National: U.S. elections are more vulnerable than ever to hacking | Politico

America’s political system will remain vulnerable to cyberattacks and infiltration from foreign and domestic enemies unless the government plugs major holes and commits millions of dollars in the coming years. Despite expectations that the U.S. on Thursday will slap Russia with retaliatory measures for hacking the recent presidential race, major political, financial and logistical obstacles stand in the way of ensuring that hackers are locked out of future elections, not to mention an incoming administration that is dismissive about the government’s own allegations that Russia pulled off a widespread hacking campaign that fueled Americans’ wariness of the political process and possibly helped President-elect Donald Trump win the White House.

National: The 2016 Election Wasn’t Hacked, But the 2020 Election Could Be | Motherboard

After partial vote recounts in certain states, US election officials found no evidence that votes had been manipulated by a cyberattack on voting machines, security researchers told an audience at the Chaos Communication Congress hacking festival on Wednesday. But, the researchers called for a vast overhaul in voting machine security and related legislation, warning that an attack is still possible in a future election. “We need this because even if the 2016 election wasn’t hacked, the 2020 election might well be,” said J. Alex Halderman, a professor of computer science at the University of Michigan, during a presentation with Matt Bernhard, a computer science PhD student. Halderman’s and other security experts’ concerns made headlines in November when he participated in a call with the Clinton campaign about a potential recount in some states. Green Party candidate Jill Stein subsequently held a crowdfunding campaign to finance the recounts. “Developing an attack for one of these machines is not terribly difficult; I and others have done it again and again in the laboratory. All you need to do is buy one government surplus on eBay to test it out,” Halderman, who has extensively researched voting machine security, said during the talk.

National: U.S. Poised to Act Over Alleged Election Hacking | Wall Street Journal

The Obama administration could announce as early as Thursday moves to retaliate against Russia for its alleged use of cyberattacks to meddle in last month’s presidential election, a senior U.S. official said. The White House has been considering a variety of measures to respond to the hacking of the Democratic National Committee and the email account of Hillary Clinton’s campaign chairman, John Podesta, including sanctions and retaliatory cyber actions. U.S. officials have said the “proportional response” could involve both steps that would be publicly disclosed afterward and covert moves that would remain classified.

National: Obama administration is close to announcing measures to punish Russia for election interference | The Washington Post

The Obama administration is close to announcing a series of measures to punish Russia for its interference in the 2016 presidential election, including economic sanctions and diplomatic censure, according to U.S. officials. The administration is finalizing the details, which also are expected to include covert action that will probably involve cyber-operations, the officials said. An announcement on the public elements of the response could come as early as this week. The sanctions portion of the package culminates weeks of debate in the White House on how to revise a 2015 executive order that was meant to give the president authority to respond to cyberattacks from overseas but that did not cover efforts to influence the electoral system.

National: Intelligence agencies sued for records on Russian election interference | The Hill

A lawsuit has been filed against the CIA, the FBI, the Department of Homeland Security and the Office of the Director of National Intelligence seeking records pertaining to Russia’s interference in the presidential election. Journalist Jason Leopold and Ryan Shapiro, a Ph.D. candidate at the Massachusetts Institute of Technology (MIT), filed a lawsuit in the U.S. District Court for the District of Columbia on Monday asserting that the agencies have failed to comply with their request for documents under the Freedom of Information Act (FOIA).

Czech Republic: Government to fight ‘fake news’ with specialist unit | The Guardian

The Czech government is to set up a specialist “anti-fake news” unit as officials attempt to tackle falsehoods, predominantly about migrants, which they claim are spread by websites supported by the government of Russian president Vladimir Putin. The new unit will aim to counteract interference in the Czech Republic’s forthcoming general election, to be held in October, amid polling evidence that online disinformation is influencing public opinion and threatening to destabilise the country’s democratic system, established after the fall of communism in 1989. Although definite links are hard to prove, officials say they are convinced the Kremlin is behind about 40 Czech-language websites presenting radical views, conspiracy theories and inaccurate reports. The officials believe the objective is to transform the Czech Republic’s current status as a western-aligned country.

National: Why it’s so hard to prove that Russia was behind the election hacks | The Washington Post

“If I can’t use this information, then what good is it to have it?! Why even collect it in the first place?!” It’s a cry of frustration, an angry rhetorical exclamation I heard many times during my 30-year career as an operations officer at the CIA. Usually it comes from ambassadors or senior members of the national security apparatus in Washington, and occasionally even from analysts in the intelligence community who have been provided with a truly stunning piece of information acquired clandestinely from human or technical sources. The sense of frustration among these consumers of intelligence is heightened when the topic is critical and timely, and when both the government and the American public are clamoring for answers to difficult questions. This is precisely where we as a nation find ourselves when discussing the claim by the U.S. intelligence community that Russian hackers attempted to influence the U.S. presidential elections. The White House has ordered a report on what the hackers did, and to what extent they were trying to help Donald Trump, before Trump is sworn in as president Jan. 20. News reports say officials at the FBI and the CIA have agreed that hackers targeted the Democratic National Committee and Hillary Clinton’s campaign chairman, John Podesta, to boost Trump. President Obama suggested this month that Russian President Vladimir Putin knew about the hacks. But proving that case to the public at large will get complicated. The discussion about the cyber intrusions and what U.S. intelligence agencies know about them goes directly to some of the most sensitive questions in the business: the best way to protect sources and methods, and how to use clandestinely acquired information to resolve a politically charged issue. Secrets intelligence agencies want to keep compete with an understandable desire to reveal them. Facts may help resolve the matter, but in revealing the facts, the government may also reveal how we got them. It is truly not an overstatement to say that technical capabilities we have spent years and millions to develop could be rendered useless in one news cycle if disclosure is not handled correctly. Worse — and I do not exaggerate — if it were human sources that provided the information, they could lose their lives.

National: The Year in Government Hacking: 2016 in Review | Electronic Frontier Foundation

There’s no question that this has been a big year for government hacking. Not a day has gone by without some mention of it in the news. 2016 may forever be remembered as the year when government hacking went so mainstream that Stephen Colbert cracked jokes about Fancy Bear and Cozy Bear on The Late Show. The Obama administration has publicly blamed the Russian government for a series of compromises of U.S. political institutions and individuals in this election year, including the Democratic National Committee, the Republican National Committee, and John Podesta, former Chairman of the Hillary Clinton election campaign. Political espionage is nothing new, but what distinguishes this series of attacks is the element of publication. This election cycle was dominated by news stories stemming from DNC and Podesta emails leaked to and published by Wikileaks, which has repeatedly said that it will not comment on sources but denies that the source of the documents is Russian.

National: Senate investigation of Russian hacking will be broad, going beyond 2016 elections | McClatchy DC

The Senate’s most powerful committee with oversight of U.S. intelligence agencies will meet mostly behind closed doors as it takes on a broad and serious investigation into “cyber activity directed against our nation by the Russian government,” said U.S. Sen. Richard Burr, intelligence committee chairman, on Friday. Burr, who is North Carolina’s senior Republican senator, laid out in a news statement a lengthy description of the committee’s work ahead, which will be done by Democrats and Republicans, in nonpartisan fashion, he said. Officials who work for President Barack Obama, as well as members of President-elect Donald Trump’s team, could be called on to testify under oath in front of Congress on the issue of alleged Russian hacking and subsequent leaks. The hacking targeted the Democratic Party and, specifically, Hillary Clinton’s presidential campaign.

National: Group allegedly behind DNC hack targeted Ukraine, report finds | The Guardian

A new report suggests the same hacking group believed to have hacked the Democrats during the recent presidential election also targeted Ukrainian artillery units over a two-year period, that if confirmed would add to suspicions they are Russian state operatives. The report, issued by cybersecurity firm CrowdStrike, said a malware implant on Android devices was used to track the movements of Ukrainian artillery units and then target them. The hackers were able to access communications and geolocations of the devices, which meant the artillery could then be fired on and destroyed. The report will further fuel concerns that Russia is deploying hacking and cyber-attacks as a tool of both war and foreign policy. The hack “extends Russian cyber-capabilities to the frontlines of the battlefield”, the report said. Russia gave military and logistical backing to separatists fighting against Ukrainian forces in east Ukraine, in a war that broke out in spring 2014. The application was designed for use with the D-30 122mm towed howitzer, a Soviet-made artillery weapon still in use today. The app reduced firing times from minutes to seconds, according to the Ukrainian officer who designed it. However, it appears that the Android app was infected with a Trojan.

Editorials: Russian Meddling and Europe’s Elections | The New York Times

While revelations about Russian involvement in the American presidential election rock the United States, there are ominous signs that Russia is spreading propaganda and engaging in cyberattacks in Europe in advance of several national elections next year. In 2017, Germany, France and the Netherlands will hold elections. It is also possible that Italy will move elections scheduled for 2018 forward in the wake of the resignation of Prime Minister Matteo Renzi after voters rejected a referendum on constitutional reforms this month. Candidates who are right-wing populists and friendly toward Russia are gaining ground across Europe, thanks, in part, to Russian interference along the lines of what Moscow was accused of doing in the United States. Russia’s goals in Europe appear to be to elect foreign leaders who are sympathetic to Russian expansionism, to weaken NATO and to fan anti-European Union forces. In France, Marine Le Pen’s National Front party benefited in 2014 from an $11.7 million Kremlin loan to help finance its campaigns. And the winner of the center-right Les Républicains party’s recent primary elections, François Fillon, has called for lifting sanctions on Russia for its annexation of Crimea and its war in Ukraine, and for working with Russia to curb immigration and prevent terrorism.

Lithuania: Russian spyware on Lithuanian government computers | Reuters

The Baltic state of Lithuania, on the frontline of growing tensions between the West and Russia, says the Kremlin is responsible for cyber attacks that have hit government computers over the last two years. The head of cyber security told Reuters three cases of Russian spyware on its government computers had been discovered since 2015, and there had been 20 attempts to infect them this year. “The spyware we found was operating for at least half a year before it was detected – similar to how it was in the USA,” Rimtautas Cerniauskas, head of the Lithuanian Cyber Security Centre said. When presented with the allegations, President Vladimir Putin’s spokesman Dmitry Peskov told Reuters they were “laughable” and unsubstantiated. “Did it (the spyware) have ‘Made in Russia’ written on it?” quipped Peskov. “We absolutely refute this nonsense.” He said Russia itself was targeted in cyber attacks “round the clock,” but said it would be stupid to accuse foreign governments.

National: Cybersecurity firm finds evidence that Russian military unit was behind DNC hack | The Washington Post

A cybersecurity firm has uncovered strong proof of the tie between the group that hacked the Democratic National Committee and Russia’s military intelligence arm — the primary agency behind the Kremlin’s interference in the 2016 election. The firm CrowdStrike linked malware used in the DNC intrusion to malware used to hack and track an Android phone app used by the Ukrainian army in its battle against pro-Russia separatists in eastern Ukraine from late 2014 through 2016. While CrowdStrike, which was hired by the DNC to investigate the intrusions and whose findings are described in a new report, had always suspected that one of the two hacker groups that struck the DNC was the GRU, Russia’s military intelligence agency, it had only medium confidence. Now, said CrowdStrike co-founder Dmitri Alperovitch, “we have high confidence” it was a unit of the GRU. CrowdStrike had dubbed that unit “Fancy Bear.” The FBI, which has been investigating Russia’s hacks of political, government, academic and other organizations for several years, privately has concluded the same. But the bureau has not publicly drawn the link to the GRU. CrowdStrike’s fingering of the GRU helps to deepen the public’s understanding of how different arms of the Russian government are carrying out malicious and deeply troubling cyber acts in the United States.

National: U.S. government loses to Russia’s disinformation campaign: advisers | Reuters

The U.S. government spent more than a decade preparing responses to malicious hacking by a foreign power but had no clear strategy when Russia launched a disinformation campaign over the internet during the U.S. election campaign, current and former White House cyber security advisers said. Far more effort has gone into plotting offensive hacking and preparing defenses against the less probable but more dramatic damage from electronic assaults on the power grid, financial system or direct manipulation of voting machines. Over the last several years, U.S. intelligence agencies tracked Russia’s use of coordinated hacking and disinformation in Ukraine and elsewhere, the advisers and intelligence experts said, but there was little sustained, high-level government conversation about the risk of the propaganda coming to the United States.

Editorials: Investigate Russian Hacking the Right Way | The New York Times

President-elect Donald Trump will assume office next month dogged by the question of whether a covert ploy by the Russian government had a decisive effect on his election. While a conclusive answer is likely to remain elusive, American voters deserve as many details as can be ascertained about Russia’s role in the campaign, to better protect the political process from similar interference in the future. The assessment by American intelligence agencies that the Russian government stole and leaked Clinton campaign emails has been accepted across the political spectrum, with the notable exception of Mr. Trump. The House speaker, Paul Ryan, called Russian meddling “unacceptable,” and said that under President Vladimir Putin, Moscow “has been an aggressor that consistently undermines American interests.” Mitch McConnell, the Senate majority leader, said in a recent interview that the fact that the “Russians were messing around in our election” is a “matter of genuine concern.” Addressing the issue properly will require a bipartisan congressional investigation led by people with the authority and intent to get to the truth, however disturbing that might be for the incoming administration and the Republican Party. The intelligence agencies concluded that the Russian hacking was meant to help elect Mr. Trump.

West Virginia: Secretary of State, Incoming Successor Quarrel Over Hacking Claims | Government Technology

Secretary of State Natalie Tennant and Secretary of State-Elect Mac Warner are sparring over claims that the Department of Homeland Security attempted to “hack” into West Virginia election records. Warner encouraged President-elect Donald Trump to pursue an immediate investigation into “recorded hacking attempts” of voter files in West Virginia, according to a statement released early Sunday morning. Warner said the attempts were recorded by firewall protection software Nov. 7 and Oct. 29. “Upon taking office, this issue will be at the top of our list to investigate and respond appropriately,” Warner wrote. “DHS holds a responsibility to be transparent with the hacking details, objective and intent of action with the information.” Tennant said Warner’s statements were false in a statement Sunday afternoon. On Oct. 29 an invalid website address was used in an attempt to reach West Virginia’s Statewide Voter Registration System. She said the DHS IP address Warner is questioning viewed public election night results on Nov. 7.

Europe: Europe Braces for Russian Cyber Assault Before 2017 Elections VoA News

Amid ongoing accusations that Russia attempted to influence and subvert the U.S. presidential election, Europe is bracing for a similar operation by Moscow before a series of elections. France, Germany and the Netherlands go to the polls in 2017, and analysts say Russia is already attempting to influence the outcomes, a charge Moscow denies. As the chief European architect of sanctions against Russia, analysts say German Chancellor Angela Merkel is the European leader Moscow would most like to see voted out of power. In a speech this month Merkel warned of the dangers of external attempts to hack the election, adding that German leaders must inform people, and express their political convictions clearly. The chancellor is running for a fourth term. But she does have an Achilles heel. Nearly a million migrants arrived in Germany in 2015 and analysts say Russia will likely use this to try whip-up anti-immigrant feeling.

Russia: Moscow’s cyber warriors in Ukraine linked to US election | Financial Times

CrowdStrike, a cyber security firm, has found evidence of alleged Russian government hacking in Ukraine that boosts its confidence that Russia orchestrated the hacking of Democratic National Committee servers in the US before the presidential election. The firm, which was hired by the DNC to rebuild its cyber defences after the attack, said Fancy Bear — a code name it assigned to hackers that it believes are associated with Russian military intelligence, the GRU — had implanted malware in an Android mobile phone application used by anti-Russian forces operating in eastern Ukraine. Dmitri Alperovitch, the co-founder and chief technology officer of CrowdStrike, said it had concluded that the hackers who installed the malware were the same perpetrators of the hack that siphoned the DNC emails and penetrated the personal email account of John Podesta, who was the campaign manager for Hillary Clinton. Identifying the perpetrators of cyber intrusions is notoriously difficult as sophisticated attackers can conceal their identity or make it appear that other parties are behind the activity. But Mr Alperovitch said his confidence level that the DNC hack was the work of the GRU had risen from “medium” to “high” because of the actions that appeared to occur in eastern Ukraine from 2014 to 2016.

National: Mitch McConnell rejects calls for select panel on Russian meddling | Associated Press

Senate Majority Leader Mitch McConnell is rejecting bipartisan calls for a special committee to investigate Russian interference in the U.S. election, which American intelligence says was aimed in part at helping Republican Donald Trump defeat Democrat Hillary Clinton. The likely meddling by Russia “is a serious issue, but it doesn’t require a select committee,” said McConnell, R-Ky. The Senate intelligence committee is able to investigate the matter, he added. CIA Director John Brennan has said the intelligence community is in agreement that Russia tried to interfere in the U.S. presidential election, although there’s no evidence Moscow succeeded in helping Trump win. “There’s no question that the Russians were messing around in our election,” McConnell told Kentucky Educational Television on Monday night. “It is a matter of genuine concern and it needs to be investigated.”

Russia: Russia’s View of the Election Hacks: Denials, Amusement, Comeuppance | The New Yorker

By now, the basic facts of the case appear largely settled: hackers working in coördination with—or on direct orders from—Vladimir Putin’s government broke into the e-mail accounts of the Democratic National Committee and John Podesta, Hillary Clinton’s campaign chairman, passing the contents to WikiLeaks, which published them in slow drips over the summer and fall. Clinton, of course, lost last month’s Presidential election; Democrats quickly seized on the hacks, and the media coverage of them, to help explain the outcome. Anonymous sources at the C.I.A.—and, later, the F.B.I. and other intelligence agencies—told the Washington Post that aiding Trump’s candidacy was exactly the point of the Russian operation. Yet many important questions remain unanswered. What was the ultimate effect of the Russian hacks? Why did the Russians do it, and how, in his final days in office, should Barack Obama respond? The first question may ultimately be unknowable. Clinton, who won the popular vote by 2.86 million votes, lost the Electoral College thanks to margins of less than a per cent in Michigan, Pennsylvania, and Wisconsin. During a recent appearance on “Meet the Press,” Podesta avoided the question of whether he thought the election had been “free and fair,” saying only that it had been “distorted by the Russian intervention.” But was that distortion in fact decisive? To isolate the WikiLeaks e-mails to explain Clinton’s narrow loss is to elevate their importance above a host of other factors, including the Clinton campaign’s weaknesses, Trump’s genuine appeal as a candidate, as well as the diminishing power of political parties and the national press that covers them. (Not to mention the last-minute, whiplash letters from James Comey, the director of the F.B.I.)

National: McCain calls for committee to investigate Russia hacking: ‘There’s no doubt’ of interference | The Washington Post

Sen. John McCain (R-Ariz.) on Sunday again decried Russia’s alleged interference in the 2016 presidential race and called for a select Senate committee to investigate the country’s cyber activities during the election. On CNN’s “State of the Union,” McCain told host Jake Tapper that there was “no doubt” Russia interfered with the election. “We need to get to the bottom of this,” he said. “There’s no doubt they were interfering. There’s no doubt. The question is now, how much and what damage? And what should the United States of America do?” Earlier this month, the CIA concluded in a secret assessment that Russia meddled in the election to help Donald Trump win the presidency. FBI Director James B. Comey and Director of National Intelligence James R. Clapper Jr. agreed with the CIA’s assessment. Tapper asked whether McCain was concerned that Trump has not denounced Russia’s alleged interference — while maintaining a “friendly posture” toward Russian President Vladimir Putin.

National: Senators Push to Broaden Inquiry on Election Hacking | The New York Times

Pressure mounted on Sunday for a broader congressional investigation of Russian cyberattacks aimed at influencing the American election, even as a top aide to President-elect Donald J. Trump said there was no conclusive evidence of foreign interference. The effort was being led by a bipartisan group of senators, including John McCain, Republican of Arizona, and Chuck Schumer of New York, the Senate Democratic leader, who called on Sunday for the creation of a Senate select committee on cyberactivity to take the investigative lead on Capitol Hill. “Recent reports of Russian interference in our election should alarm every American,” the senators wrote on Sunday in a letter to Senator Mitch McConnell, Republican of Kentucky and the majority leader, who has said a select committee is not necessary. “Cybersecurity is the ultimate cross-jurisdictional challenge, and we must take a comprehensive approach to meet this challenge effectively.” The developments served to deepen the fissures between high-ranking lawmakers of both parties who see American intelligence reports implicating Russia as the basis for additional inquiries and Mr. Trump, who continues to reject the conclusions of those reports.

National: Why Trump’s assertion that hackers can’t be caught after an attack is wrong | Business Insider

Even though hackers responsible for the cyberattack on the Democratic Party and Hillary Clinton’s campaign weren’t caught in the act, it doesn’t mean they can’t be identified as President-elect Donald Trump has asserted. Michael Borohovski, a cybersecurity expert with experience working with the intelligence community and Chief Technology Officer of Tinfoil Security, says investigators have methods of uncovering the identity of attackers long after they’re gone. “It’s actually significantly harder to catch somebody in the act than it is to catch somebody after the fact,” Borohovski told Business Insider. “Unfortunately it’s not like in the movies where as soon as someone is attacking, big red alarms go off.” In a Fox News interview last weekend, Trump cast doubt on the CIA’s recent findings that Russia was involved in cyberattacks against the Democratic Party to help him win the election, calling it “ridiculous” and an excuse for the opposing party’s loss.

Editorials: The Painfully Vulnerable Election System and Rampant Security Theater | James Scott/ICIT

The first step to correcting the plague of cyber-kinetic vulnerabilities riddling our election system is to admit these problems exist, then bring in qualified personnel to expediently patch vulnerabilities, upgrade technologies and erect cyber defenses around the perimeters of targeted technologies such as manufacturer updates, voting machines and scanners, state websites, state servers and local and state tabulators. This quick blog post is a last attempt by cybersecurity experts to influence local and state election officials to patch the listed vulnerabilities existing within their space that could hinder the natural outcome of the election process. Figure 3 in this post is a checklist for state officials to use when analyzing their networks for vulnerabilities pre-election. The results of the 2016 elections will decide: the next President of the United States, the majority control of the Senate, the potential to appoint up to four Supreme Court justices, and numerous state and local level positions. While political tensions and opinionated discourse run rampant in the days before the election, it is paramount to the continued solidarity of the United States of America, that the integrity of the election process remains demonstratively uncompromised. Election systems are vulnerable at the local, state, and manufacturer level. The decentralization of the U.S. election system offers no benefit to security. The fallacy of the decentralization argument is the conclusion that because systems are not networked at the state level, the result of the national election cannot be affected. This simply is not the case. All decentralization means is that while some states secure election systems to various degrees according to the modern threat landscape, other states barely secure systems at all. Security through obscurity is not a defense. As discussed the Hacking Elections is Easy! report series, an adversary who targets local machines in a pivotal county of a swing state or that targets a state tabulation system directly, can significantly impact the results of a national election through the results of the target state. Local and State level election systems are vulnerable to exploit due to black-box proprietary code, exploitable features and insecure design, vulnerable removable media, interconnectivity, and antiquated cybersecurity strategies. With mere days before Election Day, state and local election officials have limited options available to mitigate a tide of partisan backlash and allegations of fraudulent results.

Editorials: GOP electors should demand intel briefing on Russian hacking, too | Brent Budowsky/The Hill

The CIA, the FBI and the Director of National Intelligence now agree that Russia engaged in aggressive covert action to affect the presidential election and hoped to achieve the election of Donald Trump as president and commander in chief by doing so. Every Republican elector should join the large and growing number of electors who have called for a full intelligence briefing about the extent and purpose of Russian attacks on American democracy, Russia’s interference in the recently concluded presidential campaign and Russia’s desire to elect Trump on Election Day. A large and growing number of Electoral College electors have already called on Obama administration intelligence officials to provide them with an intelligence briefing about the Russian role in the election. However, it is inexcusable that most GOP electors have not joined them. GOP electors should be asked by the media and voters in their states: Do you care if the Russians engaged in espionage for the purpose of electing Trump?

Germany: Russian influence looms over Germany’s election | Politico.eu

Long before the CIA and FBI came to the public conclusion last week that the Kremlin had interfered in the U.S. presidential election with the aim of helping Donald Trump, a senior German intelligence official told colleagues that Russia was interfering in German politics. The federal security agency had observed “active measures” from Russia to influence public opinion, Thomas Haldenwang, the deputy president of the domestic security agency BfV, warned senior German security officials at a conference in Berlin in June. The aim, Haldenwang said, was “to influence public perception and opinion in our country, to the detriment of the German government.” With elections due for next year, government officials now fear that Russian President Vladimir Putin has trained his sights on Chancellor Angela Merkel, one of the most visible critics of Russia’s involvement in Syria and Ukraine, as the next target for a Kremlin misinformation campaign. During a press conference earlier this month, Merkel, who will run for office again next year, said that cyberattacks and a misinformation campaign during the election were “possible.” Konstantin von Notz, the Green party’s spokesperson on internet policy in the German parliament, was blunter. “There’s a real danger that the bitter experience of the U.S. election could be repeated here,” he said.

National: FBI in agreement with CIA that Russia aimed to help Trump win White House | The Washington Post

FBI Director James B. Comey and Director of National Intelligence James R. Clapper Jr. are in agreement with a CIA assessment that Russia intervened in the 2016 election in part to help Donald Trump win the White House, officials disclosed Friday, as President Obama issued a public warning to Moscow that it could face retaliation. New revelations about Comey’s position could put to rest suggestions by some lawmakers that the CIA and the FBI weren’t on the same page on Russian President Vladi­mir Putin’s intentions. Russia has denied being behind the cyber-intrusions, which targeted the Democratic National Committee and the private emails of Hillary Clinton’s campaign chairman, John Podesta. Trump, in turn, has repeatedly said he doubts the veracity of U.S. intelligence blaming Moscow for the hacks. “I think it’s ridiculous,” Trump said in an interview with “Fox News Sunday,” his first Sunday news-show appearance since the Nov. 8 election. “I think it’s just another excuse. I don’t believe it. . . . No, I don’t believe it at all.” At a “thank you” event Thursday night with some of her top campaign donors and fundraisers, Clinton said she believed Russian-backed hackers went after her campaign because of a personal grudge that Putin had against her. Putin had blamed Clinton for fomenting mass protests in Russia after disputed 2011 parliamentary elections that challenged his rule. Putin said Clinton, then secretary of state, had “sent a signal” to protesters by labeling the elections “neither free nor fair.”

National: U.S. Election Assistance Commission breached by hackers after November vote | Reuters

The U.S. agency charged with ensuring that voting machines meet security standards was itself penetrated by a hacker after the November elections, according to a security firm working with law enforcement on the matter. The security firm, Recorded Future, was monitoring underground electronic markets where hackers buy and sell wares and discovered someone offering log-on credentials for access to computers at the U.S. Election Assistance Commission, company executives said. Posing as a potential buyer, the researchers engaged in a conversation with the hacker, said Levi Gundert, vice president of intelligence at the company, and Andrei Barysevich, director of advanced collection. Eventually they discovered that the Russian-speaking hacker had obtained the credentials of more than 100 people at the election commission after exploiting a common database vulnerability, the researchers said.

Ohio: Hackers hit Henry County voter database | The Courier

Attempts by computer hackers to hold Henry County’s voter database for ransom had county and state officials scrambling just days before the Nov. 8 general election. Voters were advised about the data breach in a letter sent by the Henry County commissioners earlier this month. Commissioner Glenn Miller said the voter database was restored from backups at the county and state level, and no ransom was paid. He said officials have no reason to believe the security breach compromised election results, or that voter registration information was extracted from the system. The ransomware attack occurred on Oct. 31. Ransomware is a malicious software used to deny access to the owner’s data in an effort to extort money. Miller said hackers that use ransomware are typically after money, not stealing data.

Europe: Governments brace for Russian hacking in upcoming elections | Politico

European governments are bracing for cyber-meddling by Moscow in upcoming national elections in France, the Netherlands and Germany. Amid uproar in the United States over CIA findings that Russian hackers interceded in the election to help President-elect Donald Trump, a series of incidents in Europe have led to stark warnings by high-level officials, particularly in Germany, and by cybersecurity experts who say online political and information warfare is certain to worsen. In a remarkable two-page warning late last week, Hans-Georg Maaßen, the head of Germany’s Federal Office for Protection of the Constitution, a domestic security agency, said there was a clear threat from Russian hackers seeking to sow “uncertainty in German society” and to destabilize the country. “In the political arena we see increasing and aggressive cyber-espionage,” Maaßen said. “We see a potential hazard to members of the German government, the Bundestag and employees of democratic parties through cyber-operations.” On Monday, German MEPs across the political spectrum echoed those worries.