National: If Voting Machines Were Hacked, Would Anyone Know? | NPR

As new reports emerge about Russian-backed attempts to hack state and local election systems, U.S. officials are increasingly worried about how vulnerable American elections really are. While the officials say they see no evidence that any votes were tampered with, no one knows for sure. Voters were assured repeatedly last year that foreign hackers couldn’t manipulate votes because, with few exceptions, voting machines are not connected to the Internet. “So how do you hack something in cyberspace, when it’s not in cyberspace?” Louisiana Secretary of State Tom Schedler said shortly before the 2016 election. But even if most voting machines aren’t connected to the Internet, says cybersecurity expert Jeremy Epstein, “they are connected to something that’s connected to something that’s connected to the Internet.” … While it’s unclear if any of the recipients took the bait in the email attack, University of Michigan computer scientist Alex Halderman says it’s just the kind of phishing campaign someone would launch if they wanted to manipulate votes.

National: Russian Cyber Hacks on U.S. Electoral System Far Wider Than Previously Known | Bloomberg

Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.

Georgia: Will the Georgia Special Election Get Hacked? | Politico

Last August, when the FBI reported that hackers were probing voter registration databases in more than a dozen states, prompting concerns about the integrity of the looming presidential election, Logan Lamb decided he wanted to get his hands on a voting machine. A 29-year-old former cybersecurity researcher with the federal government’s Oak Ridge National Laboratory in Tennessee, Lamb, who now works for a private internet security firm in Georgia, wanted to assess the security of the state’s voting systems. When he learned that Kennesaw State University’s Center for Election Systems tests and programs voting machines for the entire state of Georgia, he searched the center’s website. “I was just looking for PDFs or documents,” he recalls, hoping to find anything that might give him a little more sense of the center’s work. But his curiosity turned to alarm when he encountered a number of files, arranged by county, that looked like they could be used to hacked an election. Lamb wrote an automated script to scrape the site and see what was there, then went off to lunch while the program did its work. When he returned, he discovered that the script had downloaded 15 gigabytes of data.

Maryland: Elections board says it detected suspicious activity last fall | Baltimore Sun

Maryland’s State Board of Elections detected “suspicious activity” on the computer system it uses for online voter registration before last fall’s election and called in cybersecurity experts to evaluate it, administrator Linda H. Lamone said Wednesday. Lamone’s disclosure came in response to an inquiry by The Baltimore Sun amid reports that Russian cyberattacks had breached election systems in 39 states. Lamone said the system was not penetrated. She said the activity did not compromise vote tabulation.

Texas: Could Travis County Have The Best Bet Against Election Hacking? | Texas Monthly

Revelations that Russian hackers tried to break into Dallas County’s web servers, likely with the intention of accessing voter registration files, in the lead up to last November’s election renewed concerns about Texas election security. Both Wednesday night’s news out of Dallas and a Bloomberg report on Monday—which said that the Russian hacking attempts affected 39 states—are forcing states to look inward and re-examine the security of their local and state-level electoral technologies. The particular targets of Russian hackers were the accounts of elections officials and voter registration rolls, which are connected to the internet and are unlike the voting systems that actually do the recording and vote tallying. But a possible security breach of one area of electoral technologies has the potential to ripple out and affect the integrity of other ones. “The reason why this whole Russian hacking thing is a wake-up call is because we’ve been caught not paying as much attention as we should have in an area that all of us didn’t think was that vulnerable,” Dana DeBeauvoir, the Travis County clerk since 1987, says. “And yet it has turned out to be extremely vulnerable in ways we did not expect.”

Germany: Germany Builds an Election Firewall to Fight Russian Hackers | Bloomberg

In March and April hackers tried to infiltrate computers of think tanks associated with Germany’s top two political parties. A year earlier, scammers set up a fake server in Latvia to flood German lawmakers with phishing emails. And in 2015 criminals breached the network of the German Parliament, stealing 16 gigabytes of data. Although there’s no definitive proof, the attacks have been linked to Pawn Storm, a shadowy group with ties to Russian intelligence agencies—raising the possibility that the Kremlin might disrupt a September vote in which Chancellor Angela Merkel, Russian President Vladimir Putin’s strongest critic in Europe, is seeking a fourth term. “There’s increasing evidence of attempts to influence the election” by Russia, says Hans-Georg Maassen, head of BfV, Germany’s domestic intelligence agency. “We expect another jump in cyberattacks ahead of the vote.” While polls show Merkel is likely to defeat the left-leaning Social Democratic Party (SPD), the concern is that the Kremlin will try to strengthen the far-right Alternative for Germany and turn the estimated 2.5 million voters who speak Russian against her. “Cybersecurity is a top priority, and Chancellor Merkel is taking it very seriously,” says Arne Schönbohm, president of the BSI, the country’s top technology security agency.

National: What Congress is doing to stop Russian hackers next time | CSMonitor

In the past week, a series of dramatic congressional hearings have sought to plumb possible collusion between the Trump campaign and Russia – or possible presidential obstruction of justice over the matter, which special counsel Robert Mueller is now reportedly investigating. But this spotlight, while an important line of questioning into last year’s interference, overshadows other steps that Congress is taking to prevent Russian meddling in future elections. Absent an administration that is staffed up or a president inclined to go hard on Moscow, Congress is looking to define its own strategy. “We don’t really have a Russia strategy” to prevent a repeat of election meddling, says James Lewis, a senior fellow at the Center for Strategic and International Studies in Washington. “Congress is trying to figure out what that should be.” Specifically, it’s looking at several areas: sanctions, what exactly Russia did in the last election and appropriate countermeasures, and US digital defenses.

Editorials: Russian hacking: They’ll be back; will we be prepared? | Baltimore Sun

Let’s put aside for a moment the question of whether anyone connected to President Donald Trump colluded with Russia in its attempts to hack the 2016 election. Let’s not not get into an argument about whether the effort changed any votes, not to speak of the outcome. Let’s not even worry about whether Vladimir Putin himself was involved. The fact is, the hacking was massive, sophisticated and far more widespread than previously thought. According to a new report from Bloomberg, hackers broke into the election systems in 39 states. They may not have succeeded this time in breaching the voting machines themselves or even in substantially disrupting the voter registration rolls. But next time, they could. It doesn’t take much imagination to see how that would sow chaos and undermine trust in our democracy. That’s because our disorganized, underfunded and inconsistent voting systems — not to speak of actual, organized efforts by Republican officials to purge voter rolls and keep minorities, young people and the elderly from the polls — have done more than enough in that regard already.

Georgia: Special election disruption concerns rise after 6.7M records leaked | SC Magazine

Several security vulnerabilities in systems used to manage Georgia’s election technology, exposing the records of 6.7 million voters months before the nation most expensive House race slated for June 20, has raised the fears that the election could be disrupted. Although 29-year-old security researcher Logan Lamb spotted and reported the vulnerabilities in August 2016, he said the state has continuously ignored efforts to patch the vulnerabilities of Georgia’s special election between Democratic candidate Jon Ossoff against Republican former Secretary of State Karen Handel, according to Politico. Lamb began looking into the voting systems when he learned that Kennesaw State University’s Center for Election Systems tests and programs voting machines. He began looking for PDFs or documents that would give him more insight into the centers work when he set up an automated script to scrape the site and see what he could find.

National: Special counsel Robert Mueller is investigating Donald Trump for possible obstruction of justice, officials say | The Washington Post

The special counsel overseeing the investigation into Russia’s role in the 2016 election is interviewing senior intelligence officials as part of a widening probe that now includes an examination of whether President Trump attempted to obstruct justice, officials said. The move by special counsel Robert S. Mueller III to investigate Trump’s conduct marks a major turning point in the nearly year-old FBI investigation, which until recently focused on Russian meddling during the presidential campaign and on whether there was any coordination between the Trump campaign and the Kremlin. Investigators have also been looking for any evidence of possible financial crimes among Trump associates, officials said.

National: Senate overwhelmingly passes Russia sanctions deal with new limits on Trump | Politico

The Senate on Wednesday overwhelmingly approved a bipartisan package of new Russia sanctions that also lets Congress block President Donald Trump from easing or ending penalties against Moscow, the year’s most significant GOP-imposed restriction on the White House. The 97-2 vote on the Russia sanctions plan capped a week of talks that demonstrated cross-aisle collaboration that’s become increasingly rare as Trump and the GOP push to repeal Obamacare without any Democratic votes. Senators merged the sanctions package with a bipartisan Iran sanctions bill that’s on track for passage as soon as this week, complicating the politics of any future veto threat from the Trump administration. “It’s particularly significant that a bipartisan coalition is seeking to reestablish Congress, not the president, as the final arbiter of sanctions relief, considering that this administration has been too eager — far too eager, in my mind — to put sanctions relief on the table,” Minority Leader Chuck Schumer (D-N.Y.), who pressed hard for the strongest possible anti-Russia bill, said in a floor speech. “These additional sanctions will also send a powerful, bipartisan statement that Russia and any other nation who might try to interfere with our elections will be punished.”

Georgia: GOP congressional candidate Handel ignored election integrity report, Georgia professor says | The Washington Post

Eleven years ago, after Karen Handel had been elected as Georgia’s first Republican secretary of state since Reconstruction, Richard DeMillo, head of the Office of Policy Analysis and Research at Georgia Tech, got a call about an important project. The state’s election system, updated with new machines, needed a hard look. “They said: Take a look at our processes, take a look at our technology, and give us your opinion,” DeMillo said. “I assigned some people from our Information Security Center to work on it.” In May 2008, the Georgia Tech Information Security Center and Office of Policy Analysis and Research released its report, “A Security Study of the Processes and Procedures Surrounding Electronic Voting in Georgia.” A number of potential problems came up, from the transportation of election machines by prison laborers to password protection of machines and poll-watcher training.

Georgia: Security lapses may lead Georgia to ditch election data center | Atlanta Journal-Constitution

The Kennesaw State University center that has helped run Georgia’s elections for the past 15 years may lose its contract in a matter of weeks because of concerns over security lapses that left 6.5 million voter records exposed. The secretary of state’s office said Wednesday that it is “actively investigating alternative arrangements” to using Kennesaw State University’s Center for Election Systems, news that coincided with the unmasking by Politico Magazine of the security researchers behind a data scare involving the center that became public in March. “All options are on the table,” said Candice Broce, a spokeswoman for Georgia Secretary of State Brian Kemp. The center’s annual $800,000 contract with the state ends June 30.

Georgia: Researcher finds Georgia voter records exposed on internet | Associated Press

A security researcher disclosed a gaping security hole at the outfit that manages Georgia’s election technology, days before the state holds a closely watched congressional runoff vote on June 20. The security failure left the state’s 6.7 million voter records and other sensitive files exposed to hackers, and may have been left unpatched for seven months. The revealed files might have allowed attackers to plant malware and possibly rig votes or wreak chaos with voter rolls during elections. Georgia is especially vulnerable to such disruption, as the entire state relies on antiquated touchscreen voting machines that provide no hardcopy record of votes, making it all but impossible to tell if anyone has manipulated the tallies. The true dimensions of the failure were first reported Wednesday by Politico Magazine . The affected Center for Election Systems referred all questions to its host, Kennesaw State University, which declined comment. In March, the university had mischaracterized the flaw’s discovery as a security breach.

Georgia: Will Russia Hack Georgia’s Election? Report Says Its A Possibility | International Business Times

Georgia’s voting systems are susceptible to hacking, and the state has dragged its feet addressing the issue, Politico reported Wednesday. The report arrived ahead of the state’s forthcoming election, which was scheduled for next week. The race will fill the seat vacated by Health and Human Services Secretary Tom Price. The race pitted Democrat Jon Ossoff , a first-time candidate, against Republican Karen Handel, who was previously Georgia’s Secretary of State. According to the Washington Post last week, the June 20 special House race in Georgia’s sixth district has become the most expensive in history. Elections in Georgia are overseen by a central hub at Kennesaw University called the Center for Election Systems, which was founded in 2002. Politico spoke to security experts that found the systems easy to hack into. “I was absolutely stunned, just the sheer quantity of files I had acquired,” said Logan Lamb, a former cybersecurity research told Politico about testing the vulnerabilities of Georgia’s system.

National: Sessions’s testimony highlights Trump’s deep lack of interest in what Russia did in 2016 | The Washington Post

Sen. James E. Risch (R-Idaho) made a comment during the Senate Intelligence Committee’s questioning of Attorney General Jeff Sessions that has an obvious exception. “I don’t think there’s any American,” Risch said, “who would disagree with the fact that we need to drill down to this” — that is, Russian meddling in the 2016 election — “know what happened, get it out in front of the American people and do what we can to stop it again.” There is one American, at least, who seems generally uninterested in that need: Sessions’s boss, President Trump.

National: Russia Could Hack 2020 Election, Too, Report Says—39 States Hit in 2016 | Newsweek

The 2016 elections may have just been the beginning. Russian hackers attacked voter databases and software systems in 39 states during last year’s elections, and authorities fear that while the tampering may not have affected vote totals, it’s possible Russia learned enough from the attacks to put 2020’s presidential election in its crosshairs, sources with knowledge of the U.S. investigation told Bloomberg. The report, published Tuesday morning, said Illinois investigators discovered that hackers attempted to delete or alter voter data in the state’s voter database. (California and Florida were the only other states directly mentioned.) The Illinois database held some 15 million names—half were active voters—and 90,000 records were potentially compromised.

National: Russia’s already done some of the damage to American elections that it sought | The Washington Post

There are two documents created during the 2016 election cycle that help detail precisely how American electoral systems are secured. The first was a letter written by the Florida State Association of Supervisors of Elections explaining how the state secured its voters’ choices. Florida uses paper ballots, which are scanned on devices that are not connected to the Internet or to each other and each of which is tested before Election Day. The tally from those machines is transmitted to the state with several layers of encryption, and is backed up with and verified against thumb drives that are digitally secured. Those tallies are then verified against the machines themselves.

National: New Bipartisan Sanctions Would Punish Russia for Election Meddling | The New York Times

Senate leaders said they had reached an agreement late on Monday to approve new sanctions against Russia for interfering in the 2016 presidential election and for the country’s conduct in Ukraine and Syria, delivering a striking message to a foreign power that continues to shadow President Trump. The bipartisan measure would place the White House in an uncomfortable position, arriving amid sweeping investigations into ties between Mr. Trump’s associates and Russia. The sanctions package would also cut against the administration’s stated aim to reshape the United States’ relationship with Russia after Mr. Trump took office.

National: Russian Breach of 39 States Threatens Future U.S. Elections | Bloomberg

Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.

National: Sessions will testify in open hearing Tuesday before Senate Intelligence Committee | The Washington Post

Attorney General Jeff Sessions’s appearance Tuesday before the Senate Intelligence Committee will be a high-stakes test for a Trump official who has kept a low profile even as he has become a central figure in the scandal engulfing the White House over Russia and the firing of James B. Comey as FBI director. Sessions, a former Republican senator from Alabama, will face tough questions from his former colleagues on a number of fronts that he has never had to publicly address in detail. Democrats plan to ask about his contacts during the 2016 campaign with the Russian ambassador to the United States, Sergey Kislyak, which the attorney general failed to disclose fully during his confirmation hearing.

National: New Bipartisan Sanctions Would Punish Russia for Election Meddling | The New York Times

Senate leaders said they had reached an agreement late on Monday to approve new sanctions against Russia for interfering in the 2016 presidential election and for the country’s conduct in Ukraine and Syria, delivering a striking message to a foreign power that continues to shadow President Trump. The bipartisan measure would place the White House in an uncomfortable position, arriving amid sweeping investigations into ties between Mr. Trump’s associates and Russia. The sanctions package would also cut against the administration’s stated aim to reshape the United States’ relationship with Russia after Mr. Trump took office.

National: Trump-Comey Feud Eclipses a Warning on Russia: ‘They Will Be Back’ | The New York Times

Lost in the showdown between President Trump and James B. Comey that played out this past week was a chilling threat to the United States. Mr. Comey, the former director of the F.B.I., testified that the Russians had not only intervened in last year’s election, but would try to do it again. “It’s not a Republican thing or Democratic thing — it really is an American thing,” Mr. Comey told the Senate Intelligence Committee. “They’re going to come for whatever party they choose to try and work on behalf of. And they’re not devoted to either, in my experience. They’re just about their own advantage. And they will be back.” What started out as a counterintelligence investigation to guard the United States against a hostile foreign power has morphed into a political scandal about what Mr. Trump did, what he said and what he meant by it. Lawmakers have focused mainly on the gripping conflict between the president and the F.B.I. director he fired with cascading requests for documents, recordings and hearings.

National: Sessions Will Testify in Senate on Russian Meddling in Election | The New York Times

Attorney General Jeff Sessions told Congress on Saturday that he would testify before the Senate Intelligence Committee on Tuesday about issues related to Russia’s interference in the 2016 election. Mr. Sessions had been scheduled to testify before other committees about the Justice Department’s budget that day, but he will instead appear before the intelligence panel. Mr. Sessions said he would send Rod J. Rosenstein, the deputy attorney general, to testify about the department’s budget before the House and Senate appropriations panels. Mr. Sessions noted that several lawmakers on those panels had said they intended to ask him about the Russia investigation, after testimony by James B. Comey, who was fired last month as F.B.I. director by President Trump, before the intelligence committee on Thursday.

National: A brief history of Russia’s digital meddling in foreign elections shows disturbing progress. | WIRED

Just when the cybersecurity world thinks it’s found the limits of how far Russian hackers will go to meddle in foreign elections, a new clue emerges that suggests another line has been crossed. Even now, nearly a year after news first broke that Russian hackers had breached the Democratic National Committee and published its internal files, a leaked NSA document pointing to Russian attempts to hack a voting-tech firm has again redefined the scope of the threat. Taken with the recent history of Russia’s digital fingerprints on foreign elections, it points to a disturbing trend: Moscow’s habit of hacking democratic processes has only gotten more aggressive and technically focused over time. … As revealed in the Intercept’s leaked NSA report, hackers believed to be working for Russia’s GRU military agency—the same agency tied to the group known as Fancy Bear or APT28—sent phishing emails to VR Systems, the makers of hardware and code used to handle voter sign-ins at polling places in eight US states. Senate Intelligence committee vice chairman Mark Warner followed up by telling USA Today on Tuesday that the extent of the attacks were in fact much broader than anyone has yet reported. And US intelligence agencies had already implicated the Kremlin for breaches of the websites of the boards of election for Arizona and Illinois.

National: Forget Comey. The Real Story Is Russia’s War on America | Politico

It was a breezy, surprisingly pleasant summer week in Washington as the frenzy around potential Trump-Russia revelations reached near-carnival levels. On Thursday, brightly clad groups scattered across the lawns of Capitol Hill could almost have been picnickers — if not for the mounds of cable leashing them to nearby satellite trucks. Every news studio in D.C. seemed to have spilled forth into the jarring sunlight, eager for the best live backdrop to the spectacle that awaited. Bars opened early for live viewing of former FBI Director James Comey’s testimony before the Senate Select Intelligence Committee. Political ads against Comey — who isn’t running for anything — aired during coverage of the hearing, often back-to-back with vibrant ads praising President Trump’s first foreign trip, where he “[united] forces for good against evil.” Only D.C.’s usually opportunistic T-shirt printers seemed to have missed the cue, forced to display the usual tourist “FBI” fare in rainbow spectrum but offering no specialty knitwear for the occasion. The conversion of America’s political arena into a hybrid sporting event/reality show was nonetheless near complete.

Editorials: I was an FBI agent. Trump’s lack of concern about Russian hacking shocks me. | Asha Rangappa/The Washington Post

Reactions to former FBI director James B. Comey’s testimony Thursday mostly seemed to follow predictable, partisan lines. To many Democrats, Comey appeared to be describing a clear case of obstruction of justice by President Trump. To Republicans who support the White House, Comey’s recounting of “leaking” his memos about conversations with Trump showed that he deserved to be fired. But as a former FBI counterintelligence agent, what I saw as the most explosive aspect of the testimony didn’t involve any legal violation of the U.S. code or questions about whether Comey had broken established Department of Justice protocols. Instead, it was the prima facie evidence that Comey presented that Trump appears unwilling to uphold his oath “to preserve, protect, and defend” the country — which puts the security of our nation and its democracy at stake. In the nine times Trump met with or called Comey, it was always to discuss how the investigation into Russia’s election interference was affecting him personally, rather than the security of the country. He apparently cared little about understanding either the magnitude of the Russian intelligence threat, or how the FBI might be able to prevent another attack in future elections.

National: Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election | The Intercept

Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept. The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light. While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.

National: Comey Says Russian Hackers Targeted ‘Hundreds’ of Election-Related Entities, and the Real Number ‘Could Be More Than 1,000’ | Nextgov

At the Senate Intelligence Committee hearing Thursday, committee Chairman Richard Burr asked James Comey to describe the scope of Russian-led “cyber intrusions” that took place during the 2016 election season. There was “a massive effort to target government and non-governmental—near governmental—agencies like nonprofits,” said Comey, the former FBI director. “What would be the estimate of how many entities out there the Russians specifically targeted in that time frame?” Burr asked. “It’s hundreds,” Comey said. “I suppose it could be more than 1,000, but it’s at least hundreds.”

Editorials: Russia’s attempt to hack voting systems shows that our elections need better security | Bruce Schneier/The Washington Post

This week brought new public evidence about Russian interference in the 2016 election. On Monday, the Intercept published a top-secret National Security Agency document describing Russian hacking attempts against the U.S. election system. While the attacks seem more exploratory than operational — and there’s no evidence that they had any actual effect — they further illustrate the real threats and vulnerabilities facing our elections, and they point to solutions. The document describes how the Russian GRU attacked a company called VR Systems that, according to its website, provides software to manage voter rolls in eight states. The August 2016 attack was successful, and the attackers used the information they stole from the company’s network to launch targeted attacks against 122 local election officials on Oct. 27, 12 days before the election. … This hack will certainly come up at the Senate hearing where former FBI director James B. Comey is scheduled to testify Thursday. Last year, there were several stories about voter databases being targeted by Russia. Last August, the FBI confirmed that the Russians successfully hacked voter databases in Illinois and Arizona. And a month later, an unnamed Department of Homeland Security official said that the Russians targeted voter databases in 20 states. Again, we don’t know of anything that came of these hacks, but expect Comey to be asked about them. Unfortunately, any details he does know are almost certainly classified, and won’t be revealed in open testimony.