Russian hacking of U.S. elections more extensive and is ongoing

First, an aside to a related matter, Justice Department: No evidence Obama wiretapped Trump Tower:

There is no evidence to support President Donald Trump’s claim that Barack Obama ordered the wiretapping of Trump Tower during the 2016 presidential campaign, the Justice Department said in a new court filing.

The DOJ made the statement in a motion for summary judgment filed Friday in response to a Freedom of Information Act lawsuit by the watchdog group American Oversight.

“Both FBI and NSD confirm that they have no records related to wiretaps as described by the March 4, 2017 tweets,” the government said, referring to the Justice Department’s National Security Division.

This confirms that pathological liar Donald Trump lied to fabricate a media distraction at the time, but then, we already knew this. Actual fake news!

The New York Times reported last week about the genuine hacking scandal, Russian Election Hacking Efforts, Wider Than Previously Known, Draw Little Scrutiny:

[Months after the election disruptions involving electronic poll books in Durham, North Carolina], for Ms. Greenhalgh, other election security experts and some state officials, questions still linger about what happened that day in Durham as well as other counties in North Carolina, Virginia, Georgia and Arizona.

After a presidential campaign scarred by Russian meddling, local, state and federal agencies have conducted little of the type of digital forensic investigation required to assess the impact, if any, on voting in at least 21 states whose election systems were targeted by Russian hackers, according to interviews with nearly two dozen national security and state officials and election technology specialists.

The assaults on the vast back-end election apparatus — voter-registration operations, state and local election databases, e-poll books and other equipment — have received far less attention than other aspects of the Russian interference, such as the hacking of Democratic emails and spreading of false or damaging information about Mrs. Clinton. Yet the hacking of electoral systems was more extensive than previously disclosed, The New York Times found.

Beyond VR Systems, hackers breached at least two other providers of critical election services well ahead of the 2016 voting, said current and former intelligence officials, speaking on condition of anonymity because the information is classified. The officials would not disclose the names of the companies.

Intelligence officials in January reassured Americans that there was no indication that Russian hackers had altered the vote count on Election Day, the bottom-line outcome. But the assurances stopped there.

Government officials said that they intentionally did not address the security of the back-end election systems, whose disruption could prevent voters from even casting ballots.

That’s partly because states control elections; they have fewer resources than the federal government but have long been loath to allow even cursory federal intrusions into the voting process.

That, along with legal constraints on intelligence agencies’ involvement in domestic issues, has hobbled any broad examination of Russian efforts to compromise American election systems. Those attempts include combing through voter databases, scanning for vulnerabilities or seeking to alter data, which have been identified in multiple states. Current congressional inquiries and the special counsel’s Russia investigation have not focused on the matter.

“We don’t know if any of the problems were an accident, or the random problems you get with computer systems, or whether it was a local hacker, or actual malfeasance by a sovereign nation-state,” said Michael Daniel, who served as the cybersecurity coordinator in the Obama White House. “If you really want to know what happened, you’d have to do a lot of forensics, a lot of research and investigation, and you may not find out even then.”

In interviews, academic and private election security experts acknowledged the challenges of such diagnostics but argued that the effort is necessary. They warned about what could come, perhaps as soon as next year’s midterm elections, if the existing mix of outdated voting equipment, haphazard election-verification procedures and array of outside vendors is not improved to build an effective defense against Russian or other hackers.

In Durham, a local firm with limited digital forensics or software engineering expertise produced a confidential report, much of it involving interviews with poll workers, on the county’s election problems. The report was obtained by The Times, and election technology specialists who reviewed it at the Times’ request said the firm had not conducted any malware analysis or checked to see if any of the e-poll book software was altered, adding that the report produced more questions than answers.

Neither VR Systems — which operates in seven states beyond North Carolina — nor local officials were warned before Election Day that Russian hackers could have compromised their software. After problems arose, Durham County rebuffed help from the Department of Homeland Security and Free & Fair, a team of digital election-forensics experts who volunteered to conduct a free autopsy. The same was true elsewhere across the country.

“I always got stonewalled,” said Joe Kiniry, the chief executive and chief scientist at Free & Fair.

* * *

Ms. Greenhalgh [said] “We still don’t know if Russian hackers did this,” she said about what happened in North Carolina. “But we still don’t know that they didn’t.”

* * *

While only a fraction of voters were turned away because of the e-poll book difficulties — more than half of the county cast their ballots days earlier — plenty of others were affected when the state mandated that the entire county revert to paper rolls on Election Day. People steamed as everything slowed. Voters gave up and left polling places in droves — there’s no way of knowing the numbers, but they include more than a hundred North Carolina Central University students facing four-hour delays.

At a call center operated by the monitoring group Election Protection, Ms. Greenhalgh was fielding technical complaints from voters in Mississippi, Texas and North Carolina. Only a handful came from the first two states.

Her account of the troubles matches complaints logged in the Election Incident Reporting System, a tracking tool created by nonprofit groups. As the problems mounted, The Charlotte Observer reported that Durham’s e-poll book vendor was Florida-based VR Systems, which Ms. Greenhalgh knew from a CNN report had been hacked earlier by Russians. “Chills went through my spine,” she recalled.

The vendor does not make the touch-screen equipment used to cast or tally votes and does not manage county data. But without the information needed to verify voters’ identities and eligibility, which county officials load onto VR’s poll books, voters cannot cast ballots at all.

Details of the breach did not emerge until June, in a classified National Security Agency report leaked to The Intercept, a national security news site. That report found that hackers from Russia’s military intelligence agency, the G.R.U., had penetrated the company’s computer systems as early as August 2016, then sent “spear-phishing” emails from a fake VR Systems account to 122 state and local election jurisdictions. The emails sought to trick election officials into downloading malicious software to take over their computers.

The N.S.A. analysis did not say whether the hackers had sabotaged voter data. “It is unknown,” the agency concluded, whether Russian phishing “successfully compromised the intended victims, and what potential data could have been accessed.”

VR Systems’ chief operating officer, Ben Martin, said he did not believe Russian hackers were successful. He acknowledged that the vendor was a “juicy target,” given that its systems are used in battleground states including North Carolina, Florida and Virginia. But he said that the company blocked access from its systems to local databases, and employs security protocols to bar intruders and digital triggers that sound alerts if its software is manipulated.

On Election Day, as the e-poll book problems continued, Ms. Greenhalgh urged an Election Protection colleague in North Carolina to warn the state Board of Elections of a cyberattack and suggest that it call in the F.B.I. and Department of Homeland Security. In an email, she also warned a Homeland Security election specialist of the problems. Later, the specialist told her Durham County had rejected the agency’s help.

When Ms. Greenhalgh, who works at Verified Voting, a nonprofit dedicated to election integrity, followed up with the North Carolina colleague, he reported that state officials said they would not require federal help.

“He said: ‘The state does not view this as a problem. There’s nothing we can do, so we’ve moved on to other things,’” Ms. Greenhalgh recalled. “Meanwhile, I’m thinking, ‘What could be more important to move on to?’”

An Interference Campaign

The idea of subverting the American vote by hacking election systems is not new. In an assessment of Russian cyberattacks released in January, intelligence agencies said Kremlin spy services had been collecting information on election processes, technology and equipment in the United States since early 2014.

The Russians shied away from measures that might alter the “tallying” of votes, the report added, a conclusion drawn from American spying and intercepts of Russian officials’ communications and an analysis by the Department of Homeland Security, according to the current and former government officials.

The most obvious way to rig an election — controlling hundreds or thousands of decentralized voting machines — is also the most difficult. During a conference of computer hackers last month in Las Vegas, participants had direct access and quickly took over more than 30 voting machines. But remotely infiltrating machines of different makes and models and then covertly changing the vote count is far more challenging.

Beginning in 2015, the American officials said, Russian hackers focused instead on other internet-accessible targets: computers at the Democratic National Committee, state and local voter databases, election websites, e-poll book vendors and other back-end election services.

Apart from the Russian influence campaign intended to undermine Mrs. Clinton and other Democratic officials, the impact of the quieter Russian hacking efforts at the state and county level has not been widely studied. Federal officials have been so tight-lipped that not even many election officials in the 21 states the hackers assaulted know whether their systems were compromised, in part because they have not been granted security clearances to examine the classified evidence.

The January intelligence assessment implied that the Russian hackers had achieved broader access than has been assumed. Without elaborating, the report said the Russians had “obtained and maintained access to multiple U.S. state and local election boards.”

Two previously acknowledged strikes in June 2016 hint at Russian ambitions. In Arizona, Russian hackers successfully stole a username and password for an election official in Gila County. And in Illinois, Russian hackers inserted a malicious program into the Illinois State Board of Elections’ database. According to Ken Menzel, the board’s general counsel, the program tried unsuccessfully “to alter things other than voter data” — he declined to be more specific — and managed to illegally download registration files for 90,000 voters before being detected.

On Election Day last year, a number of counties reported problems similar to those in Durham. In North Carolina, e-poll book incidents occurred in the counties that are home to the state’s largest cities, including Raleigh, Winston-Salem, Fayetteville and Charlotte. Three of Virginia’s most populous counties — Prince William, Loudoun, and Henrico — as well as Fulton County, Georgia, which includes Atlanta, and Maricopa County, Arizona, which includes Phoenix, also reported difficulties. All were attributed to software glitches.

Senator Mark Warner, Democrat of Virginia and vice chairman of the Senate intelligence committee, argued for more scrutiny of suspicious incidents. “We must harden our cyber defenses, and thoroughly educate the American public about the danger posed” by attacks,” he said in an email. “In other words: we are not making our elections any safer by withholding information about the scope and scale of the threat.”

In Durham County, officials have rejected any notion that an intruder sought to alter the election outcome. “We do not believe, and evidence does not suggest, that hacking occurred on Election Day,” Derek Bowens, the election director, said in a recent email.

But last month, after inquiries from reporters and the North Carolina State Board of Elections and Ethics Enforcement, Durham county officials voted to turn over laptops and other devices to the board for further analysis. It was not clear which government agency or private forensics firm, would conduct the investigation.

Ms. Greenhalgh will be watching closely. “What people focus on is, ‘Did someone mess with the vote totals?’” she said. “What they don’t realize is that messing with the e-poll books to keep people from voting is just as effective.’”

In an under-reported story last week, “More than one-quarter of a panel tasked with advising the Homeland Security Department on cybersecurity and infrastructure protection resigned en masse Monday, citing President Donald Trump’s ‘insufficient attention’ to the nation’s cyber vulnerabilities, among other complaints.” Trump Cybersecurity Advisers Resign In ‘Moral’ Protest:

“You have given insufficient attention to the growing threats to the cybersecurity of the critical systems upon which all Americans depend, including those impacting the systems supporting our democratic election process,” the resignation letter states.

* * *

Among the resigning council members are three Obama-era officials: White House Chief Data Scientist DJ Patil, Office of Science and Technology Policy Chief of Staff Cristin Dorgelo, and White House Council on Environmental Quality Managing Director Christy Goldfuss, according to Twitter posts.

In total, eight out of 28 NIAC members’ names were removed from the official members web page this week.

Remaining council members met Tuesday and approved a report on cybersecurity vulnerabilities to critical infrastructure. That report warned that U.S. infrastructure is in “a pre-9/11 moment” when it comes to cybersecurity.

This lack of serious attention to cyber security in elections is disturbing, as Bloomberg News reports Pro-Russian Bots Sharpen Online Attacks for 2018 U.S. Vote:

After the 2016 U.S. presidential race was subject to Russian cyber meddling, analysts say the ferocity of more recent assaults is a preview of what could be coming in the 2018 elections, when Republicans will be defending their control of both chambers of Congress.

“They haven’t stood still since 2016,” said Ben Nimmo, a senior fellow in information defense at the Digital Forensic Research Lab at the Atlantic Council in Washington, which tracked the activity. “People have woken up to the idea that bots equal influence and lots of people will be wanting to be influencing the midterms.”

While special counsel and former FBI chief Robert Mueller keeps investigating the 2016 race, Nimmo’s work is among a number of initiatives cropping up at think tanks, startups, and even the Pentagon seeking to grasp how bots and influence operations are rapidly evolving. Blamed for steering political debate last year, bots used for Russian propaganda and other causes are only becoming more emboldened, researchers say.

They’re preparing “and sowing seeds of discord” and “potentially laying the groundwork for what they’re going to do in 2018 or 2020,” said Laura Rosenberger, senior fellow and director of the Alliance for Securing Democracy at the German Marshall Fund.

The alliance last month unveiled Hamilton 68, an online dashboard designed to track Russian influence operations on Twitter with the hope of better highlighting sources of information.

The site culls real-time data from 600 Twitter users, analyzing trending hashtags, topics and links. The dashboard’s developers say the accounts they selected cover those likely controlled by Russian government influence operations. Other accounts are pro-Russia users that may be loosely connected to the government and some are people influenced by the first two groups and who are active in bolstering Russian media themes. Some are bot accounts.

“Our view is that exposure is a really important element of beginning to push back on some of these efforts,” said Rosenberger, who served at the National Security Council and the State Department in the Obama administration.

* * *

“The level of sophistication among these bots is increasing and becoming more and more advanced to try to evade bot detection and suspension from Twitter and other platforms,” said Agarwal, who’s spent a decade studying the use of social media for influence operations. They’re also trying to “mimic human behavior so that they can gain your trust and they can influence your behaviors,” he said.

Because the use of bots is still new, trying to understand how they operate has become a cutting-edge field. It’s even caught the attention of the Pentagon’s Defense Advanced Research Projects Agency, known as DARPA.

In May, the agency awarded Agarwal and Intelligent Automation Inc., a Rockville, Maryland-based technology company, a contract of up to $1.5 million over three years — if research milestones are met — to study the classification of “social bots,” what their intent is and how they’re applied on social media.

Since the election, Twitter and Facebook have taken steps to counter false news and kill off fake accounts. In August, Facebook said it created a software algorithm to flag stories that may be suspicious and send them to third-party fact checkers. But bots are also getting savvier at dodging detection. That poses a challenge to social media companies trying to crack down on fake accounts — and fake news.

And with bot activity accelerating as the U.S. heads into another election season in 2018, social media companies could face further risks from these networks.

A challenge for social media companies is “how good their algorithms are at weeding out bot strikes,” Nimmo said. “That’s something that they need to be thinking of.”