National: Cyber expert says GOP operative wanted to expose hacked Clinton emails | The Guardian

A former British government intelligence official has said he was approached last summer by a veteran Republican operative to help verify hacked Hillary Clinton emails offered by a mysterious and most likely Russian source. The incident, recounted by Matt Tait, who was a information security specialist for GCHQ and now runs a private internet security consultancy in the UK, may cast new light on one of the pathways the Russians used to influence the 2016 presidential election in Donald Trump’s favour. Tait’s account, published on the Lawfare national security blog, demonstrates a willingness to collude with the Russians on the part of the Republican operative, Peter Smith, who had a long history of hunting down damaging material about the Clinton family on behalf of the GOP leadership. It also points towards possible collusion by Trump aides.

Georgia: Federal review debunks Georgia election hack accusation | Associated Press

Allegations that the federal government tried to hack Georgia’s election systems were unfounded, according to a letter the Department of Homeland Security’s inspector general sent Monday to Congress. The conclusion comes more than six months after Georgia’s Republican Secretary of State Brian Kemp accused the department of attempting to “breach our firewall” a week after the November presidential election. The letter said investigators with the inspector general’s Digital Forensics and Analysis Unit reviewed computer data from the federal agency, Kemp’s office and also interviewed a contractor. They also recreated the contractor’s actions. The data, Roth wrote, confirmed the contractor’s statements that on Nov. 15 he used a public page on Kemp’s website to verify security guards’ weapons certification licensing, which he then copied into a spreadsheet.

Germany: How Much Does It Cost to Influence an Election? About $400,000 | Bloomberg

Want to influence an election? All you need is about $400,000, according to cyber security consultant Trend Micro Inc. That’s the sum it takes to buy followers on social media platforms like Facebook and Twitter, hire companies to write and disseminate fake news postings over a period of 12 months, and run sophisticated web sites to influence public opinion, according to Udo Schneider, a security expert for the German-speaking market at Trend Micro. “Hacking the actual voting process isn’t worth it as it leaves traces, is very expensive and technologically challenging,” Schneider said Wednesday at a security conference organized by Deutsche Telekom AG in Berlin. Yet influencing public opinion via fake news and data leaks, as is believed to have happened during the U.S. and French election campaigns, is relatively simple and “could also happen ahead of the German elections.”

National: House Democrats launch election security task force | Politico

House Democrats are creating an election security task force to study how the government can lock Russian hackers out of the 2018 elections, House Minority Leader Nancy Pelosi said Thursday. The task force will hold hearings, collect data on state-level election hacks, and interview election officials and cybersecurity experts. Ultimately, the group aims to turn its findings into legislation. “Unless we act, they will do this again,” Pelosi said. House Homeland Security ranking member Bennie Thompson of Mississippi will lead the task force with Rep. Robert Brady of Pennsylvania, the top Democrat on the House Administration Committee, which oversees federal elections.

National: Russian Hackers Reportedly Discussed Getting Hillary Clinton’s Emails To Michael Flynn | Buzzfeed

Russian hackers discussed during the 2016 presidential campaign if they could obtain emails deleted by Hillary Clinton and get them to Michael Flynn, the retired general who was then a member of the Trump campaign, the Wall Street Journal reported on Thursday. The newspaper attributed the revelation to US officials with knowledge of intelligence about the hackers’ communications. That intelligence is being reviewed by US investigators who are examining if the Trump campaign colluded with Russia to influence the election, the Journal reported. The hackers hoped to get the emails to Flynn via an intermediary, the Journal reported. Around the same time, a Republican with a history of opposition research against the Clintons was working to get the emails from hackers, including some with ties to the Russian government.

National: Senate Intelligence Committee asks 21 states to publicize election hacking | The Hill

The Senate Intelligence Committee has asked election officials in 21 states to make public information about Russian efforts to hack their elections systems during the 2016 elections, the panel’s top Democrat said Wednesday. The request was made in a letter sent last week “to all relevant state election officials” from Sens. Richard Burr (R-N.C.) and Mark Warner (D-Va.), the panel’s chairman and vice chairman, respectively, Warner revealed in his prepared remarks before a hearing on global election interference. “I do not see how Americans are made safer when they do not know which state elections systems Russia tried to hack,” Warner said.

National: Experts encourage more public awareness of Russian meddling | Associated Press

The United States will get hit again by Russian cyberattacks if the country doesn’t pay closer attention and work more closely with European allies who are also victims, international elections experts warned on Wednesday. In testimony before the Senate Intelligence Committee, experts described extensive Russian interference in European elections and encouraged more awareness among the American of how Russians are trying to undermine U.S. candidates and faith in government. One witness, a former U.S. ambassador to NATO, criticized both former President Barack Obama and current President Donald Trump for not doing more to publicize the problem and combat it.

National: DHS Secretary Kelly: Election hacking attempts ‘way of the future’ | CNN

Attempts to hack elections will continue in the future, the secretary of Homeland Security said Wednesday — so election officials better prepare. Secretary John Kelly was speaking about the difficult balance his agency must strike — on the one hand protecting the nation from cyber intruders while on the other, respecting state and local governments’ autonomy. Kelly said at an event at the Center for a New American Security that his agency will offer to help states and localities on an entirely “voluntary basis” — but strongly encouraged officials to get help from somewhere. “I would say that if they don’t want our help, and even if they do want our help, they’d be well advised to hire some very, very, very good hired cyber guns, if you will, to help protect, because this is the way of the future,” Kelly said.

National: A top Trump ally admits Russia will try to strike again. Does Trump care? | The Washington Post

The Israeli newspaper Haaretz reports that former New York Mayor Rudolph Giuliani, a close Trump ally, is concerned that Russia could hack our next election. He told reporter Allison Kaplan Sommer in Tel Aviv earlier today that he’s “very worried” that there could be “cyber-interference” of a more serious nature than there was in 2016 — meaning interference that could alter vote totals and effect the election outcome. Giuliani’s admission is significant, and not just because it’s an admission — from someone so sympathetic to Trump — that the ongoing threat of Russian hacking is real and not “fake news.” Giuliani, who serves as the Chair of the Cybersecurity, Privacy and Crisis Management Practice at the law firm Greenberg Traurig, is also an informal advisor to Trump on cybersecurity issues.

Voting Blogs: Russian Intrusion and Partisan Pressures: Aspects of Election Administration Reform After 2016 | More Soft Money Hard Law

In 2016, Department of Homeland Security Secretary Jeh Johnson found that state election officials were suspicious of federal offers of assistance in defending their voting systems from cyber attack. He tried to persuade them to accept DHS designation of those systems as “critical infrastructure,” which would have given states access on a priority basis to a range of protections. The response he received ranged from “neutral to negative.” DHS concluded that, in the middle of an election, it was best not to have a protracted, politicized fight over this step. It focused on providing assistance where it could, and a large number of jurisdictions requested help. In January 2017, even with officials remaining skeptical about the designation, Secretary Johnson proceeded to issue it.

Illinois: Keeping Elections Safe From Hackers | WTTW

Amid the array of investigations into Russian interference with the 2016 election, the director of the Illinois State Board of Elections testified last week before the Senate Intelligence Committee. Illinois was the target of a hack that exposed thousands of voters’ names, addresses, birthdays and partial social security numbers. Since the attack was detected, officials have moved to strengthen security around the voter database. But nationwide, concerns about election cybersecurity are on the rise – especially since Illinois was one of at least 21 states that were successfully hacked.

Montenegro: Planned coup in Montenegro shows Russian efforts to hinder elections, Senate panel hears | McClatchy

By the time Montenegro’s police got wind of the plans, the 2016 election-day coup plot was about to launch. Disguised as police, the plotters would storm the Parliament in Podgorica, firing at citizens awaiting election results and generally creating chaos. They would declare their favored candidates the real winners of the elections, and would detain and perhaps assassinate the prime minister. If breaking up a plotted coup at the last minute wasn’t shocking enough, when Montenegrin officials investigated the plan it quickly became clear that the source of this planned chaos wasn’t even local. The plan began with Russia. At the same time in the United States, voters were hearing the first warnings about what would come to be known Russian interference in the 2016 presidential election. Later, the notion of possible collusion by members of the campaign of President Donald Trump would be added.

National: Clinton campaign chairman testifies in House Russia probe | Reuters

Hillary Clinton’s campaign chairman, John Podesta, on Tuesday appeared before the U.S. House of Representatives Intelligence Committee, which has begun interviewing witnesses in its probe of how Russia may have influenced the 2016 election. Committee members declined to comment on the discussion to reporters as they left the panel’s secure hearing room. Podesta stopped and commented briefly. “They asked me to come forward to give to the best of my knowledge what I knew about that, and I was happy to cooperate with the committee in their investigation of Russian interference with the democratic process in the United States,” he said.

National: How one typo helped let Russian hackers in | CNN

The email that would help Democrats lose the 2016 presidential election arrived on March 19, 2016, signed — seemingly harmlessly — “Best, the Gmail team.” The email was sent to John Podesta, the then-chairman of Hillary Clinton’s presidential campaign. But it wasn’t a benign message; it was actually a spear-phishing email authored by hackers with ties to Russia. “There was a Google alert that there was some compromise in the system,” Podesta told CNN of the email, which prompted Podesta to change his password “immediately” by clicking on a link. “It actually got managed by my assistant, who checked with our cybersecurity guy,” Podesta said. “And through a comedy of errors, I guess, he instructed her to go ahead and click on it and she did.”

Editorials: Transparency is Solution to Shameful Lack of Security For U.S. Voting Systems Revealed by NSA Leak | Leah Rosenbloom/ACLU

Elections belong to the public. Just as we have the right to understand our overall election process, we have a right to understand the underlying hardware and software involved in electronic voting. We have a right to understand where our votes and voter registrations go, who checks them, and which institutions have access to that information. The NSA document allegedly leaked by Reality Leigh Winner and recently published by The Intercept suggests that the government is no longer confident about that critical information. The report details a Russian spear-phishing campaign that introduced malware into election contractors’ and officials’ machines, causing them to run “an unknown payload from malicious infrastructure.” According to the report, “It is unknown…what potential data could have been accessed” by Russian hackers. The malicious code was implanted into instructions for EViD, a piece of software that allows poll workers to verify voters’ sensitive personal information, including name, address, registration status, and voting history. The verification is done entirely over the Internet, and all data is communicated to and from EViD’s “secure website.”

South Carolina: State Election Commission is looking for cybersecurity help | Post and Courier

Election officials say South Carolina was not one of the 21 states targeted by cyberattacks before last year’s vote — but they’re moving quickly to find help shoring up their defenses. The State Election Commission is seeking proposals this week for a cybersecurity contractor to identify threats, look for holes in the state’s security and find ways to patch them. Agency spokesman Chris Whitmire said the commission is trying to replace an emergency contract it signed last year as concerns of foreign meddling in the presidential election spread across the country.

Vermont: State And Local Officials On High Alert For Breaches In Vermont’s Election System | Vermont Public Radio

Secretary of State Jim Condos says his office is actively taking steps to protect the state’s election system from being manipulated by foreign or domestic computer hackers, but says there’s no evidence so far to indicate that Vermont’s voting system was breached. Following reports of Russian efforts to affect the outcome of the 2016 presidential election, the Department of Homeland Security has reached out to individual states to help strengthen the security of their voting systems. Condos says this issue has become an ongoing and critically important concern for his office.

Germany: Chaos Computer Club: The Hackers Russia-Proofing Germany’s Elections | Bloomberg

The hack began as trash talk. Germany’s voting computers were so vulnerable to tampering that they could be reprogrammed to play chess, the hackers boasted. But then the machines’ maker dared them to try. Bound by honor and curiosity, the hackers got their hands on one of the computers and had it playing chess after about a month. “We have to admit,” they later wrote, “that it does not play chess all that well.” This wasn’t just a prank. The hackers, several of them associated with the Hamburg collective known as the Chaos Computer Club, or CCC, also proved they could manipulate votes that the computers had recorded. As a result, Germany’s Federal Constitutional Court struck down the nation’s use of voting computers, citing CCC by name in its ruling. Oh, and this was in 2006. From imperfect voting machines to the fake news that chokes social media, the U.S., the U.K., and France are only beginning to wrestle with the ways in which democracy can be hacked. In Germany, which is heading to the polls in September, CCC has been paying closer attention. Sometimes that means such stunts as reprogramming computer systems on a dare, but the loose confederation of about 5,500 hackers isn’t a bunch of bored teens in it for the lulz. Its 29 local chapters are stocked with professionals who run security for banks, head encryption startups, and advise policymakers. The group publishes an occasional magazine, produces a monthly talk radio show, and throws the occasional party, too.

National: Administration won’t release redacted intelligence report on Russian election meddling | Politico

The Trump administration is refusing to release a redacted version of a key report President Barack Obama received in January on alleged Russian interference in the 2016 presidential election, court filings show. Then-Director of National Intelligence James Clapper made public an unclassified version of that report, but the Electronic Privacy Information Center brought a Freedom of Information Act lawsuit demanding a copy of the classified report given to Obama at the same time. EPIC said the unclassified version omitted “critical technical evidence” that could help the public assess U.S. intelligence agencies’ claims that Russia did make efforts to affect the outcome of the 2016 race.

National: Election hacking fears turn heat on Homeland Security | The Hill

Growing concerns about threats to U.S. election systems have put the heat on the Department of Homeland Security (DHS) and its efforts to boost national cybersecurity. Homeland Security officials testified this week before the Senate Intelligence Committee that they have evidence that Russia targeted election-related systems in 21 states as part of its wider effort to influence the presidential election. Now, lawmakers concerned about future foreign interference in U.S. elections are pressuring the department to offer more help to states and provide more details about what happened in 2016. “I’m deeply concerned about the danger posed by future interference in our elections,” Sen. Mark Warner (D-Va.), the vice chairman of the intelligence panel, said Wednesday. “We have elections in 2018, but in my home state of Virginia, we have statewide elections this year. So this needs a sense of urgency.”

National: Homeland Security Never Checked Whether Hacking Changed Votes | Care2

This week, leaders from the Department of Homeland Security (DHS) testified to Congress that the Russian government hacked into electronic systems connected with the 2016 election in at least 21 states. Though they acknowledged that some systems had been breached and even altered, they also said that hackers were unable to change the vote counts. While it is certainly reassuring to know that vote counts weren’t tampered with (it’s a message they’ve stressed in light of previous leaks, too,) there’s one problem with the DHS’s proclamation: the agency hasn’t actually conducted any audits to confirm this belief. … With all due respect to the DHS, the government didn’t expect their systems to be as vulnerable to hacking as it has already proven to be. If hackers were able to get into voter systems, how can we be so confident that that’s as far as they got without – you know – actually checking?

National: Russia’s still targeting U.S. elections, King warns, and experts say we’re not prepared | Portland Press Herald

For weeks, U.S. Sen. Angus King has been telling anyone who’ll listen that the biggest, most worrisome thing about Russian interference in the 2016 election isn’t getting enough attention and has nothing to do with President Trump. King has warned in congressional hearings, television appearances and interviews with reporters that Moscow tried and is still trying to compromise American voting systems – and that if nothing’s done it might very well change the results of an election. … While intelligence officials say there is no evidence that vote counts were changed last November, a leading expert on security threats to voting machines said this possibility cannot be excluded without a forensic audit of the results. Even voting and vote counting machines that are not connected to the internet can be and could have been compromised when they received software programming them to display or recognize this year’s ballots, said J. Alex Halderman, director of the University of Michigan Center for Computer Security and Society.

National: Vladimir Putin denied meddling in the U.S. election. The CIA caught him doing just that. | The Washington Post

Russian President Vladimir Putin has repeatedly — and often tauntingly — denied that his government interfered in the 2016 U.S. presidential race. Earlier this month he said that the cyber campaign might have been the work of “patriotically minded” Russian hackers he likened to “artists” who take to canvases to express their moods and political views. New details reported Friday by The Post reveal the extent to which the Russian meddling bore Putin’s own signature and brushstrokes. U.S. intelligence officials have been pointing at Putin since October, when the Obama administration released a statement declaring that the stream of embarrassing emails and other material being posted online by WikiLeaks and other sites were tied to Russian hacking efforts that “only Russia’s senior-most officials could have authorized.” A broader U.S. intelligence report released in early January went further, identifying Putin by name and concluding that one of the operation’s aims was to help elect Donald Trump.

Editorials: Paper ballots are hack-proof. It’s time to bring them back. | Glenn Harlan Reynolds/USA Today

I’ve been talking about the importance of protecting against voting-machine hacks since 2002. And now, finally, people are starting to take me seriously. The move to paperless voting started in response to the Florida “hanging chad” fiasco in the 2000 presidential election. Some people (like me) thought this was a mistake, but such concerns were often dismissed. Now, apparently, you can’t be paranoid enough. As Politico’s Bob King noted, while 10 years ago critics of paperless voting were called paranoid, now both parties are worried. It remains true that there is no actual evidence that a single vote was changed by hackers in the 2016 election. But even the possibility of hacking has served to promote the sort of conspiracy-mongering and political hatred that led to, for example, the shooting attack on Republican lawmakers last week. In a democratic polity, people have to believe that their votes are counted honestly, or the legitimacy of the system collapses.

National: Russians targeted 21 election systems, U.S. official says | Reuters

Russian hackers targeted 21 U.S. state election systems in the 2016 presidential race and a small number were breached but there was no evidence any votes were manipulated, a Homeland Security Department official told Congress on Wednesday. Jeanette Manfra, the department’s acting deputy undersecretary of cyber security, testified before the Senate Intelligence Committee. U.S. intelligence agencies have concluded the Kremlin orchestrated a wide-ranging influence operation that included email hacking and online propaganda to discredit Democratic presidential candidate Hillary Clinton and help Donald Trump, a Republican, win the White House in November. The Russia issue has cast a shadow over Trump’s first five months in office. The extent of interference by Russian hackers, and whether they or others could interfere in future elections, has been the source of speculation and media reports for months.

National: State and local election systems easy prey for Russians hackers | McClatchy

Local officials consistently play down suspicions about the long lines at polling places on Election Day 2016 that led some discouraged voters in heavily Democratic Durham County, N.C., to leave without casting a ballot. Minor glitches in the way new electronic poll books were put to use had simply gummed things up, according to local elections officials there. Elections Board Chairman William Brian Jr. assured Durham residents that “an extensive investigation” showed there was nothing to worry about with the county’s new registration software. He was wrong. What Brian and other election officials across eight states didn’t know until the leak of a classified intelligence is that Russian operatives hacked into the Florida headquarters of VR Systems, Inc., the vendor that sold them digital products to manage voter registrations. … David Jefferson, a computer scientist at the Lawrence Livermore National Laboratory in California who has acted in his personal capacity in trying to safeguard election integrity, said he believes it is “absolutely possible” that the Russians affected last year’s election. “And we have done almost nothing to seriously examine that,” he said. “The Russians really were engaged in a pattern of attacks against the machinery of the election, and not merely a pattern of propaganda or information warfare and selective leaking,” said Alex Halderman, a University of Michigan computer science professor. “The question is, how far did they get in that pattern of attacks, and were they successful?”

National: GOP Data Firm Accidentally Leaks Personal Details of Nearly 200 Million American Voters | Gizmodo

Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server. The data leak contains a wealth of personal information on roughly 61 percent of the US population. Along with home addresses, birthdates, and phone numbers, the records include advanced sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem cell research, and the right to abortion, as well as suspected religious affiliation and ethnicity. The data was amassed from a variety of sources—from the banned subreddit r/fatpeoplehate to American Crossroads, the super PAC co-founded by former White House strategist Karl Rove.

Editorials: Here’s how to keep Russian hackers from attacking the 2018 elections | J. Alex Halderman and Justin Talbot-Zorn/The Washington Post

“They’re coming after America,” former FBI director James B. Comey told the Senate intelligence committee this month. “They will be back.” In a highly politicized hearing, this bold statement drew strikingly little partisan disagreement. Senators on both sides of the aisle have seemingly reached consensus that foreign agents did try to tamper with the 2016 election and that they are extremely likely to do so again. The question is: What do we do about it? While the ongoing Russia investigation has, understandably, received massive attention, there’s so far been scant public focus on the question of how we safeguard our electoral systems from outside interference in the future. Responding to the threat of election hacking isn’t exclusively a matter of diplomatic intrigue or international sanctions. It’s fundamentally a matter of computer science: how we harden our election technology through cybersecurity standards.

Canada: Despite risk of cyber attacks, political parties still handle Canadians’ data with no rules in place | Toronto Star

Democratic Institutions Minister Karina Gould says it’s not the time to implement basic privacy and security rules for political parties’ collection of Canadians’ personal data, despite warning that those parties are vulnerable to cyber attacks. Speaking with the Star on Friday, Gould said she decided on a voluntary approach for parties to meet and discuss vulnerabilities with the Communications Security Establishment, Canada’s electronic spying and cyber defence agency. “I think it’s important that we respect the independence of political parties, and we ensure that they are able to make those decisions (around cyber security),” Gould said in an interview.