National: Russia Hack of U.S. Politics Bigger Than Disclosed, Includes GOP | NBC

The Russian government’s cyber-espionage campaign against the American political system began more than a year ago and has been far more extensive than publicly disclosed, targeting hundreds of key people — Republicans and Democrats alike — whose work is considered strategically important to the Putin regime, official sources told NBC News. The targets over the past two years have included a Who’s Who of Hillary Clinton associates from her State Department tenure, the Clinton Foundation and her presidential campaign, as well as top Republicans and staffers for Republican candidates for president. Starting in earnest in 2015, Russian hackers used sophisticated “spearphishing” techniques to steal emails and other data from Capitol Hill staffers, operatives of political campaigns and party organizations, and other people involved in the election and foreign policy. That’s according to NBC News interviews with more than two dozen current and former U.S. officials, private sector cybersecurity experts and others familiar with the FBI-led investigation into the hacks.

Texas: Election security: Officials say Texas voter databases haven’t been hacked | The Star-Telegram

Texas election systems are safe from hackers — so far. As more than 20 other states grapple with hackers targeting their voter registration systems, Texas election officials say this state’s electoral system has not been breached. “We haven’t found anything,” Texas Secretary of State Carlos Cascos told the Star-Telegram. “We don’t have any information … that we have been threatened or that there has been an attempted threat to hack into our systems. “We’ve got protocols in place, safety valves in place, to alert us to something like that.” Federal officials are offering few details or specifics about why voting systems across the country are being hacked. They do, however, say that the target has been voter databases, not actual voting systems. FBI Director James Comey said, “There’s no doubt that some bad actors have been poking around.” And he stressed that the FBI is trying to determine “what mischief is Russia up to in connection with our election.”

National: US officially accuses Russia of hacking DNC and interfering with election | The Guardian

The US government has formally accused Russia of hacking the Democratic party’s computer networks and said that Moscow was attempting to “interfere” with the US presidential election. Hillary Clinton and US officials have blamed Russian hackers for stealing more than 19,000 emails from Democratic party officials, but Friday’s announcement marked the first time that the Obama administration has pointed the finger at Moscow. “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities,” said the office of the director of national intelligence and the Department of Homeland Security (DHS)in a joint statement. The accusation marked a new escalation of tensions with Russia and came shortly after the US secretary of state, John Kerry, called for Russia to be investigated for war crimes in Syria.

National: 5 ways to improve voting security in the US | PCWorld

With the U.S. presidential election just weeks away, questions about election security continue to dog the nation’s voting system. It’s too late for election officials to make major improvements, “and there are no resources,” said Joe Kiniry, a long-time election security researcher. However, officials can take several steps for upcoming elections, security experts say. “Nobody should ever imagine changing the voting technology used this close to a general election,” said Douglas Jones, a computer science professor at the University of Iowa. “The best time to buy new equipment would be in January after a general election, so you’ve got almost two years to learn how to use it.” … Some states conduct extensive pre-election tests of their voting equipment, but other tests are less comprehensive, said Pamela Smith, president of elections security advocacy group Verified Voting. Most jurisdictions conduct pre-election voting tests, but many “randomly select some machines” after ballot information, such as candidates’ names, is programmed in, Smith said. Testing all voting machines before an election would be more secure, she said.

Maryland: Security Experts Question Maryland’s Online Ballot System | Associated Press

A new online ballot system and marking tool could weaken Maryland’s voting security and make it the most vulnerable state in the nation, according to some cybersecurity experts. On Sept. 14, the Maryland State Board of Elections voted 4-1 to certify a new voting system and marking tool for online ballots. The new system will allow all Maryland voters the ability to both make selections on a computer and print absentee ballots from home, and send them into the State Board of Elections. Nikki Charlson, the deputy state administrator of the Board of Elections, said the system and tool are as secure as possible. “We are following all of the best practices for IT systems,” she said. Experts in cybersecurity and computer science have publicly stated they believe the potential risks with the new method of voting outweigh the benefits.

National: If the election is hacked, we may never know | Computerworld

The upcoming U.S. presidential election can be rigged and sabotaged, and we might never even know it happened. This Election Day voters in 10 states, or parts of them, will use touch-screen voting machines with no paper backup of an individual’s vote; some will have rewritable flash memory. If malware is inserted into these machines that’s smart enough to rewrite itself, votes can be erased or assigned to another candidate with little possibility of figuring out the actual vote. In precincts where vote tallies raise suspicions, computer scientists will be called in the day after the election to conduct forensics. But even if a hack is suspected, or proven, it would likely be impossible to do anything about it. If the voting machine firmware doesn’t match what the vendor supplied, “it’s like you burned all the ballots,” said Daniel Lopresti, a professor and chair of the Computer Science and Engineering Department at Lehigh University in Pennsylvania. “We have no way to confirm that we can really trust the output from the machine,” he said.

National: 3 nightmare election hack scenarios | CSO Online

The question on the mind of many voting security experts is not whether hackers could disrupt a U.S. election. Instead, they wonder how likely an election hack might be and how it might happen. The good news is a hack that changes the outcome of a U.S. presidential election would be difficult, although not impossible. First of all, there are technology challenges — more than 20 voting technologies are used across the country, including a half dozen electronic voting machine models and several optical scanners, in addition to hand-counted paper ballots. But the major difficulty of hacking an election is less a technological challenge than an organizational one, with hackers needing to marshal and manage the resources needed to pull it off, election security experts say. And a handful of conditions would need to fall into place for an election hack to work. Many U.S. voting systems still have vulnerabilities, and many states use statistically unsound election auditing practices, said Joe Kiniry, a long-time election security researcher. “With enough money and resources, I don’t think [hacking the election] is actually a technical challenge,” said Kiniry, now CEO and chief scientist at Free and Fair, an election technology developer. “It’s a social, a political, and an infrastructural challenge because you’d have a medium-sized conspiracy to achieve such a goal. Technically, it’s not rocket science.”

National: The threat to our voting system that’s more likely than hacking | PBS

Earlier this year, the Democratic National Committee was hacked, and some of its private emails were released to the public. Last week, the FBI confirmed that hackers targeted voter registration systems in 20 states. But most voting systems are not connected to the internet, which means they’re less prone to hacking. In fact, a 2014 report by the Presidential Commission on Election Administration, says the biggest threat on Election Day is not hackers — it’s outdated equipment. This November, 42 states will use machines that are more than a decade old, according to the Brennan Center for Justice. Machines in 14 states, including Florida, Massachusetts, New Hampshire, Texas and Virginia are in some cases more than 15 years old. States are increasingly reporting vulnerabilities, such as worn-out modems used to transmit election results, failing central processing units and unsupported memory cards, the National Institute of Standards and Technology reported.

National: Hacking an election is about influence and disruption, not voting machines | PCWorld

Every time there’s an election, the topic of hacking one comes to the surface. During a presidential election, that conversation gets louder. Yet, even the elections held every two years see some sort of vote hacking coverage. But can you really hack an election? Maybe, but that depends on your goals. The topic of election hacking is different this year, and that’s because someone is actually hacking political targets. Adding fuel to the fire, on Aug. 12, 2016, during an event in Pennsylvania, Donald Trump warned the crowd that if he loses the battleground state, it’s because the vote was rigged. “The only way we can lose, in my opinion—and I really mean this, Pennsylvania—is if cheating goes on,” Trump said. This was no random remark either, Pennsylvania voting has been called in to question before. Such was the case when Republican supporters claimed Mitt Romney lost the state in 2008 due to fraud. When it comes to hacking elections, most people imagine voting machines compromised in such a way that a vote for candidate ‘A’ actually counts as a vote for candidate ‘B’ – or the votes just disappear.

Editorials: Changing votes isn’t the only way hackers could undermine an election | Zoe Lofgren/Slate Magazine

When the House Committee on Science recently held a hearing on cyber vulnerabilities and our elections systems, the committee focused only on threats facing the actual systems of voting—tabulations, electronic machines, and the possibility of a “rigged election.” Experts who testified at the hearing agreed that a threat to widespread vote manipulation across many different precincts and jurisdictions is very small and unlikely. But dismissing the likelihood of cybertampering with the election tally misses an important point: Cyberattacks could shake public confidence in political institutions, sow dissent and distrust among the population, and tilt the electoral playing field. In an attack this spring, hackers—who I have been advised are from Russia —stole data from the Democratic National Committee and the Democratic Congressional Campaign Committee. They also stole voting data in Arizona and Illinois. Most recently, FBI and Department of Homeland Security officials have confirmed attempted attacks on voter registration systems in more than 20 states. These attacks align with a particular pattern that Russian-sponsored hackers have followed previously in well-documented attempts to influence foreign democratic elections in Ukraine, Bulgaria, Romania, and Philippines. They don’t just release stolen sensitive material; they also create false and counterfeit material designed to impact the outcome of elections.

National: ES&S Class Action Says Voting Machines Can Be Manipulated | Top Class Actions

A company that sells vote counting machines is facing a class action lawsuit that alleges its voting systems are subject to unnecessary monitoring and vulnerable to manipulation. Plaintiff Anthony I. Provitola filed the election class action lawsuit on Monday, claiming that this vulnerability in the voting system sold by Election Systems & Software LLC may put the outcome of the 2016 election at risk. According to the vote counting machine class action lawsuit, Election Systems has sold certain vote counting machines and election management systems to many jurisdictions since 2014. In addition to providing the mechanism by which to count and tabulate votes, Election Systems also provided software for the voting systems along with any software updates. “The principle/premise upon which this action is based is that no person or organization, directly or through software or device, should have or be allowed to have any opportunity to either monitor, observe, or have any other contact with the data representing votes in an election, other than persons and/or organizations specifically authorized by law to conduct the election,” the voting system class action lawsuit claims. Provitola states that Election Systems has made assurances online and through advertisements about its responsibility to safeguard democracy through the manner in which its software counts votes.

National: How Hackers Could Send Your Polling Station into Chaos | MIT Technology Review

Hackers looking to disrupt the election on November 8 could have better luck stealing your voter registration information than your ballot. Indeed, election security experts say Internet-connected voter registration databases could prove to be the biggest vulnerability this Election Day. They say election officials should develop contingency plans to safeguard their precincts from cyberattacks, like ensuring that there is a paper record or other kind of reliable backup of the voter database on hand at the polling station. During this election season we’ve seen cyberattacks on the e-mail servers of the Democratic National Committee and state voter registration databases, which have heightened concerns that a nation-state adversary like Russia could use the Internet to disrupt the U.S. elections in November.

National: Can you hack the vote? Yes, but not how you might think | Network World

With Donald Trump already talking about the presidential election being rigged, Symantec has set up a simulated voting station that shows how electronic systems might be hacked to alter actual vote tallies for just a few hundred dollars. They found that while it’s possible to change the number of votes cast for each candidate, it would be very difficult to do so on a large enough scale to swing the election one way or the other. However, enough machines in random precincts could be provably compromised so that general public confidence in the official outcome would be undermined, says Samir Kapuria, Symantec’s senior vice president for cyber security. Using a voting-machine simulator that contains an aggregate of known vulnerabilities from real-world voting machines and some that Symantec found itself, Kapuria demonstrated several ways attackers could taint voting results.

Pennsylvania: Voting machines could be susceptible to hackers | The Ledger

Ever since Pennsylvania began using computerized voting machines a decade ago, critics have worried that hackers could throw an election by shifting votes from one column to another. But that’s far from the only fear in 2016, a year when Illinois’ voter registration database has been hacked and Democratic Party emails were purportedly raided by Russian hackers. “People have talked about Russia supporting Donald Trump,” said University of Iowa computer science professor Douglas Jones, who co-authored a 2012 book about election security. “But I think it would be to their advantage just to have a chaotic election, one that would weaken whoever won. … And if you wanted to cook an election, you don’t have to do anything massive.”

National: DHS urges states to beef up election security | The Hill

The Department of Homeland Security on Saturday urged state election officials to seek assistance in boosting cyber security ahead of November’s elections, after hackers tapped into voter registration systems in a small number of states. In a statement, Homeland Security Secretary Jeh Johnson said 21 states have sought the Department’s assistance to improve cyber security. Johnson said hackers have been scanning state computer systems, a possible prelude to actual cyber attacks. “These challenges aren’t just in the future — they are here today,” Johnson said. “We must remain vigilant and continue to address these challenges head on. Before November 8, I urge state and local election officials to seek our cybersecurity assistance.” At least four states have had voter registration systems hacked in recent weeks. Officials in Arizona and Illinois said their systems had been improperly accessed this summer, and ABC News reported Thursday that at least two other voter registration systems were compromised. But those voter registration systems are distinct from vote tabulation systems, which county, local and state election officials maintain independently of internet-based systems. That makes the tabulation system much more difficult to hack, experts say, without physical access to the tightly guarded voting machines themselves.

National: Cyberattack threatens U.S. voting | Boston Herald

“There is a risk at large here,” Symantec Senior Vice President Samir Kapuria said. According to Symantec, the simple technological hardware in voting machines makes it relatively easy to take down a whole system of machines at a voting location. Many electronic voting systems have a cartridge in the back that holds ballot information. It’s basically a USB drive. “If somebody was really nefarious and put some tailor-made malware on one of those cartridges, that would walk from an individual system back to the nest,” Kapuria said. The problem becomes even worse when you consider that many locations do not keep a paper trail of voter receipts. There’s no simple solution to this problem, especially given that different counties and states use different types of voting machines.

Florida: Hackers Used Outside Vendor to Access State Voter Info, Sources Say | ABC

Foreign hackers were able to gain access to voter-related information in four states by targeting not only government systems, but also by breaking into computers associated with private contractors hired to handle voter information, ABC News has learned. As ABC News first reported Thursday, hackers have recently tried to infiltrate voter registration systems in nearly half of the states across the country –- a significantly larger cyber-assault than U.S. officials have been willing to concede. And while officials have publicly admitted Illinois and Arizona had their systems compromised, officials have yet to acknowledge that information related to at least two other states’ voters has also been exposed. Hackers working on behalf of the Russian government are suspected in the onslaught against election-related systems, according to sources with knowledge of the matter.

National: Hackers have attempted more intrusions into voter databases, FBI director says | The Washington Post

Hackers have attempted more intrusions into voter registration databases since those reported this summer, the FBI director said Wednesday, and federal officials are urging state authorities to gird their systems against possible other attacks. Testifying before the House Judiciary Committee, FBI Director James B. Comey said that the bureau had detected scanning activities — essentially hackers scoping out a potential attack — as well as some actual attempted intrusions into voter registration databases. He said those attempts were beyond what had been made public in July and August, likely referring to hacking efforts in Illinois and Arizona, though he offered no other specifics. “We are urging the states just to make sure that their deadbolts are thrown and their locks are on, and to get the best information they can from” the Department of Homeland Security, he said.

Maryland: Despite warnings from cyber-experts, Maryland moves forward with online voting | The Washington Post

Cybersecurity experts are warning that Maryland’s online absentee-ballot system is dangerously vulnerable to tampering and privacy invasions, both growing concerns in a year when hackers have breached the Democratic National Committee and attempted to access boards of elections in at least two states. The system allows voters who request an absentee ballot to receive the form by email and send back a printed hard copy, with their votes marked by hand or with a new online tool that allows users to mark the document with the click of a mouse or the touch of a keyboard, then print it for mail delivery. Until this year, in large part because of security concerns, the latter option was available only to people with disabilities. Critics say it is easy for impostors to use stolen credentials to request absentee ballots or for cyberthieves to hack in and retrieve data about who is requesting ballots or details of votes that were cast online. … A group of computer scientists and cybersecurity experts wrote to the board two days before its vote and urged it not to certify the system, saying the setup would “make Maryland one of the most vulnerable states in the U.S. for major election tampering.”

National: Hackers Target Election Systems in 20 States | NBC

There have been hacking attempts on election systems in more than 20 states — far more than had been previously acknowledged — a senior Department of Homeland Security official told NBC News on Thursday. The “attempted intrusions” targeted online systems like registration databases, and not the actual voting or tabulation machines that will be used on Election Day and are not tied to the Internet. The DHS official described much of the activity as “people poking at the systems to see if they are vulnerable.” “We are absolutely concerned,” the DHS official said. “The concern is the ability to cause confusion and chaos.” Only two successful breaches have been disclosed, both of online voter registration databases, in Illinois and Arizona over the summer.

National: State officials warn Congress: don’t damage public confidence in election systems | SC Magazine

An association of state officials has published an open letter that seeks to strengthen public confidence in the electoral process, in light of research that has raised questions about the security of voting machines. The National Association of Secretaries of State’s (NASS) letter calls on Congress to avoid using political rhetoric or proposing legislation that may damage confidence in the election systems. State officials are “working overtime to help the public understand the components of our election process and some of the built-in safeguards that exist,” the letter stated. “Voting systems are spread out in a highly-decentralized structure covering more than 9,000 election jurisdictions and hundreds of thousands of polling locations.” Despite NASS’s argument that the decentralized structure of election systems creates added security, a series of reports on voting machine infrastructure suggests another view. In an email to SCMagazine.com, James Scott, senior fellow at the Institute for Critical Infrastructure Technology (ICIT), noted that the lack of a centralized system creates added risks. “The lack of a National system just means that some states manage secure election systems while others lack the resources or expertise to do so,” he wrote. “An attacker only needs to compromise the results of one or two pivotal states in order to alter the results of the election.”

Editorials: Why Won’t Trump Blame the DNC Hack on Russia? | Kaveh Waddell/The Atlantic

After FBI Director Jim Comey warned a congressional panel on Wednesday that hackers are “poking around” voter-registration systems in various states, law-enforcement officials told CNN that the U.S. suspects Russian involvement. ABC News reported that nearly half of U.S. states have come under cyberattack from hackers affiliated with Russia, which helps explain Comey’s comment during Wednesday’s hearing that the FBI is looking into “just what mischief is Russia up to in connection with our election.” … So why did Donald Trump stand on a debate stage this week and equivocate on the DNC hack? … It’s not like Trump waffled onstage because he truly didn’t have the information that Clinton had. A U.S. intelligence officials told Time that the government’s confidence in Russia’s involvement in the DNC hack was covered in one of Trump’s intelligence briefings.

Ohio: Secretary of State Jon Husted wants feds to butt out on running state elections | Cleveland Plain Dealer

Secretary of State Jon Husted said cyber attackers would have a hard time disrupting Ohio’s elections but expressed concern about what the federal government could do if it took over the state’s election computer systems. Husted, the state’s chief elections officer, wrote to congressional leaders Thursday asking that the House and Senate make clear that federal agencies cannot involve themselves in the election process. The letter was prompted by comments from Homeland Security Secretary Jeh Johnson that his department would review whether state election systems should be considered as “critical infrastructure” under the Homeland Security Act of 2002. Such a designation would give the federal government ability to step in to protect those systems.

Pennsylvania: Cybersecurity expert: Pennsylvania most vulnerable to voting system hacks | CBS

The battleground state of Pennsylvania might as well have a target on its back as Election Day nears, the cybersecurity company Carbon Black warned in a new report released Thursday. “If I was a 400-pound hacker, I would target Pennsylvania,” Carbon Black chief security strategist Ben Johnson told CBS News, a reference to Donald Trump’s comment in Monday’s debate that the hacker behind the Democratic National Committee email leak could be someone “sitting on their bed that weighs 400 pounds.” U.S. intelligence officials actually believe Russia was behind that breach and a number of recent intrusions into state voter databases. Across the state, most Pennsylvania counties use particularly high-risk electronic voting machines that leave behind zero paper trails, which could be useful to audit the integrity of votes cast. In addition, many of these machines — called “direct-recording electronic” machines — are running on severely outdated operating systems like Windows XP, which has not been patched by Microsoft since 2014, Carbon Black said in its report. In general, these complex machines are a headache compared to so-called fixed-function devices that perform just one task and are thus harder to hack.

Russia: How Russia Wants to Undermine the U.S. Election | TIME

The leaders of the U.S. government, including the President and his top national-security advisers, face an unprecedented dilemma. Since the spring, U.S. intelligence and law-enforcement agencies have seen mounting evidence of an active Russian influence operation targeting the 2016 presidential election. It is very unlikely the Russians could sway the actual vote count, because our election infrastructure is decentralized and voting machines are not accessible from the Internet. But they can sow disruption and instability up to, and on, Election Day, more than a dozen senior U.S. officials tell TIME, undermining faith in the result and in democracy itself. The question, debated at multiple meetings at the White House, is how aggressively to respond to the Russian operation. Publicly naming and shaming the Russians and describing what the intelligence community knows about their activities would help Americans understand and respond prudently to any disruptions that might take place between now and the close of the polls. Senior Justice Department officials have argued in favor of calling out the Russians, and that position has been echoed forcefully outside of government by lawmakers and former top national-security officials from both political parties.

National: Computer researcher to Congress: ‘It’s possible’ for hackers to alter election | Politico

Hackers could influence the outcomes of November’s elections, a computer science professor who has demonstrated security weaknesses in voting machines told lawmakers on Wednesday. “It’s possible,” said Andrew Appel, a professor at Princeton University, at a House Oversight IT subcommittee hearing focused on election cybersecurity. But Appel, who has hacked voting machines used in many states, was the only one to reply affirmatively when subpanel Chairman Will Hurd (R-Texas) asked for a “yes” or “no” answer to the question, “Can a cyberattack change the outcome of our national elections?” The four other people testifying — including a secretary of state, the chairman of the federal agency that assists with elections, a top Department of Homeland Security cyber official and the head of a public policy firm’s division focused on voting rights — all essentially answered “no.

National: How to thwart Election Day hackers: Vote the old-fashioned way | CNET

A congressional subcommittee on information technology gathered on Wednesday, inviting high-ranking officials from the Department of Homeland Security and the US Election Assistance Commission, as well as cybersecurity experts to testify on how hackers could hijack the 2016 presidential elections. All five witnesses agreed that a cyberattack would not affect the outcome of the presidential election this November. The electronic voting system’s best line of defense against cyberattacks is that the machines aren’t connected to the internet, meaning hackers would have to show up in person to hijack the election.

National: DHS: 18 states seeking help securing elections | CNN

Homeland Security Secretary Jeh Johnson told a Senate hearing Tuesday that 18 states have taken up his agency’s offer to help improve cyber security for their election systems, in the wake of suspected breaches blamed on Russian hackers. “We are seeing a limited number of instances where there have been efforts through cyber intrusions to get into the online presence of various state election agencies. And, one or two of them have been successful, others have not,” Johnson said at a Senate Homeland Security Committee hearing. The issue of the integrity of US elections has been a prominent one on the presidential campaign trail, with Republican presidential nominee Donald Trump and Democratic Sen. Harry Reid each raising concerns about possible rigging of the results. Both Trump and his Democratic rival, Hillary Clinton, said at Monday’s debate that they would respect the election results. Asked by Sen. Jon Tester, D-Montana, whether hackers are seeking to change votes, Johnson said: “What we are seeing are efforts to get into voter registration rolls, the identity of registered voters, things of that nature, not to change a ballot count.”

National: U.S. Believes Russia Steered Hacked Documents to Websites | Wall Street Journal

U.S. officials are increasingly confident that the hacker Guccifer 2.0 is part of a network of individuals and groups kept at arm’s length by Russia to mask its involvement in cyberintrusions such as the theft of thousands of Democratic Party documents, according to people familiar with the matter. While the hacker denies working on behalf of the Russian government, U.S. officials and independent security experts say the syndicate is one of the most striking elements of what looks like an intensifying Russian campaign to target prominent American athletes, party officials and military leaders. A fuller picture of the operation has come into focus in the past several weeks. U.S. officials believe that at least two hacking groups with ties to the Russian government, known as Fancy Bear and Cozy Bear, are involved in the escalating data-theft efforts, according to people briefed on the Federal Bureau of Investigation’s probe of the cyberattacks.

Editorials: Integrity at the ballot box | Baltimore Sun

One of the last questions asked of Hillary Clinton and Donald Trump at Monday night’s debate at Hofstra University deserves to be revisited. Moderator Lester Holt asked both candidates whether, if they lost the election, they accept the results as the “will of the voters.” Both indicated that yes, they would (although Mr. Trump agreed to support Ms. Clinton so reluctantly — it required a follow-up question from Mr. Holt — that reporters felt compelled to confirm his position afterward). In any other presidential race, a question about recognizing the will of the voters would be regarded as a softball — the answer so obvious that surely no debate prep was needed. After all, what kind of presidential nominee seeks to delegitimize the essential process that sustains the greatest democracy on earth? But these are not ordinary times. The nation’s voting system faces a very real threat from computer hackers. That much was made clear with the breach of a voter information database in Illinois this summer. Election boards across the country — including Maryland’s — were put on alert by federal authorities out of concern for potential vulnerabilities.