Category Archives: Votes voting

WikiLeaks Released More Podesta Emails, Political Media Marriage

Posted on by

It is rather humorous at this point in the process as John Podesta, the Hillary campaign architect says he is not sure any of the releases are authentic. Then Hillary and the government says that the hacks are authentic and Russia is the culprit hacker. Then often, including the second debate, Donald Trump says no one can prove it is Russia and further, there may be no hack. Sigh…all of them are misguiding the American voters with the exception of the Office of Director of National Intelligence, it IS Russia.

So we have a whole campaign season for the White House that is riddled with government agencies, hackers and dinner date types in media.

WikiLeaks on Monday published 2,000 new documents that it claims were stolen from the email files of the chairman of Hillary Clinton campaign, shortly after the U.S. government linked the anti-secrecy group to Russian hackers.

The 2,086 emails of John Podesta’s posted to WikiLeaks’ website on Monday follow a similarly sized batch of messages released on Friday evening.

The messages date from as recently as this year, and include several discussions about campaign tactics and updates, as well as spam messages. The cache of emails released on Friday included what appeared to be portions of controversial speeches Clinton gave to major banks.

In one of the newly released emails, opinion writer Brent Budowsky, who writes a column for The Hill, told Podesta that the Clinton campaign was giving prominence to discussion about President Bill Clinton’s extramarital affairs by trying to limit his media exposure.

“I had a multi-email exchange with someone in the media this morning—a name you would know—who is telling me that there are people close to the Clintons who says WJC’s sex life could be damaging to her,” Budowsky wrote, referring to Bill Clinton. More here from The Hill.

So all politicians have their favorites and for Democrats, they are called ‘friendly media;. Those media types are from various outlets, after all, most of the time the stories are shopped while others are purposely planted.

Hacked: Clinton campaign worked with NYT reporter behind scenes

FNC: Internal documents made public on Sunday revealed a reporter for the New York Times working with Democratic officials to promote Hillary Clinton’s presidential candidacy, with party apparatchiks saying she has “never disappointed” them.

The January 2015 document centering on Clinton’s media strategy, released by the hacker known as Guccifer 2.0, was describing Maggie Haberman, who worked for Politico but who moved to the Times that month.

“We are all in agreement that the time is right [to] place a story with a friendly journalist in the coming days that positions us a little more transparently while achieving [our] goals,” said the memo, which was first published by The Intercept.

“We have [had] a very good relationship with Maggie Haberman of Politico over the last year,” the unsigned document noted. “We have had her tee up stories for us before and have never been disappointed. While we should have a larger conversation in the near future about a broader strategy for reengaging the beat press the covers HRC, for this we think we can achieve our objective and do the most shaping by going to Maggie.”

The Intercept reported that metadata pointed to Nick Merrill, the campaign’s press secretary, as the document’s author. It is unclear which party apparatus Guccifer purportedly hacked in order to obtain the document. Guccifer is the same persona that took credit for breaches of the Democratic National Committee and Democratic Congressional Campaign Committee over the summer.
Read more on WashingtonExaminer.com

 

Congressman Issa Still in Court Fighting on the Fast and Furious Case

Posted on by

Good for him !!

The Flash Memo from the House Oversight Committee, dated April 2016.

House GOP Presses Court on ‘Fast and Furious’ Documents Committee argues Justice lied about botched gun-tracking initiative

House Oversight Committee under Rep. Darrell Issa, R-Calif., probed failed gun-tracking program. (Bill Clark/CQ Roll Call File Photo) –

RollCall: House Republicans accused the Obama administration of “generally making a mockery” of the congressional oversight process, as they fight in a federal appeals court for documents related to a flawed gun-tracking initiative known as Operation Fast and Furious. The House Oversight and Government Reform Committee, in a brief filed Thursday at the U.S. Court of Appeals for the District of Columbia Circuit, argued that a lower court judge did not fully correct the Justice Department’s “executive abuses” as it responded to a congressional subpoena.

“DOJ responded by lying to Congress; engaging in concerted resistance, delay and gamesmanship; refusing to produce a privilege log for more than three years; belatedly raising new purported grounds for withholding documents long after the fact; and generally making a mockery of the process of negotiation and accommodation that is supposed to facilitate the exercise of Congress’s oversight and investigative powers,” the brief stated.

The lower courts allowed the Justice Department to benefit from that response, the committee argued, preventing the House from completing its obstruction of Congress investigation.

“This court should restore balance to the congressional oversight process by correcting the errors of the district court and compelling DOJ to produce in full, at long last, the entirety of the documents sought in the complaint,” the brief stated.

The appeal challenged rulings in the case, including U.S. District Court Judge Amy Berman Jackson’s order Jan. 19 for the administration to turn over internal documents related to the Justice Department’s response to the congressional inquiry. President Barack Obama had asserted executive privilege over those documents on the grounds that disclosure would reveal the agency’s deliberative process.

Jackson’s order applied to documents responsive to the committee’s subpoena in October 2011 as part of the investigation spearheaded by then-Chairman Darrell Issa.

The California Republican has said the records will show that the Justice Department covered up the Fast and Furious program launched in 2009 by the Bureau of Alcohol, Tobacco, Firearms and Explosives, in which the government lost track of guns it was trying to trace to Mexican drug cartels. The weapons have been traced to crimes such as the 2010 murder of Border Patrol agent Brian Terry. The program was halted in 2011.

The order also applied to nine documents for which no justification for the invocation of privilege had been provided, however the order denied all other requests from the committee for documents from the administration.

WASHINGTON – House Oversight and Government Reform Committee Chairman Darrell Issa (R-Calif.) today released the following statement regarding the decision of U.S. District Court Judge Amy Berman Jackson to deny the Justice Department’s motion to dismiss the House of Representatives’ lawsuit concerning administration documents related to the Operation Fast and Furious scandal.

The President asserted executive privilege over these subpoenaed documents on June 20th 2012.

“This ruling is a repudiation of the Obama Justice Department and Congressional Democrats who argued the courts should have no role in the dispute over President Obama’s improper assertion of executive privilege to protect an attempted Justice Department cover-up of Operation Fast and Furious,” said Chairman Issa. “I remain confident in the merits of the House’s decision to hold Attorney General Eric Holder in contempt; this ruling is an important step toward the transparency and accountability the Obama Administration has refused to provide.”

 

This is the premise of Congressman Issa’s argument, a hearing from 2014. Essentially a Constitutional crisis.

DHS Officially Issues Alert on Election Hacking

Posted on by

Related reading: Hacking an election is about influence and disruption, not voting machines

DHS Issues Alert on U.S. Election Hacking

The United States Department of Homeland Security has issued an Intelligence Assessment on the Cyber Threats and Vulnerabilities to U.S. Election Infrastructure. The report, which primarily downplays the risk of hacking election systems appears to conflict with recent FBI Director testimony stating that at least 20 states have been electronically probed with four suffering hacking related intrusions. The report does note that “multiple elements of US election infrastructure are potentially vulnerable to cyber intrusions. The risk to US computer-enabled election systems varies from county to county, between types of devices used, and among processes used by polling stations.”

The key judgments also include:

  • DHS has no indication that adversaries or criminals are planning cyber operations against US election infrastructure that would change the outcome of the coming US election. Multiple checks and redundancies in US election infrastructure—including diversity of systems, non-Internet connected voting machines, pre-election testing, and processes for media, campaign, and election officials to check, audit, and validate results—make it likely that cyber manipulation of US election systems intended to change the outcome of a national election would be detected.
  • We judge cybercriminals and criminal hackers are likely to continue to target personally identifiable information (PII), such as that available in voter registration databases. We have no indication, however, that criminals are planning theft of voter information to disrupt or alter US computer-enabled election infrastructure.

Other elements of the report, note the resiliency of the voting infrastructure, but also the potential for nation-state disruption.

No Indication of Cyber Operations to Change Vote Outcome

  • DHS has no indication that adversaries or criminals are planning cyber operations against US election infrastructure that would change the outcome of the coming US election. Multiple checks and redundancies in US election infrastructure—including diversity of systems, non-Internet connected voting machines, pre-election testing, and processes for media, campaigns and election officials to check, audit, and validate results—make it likely that cyber manipulation of US election systems intended to change the outcome of a national election would be detected.
  • We assess that successfully mounting widespread cyber operations against US voting machines, enough to affect a national election, would require a multiyear effort with significant human and information technology resources available only to a nation-state. The level of effort and scale required to change the outcome of a national election, however, would make it nearly impossible to avoid detection. This assessment is based on the diversity of systems, the need for physical access to compromise voting machines, and the security and pre-election testing employed by state and local officials.* In addition, the vast majority of localities engage in logic and accuracy testing, which work to ensure voting machines operate and tabulate as expected—before, during, and after the election.
  • We judge, as a whole, voter registration databases are resilient to systemic, nationwide cyber manipulation because of the diverse systems and security measures surrounding them. Targeted intrusions against individual voter registration databases, however, are possible. Additionally, with illicit access, manipulation of voter data, or disruptions to their availability, may impact a voter’s ability to vote on Election Day. Most jurisdictions, however, still rely on paper voter rolls or electronic poll books that are not connected in real-time to voter registration databases, limiting the possible impacts in 2016.
  • Voting precincts in more than 3,100 counties across the United States use nearly 50 different types of voting machines produced by 14 different manufacturers. The diversity in voting systems and versions of voting software provides significant security by complicating attack planning. Most voting machines do not have active connections to the Internet.
  • We assess the impact of an intrusion into vote tabulation systems would likely be contained to the manipulation of unofficial Election Night reporting results, which would not impact the certified outcome of an election, but could undermine public confidence in the results. In addition, local election officials, media organizations, and political campaigns carefully monitor local voting patterns, particularly in electorally significant jurisdictions, and are likely to detect and begin investigating potential anomalies quickly.

Non-State Actors Likely To Continue Targeting PII, Potentially Attempt Disruption

  • We judge cybercriminals and criminal hackers are likely to continue to target voter PII. We have no indication, however, that cybercriminals are planning theft of voter information to disrupt or alter computer-enabled US election infrastructure voting. Politically-motivated criminal hackers could attempt temporary disruptive cyber attacks, such as denial-of-service (DoS) attacks or web defacements against election-related websites, in the lead-up to or during the election process. Disruptive attacks could target public-facing state and local government websites, potentially including election infrastructure used to report election results to the general public and media; however, we judge this activity would likely have little impact on the voting process itself.
  • Unknown cyber actors in mid-July used an open-source scanning tool to identify and exploit a structured query language (SQL) injection vulnerability and exfiltrate PII from a Midwestern state board of elections website, according to FBI sources with excellent access and information provided by a cybersecurity organization supporting states. In at least three other states, voting and non-voting related websites during the same period observed unsuccessful SQL injection attacks from unknown actors, according to the same reporting.
  • Cybercriminals routinely attempt exploitation of misconfigured and vulnerable websites and webservers via SQL injection, brute force login attempts, cross-site scripting, and other publicly known vulnerabilities, according to DHS reporting from sources with direct access.
  • Criminal hackers routinely engage in disruptive attacks such as website defacement and DoS attacks, through exploiting publicly known vulnerabilities and for-hire DoS tools, according to DHS reporting from reliable sources with direct access.

Vulnerability of Computer-Enabled Election Systems

  • We assess multiple elements of US election infrastructure are potentially vulnerable to cyber intrusions. The risk to computer-enabled election systems, however, varies from county to county, between types of devices used and among processes used by polling stations.
  • Electronic Voting Systems: Security researchers have repeatedly demonstrated in laboratory testing environments that voting machines are vulnerable to compromise, usually with physical access, and such compromises could result in the manipulation of vote totals. Election outcomes would only be impacted if the compromise happened on a large scale across multiple machines or jurisdictions—which we judge to be beyond the capability of any adversary—or in cases of smaller local elections where the margin of victory is at a smaller scale.
  • Voter Registration Databases: Online voter registration systems provide a potential point of vulnerability to enable cyber actors to gain illicit access to voter registration databases. Cyber actors have exploited these portals in the past to gain illicit access to voter information. Compromises of voter registration databases have resulted in the potential release of PII, but not the modification of records—with the exception of one unconfirmed incident of voter registration manipulation reported by US media. The exposure of voters’ information would have limited impact on the integrity of the election process; however, it could undermine confidence in the system and provide the ability to conduct further cyber operations.
  • Public Dissemination of Voting Results: State government information technology solutions generally include a public-facing Internet-connected portion that is used to report election results to the general public and media, which some states have begun migrating to the cloud due to Election Day demand. Vulnerabilities in the public-facing Internet portion could be used to display inaccurate vote results to the public and media. Election Day results are not the official results of the state or local jurisdiction.

election-hacking

Russia Hacked 4 Voter Registration Systems

Posted on by

Russian Hackers Targeted Nearly Half of States’ Voter Registration Systems, Successfully Infiltrated 4

Think hackers will tip the vote? Read this first….

CSMonitorThe US election system is a massively complex tangle of technology. And some of it is insecure.

It’s rife with internet-based entry points, full of outdated infrastructure, cluttered with proprietary software from a random assortment of vendors, and lacks any standardized security safeguards.

In all, it’s a recipe for disaster. But if a malicious hacker really set out to manipulate the election, how would they actually do it and what could they really accomplish?

The most obvious target seems to be internet-enabled voting, currently used in 32 states. But, these systems aren’t what you think of when you hear “internet-enabled.”

They tend to be systems for distributing ballots that voters print out on paper, sign, and then email or fax back to the state authority for counting.

But emailing and faxing ballots introduces some problems. On a technical level, faxes and the emails used in internet voting aren’t encrypted.

That means states are passing ballots around the open internet. If an attacker is able to compromise any point along the way, they might intercept completed ballots.

Related reading: Hackers have attempted more intrusions into voter databases, FBI director says

So, not only does this system do away with any notion of secrecy, it also ignores any modern understanding of cryptographic security.

I’d much rather see online voting systems with built-in encryption. And that’s not a complex undertaking. Many websites currently use HTTPS, an encrypted protocol, to avoid leaking important things such as credit card numbers and passwords. That’s a good place to start for completed ballots.

Hard targets

But launching a full-scale attack on these systems wouldn’t be easy. First, attackers would need to target online voters (a small minority) who are scattered in various jurisdictions.

Then, once the vulnerable voters are identified, attackers would need to wait for the polling place to transmit those votes. While that kind of attack could work on one person, or a single location, it would be difficult to pull off at any meaningful scale.

Alternatively, an adversary could invent an entirely new population of phantom voters, register them to vote remotely, and stuff the ballot box with fake votes. That’s possible, but highly improbable.

So, what about servers

The easiest way to target servers that collect online ballots is with a distributed denial of service, or DDoS, attack that overwhelms a website with traffic. A totally compromised server could enable attackers to alter or destroy votes in a much sneakier way, and an attack like this could potentially avoid detection until after the election.

But this sort of attack would be pretty obvious to system maintainers, and I suspect polling administrators would quickly switch back to relying on the mail. Remember, online systems aren’t intended for use on Election Day, rather they merely collect absentee ballots.

On the bright side, however, this kind of attack appears possible for only five of the internet-enabled voting states. Only Alabama, Alaska, Arizona, North Dakota, and Missouri have a so-called internet portal.

And none of those states are battleground territories. So, regardless of their security posture, attacking these portals isn’t likely to sway the election. If Florida or Pennsylvania had one of these portals, I’d be more worried.

Voting machines

No electronic voting machine is bulletproof when it comes to cybersecurity. But if an adversary needs to physically visit voting machines in order to fiddle with results, then he or she would need a whole lot of bodies in a whole lot of polling places in order to make an impact.

Don’t get me wrong, attackers could rely on wireless networking or sophisticated antennas. But even with ideal placement and transmission power, bad guys would need to be within sight of a polling place to conduct practical attacks on a Wi-Fi-enabled voting machine.

While remote attacks are possible, it’s not like someone could affect voting from another country. They’d more likely need to be parked outside the polling place. So, although Wi-Fi voting machines are a terrible idea, they don’t appear to be an existential threat to democracy at the time being.

Voter information

Rather than attacking ballot-issuing and ballot-counting systems, attackers have more attractive targets. Voter records, for example, are tempting to cybercriminals since they contain enough personally identifiable information (PII) to kick off identity theft and identity fraud attacks at a much larger scale.

Unfortunately, some of these data sets have already been compromised. Almost 200 million voter records were accidentally leaked late in 2015, and the FBI warned in August that some state voter databases have also suffered breaches.

Altering voter registration records is a big deal since such attacks can affect voter turnout. While that’s not what’s being reported today, such an attack could not only nudge election results one way or another, but also raise serious questions about the integrity of the democratic process.

Even though rare, voter fraud has become a hot political issue. Any attack on voter records could trigger complaints about a rigged election and undermine confidence in the entire system.

Perceptions matter

Alarmingly, hacking elections may not involve the actual compromising of ballots or vote counting at all.

Just imagine that someone decided to take down a couple of voter information websites. Would this technically interfere with the election process? Maybe, if some people were trying to find the address for their polling place.

The obvious effect, though, would be to create the impression that the election is under attack, raising concerns about the credibility of the voting process and casting doubt on the results.

Solutions for securing the vote

Technology may be making elections more convenient and efficient, but that same technology can introduce new risks and it needs to be accounted for.

State election boards or commission should test their systems ahead of Election Day in November. They should even try attacking their own systems to discover what’s possible, and what can help defend their systems.

If you are a voter who is concerned about election hacking, local election officials should be able to tell you how they are dealing with potential cyberthreats. And if you really want to help, volunteer at the polls on Election Day.

Presidential Determination Signed to Accept 85,000 Refugees

Posted on by

No wonder the FBI is on a hiring blitz to attempt to vet what is told to be highly vetted and scrutinized refugee applicants.

****

The White House
Office of the Press Secretary
For Immediate Release
September 29, 2015

Presidential Determination — Presidential Determination on Refugee Admissions for Fiscal Year 2016

MEMORANDUM FOR THE SECRETARY OF STATE

SUBJECT:      Presidential Determination on Refugee Admissions for Fiscal Year 2016

In accordance with section 207 of the Immigration and Nationality Act (the “Act”) (8 U.S.C. 1157), and after appropriate consultations with the Congress, I hereby make the following determinations and authorize the following actions:

The admission of up to 85,000 refugees to the United States during Fiscal Year (FY) 2016 is justified by humanitarian concerns or is otherwise in the national interest; provided that this number shall be understood as including persons admitted to the United States during FY 2016 with Federal refugee resettlement assistance under the Amerasian immigrant admissions program, as provided below.

The admissions numbers shall be allocated among refugees of special humanitarian concern to the United States in accordance with the following regional allocations; provided that the number of admissions allocated to the East Asia region shall include persons admitted to the United States during FY 2016 with Federal refugee resettlement assistance under section 584 of the Foreign Operations, Export Financing, and Related Programs Appropriations Act of 1988, as contained in section 101(e) of Public Law 100-202 (Amerasian immigrants and their family members):

Africa . . . . . . . . . . . . . . . . . . . 25,000

East Asia. . . . . . . . . . . . . . . . . . 13,000

Europe and Central Asia . . . . . . . . . . . 4,000

Latin America/Caribbean. . . . . . . . . . .  3,000

Near East/South Asia. . . . . . . . . . . .  34,000

Unallocated Reserve . . . . . . . . . . . .  6,000

The 6,000 unallocated refugee numbers shall be allocated to regional ceilings, as needed.  Upon providing notification to the Judiciary Committees of the Congress, you are hereby authorized to use unallocated admissions in regions where the need for additional admissions arises.

Additionally, upon notification to the Judiciary Committees of the Congress, you are further authorized to transfer unused admissions allocated to a particular region to one or more other regions, if there is a need for greater admissions for the region or regions to which the admissions are being transferred.

Consistent with section 2(b)(2) of the Migration and Refugee Assistance Act of 1962, I hereby determine that assistance to or on behalf of persons applying for admission to the United States as part of the overseas refugee admissions program will contribute to the foreign policy interests of the United States and designate such persons for this purpose. Consistent with section 101(a)(42) of the Act (8 U.S.C. 1101 (a)(42)), and after appropriate consultation with the Congress, I also specify that, for FY 2016, the following persons may, if otherwise qualified, be considered refugees for the purpose of admission to the United States within their countries of nationality or habitual residence:

  1. Persons in Cuba
  2. Persons in Eurasia and the Baltics
  3. Persons in Iraq
  4. Persons in Honduras, Guatemala, and El Salvador
  5. In exceptional circumstances, persons identified by a United States Embassy in any location

You are authorized and directed to publish this determination in the Federal Register.

 

BARACK OBAMA