Off the Kuff Rotating Header Image

Russia

An update on election security

Nothing to see here.

Russian hackers probed election systems in all 50 states, a new Senate report confirmed Thursday.

The report comes one day after former special counsel Robert Mueller told Congress that the Russian government is working to meddle in U.S. elections “as we sit here.”

“It wasn’t a single attempt,” Mueller said Wednesday of Russia’s 2016 election interference. “They’re doing it as we sit here. And they expect to do it during the next campaign.”

The bipartisan report by the Senate Intelligence Committee released Thursday confirmed previous comments by the Department of Homeland Security (DHS) that Russian hackers scanned election systems in all 50 states ahead of the 2016 presidential election. DHS initially acknowledged Russian attempts to hack into election systems in just 21 states.

[…]

Democrats used Mueller’s testimony Wednesday as the backdrop to bring a trio of election security bills to the Senate floor, but Sen. Cindy Hyde-Smith (R-MS) blocked each one in succession.

Two of the measures, one by Warner and the other by Sen. Richard Blumenthal (D-CT), would require campaigns to report offers of foreign support. The third, by Sen. Ron Wyden (D-OR), would have allowed the Senate Sergeant-at-Arms to help secure personal electronic devices belonging to senators and their staff.

Hyde-Smith has not said why she blocked the measures, but Senate Majority Leader Mitch McConnell (R-KY), has long opposed bringing election-security measures up for vote. Last year, for example, Senate Rules and Administration Committee Chair Roy Blunt (R-MO) accused McConnell of blocking another election security bill, explaining that McConnell believed the issue “reaches no conclusion.”

“[McConnell] has a long history of opposing election reform,” Wyden told ThinkProgress earlier this year. “And he’s got people in his caucus who’ll do a lot of the heavy lifting for him.”

Remain calm, all is well.

Senate Intel Committee Chairman Richard Burr (R-NC), and Vice Chair Mark Warner (D-Va.) each issued statements with the report’s release. Burr said that in 2016, the United States was “unprepared at all levels of government” for attacks on election infrastructure, and has improved in the time since. Burr noted that the Department of Homeland Security and state election officials have a much better working relationship than before, but that “still much work remains to be done.”

It’s unclear whether Burr considers federal elections security legislation as part of the work that remains to be done. Mitch McConnell, Burr’s Republican colleague and the Senate majority leader, has prevented most of this type of legislation from coming to the Senate floor, arguing that Congress has done enough and that pending election security legislation is merely the Democrats’ effort to usurp states’ rights and bolster their chances at the polls.

Warner, who a day ago was part of a group of Congressional Democrats that blasted McConnell for holding up election security legislation, alluded to the need to get past the partisan gridlock. “I hope the bipartisan findings and recommendations outlined in this report will underscore to the White House and all of our colleagues, regardless of political party, that this threat remains urgent, and we have a responsibility to defend our democracy against it,” he said in a statement.

The report notes that the Russian operation dates back to “at least 2014.” It reveals that state and local officials, who are mostly in charge of running elections, “were not sufficiently warned or prepared to handle an attack from a hostile nation-state actor,” and that officials at all levels of the government debated whether to publicly acknowledge what was happening, with some concerned that disclosing it “might promote the very impression they were trying to dispel—that the voting systems were insecure.” At the time, McConnell took an active role in preventing further public disclosure of the Russian operation, theWashington Post reported in December 2016.

Go about your business.

Hacking individual voting machines would be an inefficient way to throw an election. But J. Alex Halderman, a computer scientist who has tested vulnerabilities for more than a decade, testified to the Senate committee that he and his team “created attacks that can spread from machine to machine, like a computer virus, and silently change election outcomes.” They studied touch-screen and optical-scan systems, and “in every single case,” he said, “we found ways for attackers to sabotage machines and steal votes.”

Another way to throw an election might be to attack systems that manage voter-registration lists, which the hackers also did in some states. Remove people from the lists—focusing on areas dominated by members of the party that the hacker wants to lose—and they won’t be able to vote.

One former senior intelligence official told me, “If I was going to hack such a system, I’d leave the records alone and corrupt the tally software”—the programs that count the votes and transmit results to a central headquarters. The transmission is done through a network, which is vulnerable to hackers. Some data are transmitted from the voting machines via USB ports, which are also easy to hack.

In the past decade, many states have installed voting machines with paper backups. (One of the measures blocked in the Senate this week would have required them.) But the Senate report notes that 19 states do not conduct complete postelection audits to compare these ballots to the electronic results; five of them do not audit at all. Paper backups mean little if nobody looks at them.

Computerized voting might be inherently vulnerable. Matt Blaze, who holds the McDevitt Chair of Computer Science at Georgetown Law, said at a hacking conference in Washington earlier this year, “Voting security is by far the hardest problem I have ever encountered.”

That last link does have a proposed solution, if you’re not too depressed to read it. But as with most things in this life, if we want to make progress on fixing the problem, we have to first solve the Mitch McConnell problem.

Do we still want to go to Mars?

Hot take: I dunno.

Before the U.S. put the first man on the moon, before the Soviet Union launched the first satellite, people thought aliens lived on Earth’s nearest planetary neighbor.

The belief sparked fear in some — and outright panic when Orson Welles broadcast reports in 1938 of a Martian invasion drawn from the novel “The War of the Worlds.”

But it inspired others to question: Are we alone in the universe?

“Perhaps the single, most consuming scientific question of the space program is: ‘Does extraterrestrial life exist in our solar system?’” rocket pioneer Wernher von Braun wrote in a 1969 proposal to send humans to Mars.

In the decades since, even after scientists concluded the aliens of science-fiction fame do not live on Mars, the Red Planet has captivated the world’s imagination unlike any other.

It’s been the subject of countless movies, books and TV shows. It’s been an inspiration for folklore. And it’s been a desired destination for dreamers — a barren, dusty terrain that could offer scientists a look at what may lie ahead for Earth.

But a human mission to the Red Planet was out of reach in the 1960s. And it remains elusive today.

Top NASA officials have tentatively aimed for a human mission to Mars in 2033, but even they admit that timeline is aggressive. NASA still needs to develop a spacecraft capable of transporting humans to Mars; a method of propulsion to cover the distance more quickly; and a surface-landing vehicle that can handle the Martian climate.

Can NASA get it done in 14 years?

“I don’t know,” replied Bill Gerstenmaier, NASA’s associate administrator for human exploration and operations.

“It’s a function of how much (progress) the program can make,” he told the Houston Chronicle in April. “The technology and the hardware is reasonable, but can we get the budget? That I don’t know.”

Some question going at all. The U.S. already has successfully landed eight robotic missions on the Red Planet.

“It’s kind of questionable about what there is to be gained,” Apollo 7 astronaut Walt Cunningham told the Chronicle. “You have to find some rationalization and justification in order to spend what it costs to go to Mars.

“I think that’s a long shot right now.”

On the one hand, I think there’s a lot to be learned by planning and executing a manned flight to Mars. I feel like as much as private firms are now in the space business, the public sector needs to continue to have a strong presence, if only to ensure that the knowledge gained by space travel remains in the public sphere. On a strictly parochial level, someone is eventually going to do this, and I’d rather it be the US than China or Russia.

Against that, it’s fair to question the value of the knowledge we’d get from a manned flight versus an unmanned flight. This would cost a ton of money at a time when there are higher priorities. It’s far from clear that this is something the public wants, and this is one of those times when having the President get behind it would not help at all. (I felt a little queasy just typing that out.) The idealist in me would love to see this happen. The pragmatist is far from convinced.

It’s always possible to make a border wall proposal stupider

Here’s Exhibit A.

An emergency Trump administration plan to tap storm protection funds to pay for a border wall was slammed Friday by Houston lawmakers who said it could endanger the city’s recovery from Hurricane Harvey and jeopardize the region’s preparedness for future storms.

While details of the proposal remained unclear, lawmakers in both parties scrambled to win assurances from the White House and allay concerns about projects in the Gulf Region, including a proposed coastal barrier to protect Galveston Bay and the Houston Ship Channel.

Reports that President Donald Trump has been briefed on a plan to use unspent money from Army Corps of Engineers projects heightened tensions in Congress about his threat to use emergency powers to build hundreds of miles of barriers along the U.S.-Mexico border, much of it in the Rio Grande Valley.

The controversy also highlighted long-standing concerns about the slow pace at which Washington has released emergency disaster funds to Texas since Hurricane Harvey in 2017.

I wonder if this is what Trump meant when he said that Dan Patrick had offered to help pay for the wall? Maybe someone should ask him. There’s too much mendacity and stupidity here to waste time analyzing this, though my friend Amy Patrick took a crack at it from an engineering perspective. Not that any of this really matters, since Trump changes his mind every five minutes about what he does and doesn’t want. It does serve as a good distraction from the reporting that Trump is an asset of Russian intelligence, so there’s that. Happy Monday, everyone.

The Russia-Texas-secession connection

So many people got played.

A sprawling Russian disinformation campaign aimed at influencing the 2016 elections found success with social media accounts promoting the idea of Texas secession, according to a report commissioned by the U.S. Senate that was released Monday.

When it came to stirring up social divisions and exerting political influence, two accounts about the Lone Star State proved especially effective: a “Heart of Texas” Facebook page and a @rebeltexas account on Instagram.

Both accounts were created and managed by the Internet Research Agency, a Russian company that’s been characterized by the U.S. government as a “troll farm” and was indicted by a federal grand jury.

Heart of Texas, which amassed hundreds of thousands of followers on Facebook, promoted an image of the state as a land of barbecue and guns while sharing posts that attacked immigration.

The page had the most shares of all IRA Facebook accounts, at 4.8 million, according to the report, which was prepared by an Austin-based company, New Knowledge.

“Heart of Texas visual clusters included a wide swath of shapes of Texas, landscape photos of flowers, and memes about secession and refugees,” the report said.

Posts by the Facebook page cited in the report include a truck with a giant state flag and a photo of Texas wildflowers as well as another laying out the “economic grounds for Texas secession.” The page also shared memes criticizing immigration.

You can read that report here. The extent of this activity is mind-boggling, and in just about any other context we’d call it highly aggressive, if not warlike. Every now and then I see one of these yahoos with a “Secede” sticker on their car, and I wonder if they have any idea. We’re doing this to ourselves, that’s the really scary part.

Yeah, we’re still talking about the risk to our elections

And when we talk about these things, we talk to Dan Wallach.

When we think about those who defend the territorial integrity of our nation and state, we tend to imagine well-equipped members of the U.S. armed forces, or perhaps a square-jawed detachment of Texas Rangers. Increasingly, however, the twenty-first century battle for control of the American homeland is being fought in the computerized elections systems overseen by our humble county clerks.

Here in Texas, votes in federal and state elections are tallied independently by 254 local officials, one in each county seat, from big cities like Houston and Dallas to tiny courthouse towns like Tahoka and Floydada. If a hostile country decides to hack an election in Texas, that means pitting Russia’s (or Iran’s or North Korea’s or China’s) most skilled hackers against a group of officials and volunteers who may not even know their way around an iPhone.

“We’re asking county clerks, and for that matter local poll workers, to defend against a nation-state adversary,” says Dan Wallach, computer science professor at Rice and expert on election security issues. “That’s not a fair fight.”

Wallach, a graduate of J.J. Pearce High School in Richardson as well as U.C. Berkeley and Princeton, has made it his mission to assist local election administrators by helping to develop and advocate for the adoption of foolproof, verifiable election systems and policies in Texas. From 2011 to 2015, Wallach served on the U.S. Air Force Scientific Advisory Board; before that he led the National Science Foundation–funded ACCURATE (A Center for Correct, Usable, Reliable, Auditable, and Transparent Elections). Most recently, he’s been seen testifying before the Texas Senate on issues related to election security.

“From a security perspective, the systems that we use, these electronic voting systems, were never engineered with the threat model of foreign nation-state actors,” Wallach says of the status quo in Texas. “I have no idea if anybody’s planning to exploit them, but there’s no question that the vulnerabilities are present.”

That’s the bad news. The good news is that remedies are within reach, if Texas is willing to invest money and other state-level resources to improve election security. Experts like Wallach have identified best practices that can make elections reliably secure for the current threat horizon. Wallach proposes what amounts to a three-step plan for improved election security: better machines, better oversight, and better contingency planning.

The rest of the story delves into those three steps; it begins of course with auditable voting machines that include printed ballots. Speaking from my perspective in the IT security field, I can confirm that every big company that wants to stay in business past tomorrow zealously captures, indexes, and monitors its systems’ log files, both to look for real-time anomalies and to provide a written record of what happened in the event of a breach or other failure. It’s just standard practice in the real world. Why our state government is so resistant to it for our election systems is a question for which they really need to be held accountable. I would also note that the $350 million price tag to replace every obsolete voting machine in the state, which apparently we can’t do unless the feds pick up the tab, is something we could easily afford if we wanted to do it. For now, assuming we don’t get a state government that’s willing to do this, our best bet is to work towards a federal government that will do it, presumably after 2020. And hope like hell in the meantime that nothing goes horribly wrong.

Who wants to protect our voting systems from hackers?

You would hope the answer to that question would be “everyone”, but that’s not the world we currently live in.

A bipartisan group of 21 state attorneys general are demanding Congress’ assistance in protecting the 2018 election. Writing to Rep. Michael McCaul, chairman of the House Homeland Security Committee and Sen. Roy Blunt, Senate Rules and Administration Committee Chairman, the AGs ask for “assistance in shoring up our systems so that we may protect our elections from foreign attacks and interference.”

“As the latest investigations and indictments make clear,” they write “during the 2016 election, hackers within Russia’s military intelligence service not only targeted state and local election boards, but also successfully invaded a state election website to steal the sensitive information of approximately 500,000 American voters and infiltrated a company that supplies voting software across the United States.” Combatting that incursion and giving the electorate “confidence in our democratic voting process” is “imperative,” they write. “The integrity of the nation’s voting infrastructure is a bipartisan issue, and one that affects not only the national political landscape, but elections at the state, county, municipal, and local levels.”

Their direct demands: “Prioritizing and acting on election-security legislation” in the form of the Secure Elections Act (S.2261), a bipartisan bill that would provide additional grants and assistance to states to shore up systems; “Increasing funding for the Election Assistance Commission to support election security improvements at the state level and to protect the personal data of the voters of our states”; and, “Supporting the development of cybersecurity standards for voting systems to prevent potential future foreign attacks.”

You can see the very reasonable letter here. Seems simple and straightforward, no? You can also see that none of those AGs are Ken Paxton. Maybe that’s why he doesn’t want to debate – he doesn’t want to get asked pesky questions about that sort of thing.

Greg Abbott, Russian stooge

Heck of a job, Greggie.

A former director of the CIA and NSA said Wednesday that hysteria in Texas over a 2015 U.S. military training exercise called Jade Helm was fueled by Russians wanting to dominate “the information space,” and that Texas Gov. Greg Abbott’s decision to send the Texas State Guard to monitor the operation gave them proof of the power of such misinformation campaigns.

Michael Hayden, speaking on MSNBC’s Morning Joe podcast, chalked up peoples’ fear over Jade Helm 15 to “Russian bots and the American alt-right media [that] convinced many Texans [Jade Helm] was an Obama plan to round up political dissidents.”

Abbott ordered the State Guard to monitor the federal exercise soon after news broke of the operation. Hayden said that move gave Russians the go-ahead to continue — and possibly expand — their efforts to spread fear.

“At that point, I’m figuring the Russians are saying, ‘We can go big time,’” Hayden said of Abbott’s response. “At that point, I think they made the decision, ‘We’re going to play in the electoral process.’”

You can read the rest, and you can listen to the Morning Joe podcast – Gen. Hayden was also on The Gist with Mike Pesca on Wednesday, though he wasn’t specifically talking about Jade Helm. I just have two things to add. One is that from now on, any time Greg Abbott criticizes anyone for any reason, the response should be along the lines of “Well, at least [whoever] didn’t fall for Russian propaganda”. And two, from the Observer:

Meanwhile, another Jade Helm-style exercise is planned for San Angelo in June. Oddly enough, now that Trump is president, there’s a notable lack of freaking out this time.

Well, the Russians aren’t trying to goad idiots like Greg Abbott into peeing their pants over it this time. Amazing what a difference that makes. ThinkProgress and the Lone Star Project have more.

Nothing to see here

Remain calm, all is well.

Next Saturday, March 24, hundreds of Texas Democratic Party activists will gather at the Austin Hyatt Regency to nominate candidates for political office in Travis County, a kick-off event leading up to the 2018 midterm elections.

But some people who tried to register will not be attending, among them Candida McGruder. Gustavo Chubb. Geraldo Tinsley. Vincent Amundson. Roxie Male.

That’s because these five individuals and 43 others who signed up to attend don’t appear to be Travis County residents, or Texans, or even Americans. They might not even be real people. They may be pranksters — or they may be Russian trolls, and their appearance in Texas could represent the first public example of foreign probing of the 2018 elections.

Five senior intelligence officers, two current and three former, say the case of the Texas 48 looks like Russian meddling. And they tell NBC News that despite the clumsiness of the failed registrations, the Texas case fits a pattern of Russian behavior seen in its covert operations.

[…]

Earlier this year, as Texas party officials prepared for the March 24 county meetings that would nominate candidates for office, Glen Maxey noticed something odd about online registrations for the Travis County meeting in Austin. Some of the people attempting to register either didn’t fully fill out their online form or provided obviously false information.

Maxey, legislative affairs director for the Texas Democratic Party and a former member of the Texas House of Representatives, said that at the time just over 2,500 Texas citizens had successfully registered online for the Travis County meeting. He went through the aborted registrations by hand, checking to see whether the registrations had been “kicked back” because of simple errors, in which case he would follow up with the individuals.

Maxey found a few unfinished registrations that were simple mistakes. But he identified 48 that were problematic, meaning they seemed unconnected to anybody living in Texas. Twenty-five of those 48 were trying to register with email addresses ending in “mail.ru.” Those last two letters, .ru, are the internet designation for domains in Russia.

Maxey told NBC News he and his team hadn’t seen any other examples of pranks or false registrations in past cycles. He also said he didn’t know who to contact in Texas state government and had received no guidance from either state or federal authorities regarding anything to do with potential Russian interference.

[…]

So are the Russians coming?

On the surface, said cyberintelligence expert and NBC News consultant Sean Kanuck, “this almost sounds like junior high school students ordering pizzas under fake names.”

But beneath the surface, Kanuck thinks perhaps something more sinister could be afoot.

Despite the ham-handedness that announces an obvious Russian origin, said Kanuck, who served as the first national intelligence officer for cyber issues at the Office of the Director of National Intelligence from 2011 to 2016, the methods and even the in-your-face nature of the trolling fit the pattern of “a Russian strategic campaign to delegitimize the democratic electoral process.”

“I would speculate that Russia is testing the waters for possible interventions or disruptions in the future,” Kanuck said.

Nothing to worry about, I’m sure. Boys will be boys, right? Donald Trump will get his top men right on it.

So were we targeted by Russian hackers or not?

Depends who you ask, I guess.

A top state official is pushing back against the federal government’s claim that Texas was among states whose election systems were targeted by Russian hackers ahead of the 2016 presidential election.

“At no point were any election-related systems, software, or information compromised by malicious cyber actors,” Texas Secretary of State Rolando Pablos wrote in a letter to the U.S. Department of Homeland Security on Thursday.

Last week, the Department of Homeland Security said the election infrastructure of 21 states, including Texas, was targeted by Russian hackers. Being targeted does not mean that votes were changed but that a system was scanned.

Shortly after the announcement, officials in California and Wisconsin said they’d received contradictory information from the department that suggested they’d been incorrectly included on that list.

Pablos, in his letter, made a similar claim and asked the department to “correct its erroneous notification” that the state agency’s website had been the target of malicious hackers. Pablos argued that federal officials had based their assessment on “incorrect information” and that an investigation by his office with the state’s Department of Information Resources had found no such targeting.

“In order to restore public confidence in the integrity of our elections systems, it is imperative for DHS to further clarify the information provided,” the letter says. “Our office understands that you have provided similar clarification to election officials in Wisconsin and California. We respectfully request you provide the same clarification to the State of Texas.”

A Department of Homeland Security spokesman told Reuters Thursday that “additional information and clarity” had been provided to several states, and that the department stood by its assessment “that Internet-connected networks in 21 states were the target of Russian government cyber actors seeking vulnerabilities and access to U.S. election infrastructure.”

See here for the background. I’d need to see the specifics before I can make a judgment here. Saying the SOS systems weren’t “compromised” isn’t a contradiction of what was said by Homeland Security, which merely said the SOS website had been “scanned and probed”. That’s basically background noise on the Internet, though depending on the source of the probe it can be of interest. It would be nice for everyone to get their story straight so we know for sure who is claiming what.

Texas was a hacking target in 2016

We’re just finding out about this now?

Hackers targeted Texas and 20 other states prior to the 2016 presidential election, the United States Department of Homeland Security has formally informed the states.

But the hackers who tried to mess with Texas didn’t get far, officials with the Texas Secretary of State’s office said Monday.

The federal agents said instead of targeting the state’s voter registration database during the 2016 elections, hackers searched for a vulnerability on the Secretary of State’s public-facing website, according to Sam Taylor, an agency spokesman.

“If anyone was trying to get into the elections system, they were apparently targeting the wrong website,” Taylor said.

The website, http://www.sos.state.tx.us, is devoid of voter information, he said, and hackers never find a way to crack into it.

[…]

According to testimony before the U.S. Senate Intelligence Committee, the Department of Homeland Security began finding incidents of scanning and probing of state and local election systems in August 2016. A declassified report from national intelligence officials released in January stated that “Russian intelligence obtained and maintained access to elements of multiple U.S. state or local electoral boards.”

“There is no complacency in Texas when it comes to protecting the security of our elections system,” Secretary Rolando Pablos said. “We take our responsibility to guard against any and all threats to the integrity of elections extremely seriously and will continue to do so moving forward.”

Here’s what bothers me about this. It’s not that our Secretary of State websites may have been attacked – that’s a matter of when, not if – and it’s not even that they might not have known about it until the feds informed them of it – it may have been a new vulnerability being exploited. What bothers me is the assertion that because there was nothing of value on the server that was hacked, there was nothing to worry about. Low-value servers, ones that are public facing and have no proprietary or confidential information on them, are often targets for hackers. The reason for this is that once you have access to such a machine, you have the opportunity to look for vulnerabilities inside the network, to do things like try to crack passwords on higher-privilege accounts so that you can gain access to more valuable resources. A spokesperson like Sam Taylor may not understand this, but I sure hope someone at the SOS office does.

Also, too: It’s not possible to stop every attack – any IT professional worth their salt will tell you this – but what is possible and very necessary is to detect as quickly as you can abnormal system activity so you can tell when you’ve been breached and take steps to stop it. As I said, the SOS may not have known about these particular attacks at the time. Some of this is cutting edge stuff, and the majority of us only find out about them in retrospect. But now that they do know, I sure hope they’re reviewing all their logs and their various monitoring tools to see what they might have missed and how they can detect this sort of attack going forward. I also hope they’re sharing this information with every elections administrator to ensure they are aware of this and can perform the same reviews. That is something I’d expect a spokesperson to address.

Stanart pushes back on election security claims

Our County Clerk is not happy with recent stories about the potential for vulnerability in our election systems.

Despite reports from federal intelligence agencies and media outlets of Russia’s widespread targeting of state and local elections around the country and in Texas, election administrators in the nation’s third-largest county say Vladimir Putin’s government does not pose a unique or heightened cybersecurity threat.

Harris County Clerk Stan Stanart said his office, which runs local elections, has a slew of checks in place to prevent hackers from tampering with the vote, including multiple backed-up voter registration databases that are kept offline. He said reports produced by voting machines before every election ensure the machines do not come pre-loaded with votes and after the election allow the county to cross-check against final tallies to make sure the vote is not manipulated.

While most observers and experts agree Russia exemplifies a new threat to election infrastructure nationwide, Stanart said the county faces no greater risk from Russia today than threats going back to the 1980s. He also challenged the veracity of reports that the Kremlin had attempted to coordinate widespread attacks on state and local election systems in 2016.

“Where’s the evidence?” Stanart said. “I would really question that.”

[…]

Bloomberg reported in June that Russian hackers “hit” voter databases and software systems in 39 states, in some cases penetrating campaign finance databases and software used by poll workers, and attempted to alter or delete voter data in Illinois.

Also last month, the Dallas Morning News published a story that election officials there had found attempts to hack their election system ahead of the November election. The newspaper reported that election officials there cross-referenced hundreds of suspicious or possibly Russian-linked IP addresses provided to them by the U.S. Department of Homeland Security against those that had attempted to access Dallas County servers in early October and found 17 matches.

Stanart said his office has not seen that list of IP addresses. Dallas County election officials did not respond to a request for comment.

[…]

Harris County officials refuse to answer whether they saw any attempts to penetrate the county’s systems. While Stanart himself said he has not found that Russian-linked hackers targeted the local election system, he acknowledged that other county security officials could have found and stopped such attempts before they reached his office.

Those officials repeatedly have not answered questions about whether they saw such a threat.

Bruce High, the chief information officer and executive director of the county’s Central Technology Services, has acknowledged a recent “spike” in attempts to hack Harris County servers from outside of America’s borders, but has declined to explain when the spike began, what is being targeted and where the hack attempts are coming from.

See here for the background. I received some feedback from the County Clerk’s office following the publication of that piece, including a fuller response from Stan Stanart that I believe is intended to be an op-ed in the Chronicle that specifically disputed several of the claims made by Dan Wallach. I’m printing it here beneath the fold for your perusal. Beyond that, I don’t understand why the County Clerk says it has not seen the aforementioned list of Russian IP addresses, nor do I understand the reluctance by Harris County to discuss their cybersecurity measures in any depth. I don’t expect them to lay out their defense plans in detail, but some reassurance beyond “trust me” that they’re on the job would be nice. Maybe trot someone out who can at least speak the lingo or something like that, I don’t know. This is a legitimate thing for voters to be concerned about, and we have a right to expect those concerns to be addressed in a more responsive fashion than what we are getting.

(more…)

Maybe we should be a little more concerned about election security?

Just a thought.

Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.

In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.

The scope and sophistication so concerned Obama administration officials that they took an unprecedented step — complaining directly to Moscow over a modern-day “red phone.” In October, two of the people said, the White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia’s role in election meddling and to warn that the attacks risked setting off a broader conflict.

The new details, buttressed by a classified National Security Agency document recently disclosed by the Intercept, show the scope of alleged hacking that federal investigators are scrutinizing as they look into whether Trump campaign officials may have colluded in the efforts. But they also paint a worrisome picture for future elections: The newest portrayal of potentially deep vulnerabilities in the U.S.’s patchwork of voting technologies comes less than a week after former FBI Director James Comey warned Congress that Moscow isn’t done meddling.

“They’re coming after America,” Comey told the Senate Intelligence Committee investigating Russian interference in the election. “They will be back.”

[…]

One of the mysteries about the 2016 presidential election is why Russian intelligence, after gaining access to state and local systems, didn’t try to disrupt the vote. One possibility is that the American warning was effective. Another former senior U.S. official, who asked for anonymity to discuss the classified U.S. probe into pre-election hacking, said a more likely explanation is that several months of hacking failed to give the attackers the access they needed to master America’s disparate voting systems spread across more than 7,000 local jurisdictions.

Such operations need not change votes to be effective. In fact, the Obama administration believed that the Russians were possibly preparing to delete voter registration information or slow vote tallying in order to undermine confidence in the election. That effort went far beyond the carefully timed release of private communications by individuals and parties.

One former senior U.S. official expressed concern that the Russians now have three years to build on their knowledge of U.S. voting systems before the next presidential election, and there is every reason to believe they will use what they have learned in future attacks.

To put this another way, you don’t have to hack voting machines to wreak havoc on our elections. Simply undermining confidence in the process is enough. And unfortunately, Republicans like Mitch McConnell were not at all interested in any of this last year, so don’t hold out hope that they will want to take action about it for next time. There’s a lot of work to be done to fix this mess. Daily Kos and Chalie Pierce have more.