National: Nikki Haley on Russia meddling: Election interference is ‘warfare’ | Politico

U.S. Ambassador to the United Nations Nikki Haley said Thursday that interference in U.S. elections by another nation “is warfare,” telling an audience in New York that such meddling has become Russia’s go-to tactic. “I will tell you that when a country can come interfere in another country’s elections, that is warfare. It really is, because you’re making sure that the democracy shifts from what the people want to giving out that misinformation,” Haley said Thursday at a forum hosted in New York by the George W. Bush institute. ”And we didn’t just see it here. You can look at France and you can look at other countries. They are doing this everywhere. This is their new weapon of choice. And we have to make sure we get in front of it.”

National: Russia Probes Spur Lawmakers on Election Security, Social Media | Bloomberg

After months of congressional investigations into Russian interference with U.S. elections, legislation is gaining traction in the Senate that would impose new disclosure requirements for political advertising on Facebook, Twitter, Google and other social media. Senator John McCain gave a big boost to a proposal by Democratic Senators Amy Klobuchar and Mark Warner to require disclosure of who’s paying for online political ads, announcing he’ll co-sponsor the bill. In two weeks, executives for the social media giants are due to testify at public hearings about Russia’s use of their networks to interfere in the 2016 election. “I’ve been fighting for free and open and full disclosure for the past 25 years. This is part of that effort,” McCain told reporters Wednesday.

National: Sessions: U.S. not doing enough to prevent interference in elections | Yahoo

Attorney General Jeff Sessions conceded Wednesday that the U.S. government is not doing enough to prevent future interference in elections by Russia and other foreign adversaries. “We’re not,” Sessions said, when asked by Sen. Ben Sasse, R-Neb., if the government is taking adequate action to prevent meddling in its elections. “The matter is so complex that for most of us we’re not able to fully grasp the technical dangers that are out there.” Sessions said he accepts the U.S. intelligence community’s findings that Russia interfered with the 2016 election and may attempt to do so again. He said the Justice Department has been aggressively looking into the stealing of trade secrets in the private sector and noted that the FBI’s computer experts are also highly trained.

National: The fix is in for hackable voting machines: use paper | Naked Security

Want better security of election voting results? Use paper. With the US almost halfway between the last national election and the 2018 mid-terms, not nearly enough has been done yet to improve the demonstrated insecurity of current electronic voting systems. Multiple experts say one obvious, fundamental move should be to ensure there is a paper trail for every vote. That was a major recommendation at a panel discussion this past week that included representatives of the hacker conference DefCon and the Atlantic Council think tank, which concluded that while there is progress, it is slow.

National: State officials to be given access to 2016 election cyberattack data | CBS

CBS News has learned that in an unprecedented effort to enhance election security ahead of the 2018 midterms, select state officials will be given access to some of the most sensitive information about the extent of the 2016 cyberattacks, but that access will require them to submit to the time-consuming and lengthy process of filling out federal security clearance applications. The process online can take up to 10 hours and, even after completing the application, some election officials say they have doubts about the extent of what they’ll be able to see.During the 2016 election, suspected Russian hackers scanned and probed voter databases and other election related computer networks in at least 21 states.

National: DHS and top election officials finally meet to begin hashing out ‘critical infrastructure’ designation | Washington Examiner

Top election officials from around the country met this weekend to create the formal organization to hash out what powers and lines of communications the Department of Homeland Security should have after the department designated voting systems in the states and territories as “critical infrastructure” earlier this year. By voting to adopt a charter for a “Government Coordinating Council,” the secretaries of state now have a group that has an official channel and a single “voice” to communicate with DHS. The move marks the first major step in the coming together between the nonpartisan National Association of Secretaries of State, or NASS, and DHS, amidst a contentious and sometimes mistrusting year.

National: Senator Klochubar wants Kaspersky out of U.S. voting systems | FCW

A U.S. senator has linked two of the hottest tech policy stories around – efforts by U.S. agencies to blacklist cybersecurity vendor Kaspersky Lab and concerns about the vulnerability of voting systems used by cities and states. Sen. Amy Klochubar (D-Minn.) who sits on a committee with authority over federal elections, is concerned that Kaspersky could be in a position to provide Russian intelligence agencies access to state and local election data, by virtue of connections to computers involved in managing election activities. “Given recent revelations regarding how Russia used Kaspersky software to breach our systems, it is important to prioritize state critical infrastructure systems in conjunction with efforts currently underway at the federal level,” Klochubar wrote in an Oct. 12 letter to Acting Homeland Security Secretary Elaine Duke.

National: An intern Cambridge Analytica left sensitive voter targeting tools online for nearly a year | Business Insider | Business Insider

An intern at the data mining and analysis firm Cambridge Analytica left online for nearly a year what appears to be programming instructions for the voter targeting tools the company used around the time of the election, raising questions about who could have accessed the tools and to what end. Social media analyst and data scientist Jonathan Albright discovered the election data processing scripts — or programming instructions — on what he said was the intern’s personal GitHub account. GitHub, a “Facebook for programmers,” is an internet hosting service mostly used for code. The account was scrubbed less than an hour after Albright published his findings on Medium, but the scripts had already been archi

National: The Race to Secure Voting Tech Gets an Urgent Jumpstart | WIRED

Numerous electronic voting machines used in United States elections have critical exposures that could make them vulnerable to hacking. Security experts have known that for a decade. But it wasn’t until Russia meddled in the 2016 US presidential campaigns and began probing digital voting systems that the topic took on pressing urgency. Now hackers, researchers, diplomats, and national security experts are pushing to effect real change in Washington. The latest update? It’s working, but maybe not fast enough. On Tuesday, representatives from the hacking conference DefCon and partners at the Atlantic Council think tank shared findings from a report about DefCon’s Voting Village, where hundreds of hackers got to physically interact with—and compromise—actual US voting machines for the first time ever at the conference in July. Work over three days at the Village underscored the fundamental vulnerability of the devices, and raised questions about important issues, like the trustworthiness of hardware parts manufactured in other countries, including China. But most importantly, the report highlights the dire urgency of securing US voting systems before the 2018 midterm elections.

National: Wary of Hackers, States Move to Upgrade Voting Systems | The New York Times

State election officials, worried about the integrity of their voting systems, are pressing to make them more secure ahead of next year’s midterm elections. Reacting in large part to Russian efforts to hack the presidential election last year, a growing number of states are upgrading electoral databases and voting machines, and even adding cybersecurity experts to their election teams. The efforts — from both Democrats and Republicans — amount to the largest overhaul of the nation’s voting infrastructure since the contested presidential election in 2000 spelled an end to punch-card ballots and voting machines with mechanical levers. One aim is to prepare for the 2018 and 2020 elections by upgrading and securing electoral databases and voting machines that were cutting-edge before Facebook and Twitter even existed. Another is to spot and defuse attempts to depress turnout and sway election results by targeting voters with false news reports and social media posts.

National: Voting Machines: A National Security Vulnerability? | Atlantic Council

The political instability that has resulted from Russian meddling in the 2016 US presidential elections has put the focus on voting machines as a national security vulnerability, Douglas Lute, a former US permanent representative to NATO, said at the Atlantic Council on October 10. “I don’t think I’ve seen a more severe threat to American national security than the election hacking experience of 2016,” said Lute. There is a “fundamental democratic connection between the individual voter and the democratic outcome” of an election, he said, adding: “If you can undermine that, you don’t need to attack America with planes and ships. You can attack democracy from the inside.” … Lute delivered a keynote address at the Atlantic Council to call for a sense of urgency among policymakers and all stakeholders able to play a role in the solution to insecure voting machines. He also highlighted the findings presented in the DEF CON Report on Cyber Vulnerabilities in US Election Equipment, Databases, and Infrastructure, launched at the Council, which help to shed light on the technological dimensions of this national security threat. Ultimately, as Lute writes in the foreword, “this report makes one key point: our voting systems are not secure.”

National: Report details election vulnerabilities uncovered at DEFCON | GCN

When attendees at the July DEFCON conference breached every poll book and voting machine that event organizers had in the Voting Machine Hacking Village, elections officials took notice. A new report from DEFCON, the National Governors Association, the Atlantic Council, the Center for Internet Security and a number of universities and top technology vendors provides a more detailed look at just how vulnerable the entire U.S. election system – equipment, databases and infrastructure —  is to hacking and urges policymakers to shore up security gaps. Vulnerabilities start with an insecure supply chain. Many parts used in voting machines are manufactured overseas, and the report authors suggested that bad actors could compromise the equipment “well before that voting machine rolls off the production line.” Voting Village participants found voting machines with universal default passwords and ones that broadcast their own Wi-Fi access point, which would allow hackers to connect. Once hackers gained access, they could escalate their privileges so they could run code, change votes in the database or turn the machine off remotely. Additionally, unprotected, uncovered USB ports provided easy inputs for thumb drives or keyboards.

South Africa: IEC goes online to capture voter addresses | ITWeb

The Independent Electoral Commission (IEC) has turned to technology to support its efforts to capture the addresses of over 26 million registered voters before 30 June 2018. In 2016, the Constitutional Court ordered the IEC to correctly capture the addresses of all registered voters on the voters’ roll before the 2019 general elections. Yesterday, the IEC unveiled MyIEC, an online portal that allows South African voters to submit or update their registration details when they have changed address or when there has been a change in their identity number. … The implementation of online systems in relation to the democratic voting process often brings up concerns of security, especially where citizens’ sensitive information is concerned.

National: It Isn’t Even That Difficult To Hack Voting Equipment | HuffPost

You don’t even have to know much about voting machines to hack some of the systems that are still in use across the country. A new report published on Tuesday outlines how amateur hackers were able to “effectively breach” voting equipment, in some cases in a matter of minutes or hours, over just four days in July at DEFCON, an annual hacker conference. The report underscores the vulnerability of U.S. election systems. It also highlights the need for states to improve their security protocols after the Department of Homeland Security said Russian hackers attempted to target them during the 2016 election. “The DEFCON Voting Village showed that technical minds with little or no previous knowledge about voting machines, without even being provided proper documentation or tools, can still learn how to hack the machines within tens of minutes or a few hours,” the report says.

National: How DEFCON Turned an Event Into a Major Initiative | Associations Now

Organizers of the long-running DEFCON hacking conference have teamed with a variety of groups, including the National Governors Association, on an initiative to boost electoral security. The new coalition comes on the heels of a new report highlighting how insecure many voting machines really are. The DEFCON hacking conference, which has existed in one form or another for nearly a quarter century, is getting into the election security business—with the help of a number of associations and nonprofits. A September report [PDF] outlines the results of the first-ever “Voting Machine Hacking Village,” held at the DEFCON conference in Las Vegas last summer. The exercise revealed significant vulnerabilities in digital voting machines and in the ways they’re used to tally votes. And this week it led to the announcement of a coalition on election security that includes the National Governors Association, the Atlantic Council, the Center for Internet Security, and a variety of academic groups, among others.

National: What’s the Likelihood That a National U.S. Election Could Be Hacked? | Popular Mechanics

The electronic voting machine, now used to some degree in all 50 states, is the functional equivalent of an unoccupied Lamborghini left running at midnight with vanity plates that say STEALME. This summer, hobbyist hackers with no specialized expertise who attended a convention called Defcon were able to compromise four different voting machines, one in less than 30 minutes. “Unfortunately, they were much easier than, say, a home router or mobile device,” says Defcon organizer Jeff Moss. … Online voting is hardly a fix. “There are so many problems and insecurities in internet voting, it’s not something we should even begin to consider in the next ten years,” says Princeton University professor of computer science Andrew Appel.

National: A warning from the Senate Intelligence Committee has vulnerable lawmakers fretting about election security | Politico

Democratic senators fighting to hold on to their seats next year are increasingly worried about a troubling reality: Russia appears set to mess with U.S. elections — again. The bipartisan leaders of the Senate Intelligence Committee warned last week that Russia’s second straight attempt to upend a major election appears certain. They pointed to hacked emails, fake news stories and other evidence of interference in France, Montenegro and elsewhere over the past year as signs Moscow remains determined to monkey with voting. Democratic senators such as Heidi Heitkamp of North Dakota, Bob Casey of Pennsylvania and Jon Tester of Montana — who hail from states President Donald Trump won in 2016 — know they’re already facing stiff reelection challenges.

National: Hacking the Election: Security Flaws Need Fixing, Researchers Say | AFP

Hackers could have easily infiltrated US voting machines in 2016 and are likely to try again in light of vulnerabilities in electronic polling systems, a group of researchers said Tuesday. A report with detailed findings from a July hacker conference which demonstrated how voting machines could be manipulated concluded that numerous vulnerabilities exist, posing a national security threat. The researchers analyzed the results of the “voting village” hacking contest at the DefCon gathering of hackers in Las Vegas this year, which showed how ballot machines could be compromised within minutes. “These machines were pretty easy to hack,” said Jeff Moss, the DefCon founder who presented the report at the Atlantic Council in Washington. “The problem is not going away. It’s only going to accelerate.”

National: U.S. voting machines are susceptible to hacking by foreign actors | CBS

Hacking and national security experts say that U.S. voting machines are vulnerable and could allow Russia to access to them, according to a new report out of DEFCON, one of the world’s longest-running hacker conferences. The report concludes that it is incredibly easy to hack U.S. voting machines, and the system is not nearly as safe as it’s portrayed by election officials because many voting machines contain foreign-manufactured internal parts that may be susceptible to tampering. Hackers also do not need advanced knowledge of voting machines to hack them — it would take only a few minutes or hours for someone with the technical knowledge to infiltrate the machines. At the Voting Village conference in July, DEFCON set up a hacking village to draw attention to cyber vulnerabilities in U.S. election infrastructure. It invited participants to hack 25 pieces of election equipment including voting machines and electronic poll books, and produced a report afterwards.

National: U.S. governors, hackers, academics team up to secure elections | Reuters

Hackers are joining forces with U.S. governors and academics in a new group aimed at preventing the manipulation of voter machines and computer systems to sway the outcome of future U.S. elections, a source familiar with the project said on Monday. The anti-hacking coalition’s members include organizers of last summer’s Def Con hacking conference in Las Vegas, the National Governors Association and the Center for Internet Security, said the source, who asked not to be identified ahead of a formal announcement due to be made on Tuesday. The Washington-based Atlantic Council think tank and several universities are also part of the project, the source said.

National: Hack-Vulnerable Voting Machines a ‘National Security Threat,’ Experts Warn | Newsweek

It happened in Las Vegas, but the weaknesses in U.S. voting equipment uncovered during a summer hackathon are too important to stay there, experts say. They’re a matter of national security. A new report breaks down the lessons learned at the DEF CON 25 hacking conference, which amounted to a concentrated attack—orchestrated in the name of public safety—on the programming and machinery used in U.S. elections. “The results were sobering,” according to a copy of the report provided by the Atlantic Council, an international affairs think tank. “By the end of the conference, every piece of equipment in the Voting Village was effectively breached in some manner. Participants with little prior knowledge and only limited tools and resources were quite capable of undermining the confidentiality, integrity, and availability​ ​of​ ​these​ ​systems.” … Researchers found the susceptibilities exposed by the hackers controverted manufacturers’ long-standing claims that their products were designed to thwart tampering. “If a voting machine can be hacked by a relative novice in a matter of minutes at DEFCON, imagine what a savvy and well-resourced adversary could do with months or years,” the researchers wrote.  

National: Time is running out for state officials to be approved for cybersecurity intel ahead of elections | Cyberscoop

With just about a month left before the polls open in New Jersey and Virginia for gubernatorial elections, the Department of Homeland Security is racing to vet state officials who have applied for the ability to receive classified briefings and other information related to potential cyber-intrusions into election systems, people familiar with the matter tell CyberScoop. In August, the DHS began reaching out to chief election officials in every state to begin the process of obtaining clearances. While the nominees for these clearances are usually the secretary of state or similar high-ranking office-holders, some supporting staff have also sought clearances. The processing for each of these applications varies by person and as a result, there’s no average wait time. Over the last several months, however, DHS has been able to issue “interim” clearances when necessary within 30 days of an application, officials told CyberScoop. Final clearance approvals are taking much longer, the officials said.

National: Hacker study: Russia could get into U.S. voting machines | Politico

American voting machines are full of foreign-made hardware and software, including from China, and a top group of hackers and national security officials says that means they could have been infiltrated last year and into the future. DEFCON, the world’s largest hacker conference, will release its findings on Tuesday, months after hosting a July demonstration in which hackers quickly broke into 25 different types of voting machines. The report, to be unveiled at an event at the Atlantic Council, comes as the investigation continues by four Hill committees, plus Justice Department special counsel Robert Mueller, into Russian meddling in the 2016 elections, on top of the firm intelligence community assessments of interference. Though the report offers no proof of an attack last year, experts involved with it say they’re sure it is possible—and probable—and that the chances of a bigger attack in the future are high.

National: If Russia Comes Calling, Feds and States United for Election Cybersecurity | NBC

President Donald Trump says allegations of Russian hacking in the 2016 election are a hoax — but his own agencies are working with states to beef up their cybersecurity, heeding the U.S. intelligence community’s warning: Moscow will be back in 2018. The Department of Homeland Security, state and local election officials, the FBI, and a federal election council have joined forces to work through hacking scenarios and root out weaknesses in state election systems. The project, in which states will have access to grants to upgrade election technology and tools to run simulations to examine holes in their systems, is a test for how well officials can work together to ward off potential election-related threats ahead of the midterm elections next year and the presidential election in 2020, experts said.

National: Microsoft is reviewing its records for signs of potential Russian meddling during the 2016 election | Recode

Microsoft is currently reviewing its sales records to determine whether trolls aligned with the Russian government purchased ads on Bing or other company products during the 2016 U.S. presidential race. The decision to conduct an internal investigation comes as Microsoft’s tech industry peers — Facebook, Google and Twitter — contend with parallel probes by the U.S. Congress into the extent to which Kremlin-backed agents spread disinformation on their platforms around Election Day. “We take reports of misuse of our platform seriously,” a Microsoft spokesman said late Monday. “We are therefore investigating and if inappropriate activity is found, we will take steps to minimize such misuse in the future.” Reuters first reported the news.

Voting Blogs: Challenges to Better Security in U.S. Elections: The Last Mile | Brian Hancock/EAC Blog

Every election has a set of outcomes. Usually it’s winners and losers, but occasionally – and perhaps not coincidentally in presidential elections – there are also outcomes that shape our perceptions about the fairness and efficacy of our elections. In 2000, it was the hanging chad and the role of the Electoral College. In 2012, it was long lines. And in 2016, it was cybersecurity. Once an issue is introduced into the election ecosphere, it often remains a permanent and recurring part of the landscape. For example, a recent Google search of the words “cybersecurity elections” produced over 12 million hits. And at nearly every election-related forum I’ve attended during the past year, cybersecurity was a key topic of discussion. The 2016 election elevated the profile of election security issues and demonstrated a need for state and local election officials not only to reassess their readiness, but to educate the public about this important work and the role it plays in securing elections.

Editorials: Our vulnerable elections | Albany Times Union

We realize “infrastructure” can be a yawn-inducing word. So instead of New York’s and the nation’s “voting infrastructure,” let’s talk about national security. The deflections and distractions of some politicians aside, there seems to be little if any credible dispute that Russia attempted last year to penetrate this country’s voting systems. To put a fine point on it, an adversary sought to affect the outcome of an election that would determine who decides where America sends its military, who it points nuclear weapons at, how it spends $3.3 trillion in our taxes and fees, and whether or not it continues sanctions on that particular adversary for aggression that includes forcibly annexing part of another country. So whether you’re pleased with the outcome of the election or not, it should matter to you that anyone tried to rig the system, and that there is no reason to believe they won’t try again.

National: The U.S. Election System Remains Deeply Vulnerable, But States Would Rather Celebrate Fake Success | The Intercept

When the Department of Homeland Security notified 21 states that Russian actors had targeted their elections systems in the months leading up to the 2016 presidential election, the impacted states rolled out a series of defiant statements. … But in most cases, according to the DHS, Russian actors scanned the public-facing websites of state agencies, apparently looking for vulnerabilities. The DHS said that in almost all of the cases, there was no evidence the operatives attempted to exploit any vulnerabilities. It was not, in other words, a thwarted bank robbery. Instead, Russian operatives surveyed the bank from the sidewalk, and then headed home. While the states are busy celebrating their successes, they are doing far too little to ensure that operatives don’t get in next time they show up and actually try to infiltrate, say cybersecurity experts.

National: US senator seeks cyber info from voting machine makers | The Washington Post

A U.S. senator wants to know how well the country’s top six voting machine manufactures protect themselves against cyberattacks, a move that comes just weeks after federal authorities notified 21 states that they had been targeted by Russian government hackers during the 2016 presidential election. In a letter Tuesday to the CEOs of top election technology firms, Sen. Ron Wyden writes that public faith in American election infrastructure is “more important than ever before.” “Ensuring that Americans can trust that election systems and infrastructure are secure is necessary to protecting confidence in our electoral process and democratic government,” writes Widen, an Oregon Democrat.