access files. The assistant state attorney general handling the case, Cristina Correia, notified the court and participating attorneys Wednesday that her office was withdrawing from the case, according to an email obtained by the AP. Spokeswoman Katelyn McCreary offered no explanation and said she couldn’t comment “on pending matters.”

National: SAVE Act attempts to bolster election security | TechTarget

Two senators introduced a new election security bill with the aim of providing assistance to states in order to protect against cyberattacks on voting infrastructure. The bipartisan bill — the Securing America’s Voting Equipment (SAVE) Act — was put forward by Senators Susan Collins (R-Maine) and Martin Heinrich (D-N.M.). The aim of the bill, according to Collins, is to “assist states in protecting the integrity of their voting systems. “Our bill seeks to facilitate the information sharing of the threats posed to state election systems by foreign adversaries, to provide guidance to states on how to protect their systems against nefarious activity and, for states who choose to do so, to allow them to access some federal grant money to implement best practices to protect their systems,” Collins said on the Senate floor. Collins said that she knew of “no evidence to date that actual vote tabulations were manipulated in any state” during the 2016 U.S. election, but noted that the FBI and Department of Homeland Security (DHS) found 21 states had election systems probed by Russian hackers.

National: Researcher discovers over 250 of Trump’s web domains are communicating with Russian servers, sharing weird files | BGR

The US Presidential election is almost a full year in the rear view mirror, but many are still working diligently to determine whether or not everything that happened during the course of the campaigns and voting process was above board. A new report from researchers at Unhack The Vote alleges that Donald Trump’s various web properties could hold a clue as to the President’s communication ties with Russia, and the evidence is quite substantial.

Georgia: Attorney General Won’t Defend State In Voting Machine Case | Courthouse News

Georgia’s attorney general announced Wednesday his office will not defend the state against claims it knowingly used antiquated voting technology in recent elections despite knowing it was vulnerable to being hacked. The Coalition for Good Governance and Georgians for Verified Voting, both of which advocate for voting transparency, sued Georgia Secretary of State Brian Kemp in Fulton County Superior Court on July 3. The case was removed to federal court in August. The proceedings are pending. However, it was recently revealed that a computer server crucial to the lawsuit was erased four days after the suit was filed in state court, according to Marilyn Marks, executive director of the Coalition for Good Governance, “there’s conflicting information between what the attorney general has stated and what defendants have stated regarding the destruction of records.” “It suggests there’s something very troubling and serious happening,” Marks said. Earlier this week the state attorney general’s office notified U.S. District Judge Amy Totenberg that Georgia Attorney General Christopher Carr is stepping down from the case.

Estonia: A test case for Russian hacking threat – e-voting grows despite tampering concerns | Global Journalist

Tiny Estonia might seem an unlikely place to see the future of technology. With just 1.3 million people, the country has fewer people than San Diego and is just three decades removed from Soviet rule. But “E-stonia,” as its known, has also brought the world Skype as well as up-and-coming startups like robotics firm Starship Technologies and payments provider TransferWise.  Yet Estonia’s technology prowess has also made it something of a laboratory for the dangers of the threats posed by hackers backed by neighboring Russia. In a country where 90 percent use online banking, 95 percent file taxes online and 30 percent cast their ballots from a computer, Estonia is a target-rich environment for cyberattacks. Indeed the NATO-member country is the site of what may have been the world’s first politically-motivated digital attack in 2007. In that year, Estonia angered Russia by relocating a World War II era memorial to Soviet troops. Soon, the networks of government ministries, banks and leading Estonian newspapers went down, the result of a massive and sophisticated botnet attack. 

National: Russia Hackers Had Targets Worldwide, Beyond US Election | Associated Press

The hackers who upended the U.S. presidential election had ambitions well beyond Hillary Clinton’s campaign, targeting the emails of Ukrainian officers, Russian opposition figures, U.S. defense contractors and thousands of others of interest to the Kremlin, according to a previously unpublished digital hit list obtained by The Associated Press. The list provides the most detailed forensic evidence yet of the close alignment between the hackers and the Russian government, exposing an operation that stretched back years and tried to break into the inboxes of 4,700 Gmail users across the globe – from the pope’s representative in Kiev to the punk band Pussy Riot in Moscow. “It’s a wish list of who you’d want to target to further Russian interests,” said Keir Giles, director of the Conflict Studies Research Center in Cambridge, England, and one of five outside experts who reviewed the AP’s findings. He said the data was “a master list of individuals whom Russia would like to spy on, embarrass, discredit or silence.”

Georgia: Latest development in elections suit just makes whole thing curiouser and curiouser | Columbus Ledger-Enquirer

There have been some rather sudden and noteworthy changes regarding the Georgia secretary of state’s office and the lawsuit over the reliability and integrity of the state’s voting system. The casual version is that Secretary of State Brian Kemp has changed lawyers, edited his Facebook page, and revised his account of how and why data on a server at the heart of the suit quickly and quietly vanished. Headline detail: The reason the secretary of state has new legal counsel is that the Georgia attorney general’s office announced Wednesday it will no longer represent Kemp and other election officials in the suit. As reported by the Associated Press, Cristina Correia, the assistant AG handling the case, notified the court, the secretary of state’s office and other attorneys Wednesday by email that the attorney general’s office is withdrawing. A spokesperson for the department would not comment, and Correia’s email did not say whether the private firm that will represent Kemp and the other defendants will be paid at state expense, AP reported.

Georgia: Former Gov. Roy Barnes’ firm to represent Georgia in lawsuit | Atlanta Journal Constitution

Former Gov. Roy Barnes’ law firm will represent Georgia Secretary of State Brian Kemp in a lawsuit that a national election transparency advocacy group filed to force the state to overhaul its election system. The Department of Administrative Services has replaced Attorney General Christopher Carr with Barnes Law Group to represent Kemp, the state Election Board and others named in the case, Kemp spokeswoman Candice Broce said. The Charlotte-based Coalition for Good Governance, led by Executive Director Marilyn Marks, has said that reported security lapses show the state’s system is “vulnerable and unreliable” and should not have been used for the 6th Congressional District runoff race in June — nor should it be used in next week’s election. Kennesaw State University runs the Center for Elections Systems and is also a defendant in the lawsuit. …  KSU said the server that had been examined by the FBI was wiped so it could be repurposed, and that the FBI had a copy of the data that were on the server.

Wisconsin: Elections chairman: State must ready for more Russian attempts to hack election systems | Wisconsin State Journal

Wisconsin’s election IT infrastructure must be better secured before the 2018 election after federal officials said “Russian government cyber actors” targeted it during last year’s campaign, state elections commissioners said. “We now know from (the federal Department of) Homeland Security that the Russian government attempted to gain access to the Wisconsin election structure — and that they’re going to come back again,” commission chairman Mark Thomsen said. How the state should respond will be the topic of a special elections commission meeting next month. But Thomsen, a Democratic appointee to the commission, said Gov. Scott Walker’s decision to cut funding for the commission in the state budget will make the task more difficult.

Editorials: A draft US law to secure election computers that isn’t braindead | Iain Thomson/The Register

A law bill was introduced today to the US Senate designed to safeguard American elections from hacking by miscreants or manipulation by Russian or other foreign agents. The Securing America’s Voting Equipment (SAVE) Act [PDF] would designate elections systems as part of the US national critical infrastructure, task the Comptroller General of the United States with checking the integrity of voting machines, and sponsor a “Hack the election” competition to find flaws in voting machines. “Our democracy hinges on protecting Americans’ ability to fairly choose our own leaders. We must do everything we can to protect the security and integrity of our elections,” said cosponsor Senator Martin Heinrich (D-NM). “The SAVE Act would ensure states are better equipped to develop solutions and respond to threats posed to election systems. Until we set up stronger protections of our election systems and take the necessary steps to prevent future foreign influence campaigns, our nation’s democratic institutions will remain vulnerable.”

Georgia: Kennesaw State Says Elections Server Was Wiped After FBI Gave Clearance | WABE

Kennesaw State University says a computer server holding state election data was wiped clean after copies of it were made by the FBI and the agency told KSU its investigation into a possible hack was complete. A group suing the state, charging Georgia’s voting system is outdated and not secure, says KSU erased the server in July after its lawsuit was filed. The group says data on the server may have revealed whether state elections were hacked. “This was not accidental. This was something that was conducted with purpose to make sure that the information could never be recovered again,” said Richard DeMillo, a computing professor at Georgia Tech who has been closely watching the case.

Georgia: US Congressman Johnson: Was election “stolen” for Handel? | WXIA

Georgia Congressman Hank Johnson says he thinks Republicans may have stolen an election from his fellow Democrat, Jon Ossoff. Ossoff lost a special congressional election to Republican Karen Handel in June in the most expensive congressional election in US history. It’s easy to forget now that on April 18th, Jon Ossoff nearly won a special election to replace Rep. Tom Price. Ossoff won more than 48 percent of the vote in a crowded field – but because he failed to get 50 percent, the Democrat entered a runoff election with Republican Karen Handel. “A difference of about 3200 votes,” recalled US Rep. Hank Johnson. The Democrat had employed Ossoff as a congressional aide. Ossoff stayed consistently ahead in most polls leading up to the runoff – then lost on election night. “I think it’s quite possible that Jon Ossoff won that election and the election was stolen from him. That’s my suspicion,” Johnson said Monday.

National: State officials press Congress for more election cyber resources | The Hill

State election officials on Tuesday urged members of Congress to send more resources to states to bolster the security of their election IT infrastructure. Officials from Rhode Island and Virginia made the plea to Democratic members of a task force focused on election cybersecurity that was formed in the wake of Russian interference in the 2016 presidential election. “States need additional funding and resources dedicated to the security of election systems,” Rhode Island Secretary of State Nellie Gorbea (D) told lawmakers at the public forum on Capitol Hill. “These funds are critically needed for the assessments, testing procedures and the strengthening of IT capacity. In many states, they also need funding for the hardware of voting systems themselves.” Gorbea urged Congress to play a “critical role” by both appropriating additional resources to states for election cybersecurity and exercising oversight of the federal government’s efforts to safeguard future elections. 

Georgia: Incompetence or a Cover-Up? Georgia destroyed election data right after a lawsuit alleged the system was vulnerable. | Slate

On July 3, state voters and a good-government group filed a lawsuit alleging that Georgia officials ignored warnings that the state’s electoral system was extremely susceptible to hacking. On July 4, Georgia Secretary of State Brian Kemp’s office was alerted about the lawsuit by the press and declined to comment. It received a copy of the suit on July 6. And on July 7, Georgia officials deleted the state’s election data, which would have likely been critical evidence in that lawsuit, the Associated Press reported Thursday. Two things could have happened here. Either it was an incredible act of incompetence on the part of Georgia’s election officials, or it was an attempted cover-up to try to hide from the public a major election security lapse. Lawmakers from both parties are calling for heads to roll.

Editorials: Georgia’s voting system – Outrageous security lapse | SavannahNow

The fact that the state university housing the servers that are at the center of a case over the security of Georgia’s election system wiped them clean of all data is both an outrage and extremely suspicious. If a pending state investigation into this breach at the Center for Elections System at Kennesaw State University shows that laws were broken, then Georgia Attorney General Christopher Carr shouldn’t hesitate to file charges. The sanctity of Georgia’s ballot box and its elections records must be protected. Our democracy is based on free and fair elections. The public must have confidence that the process is safe and secure. According to The Hill newspaper in Washington, the servers in question had been in the possession of the Center for Elections System, which runs Georgia’s election system on a contract basis. On July 3, a diverse group of election reform advocates filed suit, alleging that Georgia’s election system was flawed and could potentially be rigged. The plaintiffs want to scrap the state’s 15-year-old vote-management system, particularly its 27,000 AccuVote touchscreen voting screens, which are used in Chatham County and elsewhere, that don’t employ paper ballots or keep hardcopy proof of how voters voted. They allege these machines are hackable.

Czech Republic: Election websites hacked, vote unaffected: Statistics Office | Reuters

results were hacked on Saturday afternoon, the Czech Statistical Office (CSU) said on Sunday, adding that the vote count was not affected. Czechs voted on Friday and Saturday in the parliamentary election, with the results then shown on two websites that CSU maintains with an outside provider. “During the processing (of the vote), there was a targeted DDoS attack aimed at the infrastructure of the O2 company used for elections,” CSU said on its website. “As a result, servers volby.cz and volbyhned.cz had been temporarily partly inaccessible. The attack did not in any way affect either the infrastructure used for the transmission of election results to the CSU headquarters or the independent data processing.”

National: Voting Technology Needs an Upgrade: Here’s What Congress Can Do | Union of Concerned Scientists

Voting systems throughout the United States are vulnerable to corruption in a variety of ways, and the federal government has an obligation to protect the integrity of the electoral process. At a recent meeting of the National Academies of Sciences, Engineering and Medicine’s Committee on the Future of Voting, the Department of Homeland Security’s Robert Kolasky put it bluntly: “It’s not a fair fight to pit Orange County (California) against the Russians.” While the intelligence community has not confirmed that the hackers working on behalf of the Russian government to undermine the 2016 election were successful at tampering with actual vote tallies, they certainly succeeded at shaking our confidence in the electoral process, which over time could undermine faith in democracy. The management of statewide eligible voter lists is a particularly challenging but crucial responsibility. On the one hand, data entry errors, duplicate records and “live” records for deceased voters invite voter fraud and inaccuracies in voting data. On the other hand, overly broad purging of voter lists can result in the exclusion of eligible voters from the rolls.

Israel: Government Eyes Measures To Prevent Election Cyber Sabotage | Vos Iz Neias

Israel is on guard against hacking ahead of the next general election, one of its most senior cyber security officials said, identifying Iran as posing the greatest overall risk to the country’s cyber security. The government is bracing against the risks of fake news, possible denial of service attacks on civic institutions, or efforts to hack the correspondence of politicians or government officials in order to leak embarrassing details. “We are on the way to identifying and assisting from a distance everywhere we find or identify as a vulnerability … and make it tougher for the bad guys to hack,” Yigal Unna, head of technology at the prime minister’s cyber directorate, told a Reuters Cyber Security Summit. Since the 2016 U.S. election, Western countries have been fretting about the possibility of Russian hacking to influence their internal politics.

National: Protecting Our Electoral Security | Georgetown Public Policy Review

Cybersecurity has become an increasingly salient topic in the realm of national defense. The reliance on technology for military, intelligence, and domestic infrastructure has made the disruptive potential of cyber-attacks for national security greater than ever. Elections are uniquely at risk. The aftermath of 2016 highlighted the importance of cybersecurity in election integrity. Almost four-fifths of states in 2016 claim to have been victims of foreign interference, with most pointing to the Russian government as the source. This threat of election-related cybersecurity is intertwined with national security interests, the U.S. response to cyber-attacks in 2016, and the implications for future election cyberattacks.

Illinois: ‘Embarrassing’ Voter Data Leak Will Never Happen Again, Chicago Election Chief Says | DNAinfo

The head of the Chicago Board of Election Commissioners Tuesday apologized to aldermen for allowing the personal information of 1.8 million Chicago registered voters to be exposed on a public server. Executive Director Lance Gough said the Aug. 12 discovery that Election Systems & Software discovered backup files stored on a Amazon Web Services server that included voter names, addresses, and dates of birth. In many cases it also included the voters’ driver’s license and state identification numbers and the last four digits of Social Security numbers. “It was quite embarrassing,” Gough said. “I’m here to apologize. This will never happen again.”

Czech Republic: DDoS Attack Takes Czech Election Sites Offline | Infosecurity

Two websites run by the Czech Statistical Office (CSU) were taken offline after a DDoS attack at the weekend tried to disrupt reporting of the country’s parliamentary elections. The results of the election, held on Friday and Saturday, were posted to the sites; showing billionaire Andrej Babiš’ populist ANO party with the largest share of the vote at nearly 30%. A statement on the CSU site reportedly had the following: “During the processing, there was a targeted DDoS attack aimed at the infrastructure of the O2 company used for elections. As a result, servers volby.cz and volbyhned.cz had been temporarily partly inaccessible. The attack did not in any way affect either the infrastructure used for the transmission of election results to the CSU headquarters or the independent data processing.” The sites are now back up and running.

National: Panel backs bipartisan congressional action for securing election data systems | InsideCyberSecurity.com

Congressional staff on Thursday heard from a panel — including a former high-ranking Justice Department official and a state county clerk responsible for election-data rolls — that called for swift, bipartisan action on legislation offering new requirements and funding for states to upgrade and secure the nation’s election system from foreign and other malicious hacks. The move could have implications for industry by setting security requirements on the technologies and products sold to state election officials, and underscores a growing sentiment for a physical backup to operations that take place in cyberspace. Susan Greenhalgh, an election specialist with the non-profit group Verified Voting, said the National Institute of Standards and Technology and the Department of Homeland Security are meeting with the Election Assistance Commission to promote use of the NIST cybersecurity framework by state officials. The EAC was established by Congress in 2002 to assist states with guidance and funding to upgrade voting systems. Greenhalgh spoke as part of the panel on election security held on the Senate side of the Capitol on Thursday.

National: Senators say feds leave local officials on their own on cybersecurity | Cronkite News

An empty chair fielded question after question from an angry Senate panel Thursday, after a White House cybersecurity coordinator invoked executive privilege and skipped the hearing. Representatives from the FBI, the Pentagon and the Department of Homeland Security testified beside the empty chair, telling the Senate Armed Services Commitee they are working to increase coordination and communication. But much of the hearing was focused on Rob Joyce’s empty chair, which Sen. John McCain, R-Arizona, said showed “a fundamental misalignment between authority and accountability” in cybersecurity efforts at a time when Russians are meddling in an attempt to “destroy the fundamentals of democracy.” Sen. Elizabeth Warren, D-Massachusetts, said the lack of federal coordination leaves local governments “by themselves to fight a sophisticated cyber-adversary like Russia.”

National: Warner, Klobuchar, McCain Introduce Bipartisan Legislation To Prevent Foreign Interference In Elections | Alexandria News

U.S. Senator Amy Klobuchar (D-MN), Ranking Member of the Senate Rules Committee, U.S. Senator Mark Warner (D-VA), Vice Chairman of the Select Committee on Intelligence, and U.S. Senator John McCain (R-AZ), Chairman of the Senate Committee on Armed Services today introduced the Honest Ads Act to help prevent foreign interference in future elections and improve the transparency of online political advertisements. “Online political advertising represents an enormous marketplace, and today there is almost no transparency. The Russians realized this, and took advantage in 2016 to spread disinformation and misinformation in an organized effort to divide and distract us,” Senator Warner said. “Our bipartisan Honest Ads Act extends transparency and disclosure to political ads in the digital space. At the end of the day, it is not too much to ask that our most innovative digital companies work with us by exercising additional judgment and providing some transparency.”