Boy, 11, Hacks into Replica U.S. Vote Website in Minutes

(Reuters) – An 11-year-old boy managed to hack into a replica of Florida’s election results website in 10 minutes and change names and tallies during a hackers convention, organizers said, stoking concerns about security ahead of nationwide votes.

** 11-Year Old Emmett Brewer Hacks Into Replica US Vote ... photo

The boy was the quickest of 35 children, ages 6 to 17, who all eventually hacked into copies of the websites of six swing states during the three-day Def Con security convention over the weekend, the event said on Twitter on Tuesday.

The event was meant to test the strength of U.S. election infrastructure and details of the vulnerabilities would be passed onto the states, it added.

The National Association of Secretaries of State – who are responsible for tallying votes – said it welcomed the convention’s efforts. But it said the actual systems used by states would have additional protections.

“It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols,” the association said.

The hacking demonstration came as concerns swirl about election system vulnerabilities before mid-term state and federal elections.

U.S President Donald Trump’s national security team warned two weeks ago that Russia had launched “pervasive” efforts to interfere in the November polls.

Participants at the convention changed party names and added as many as 12 billion votes to candidates, the event said.

“Candidate names were changed to ‘Bob Da Builder’ and ‘Richard Nixon’s head’,” the convention tweeted.

The convention linked to what it said was the Twitter account of the winning boy – named there as Emmett Brewer from Austin, Texas.

A screenshot posted on the account showed he had managed to change the name of the winning candidate on the replica Florida website to his own and gave himself billions of votes.

The convention’s “Voting Village” also aimed to expose security issues in other systems such as digital poll books and memory-card readers.

***

Mark Earley, the elections supervisor in Leon County who is a cybersecurity liaison between state and local officials, questioned how outsiders could obtain the security protocols used by Florida if they weren’t already behind the system’s firewalls. He said that all this “hacking noise” and “misinformation plays into the hands of the folks who are trying to undermine democracy.”

Jeff Kosseff, a lawyer and assistant professor at the United States Naval Academy Cyber Studies Department, said states are struggling with election security threats. He said they should work with outsiders in order to see if there are flaws in their systems.

“All states should look at this as a wake-up call,” Kosseff said. “What were the shortcomings identified and how they can fix it. I don’t think it should be an adversarial.”

MisInformationCom and Election Security

Election security top priority for U.S.: DHS chief - newsR ...
So, Dana Perino of Fox News/Daily Briefing had Mary Anne Marsh on the show today to discuss voting security. Mary Ann went on and on about how the Trump administration is not doing enough to ensure foreign interference/election meddling is prevented in the 2018 mid-terms and all the way to the general election in 2020.
Clearly Mary Ann has not been a part of the countless sessions that DHS has hosted for the benefit of each state to protect and harden their respective systems. Frankly, I have participated in 2 conference calls and have watched congressional hearings as well as read documents provided as to the activities on behalf of DHS and the FBI.
Then while few people know, the Justice Department produced a lengthy document by the titled ‘The Cyber Digital Task Force that speaks to all foreign intrusion operations including the matter of the election infrastructure. Pass this on to Mary Ann please. Just one of hundreds of paragraphs is below:
Covert influence operations, including disinformation operations, to influence
public opinion and sow division.
Using false U.S. personas, adversaries could covertly create and operate social media pages and other forums designed to attract U.S. audiences and spread disinformation or divisive messages. This could happen in isolation or in combination with other operations, and could be intended to foster specific narratives that advance foreign political objectives, or could be intended simply to turn citizens against each other. These messages need not relate directly to political campaigns. They could seek to depress voter turnout among particular groups, encourage third-party voting, or convince the public of widespread voter fraud to undermine confidence in election results. These messages could target discrete U.S. populations based on their political
and demographic characteristics. They may mobilize Americans to sign online petitions
and join issue-related rallies and protests, or even to incite violence. For example, advertisements from at least 2015 to 2017 linked to a Russian organization called the Internet Research Agency focused on divisive issues, including illegal immigration and gun rights, among others, and targeted those messages to groups most likely to react.
Meanwhile, there is an external organization made up of subject matter experts collecting evidence and stories of which the Deputy Assistant Attorney General Adam S. Hickey for the National Security Division Delivered Remarks at Misinfo Con.
Thank you for the invitation to speak today, and for the important work you are doing: in organizing this conference devoted to the challenges of misinformation, and, by attending, bringing your experience and expertise to bear on the problem.

It’s a privilege to help kick off this first day of MisinfoCon, focused on state-sponsored misinformation. To do that, I am going to give you an overview of how the Department of Justice views the problem, where it fits in the context of related national security threats, and how we are addressing it.

As you probably know, the Justice Department recently obtained an indictment of 13 Russian individuals and three entities, including the Internet Research Agency (or IRA), for federal crimes in connection with an effort to interfere in the 2016 Presidential election. The defendants allegedly conducted what they called “information warfare against the United States,” with the stated goal of “spread[ing] distrust towards the candidates and the political system in general.”

According to the indictment, the IRA was a structured organization headed by a management group and arranged in departments. It had a “translator project,” designed to focus on the U.S. population, with more than 80 employees assigned by July 2016. They posed as politically and socially active Americans, advocating for and against particular political candidates. They established social media pages and groups to communicate with unwitting Americans. They also purchased political advertisements on social media.

One of the so-called trolls who worked for the IRA recently spoke to the Washington Post about his work in a different department, attempting to influence a domestic, Russian audience. He described it as “a place where you have to write that white is black and black is white.” Hundreds of people “were all writing absolute untruths.”

But as the indictment alleges it, what made the defendants’ conduct illegal in the United States was not the substance of their message, the “accuracy” of their opinions: it was their conspiracy to defraud by, among other ways, lying about who the messenger was.  They were not Americans expressing their own viewpoints; they were Russians on the payroll of a foreign company.

Now, the problem of covert foreign influence is not new. In 1938, a congressional committee found that the Nazi government had established an extensive, underground propaganda apparatus inside the United States using American firms and citizens. The response was to recommend a law that would (in the committee’s words) throw these activities under the “spotlight of pitiless publicity.”  The result is the Foreign Agents Registration Act (FARA), a disclosure statute that, notably, does not prohibit speech. Rather, FARA requires agents of foreign principals who engage in political activities within the United States to file periodic public disclosures with the Department.

The Act’s purpose is to ensure that the American public and our lawmakers know the source of information provided at the behest of a foreign principal, enhancing the public’s and the government’s ability to evaluate such information.

Transparency, not prohibition, has been the government’s response to misinformation. In the 1980s, the government established an interagency committee, the “Active Measures Working Group,” to counter Soviet disinformation. It did so by exposing forgeries and other propaganda, such as fake stories that the Pentagon developed the AIDS virus as part of a biological weapons research program.

Today, we confront misinformation as only one component of a broader, malign foreign influence effort.  As this framework from the Department’s recent Cyber-Digital Task Force report shows, those efforts can also include cyber operations that target election infrastructure or political parties’ networks; covert efforts to assist (or harm) candidates; and overt efforts to influence the American public (for example, through state-run media organizations).

Our responses to those efforts must likewise be multifaceted, from providing indicators and warnings that can help network owners protect themselves from hackers, to criminal investigations and prosecutions, and other measures, like sanctions and expulsions that raise the costs on the states that sponsor such malign activities.

This graphic, also from the Task Force report, depicts the Department’s strategy to counter each phase of a covert influence campaign cycle, from the identification of targets to the production and amplification of content.  The middle rows (in red) depict our adversaries’ activities in stages, while the bottom rows (in blue) suggest the means by which private actors and the government can disrupt and deter the activity.

One aspect of this strategy worth highlighting is that the content of a foreign influence campaign may be true or false.  Whether the message is accurate or not may not be the point: doxing a candidate or a corporation for political reasons might not involve misinformation, but it may nonetheless violate our laws, threaten our values and way of life, compromise privacy and, sometimes, retaliate against and chill free speech.

Covert foreign influence efforts can take many forms, but recently we have seen increased efforts to influence Americans through social media. To counter these efforts, a key component of our approach is sharing information with social media and other Internet service providers, which we do through the FBI’s Foreign Influence Task Force.  It is those providers who bear the primary responsibility for securing their own products and platforms.  By sharing information with them, especially about who certain users and account holders actually are, we can assist their own, voluntary initiatives to track foreign influence activity and to enforce their own terms of service.

As the Task Force report also recognizes, there may be circumstances when it is appropriate for the government itself to expose and attribute foreign influence operations as a means of rendering them less effective. But there are often compelling, countervailing considerations, however.

As a general rule, the Department does not confirm, deny, or comment on pending investigations, both to protect the investigation itself as well as the rights of any accused.

We are also constrained to protect the classified sources and methods that may inform our judgment of what foreign governments are doing.

And, most important of all, we must never act to confer any advantage or disadvantage on any political or social group, individual, or organization, and we must strive to avoid even the appearance of partiality. That could constrain the timing and nature of any disclosure we might make.

All of this is to say, and as the Department’s Policy on the Disclosure of Foreign Influence Operations recognizes, we might not be the best messenger to counter a particular piece of misinformation.

That’s why this conference is so important: what we call the private sector (but which includes a lot of people in public spaces, just like you) has a critical role – larger than the federal government’s – in countering covert foreign influence efforts, particularly misinformation, and ensuring that our democracy rests on the active engagement of an informed public.

The former Russian troll I mentioned at the beginning of my remarks, who worked for the IRA, said his work was “pointless” for Russian audiences, that it would not impact them.  But in America, that kind of trickery might have an impact, he said, because we “live in a society in which it’s accepted to answer for your words.” My challenge to us during this conference, if I may make one, is that we find ways to ensure we all continue to answer for our words, so that the trust we enjoy as an aspect of our free, democratic society can thrive.

*** Someone help out the democrats and Mary Ann….all discussions inside the Beltway include these multi-track discussions. Back in March, the U.S. spending bill provided $380 million for election cyber security. There was an amendment for an additional $250 million that the Senate Republicans on a floor vote rejected. Why? Because many of the states have either been slow to accept money inside that $380 million or not taken any at all.

Elections’ Voter Registration System and the Russian Investor

Remember the outrage when sites all over the internet published items that Soros owned the voting machines? Remember that same outrage when Soros invested heavily in the State’s secretaries that were responsible for the respective elections process?

Remember the outrage that a Russian investor was able to buy American uranium in a deal concocted by Hillary? We learned then about the Committee for United States Foreign Investment.

Remember the outrage when Obama deferred the ‘red-line’ chemical weapons removal in Syria to Moscow that killed thousands? Anyone remember the anger when Russia shot down MH17, a civilian airliner, killing everyone on board?

Remember that we have lost regard for the top ranks of the FBI due to the Russian investigation and the Hillary investigation?

Remember

Remember the horror and voting rigging reported across various states in the recent elections?

Our votes are the most sacrosanct privilege Americans have. Okay so how about the very under reported matter in Maryland?

See, it was not until AFTER the Justice Department announced the indictment of 12 Russian military intelligence officers for computer hacking that Maryland officials reached out to Rod Rosenstein. FBI officials in the Maryland office held a briefing with the Maryland officials and did not want to make the information public….that is due to a wider investigation on the matter. What matter is that?

Well….

In part:

Four FBI agents informed state officials Thursday that a vendor Maryland has contracted with — ByteGrid LLC — to host data for statewide elections has ties to a Russian oligarch, Miller and Busch said.

Vladimir Potanin Vladimir Potanin

Potanin acquired his wealth notably through the controversial loans-for-shares program in Russia in the early to mid-1990s.

He is one of the wealthiest men in Russia, with an estimated net worth of $15.9 billion, ranking 83rd on the 2018 Forbes The World’s Billionaires list, and 6th in Russia. His long-term business partner was Mikhail Prokhorov until they decided to split in 2007. Subsequently, they put their mutual assets in a holding company, Folletina Trading, until their asset division was agreed upon.

In January 2018, Potanin appeared on the US Treasury’s “Putin list” of 210 individuals closely associated with Russian president Vladimir Putin.

ByteGrid LLC owns the servers that hold the data for voter registration, candidacy, election management, and election night results, state elections officials said. An ownership stake in the company was purchased by AltPoint Capital Partners, whose largest investor is a Russian oligarch named Vladimir Potanin, the election officials said.

Busch said that Potanin is “very close” to Russian Pesident Vladimir Putin and that Altpoint’s managing partner is Gerald T. Banks, a Russian millionaire who changed his name from Guerman Aliev.

But Busch said the state has no evidence that Potanin or Banks had done anything untoward.

“We don’t have any idea whether they meddled in any elections at all,” Busch said.

Attempts to reach the companies were unsuccessful.

The Maryland officials also said they had no indication the Russian-linked firm had anything to do with the problems that arose shortly before June’s primary election in which more than 80,000 voters’ change of address and party affiliation requests were never forwarded from the Motor Vehicle Administration to election officials.

The Maryland news came hours after the Department of Justice indicted 12 Russian intelligence officers, charging that they hacked the computer networks of Hillary Clinton’s 2016 presidential campaign, the Democratic National Committee and the Democratic Congressional Campaign Committee.The 11-count indictment alleges that the Russian agents infiltrated the networks, implanting malicious computer code and stealing documents on field operations, opposition research and campaign analytics as a way of interfering with the election.

The charges include conspiracy to commit an offense against the U.S., aggravated identity theft and money laundering.

According to the indictment, the Russians posted stolen documents online and worked with an organization — unnamed but believed to be WikiLeaks — to spread them further, and take advantage of continuing tensions between supporters of Clinton and primary opponent Bernie Sanders.

The federal indictment charging 12 Russian includes an allegation that a Twitter account, @BaltimoreIsWhr, was set up to invite people to join a “flash mob” and to post images using the hashtag “#BlacksAgainstHillary.”

It is the latest revelation of how social media were used locally and nationally in an attempt to influence the election. Cyber security analysts in September told The Baltimore Sun that a Facebook ad that referred to the Black Lives Matter movement and targeted Baltimore users in the months following the 2015 riots was likely part of a broader effort by Russia to sow discontent and deepen racial tension.

In response to such ads, the General Assembly in April passed a bill requiring social media platforms and websites with significant traffic to track all political ads and record which users are being targeted. In May, Hogan expressed reservations that the law could be found unconstitutional and allowed the bill to become law without his signature.

The @BaltimoreIsWhr account has been suspended.  Read more here.

Election officials in Maryland along with Governor Hogan have asked the Department of Homeland Security for technical assistance to evaluate the network used by the State elections board. ByteGrid, interesting name, was bought by the Russian investor in 2015 without the knowledge of Maryland officials. ByteGrid hosts the entire state system including registration, online ballot delivery systems and unofficial election night results.

Oh yeah, one last item, Maryland was one of the states that had very suspicious online activity in the 2016 election according to DHS and the FBI. That suspicious activity was for online registration and in the ballot request system.

IT Solution Providers

According to the ByteGrid website, they offer: With ByteGrid’s Compliant Hosting Solutions you get security, compliance and control over your business-critical data. Our CISA and CRISC certified experts have you covered. Industry sectors include: Life Sciences, Health IT, Financial and Government.

Russia’s Operations Against the US Explained at Aspen Security Forum

Associated Press

Published on Jul 18, 2018
(19 Jul 2018) FBI Director Christopher Wray says Russia is trying to influence opinions and sow discord and divisiveness in the U.S. Wray spoke at the opening event of the Aspen Security Forum in Colorado. (July 19)

Meanwhile, there has been substantial theories and responses due to Special Counsel Robert Mueller’s indictment of the 13 Russians from February. 

Add in the second round of 12 Russians that SC Mueller indicted just this month. So we are currently at 25. Now, consider Ms. Maria Butina who was arrested last Sunday.

Butina, 29, was indicted by a grand jury Tuesday on charges she served in the United States as an agent of the Russian government without notifying the Justice Department. In the court filing Wednesday, prosecutors said Butina maintained constant contact with Russian intelligence officials and “loyally” carried out a years-long conspiracy to advance the Kremlin’s interests. They described her plan as “calculated, patient” and directed by a Russian official believed to be Alexander Torshin, who was sanctioned by the Treasury Department earlier this year.

Perhaps, one should consider that Mueller is for sure simply trying to clean up a Russian mess left behind by the Obama administration. All of this happened during his administration. For an exceptional summary on the matter of Butina and what FBi Director is referring to at the Aspen Security Forum, click this link.

Security agency professionals are in attendance at the Aspen Security Forum to include DHS Secretary Kirstjen Nielsen, Daniel Coats, Director of National lntelligence, Rod Rosenstein, Deputy Attorney General and Christopher Wray, Director of the FBl.

Further, there are real concerns that the Federal and State governments are not doing enough to protect whole election architecture and systems. That is a false assertion by the Democrats as there have been hearings on the Hill explaining the work/collaboration between DHS and individual states. Admittedly, there are issues at the State level where databases, computers, voter rolls and more all take place. The bell first rang on state vulnerabilities began in the 2016 general election, where the cyber professionals at the FBl were placed in states known to be under brute force cyber attacks. State officials were warned then and provided advice on how to harden their respective systems going forward.

Those discussions and activities continue today including at the Aspen Security Forum.  A specific session is dedicated to this issue as noted:

Defending Democratic Institutions: Election 2018 and Beyond
Though the motivation and the effects are disputed, nearly everyone agrees that Russia interfered in the 2016 presidential election, and security experts agree that it is already interfering in this year’s mid-terms. Though efforts are underway to stop them, what more can be done to put an end to Russia’s interference in our elections and democratic institutions?

Monika Bickert, Head of Product Policy and Counterterrorism, Facebook
Tom Burt, Corporate Vice President for Customer Security and Trust , Microsoft
Michael Chertoff, Former Secretary of Homeland Security
Jeanette Manfra, Assistant Secretary of Homeland Security for Cybersecurity and
Communications
Kim Wyman, Secretary of State, Washington State
Moderator: Michael Isikoff, Chief Investigative Correspondent, Yahoo News

 

Meanwhile, Senator Rubio introduced legislation last year to further add sanctions on Russia due to Russian interference. Due to the most recent political scandals, some noted above, Rubio’s bill is getting renewed attention and support in Congress.

Image result for rubio deter act photo

Briefly from the Miami Herald:

Rubio and Van Hollen’s bill, called the Defending Elections from Threats by Establishing Redlines (DETER) Act, is the first bill since the 2016 presidential election that sets specific punishments for the Russian government and other countries that interfere in U.S. political campaigns.

“Congress has already taken various steps when it comes to Russia and its interference in 2016, this will just be one moving forward that hopefully would deter future attacks, which I believe is the real threat here ultimately,” Rubio said on Tuesday. “It’s not what happened, but what could happen in the future. Hopefully we’ll get to a critical mass and momentum that we can get going on it and get it passed.”

Rubio’s bill, if passed, codifies specific penalties for the Russians that must be implemented within 10 days if the Director of National Intelligence determines that interference took place.

The penalties include “sanctions on major sectors of the Russian economy, including finance, energy, defense, and metals and mining” and blacklisting every senior Russian political figure or oligarch identified in the Russian sanctions bill that became law in 2017 over the initial objections of Trump after a supermajority in Congress approved it.

The bill lays out specific acts by foreign governments that constitute election interference. Foreign governments are forbidden from purchasing advertisements to influence elections, using social and traditional media to spread “significant amounts” of false information, hacking election or campaign infrastructure such as voter registration databases and campaign emails, and blocking access to elections infrastructure such as websites that provide information on polling locations. Read more here.

 

Unmasking Antifa Act of 2018, Will it Pass?

You can read this proposed legislation here.

It has only been introduced in the House….a very long way to go. It has been assigned to the House Judiciary Committee.

The 3 co-sponsors are:

Rep. King, Peter T. [R-NY-2]*
Rep. Budd, Ted [R-NC-13]*
Rep. Gosar, Paul A. [R-AZ-4]*

Antifa's Berkeley Violence Ought to Frighten the Left ... photo

To amend title 18, United States Code, to provide penalty enhancements for committing certain offenses while in disguise, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Unmasking Antifa Act of 2018”.

SEC. 2. Interference with protected rights while in disguise.

(a) In general.—Chapter 13 of title 18, United States Code, is amended by inserting after section 249 the following:

§ 250. Interference with protected rights while in disguise

“(a) In general.—Whoever, whether or not acting under color of law, while in disguise, including while wearing a mask, injures, oppresses, threatens, or intimidates any person in any State, Territory, Commonwealth, Possession, or District in the free exercise or enjoyment of any right or privilege secured to him by the Constitution or laws of the United States, or because of his having so exercised the same, shall be fined under this title, imprisoned not more than 15 years, or both.

“(b) Rule of construction.—Nothing in this section shall be construed so as to deter any law enforcement officer from lawfully carrying out the duties of his office; and no law enforcement officer shall be considered to be in violation of this section for lawfully carrying out the duties of his office or lawfully enforcing ordinances and laws of the United States, the District of Columbia, any of the several States, or any political subdivision of a State. For purposes of the preceding sentence, the term ‘law enforcement officer’ means any officer of the United States, the District of Columbia, a State, or political subdivision of a State, who is empowered by law to conduct investigations of, or make arrests because of, offenses against the United States, the District of Columbia, a State, or a political subdivision of a State.”.

(b) Clerical amendment.—The table of sections for chapter 13 of title 18, United States Code, is amended by inserting after the item related to section 249 the following:


“250. Interference with protected rights while in disguise. ”.

SEC. 3. Destroying buildings or property within special maritime and territorial jurisdiction while in disguise.

Section 1363 of title 18, United States Code, is amended by adding at the end the following: “Whoever, during the commission of an offense under this section, wears a disguise, including a mask, shall, in addition to any term of imprisonment otherwise imposed under this section, be imprisoned for 2 years.”.

http://i.dailymail.co.uk/i/pix/2017/08/28/01/439F6FDE00000578-0-Gibson_second_from_left_and_his_body_guard_retreat_behind_police-a-15_1503878660344.jpg photo

*** Last year, the New York Times did an interesting summary on the unmasking. In part, please note:

Since 1949, it has been illegal to wear a mask in public in Alabama outside of occasions like Halloween and Mardi Gras. That sweeping law, and others enacted across the country around that time, was in direct response to the Ku Klux Klan.

Numerous states have laws governing the wearing of masks in public. In Ohio, for instance, it is illegal for two or more people to wear “white caps, masks or other disguises” while committing a misdemeanor. In West Virginia, a broad law prohibiting the wearing of masks includes several exceptions: holiday costumes and winter sports attire, among others.

California had an expansive anti-mask law for decades, until the Iranian revolution in 1979. Iranian-Americans in California sued over the law, saying it kept them from shielding their identities for safety purposes in protests against the new leadership in Iran. The law was struck down.

“The California court recognized, and other courts recognize, that people wear masks in all sorts of situations for completely nonviolent and, in fact, purposes that are protected by the First Amendment,” Michael T. Risher, a senior staff attorney at the American Civil Liberties Union of Northern California, said in an interview.

After that case, the state enacted a far narrower provision: It is illegal to wear a mask in the act of committing a crime. The University of California, Berkeley, also has its own regulation for masks: People who are not affiliated with the university cannot wear masks on campus for the purpose of intimidation. Read more here.