California: Were Riverside County voters early victims of Russian hackers? | Press Enterprise

Riverside County may have been a proving ground for Russian hackers intent on disrupting the 2016 presidential election, according to a cover story in Time magazine. But the county’s registrar of voters is disputing Time’s account, saying the article “contained some incorrect information and may have, in some people’s minds, mischaracterized questions about voters who said their registrations had been improperly changed for elections in 2016.” The July 19 article, “Inside the Secret Plan to Stop Vladimir Putin’s U.S. Election Plot,” describes Russian attempts to hack into more election systems nationwide and an Obama administration plan to respond to an Election Day cyber attack.

California: DA: Hackers Penetrated Voter Registrations in 2016 Through State’s Election Site | KQED

Hackers successfully penetrated state-run online voter registration systems in 2016, triggering confusion and heated exchanges between voters, poll workers and poll watchers during California’s June 7 primary, Riverside County District Attorney Michael Hestrin said Friday. “I think that pretty quickly, as is sort of the case around our politics, partisanship got into it,” Hestrin told The California Report. “And frankly the victims of these changes were both Republicans and Democrats.” Hestrin’s investigation would ultimately show that hackers accessed voter registration information, indiscriminate of party, through the California Secretary of State’s election website, and changed some voters’ party affiliations. But because the state did not collect the IP addresses of the visits, there’s no way to know where the hacker — or hackers — were based.

Editorials: Digital ballots, outdated machinery leave us exposed to a second Russian hack | Jason Smith/USA Today

The Russians aren’t coming. They came. And they launched a cyber strike on last fall’s elections for which the consequences remain an unknown. It’s a sexy, new Cold War replete with headlines featuring the president’s son and a curious meeting with Russians last summer. Sadly, what gets lost within these seductive media narratives are the comprehensive hazards of America’s voting components. It’s essential to note that there’s no confirmed proof any vote recording or ballot tallies were altered back in November. However, such knowledge provides little solace because American voting systems remain extremely vulnerable, and as former FBI Director James Comey said of the Russians, “They will be back.” If the U.S. does not change how it conducts elections, when the Russians return, many of the vulnerabilities from 2016 will still be intact. I learned of these insecurities while producing “I Voted?,” a non-partisan documentary on election integrity.

South Carolina: Voter registration system hit by nearly 150,000 hack attempts on Election Day | International Business Times

South Carolina’s voter registration system was reportedly hit by almost 150,000 hack attempts on Election Day 2016. According to a post-election report by the South Carolina State Election Commission, it is likely that most of the hacking attempts came from automated computer bots, the Wall Street Journal reported on Sunday (16 July). President Donald Trump comfortably won the state of South Carolina in the November election. However, WSJ reports that there is no evidence to suggest that the attempted cyberattacks targeting the state’s voter registration system were successful.

National: Kelly: States ‘nuts’ if they don’t ask feds for election protection help | Politico

Homeland Security Secretary John Kelly said Wednesday that states that aren’t asking Washington for help in protecting their election systems from hackers are “nuts.” But while Kelly said he supported the Obama administration’s decision to designate U.S. election systems “critical infrastructure,” given threats from Russia and other entities, he also acknowledged that elections remain the domain of the states. “All of the input I get from all of the states are ‘We don’t want you involved in our election process,’” he said. “I think they’re nuts if they don’t [seek help. But] If they don’t want the help, they don’t have to ask.” Kelly spoke during the opening session of this year’s Aspen Security Forum; he’s one of several officials in President Donald Trump’s administration slated to speak at the gathering, which runs through Saturday.

National: Election Hacking: The Plan to Stop Vladimir Putin’s Plot | Time Magazine

Riverside County District Attorney Michael Hestrin was at his desk on June 7, 2016, when the calls started coming in. It was the day of the California presidential primary, and upset voters wanted the county’s top prosecutor to know that they had been prevented from casting their ballots. “There were people calling our office and filing complaints that they had tried to vote and that their registration had been changed unbeknownst to them,” says Hestrin. Soon there were more than 20 reports of trouble, and Hestrin, a 19-year veteran of the office and a graduate of Stanford Law School, dispatched investigators to county polling places to see what was going on. At first what they found was reassuring. Everyone who had been blocked from voting had been offered a provisional ballot, and most had cast their votes that way. But as the investigators dug deeper, things looked less innocuous. In the days after the vote, more people started coming forward to say they’d also had problems with their voter registration on primary day. In at least half a dozen cases, Hestrin and his investigators concluded, the changes had been made by hackers who had used private information, like Social Security or driver’s-license numbers, to access the central voter-registration database for the entire state of California. There the trail went cold.

National: Read the Previously Undisclosed Plan to Counter Russian Hacking on Election Day | Time.com

President Obama’s White House quietly produced a plan in October to counter a possible Election Day cyber attack that included extraordinary measures like sending armed federal law enforcement agents to polling places, mobilizing components of the military and launching counter-propaganda efforts. The 15-page plan, a copy of which was obtained by TIME, stipulates that “in almost all potential cases of malicious cyber activity impacting election infrastructure, state, local, tribal, and territorial governments” would have primary jurisdiction to respond. But in the case of a “signifcant incident” the White House had several “enhanced procedures” it was prepared to take. The plan allowed for the deployment of “armed federal law enforcement agents” to polling places if hackers managed to halt voting. It also foresaw the deployment of “Active and Reserve” military forces and members of the National Guard “upon a request from a federal agency and the direction of the Secretary of Defense or the President.”

Editorials: Is Harris County’s vote safe from the Russians? | Dan Wallach/Houston Chronicle

Last September, in the run-up to the election, we learned that Russians had attempted to attack 33 states’ voter registration databases, later revised upward to 39 states. I was asked to testify about this in Congress, and my main concern was that the Russians might attempt to simply delete voters altogether, creating electoral chaos. All the pieces were in place, but the election came and went without wide-scale problems. What happened? We know that the Obama and Putin had a “blunt” meeting at the G20 that same September, so it’s possible that Obama was able to rattle Putin enough to make him pull back. Maybe Putin decided that leaking stolen emails was good enough. We may never know the full story, but what is clear is that we need to adequately defend ourselves against future nation-state attacks on our elections, whether from Russia or elsewhere. As James Comey warned the Senate Intelligence Committee recently, “They will be back.”

Editorials: Hacking the Vote: Who Helped Whom? | Sue Halpern/The New York Review of Books

In recent months, we have learned much about how successful the Trump campaign was in micro-targeting voters in crucial swing states. In the waning days of the 2016 campaign, especially, Trump’s data team knew exactly which voters in which states they needed to persuade on Facebook and Twitter and precisely what messages to use. The question is: How did the Russians know this, too? Last week, it was reported that both Congressional investigators and the FBI are now exploring whether Russian operatives were guided in their efforts by Trump’s digital team, and the House Intelligence Committee has invited Trump’s digital director, Brad Parscale, to testify. Largely ignored in this discussion, however, is another possibility: that the Russians themselves, through their hacking of Democratic Party records, was supplying crucial information to the digital team.  

National: Former Clinton and Romney campaign chiefs join forces to fight election hacking | The Washington Post

The former managers of Hillary Clinton and Mitt Romney’s presidential campaigns are leading a new initiative called “Defending Digital Democracy” in the hopes of preventing a repeat of Russia’s 2016 election interference. Robby Mook, Clinton’s 2016 campaign chief, and Matt Rhoades, who managed the 2012 run of GOP nominee Romney, are heading up the project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs in one of the first major efforts outside government to grapple with 21st century hacking and propaganda operations — and ways to deter them. “The Russian influence campaign was one of the most significant national security events in the last decade, and it’s a near-certainty that all the other bad guys saw that and will try to do something similar in the United States in 2018 and 2020,” said Eric Rosenbach, co-director of the Belfer Center, which launches the initiative Tuesday.

Pennsylvania: 90 billion: The number of times hackers have tried to infiltrate Pennsylvania computer systems | PennLive

Hackers last year made more than 90 billion cyber intrusion attempts against the Commonwealth, according to a state official. As a security precaution the state is withholding information on the number of attempts against specific applications. Wanda Murren, press secretary for the state Department of State, said that such disclosure could potentially provide useful information to hackers and draw attention to the application, resulting in even more intrusion attempts. … The 90 billion figure applies to all computer systems and applications in use by all Commonwealth agencies and offices. But the accounting comes as local and state election systems across the country remain under scrutiny amid reports that scores of them were compromised during the election. The state Department of State declined to provide specific numbers on intrusion attempts against Pennsylvania’s voter registration system.

National: 15 States Use Easily Hackable Voting Machines | HuffPost

In 2006, Princeton computer science professor Edward Felten received an anonymous message offering him a Diebold AccuVote TS, one of the most widely used touch-screen voting machines at the time. Manufacturers like Diebold touted the touch-screens, known as direct-recording electronic (DRE) machines, as secure and more convenient than their paper-based predecessors. Computer experts were skeptical, since any computer can be vulnerable to viruses and malware, but it was hard to get ahold of a touch-screen voting machine to test it. The manufacturers were so secretive about how the technology worked that they often required election officials to sign non-disclosure agreements preventing them from bringing in outside experts who could assess the machines. Felten was intrigued enough that he sent his 25-year-old computer science graduate student, Alex Halderman, on a mission to retrieve the AccuVote TS from a trenchcoat-clad man in an alleyway near New York’s Times Square. Felten’s team then spent the summer working in secrecy in an unmarked room in the basement of a building to reverse-engineer the machine. In September 2006, they published a research paper and an accompanying video detailing how they could spread malicious code to the AccuVote TS to change the record of the votes to produce whatever outcome the code writers desired. And the code could spread from one machine to another like a virus.

National: Officials clash at FEC over confronting Russian influence in 2018 elections | The Hill

The Federal Election Commission (FEC) is sharply divided over how the election watchdog agency should respond to Russian interference in the U.S. election as more revelations come to light about foreign meddling during 2016. Commissioner Ellen Weintraub, a Democratic appointee, believes the FEC should play a more active role and consider rulemaking proposals to prevent foreign influence in future U.S. elections. She advocates a forward-looking, “prospective” approach focused on preventing future influence in the 2018 midterm elections. Federal election law prohibits foreign nationals or entities from making campaign contributions or influencing U.S. elections.

Voting Blogs: Can Federalism Cope with Russian Election Meddling? | Ciara Torres-Spelliscy/Brennan Center for Justice

I’ve spent many hours this summer watching Senate hearings on the integrity of American elections. Lest we forget the Church Committee, which investigated the CIA, or the Select Committee on Presidential Campaign Activities, the Watergate Committee, Congress can be one way Americans learn the truth. As a former Senate staffer, I have much respect for the professionalism and bipartisanship shown by the two leaders of the Senate Select Committee on Intelligence, Chairman Richard Burr (R-S.C.) and Vice Chairman Mark Warner (D-Va.) Nearly 20 million people watched Former FBI Director James Comey testify before the Senate Intelligence Committee last month. One of his warnings was that the Russians had come after American democracy “[a]nd they will be back.” But two other hearings that garnered much less attention left me troubled that the American electoral system won’t be fortified in time for the 2018 election. One hearing was about the history of Russian hacking in Europe and the other was about the reaction of state election officials to federal assistance in light of Russian interference. 

Pennsylvania: Activists laying out options to urge Allegheny County to acquire new voting machines | Pittsburgh Post-Gazette

A coalition of activists wants a new commission to review — and recommend replacements for — Allegheny County’s 4,600 voting machines. And as befits an effort to double-check the results of each election, organizers have back-up plans to ensure they have their say. The coalition, which includes the local League of Women Voters and the election-transparency group Vote Allegheny, has proposed an ordinance to create a 13-member “Voting Process Review Commission” tasked with “conduct[ing] regular periodic reviews” of voting equipment. If it decides newer equipment is needed, the commission would recommend the machines to be purchased, if voters approve a referendum to pay for them. “Sooner or later, the county will have to replace the machines, and we’d like them to be prepared with a recommendation about the replacement,” said Annette Shimer, vice president of the League of Women Voters of Greater Pittsburgh. The effort stems from longstanding doubts about the touch-screen voting machines Allegheny County uses. Such machines store votes in memory, but have no paper trail to confirm voters’ choices. Some activists say the absence of hard copies makes it harder to detect vote-rigging.

Texas: Harris County, Texas, Officials Won’t Say Whether Election Systems Were Targeted | Government Technology

Despite widespread alarm over the breadth of Russian cyber attacks on state and local election systems last year, including revelations of Dallas County being targeted, Harris County officials are refusing to say whether hackers similarly took aim at the nation’s third-largest county. Releasing information on whether Harris County election systems saw attacks from Russian hackers would threaten the county’s cyber security by emboldening hackers to further target local systems, county officials said this week.  The county’s argument was dismissed by experts, who said the secrecy is unnecessary, and could actually downplay the seriousness of the threat and the resources needed to combat it. “There’s this concept in security called ‘security through obscurity,’ sort of, if they don’t know about it they won’t come after it,” said Pamela Smith, a consultant at Verified Voting, a San Francisco-based nonprofit that promotes voting integrity. “But to really have robust security, you want people to be able to know that it’s there … I think what the public wants to know is that you’re aware of the threat and you’re taking steps to mitigate.”

Estonia: Internet Voting System to Get New Hacking Defenses | Bloomberg

Estonia, the only country in the world where voters elect their leaders through online balloting, is taking steps to fend off potential hacking attacks as cyber-security fears intensify. A software overhaul for the system, introduced in 2005, is ready for testing before local elections in October, according to Tarvi Martens, the National Electoral Committee’s head of e-voting. The upgrade includes anti-tampering features known as end-to-end verifiability that addresses security concerns from groups such as the Organization for Security and Cooperation in Europe, he said. “End-to-end verifiability is the ‘Holy Grail’ for electronic voting,” Martens said this month in a phone interview. “When we talk about international criticism, the new software now addresses it.”

Germany: OSCE mulls monitoring German election, as far-right complains of ‘massive interference’ | The Local

The intergovernmental OSCE organization is considering whether to send a monitoring mission to the upcoming German election after speaking with each of the parties, Spiegel reports. Spiegel reported on Monday that the Organization for Security and Co-operation in Europe (OSCE) is deciding whether to monitor the September 24th German national election. For the first time, delegates from the OSCE met with party leaders of the far-right Alternative for Germany (AfD) party at their central headquarters, who provided documentation of “attacks, violence, obstructions, and criminal acts against AfD members through private and public positions” as well as “individual acts and in their alarming sum make up a massive interference in a democratic competition for votes in the parliamentary election campaign.”

Israel: To avoid cyber attacks, Israel urged to manually count election results | Middle East Monitor

Israel’s National Cyber Authority is expected to recommend the manual counting of votes in future elections in order to prevent cyber attacks “following recent attempts to meddle with elections in the West,” the Israeli newspaper Haaretz reported yesterday. Formed 18 months ago, the authority is working on a “defence plan” against possible meddling in Israeli elections through cyber attacks similar to what recently took place in the United States, France and Ukraine. The plan will recommend that votes continue to be counted manually in Israel, as they always have, even if this is an “outdated method”.

Russia: Alleged Russian Election Meddling Mirrors Tactics in Eastern Europe | Morning Consult

The Senate Intelligence Committee’s probe into alleged Russian meddling in the 2016 presidential campaign is looking outside U.S. borders as well — and shedding light on a number of targets in Eastern Europe that shows why and how Kremlin-affiliated agents went after specific Americans. A recent open hearing by the panel revealed influence campaigns aimed at countries across Europe and the Balkans, meant to disrupt pro-North Atlantic Treaty Organization candidates and parties. Those hearings are taking on new resonance amid an admission by Donald Trump Jr., son of President Donald Trump, that of a June 2016 meeting with a Russian attorney, whom the younger Trump believed to be in possession of incriminating information about Hillary Clinton. Russian influence tactics used in the U.S. presidential election and in recent European contests have been used overtly by President Vladimir Putin to exert influence over pro-NATO neighbors in Eastern Europe, experts say.

National: NRCC blows off DCCC request to team up against foreign hackers | The Washington Post

The National Republican Congressional Committee dismissed as a “political stunt” a letter from its counterpart, the Democratic Congressional Campaign Committee, asking for the two parties to team up on combating hacking ahead of the 2018 election. “This letter was delivered by an intern and immediately leaked to the press to generate attention around a cheap political stunt,” National Republican Congressional Committee spokesman Jesse Hunt said. “Cybersecurity is a high priority for us and has been for some time now. Unfortunately, the DCCC made it clear they’re more interested in trying to score political points than actually thwarting interference.” DCCC Communications Director Meredith Kelly quickly hit back. “This is a disturbingly flippant response to a simple request that we set partisan politics aside and work together to better protect our elections from foreign adversaries and their cyberattacks,” she told The Washington Post.

Editorials: Be wary: Trump and Putin could yet bring democracy to a halt | Joseph O’Neill/The Guardian

In November next year the United States will hold its midterm elections. Every seat in the House of Representatives, and a third of the seats in the Senate, will be up for grabs. For the Democratic party the elections represent a desperately anticipated opportunity to break the Republicans’ complete control of the federal government. If historical midterm trends and the voting patterns of recent special elections hold up, Democrats have a fighting chance of winning back the House, and an outside shot at the Senate. The Republicans will be more desperate than ever to retain their power. If the Democrats win just one chamber, the political landscape will be transformed. In addition to blocking the GOP’s legislative agenda, Democrats will forcefully scrutinise Russia’s interference with the 2016 elections and investigate President Trump’s remarkable commercialisation of his office. Impeachment of the Republican president will become a real possibility. Everything depends on the wishes of the American voters in 2018. Or does it? There is a third, even more momentous scenario: another Russian cyber-offensive sways the outcome of a US election in accordance with the wishes of Russia, not American voters. What is being done to prevent this?

Editorials: Don’t Let Our Democracy Collapse | Richard Hasen/The New York Times

The strength and integrity of the American electoral process are under tremendous strain, but the worst may be yet to come. In just the past few weeks, we learned that in the midst of the 2016 campaign the president’s eldest son, Donald J. Trump Jr., was willing to meet with a woman described to him as a “Russian government attorney” to get dirt on his father’s opponent. Voters across the country asked election officials to remove their names from voting rolls so that their personal information would not be turned over to the Orwellian Election Integrity commission that the president established to try to substantiate his outrageous and false charge that there were three million or more illegal voters in 2016. The president has stacked this commission with a rogues’ gallery of people with reputations for false and exaggerated claims of voter fraud. Democratic and Republican state officials have resisted the commission’s call to turn over voting lists.

Editorials: Russia will be back. Here’s how to hack-proof the next election. | Tom Donilon/The Washington Post

We now know that Russian President Vladimir Putin ordered a comprehensive effort to interfere with the 2016 presidential election. This mission involved the cybertheft and strategic publication of politically sensitive emails, the placement and amplification of misinformation on social media, overt propaganda and efforts to penetrate the systems of dozens of state election authorities. … First, President Trump must unequivocally acknowledgeRussia’s attack on the 2016 election and clearly state that any future attack on our democratic institutions will not be tolerated. One of the oddest aspects of the president’s foreign policy to date is his refusal to criticize — let alone condemn — Russian hostility, be it directed at our elections or Ukraine, Syria or Afghanistan. The president continued to make inconsistent statements in Warsaw, claiming that “nobody really knows” whether Russia meddled in the 2016 election. No president should accept the representations of a foreign adversary over the considered conclusions of his own intelligence services. In all events, the president should demand a plan from his national security team to deter and prevent election attacks.

South Carolina: Nearly 150,000 attempts to hack South Carolina voter registration system on Election Day: report | The Hill

Hackers tried to infiltrate South Carolina’s voter registration system nearly 150,000 times on Election Day 2016, according to a South Carolina State Election Commission report that was reported on by The Wall Street Journal. South Carolina, which President Trump won easily during the election, did not find evidence that would suggest the attempted breaches were successful, the paper reported. The publication said most of the hacking attempts in South Carolina likely came from automated computer bots.

West Virginia: Mac Warner Wants Info on Russian Hacking in West Virginia Election | The Intelligencer

West Virginia Secretary of State Mac Warner is seeking national security clearance for himself and at least one of his office employees after U.S. Department of Homeland Security officials told him the state’s election system was accessed by Russian hackers last year. Federal officials recently told Warner West Virginia’s voting system was among those in 21 states reached by Russian hackers last year. There is no evidence at the state level showing the system was hacked, or that any election information was accessed or altered, according to Warner. Officials at the Department of Homeland Security have not been able to provide secretaries of state any detailed information about how the cyberattacks occurred because of high-level security issues, but Warner said security clearance and information about possible hackings is necessary for secretaries of state so these issues can be addressed and rectified.

National: Election Security Is a Surprisingly Controversial Issue | WIRED

For all the uncertainty surrounding the Trump campaign’s associations with Russia, one thing remains clear: A foreign power interfered in the US presidential race, with hackers targeting the election systems of 21 states to do so. And yet the government has done precious little to keep it from happening again. The inaction stems not from laziness or ignorance but a deep, possibly unbridgeable divide between state and federal powers. So far this year, a handful of special elections in the US have gone smoothly, but the threat from Russia still looms, especially as the 2018 midterm races approach. France recently saw Kremlin-led meddling in its own presidential contest, and Germany has expressed fears over its upcoming election as well. Alarmism may not be productive, but states do have reason to worry. Local officials, though, have bristled at the Department of Homeland Security’s move to designate election systems as “critical infrastructure,” a move designed to unlock resources for system defense upgrades and improve state–federal communication. Everyone agrees that security matters; how to get there is another matter entirely.

National: Investigators look for links between Trump, Russia cyber operations | McClatchy

Investigators at the House and Senate Intelligence committees and the Justice Department are examining whether the Trump campaign’s digital operation – overseen by Jared Kushner – helped guide Russia’s sophisticated voter targeting and fake news attacks on Hillary Clinton in 2016. Congressional and Justice Department investigators are focusing on whether Trump’s campaign pointed Russian cyber operatives to certain voting jurisdictions in key states – areas where Trump’s digital team and Republican operatives were spotting unexpected weakness in voter support for Hillary Clinton, according to several people familiar with the parallel inquiries. Also under scrutiny is the question of whether Trump associates or campaign aides had any role in assisting the Russians in publicly releasing thousands of emails, hacked from the accounts of top Democrats, at turning points in the presidential race, mainly through the London-based transparency web site WikiLeaks.

Editorials: Russia Could Easily Spread Fake News Without Team Trump’s Help | Issie Lapowsky/WIRED

The common refrain floating around Washington argues that Russian operatives hoping to target American voters with fake news about Hilary Clinton would need someone on the inside—like, say, a Trump campaign staffer—to tell them which voters to target. Representative Adam Schiff raised the prospect in a widely-shared McClatchy article published Wednesday, which reported that the team led by Robert Mueller, the Department of Justice-appointed special counsel, is investigating ties between the Trump digital operation and Russia. Senator Mark Warner made a similar suggestion in an interview with Pod Save America recently, asking if the Russians could, on their own, “know how to target states and levels of voters” that Democrats weren’t even targeting. It’s a question worth asking, certainly. But the answer may be far simpler—and less fishy—than Warner, Schiff, or the many Americans seeking a smoking gun in the Russian meddling investigation might expect. It also may be even more worrisome. One of the most alarming parts of this story is that in this day and age, bad actors wouldn’t even need a mole to launch a pointed propaganda campaign. The fact is, targeting voters with propaganda isn’t that hard.