NSA Document Outlining Russian Attempts to Hack Voter Rolls

This week brought new public evidence about Russian interference in the 2016 election. On Monday, the Intercept published a top-secret National Security Agency document describing Russian hacking attempts against the US election system. While the attacks seem more exploratory than operational ­-- and there's no evidence that they had any actual effect ­-- they further illustrate the real threats and vulnerabilities facing our elections, and they point to solutions.

The document describes how the GRU, Russia's military intelligence agency, attacked a company called VR Systems that, according to its website, provides software to manage voter rolls in eight states. The August 2016 attack was successful, and the attackers used the information they stole from the company's network to launch targeted attacks against 122 local election officials on October 27, 12 days before the election.

That is where the NSA's analysis ends. We don't know whether those 122 targeted attacks were successful, or what their effects were if so. We don't know whether other election software companies besides VR Systems were targeted, or what the GRU's overall plan was -- if it had one. Certainly, there are ways to disrupt voting by interfering with the voter registration process or voter rolls. But there was no indication on Election Day that people found their names removed from the system, or their address changed, or anything else that would have had an effect -- anywhere in the country, let alone in the eight states where VR Systems is deployed. (There were Election Day problems with the voting rolls in Durham, NC ­-- one of the states that VR Systems supports ­-- but they seem like conventional errors and not malicious action.)

And 12 days before the election (with early voting already well underway in many jurisdictions) seems far too late to start an operation like that. That is why these attacks feel exploratory to me, rather than part of an operational attack. The Russians were seeing how far they could get, and keeping those accesses in their pocket for potential future use.

Presumably, this document was intended for the Justice Department, including the FBI, which would be the proper agency to continue looking into these hacks. We don't know what happened next, if anything. VR Systems isn't commenting, and the names of the local election officials targeted did not appear in the NSA document.

So while this document isn't much of a smoking gun, it's yet more evidence of widespread Russian attempts to interfere last year.

The document was, allegedly, sent to the Intercept anonymously. An NSA contractor, Reality Leigh Winner, was arrested Saturday and charged with mishandling classified information. The speed with which the government identified her serves as a caution to anyone wanting to leak official US secrets.

The Intercept sent a scan of the document to another source during its reporting. That scan showed a crease in the original document, which implied that someone had printed the document and then carried it out of some secure location. The second source, according to the FBI's affidavit against Winner, passed it on to the NSA. From there, NSA investigators were able to look at their records and determine that only six people had printed out the document. (The government may also have been able to track the printout through secret dots that identified the printer.) Winner was the only one of those six who had been in e-mail contact with the Intercept. It is unclear whether the e-mail evidence was from Winner's NSA account or her personal account, but in either case, it's incredibly sloppy tradecraft.

With President Trump's election, the issue of Russian interference in last year's campaign has become highly politicized. Reports like the one from the Office of the Director of National Intelligence in January have been criticized by partisan supporters of the White House. It's interesting that this document was reported by the Intercept, which has been historically skeptical about claims of Russian interference. (I was quoted in their story, and they showed me a copy of the NSA document before it was published.) The leaker was even praised by WikiLeaks founder Julian Assange, who up until now has been traditionally critical of allegations of Russian election interference.

This demonstrates the power of source documents. It's easy to discount a Justice Department official or a summary report. A detailed NSA document is much more convincing. Right now, there's a federal suit to force the ODNI to release the entire January report, not just the unclassified summary. These efforts are vital.

This hack will certainly come up at the Senate hearing where former FBI director James B. Comey is scheduled to testify Thursday. Last year, there were several stories about voter databases being targeted by Russia. Last August, the FBI confirmed that the Russians successfully hacked voter databases in Illinois and Arizona. And a month later, an unnamed Department of Homeland Security official said that the Russians targeted voter databases in 20 states. Again, we don't know of anything that came of these hacks, but expect Comey to be asked about them. Unfortunately, any details he does know are almost certainly classified, and won't be revealed in open testimony.

But more important than any of this, we need to better secure our election systems going forward. We have significant vulnerabilities in our voting machines, our voter rolls and registration process, and the vote tabulation systems after the polls close. In January, DHS designated our voting systems as critical national infrastructure, but so far that has been entirely for show. In the United States, we don't have a single integrated election. We have 50-plus individual elections, each with its own rules and its own regulatory authorities. Federal standards that mandate voter-verified paper ballots and post-election auditing would go a long way to secure our voting system. These attacks demonstrate that we need to secure the voter rolls, as well.

Democratic elections serve two purposes. The first is to elect the winner. But the second is to convince the loser. After the votes are all counted, everyone needs to trust that the election was fair and the results accurate. Attacks against our election system, even if they are ultimately ineffective, undermine that trust and ­-- by extension ­-- our democracy. Yes, fixing this will be expensive. Yes, it will require federal action in what's historically been state-run systems. But as a country, we have no other option.

This essay previously appeared in the Washington Post.

Posted on June 9, 2017 at 10:24 AM • 63 Comments

Comments

Bruce SchneierJune 9, 2017 10:25 AM

If you've been reading my blog and the comments section, you know I detailed my commenting rules, and that both myself and my moderator have been more diligent about deleting posts that don't adhere to the rules. Blog posts about Russian cyber operations against our election system have been particularly problematic, so I am posting this as a reminder and a warning.

Comments and conversation about the NSA document, about Winner's and the Intercept's tradecraft mistakes, the security of voting systems -- particularly the US voting system -- and other related topics are welcome. Comments about me being a CIA plant, Winner being a NSA plant, this blog being a DNI plant, or anyone being a plant of any kind, while amusing, will be deleted. Conspiracy theories will be deleted. Rude comments will be deleted. Comments complaining about this comment will be deleted.

You are welcome to discuss or debate any of those other topics, just not here. Bad discussion drowns out the good, and I don't want that on my blog.

(And if someone does post such a comment, please ignore it. We'll get to it.)

HarryJune 9, 2017 10:42 AM

Recall what happened when Edison presented his vote counting invention.

So much of elections are conducted by temps at the local level, I haven't seen a proposed solution that would be widely accepted. The system is highly fractured. That's a bigger problem than technology itself.

Bruce SchneierJune 9, 2017 10:49 AM

"So much of elections are conducted by temps at the local level, I haven't seen a proposed solution that would be widely accepted. The system is highly fractured. That's a bigger problem than technology itself."

Yes. The US doesn't have an independent agency that runs elections. Even Secretaries of State are party-affiliated elected officials.

On the other hand, our weird Electoral College system is a security feature. It makes it impossible to know where to hack the vote. In 2000, you would have had to hack a few counties in Florida. In 2004, Ohio. Last year, Michigan and Pennsylvania. It's impossible to know beforehand which states will be both critical and very close. That makes actual vote hacking harder.

But I agree with you. The US needs to figure out how to manage 21st Century elections, and the way we did it in the 19th Century isn't working.

Bruce SchneierJune 9, 2017 11:06 AM

Comments about why Trump won or why Clinton lost will also be deleted. It's not that that's not a very important conversation to have. It's that it's not relevant to this thread, and not a conversation I want to have on this blog.

There are lots of political blogs for those discussions. Please find one and hold those conversations there.

QnJ1Y2UJune 9, 2017 11:22 AM

Another possible Russian goal: de-legitimize a Clinton victory. They already knew, via his public statements, that Trump was planning to make all sorts of claims about illegal voting and such. They could add fuel to that fire by making their hacking attempts visible; it wouldn't matter if any results were actually affected.

A Clinton presidency weakened by such claims might have been less likely to pressure them on issues such as Ukraine.

Of course, that plan went off the rails when Trump won.

markJune 9, 2017 11:27 AM

How confident are we that the attacks 12 days before the election were the *initial* ones? Given the massive Republican voter suppression efforts - the 100,000 in what state was it, thrown off with reports of someone who's *father* was registered in another state....

Which leads to an interesting question, as I think of it: we *know* that the DNC was hacked. We don't know how much of the RNC, or state committees, were hacked. This all raises the possibilities that the suppression lists were augmented by the hackers....

Joseph TomanJune 9, 2017 11:42 AM

Given the Vault 7 disclosures from Wikileaks, how sure is any of this? Which is to say, are there telltales that distinguish between a spoofed Russian attempt and an actual one?

Bruce SchneierJune 9, 2017 11:52 AM

"How confident are we that the attacks 12 days before the election were the *initial* ones?"

We don't. This document is about one particular Russian operation. We don't have any documents about other operations, either concurrent or preceding.

Honestly, not a particularly compelling document for Winner to have sacrificed her career over.

Bruce SchneierJune 9, 2017 11:54 AM

"Given the Vault 7 disclosures from Wikileaks, how sure is any of this? Which is to say, are there telltales that distinguish between a spoofed Russian attempt and an actual one?"

There's nothing in the document about sources and methods, but my guess is that attribution is pretty easy for an organization like the NSA with its 1) broad ability to surveil the entire Internet, and 2) implants in the networks of the very organizations attacking us.

Those Vault 7-like obfuscation tools work well against "normal" network forensics only.

Bruce SchneierJune 9, 2017 11:55 AM

General Note: I accidentally deleted a perfectly reasonable comment about the security of voting machines. Even worse, I have no way to undo that deletion. If the commenter reads this, please accept my apologies and repost.

Ross SniderJune 9, 2017 11:59 AM

Given the exploratory nature of these hacks it seems much more like espionage than it does sabotage.

This is similar to how the CIA just had hacked the French elections. They hadn't done it to "attack" the French, but to gather intelligence and probe their systems. This is one of the ways in which its problematic to round up Russian espionage to "attacks" as is done commonly by the less technical layconversation and through punditry.

Election systems - as well as some others such as mass transportation and military deterrent systems - I think *should* be considered national security sensitive.

The correct way to proceed down that path is not to declare as one nation that one target or another is sensitive to national security. Especially if there is an intention to swing around and interfere directly with another nation's elections (see the Russian report on American interference in its past election).

The correct way to proceed is to develop international cyber treaties were the scope is strictly limited to what various nations can agree on. If the United States and Russia can't agree to stop hacking into the infrastructure, including their democratic infrastructure, f one another we have to recognize that the blame falls on both parties for not developing significant systems to avoid conflict where it is *known* that both sovereign entities have shared interests.

To fix this it is NOT enough for either the US or Russia to declare some escalation path for particular infrastructure. Sure that has a way of coercing behavior, but it's just one check of balance. Given the highly evolving nature of cybersecurity and the cross-domain effectiveness of intelligence and of cyber we're more likely to see labeling these systems as national security sensitive lead to escalation than we are to see constrained behavior.

A great example of that working are the cyber treaties that exist between America and China and the cyber treaties that exist between China and Russia.

It's time Russia and America met over the table to talk terms.

Ross SniderJune 9, 2017 12:05 PM

"Honestly, not a particularly compelling document for Winner to have sacrificed her career over."

Absolutely agreed. They make some great headlines, but ultimately the documents were very weak in substance and did not lead to any kind of real revolution in our understanding of hacking electoral infrastructure this past year.

Still, the Winner leaks - like those of Manning and Snowden - require that we do a serious reexamination of leaking within the Civ-Mil dialogue. It's clear from the civilian side that the NatSec and Mil part of our country is incredibly opaque to the layman and there's legitimate national security value in having voting citizens understand the nature of our 'realpolitik' world.

Winner should be given clemency or at *least* a non-secret hearing. Still, even if she avoids a criminal sentence she's likely to face problems being hired. Though, I would refer her to my company (fortune 500, etc) without feeling like I was taking a risk.

ab praeceptisJune 9, 2017 12:13 PM

That "story" is a non-story and not worth the bytes wasted for it.

As our valued host knows attribution is a very hard nut to crack and now, after Vault7, even by far more so. Basically Vault7 led to a situation where no attribution at all is possible.

Besides, the credibility of utterly unproven assertions by nsa, leaked (or "leaked") through intercept, has ridiculously little weight anyway.

Oh and btw. IF those wild allegations against Russia interfering with us of a elections were even vaguely true, the priority should certainly not be to accuse Russia (simply because it doesn't mitigate, let alone solve the problems) but rather to work with all available forces to repair the election system.

Pardon me but standing there and complaining about whatever other nation interfering with with ones elections is first of all and foremost a shameful declaration of utter incompetence (and possibly evil intentions).

DentonJune 9, 2017 12:27 PM

I'm skeptical of the scope of "widespread Russian attempts to interfere" with the election. Certainly there is a lot of (highly politicized) talk about it, but the evidence seems very limited. What I've seen is:

-What was in this NSA document. Some actual evidence.
-Standard psyops on social media. Everyone does that these days so nothing special there.
-The Illinois and Arizona hacks
-The 20 databases hacked

Unfortunately, most of the stories on the subject come from "unnamed officials" and with no actual evidence. I wouldn't be surprised if all this happened, but I can't conclude that it did based on what amounts to rumors. If anyone has links to more detailed official reports I'd be eager to see them.

AndrewJune 9, 2017 12:57 PM

Wasn't it a federal job to protect the voting machines and the elections? Other than blaming Russians, who's responsible if they were tampered?

Anyway, the guy who hunt Snowden felt the urge to leak after a dinner...funny.

"Conspiracy theories will be deleted" - that hurt.

Bruce SchneierJune 9, 2017 1:02 PM

"I'm skeptical of the scope of 'widespread Russian attempts to interfere' with the election."

Fair enough. We certainly only have a small window into the details of the scope.

Bruce SchneierJune 9, 2017 1:03 PM

Comment about Comey testimony deleted.

There are definitely other forums for that conversation.

Ergo SumJune 9, 2017 1:14 PM

@ab praeceptis...

Oh and btw. IF those wild allegations against Russia interfering with us of a elections were even vaguely true, the priority should certainly not be to accuse Russia (simply because it doesn't mitigate, let alone solve the problems) but rather to work with all available forces to repair the election system.

I think that's what Bruce was saying as well, at least in regards to repairing the election system. In an ideal world, that would be the correct way addressing this. Unfortunately, that's not the primary focus, delegitimize the current POTUS on the other hand is. And it shows...

@Bruce...

Federal standards that mandate voter-verified paper ballots and post-election auditing would go a long way to secure our voting system. These attacks demonstrate that we need to secure the voter rolls, as well.

Don't disagree, but... Wouldn't that interfere with the internal manipulating of the election, therefore it's not going to be easy to push it through the Congress? For example database suppression is nothing new, it's been done previously and there are other internal election frauds as well.

http://www.tc.umn.edu/~hause011/article/Vote1.html

Maybe Congress will put aside their differences and fix it for all. One can hope..

DanielJune 9, 2017 1:20 PM

I want to address the Reality Winner and opsec aspect of this situation. @Bruce notes that news articles indicate that she engaged in sloppy trade craft and if those news reports are true she did. But there are two rejoinders to that aspect of the story.

First, I am not sure how much to credit those stories. I read a story in my local paper this morning indicating that the FBI discovered Tor on her personal computer. It is a real puzzle how someone in her position who knows enough about trade craft to at least be using Tor to make such a elementary e-mail mistake. Parallel construction happens and I am not in such a rush to condemn her opsec, not at this point in time.

The second point is that regardless of her own bad trade craft that does not excuse the terrible trade craft of The Intercept. The proper procedure--which they must know--is to transcribe. The idea a media outlet let the NSA see an unmodified copy of the original printout--when all the journalist wanted to do was verify its informational content--is horrifying. Trust is a precious commodity and nowhere is that trust more precious than in the relationship been journalist and insider source. It is irrelevant as to whether the FBI would have caught her anyway--that only means The Intercept caught a lucky break this time. Even if the poor opsec of The Intercept did not make a difference this time it might very well make a difference the next time and that next time is something every future leaker will now have to take with immense seriousness.

There is one further item worth noting in regard to the operational security aspect of this story. @Bruce notes that he saw a copy before The Intercept published. Did this copy have a cease? If so, did @Bruce discuss the obvious threat that posed? I would like to believe that this is an issue that Bruce would have flagged.


Bruce SchneierJune 9, 2017 1:23 PM

@Ergo Sum

Re your comment to me: I agree, and stronger. I think it will be impossible to push any serious security measures through Congress. (Right now, as toothless as the EAC is, there are moved to eliminate it.) Part of it is that elections are legally the responsibility of the individual states. And part of it is that the US government -- under Trump, Obama, and pretty much everyone -- doesn't have the appetite for this sort of Federal regulation.

I think this makes us an easy target for a long time to come.

Bruce SchneierJune 9, 2017 1:29 PM

"here is one further item worth noting in regard to the operational security aspect of this story. @Bruce notes that he saw a copy before The Intercept published. Did this copy have a cease? If so, did @Bruce discuss the obvious threat that posed? I would like to believe that this is an issue that Bruce would have flagged."

You're right that the FBI indictment might not have the whole story.

As to the document I have, It's the same file that was posted. I didn't notice the horizontal line on the left about 2/3 of the way down the pages, nor do I think I would have realized that it was a potential tell. I didn't even think to look for the secret dots, an even bigger tell.

AlexTJune 9, 2017 1:32 PM

Personally I think the biggest problem is that someone like "Reality Winner " (if she ever existed) can have a top secret clearance. It means there is a huge vetting issue as all the red flags should have gone off eons ago. And what a bonehead she supposedly is ! Using her own gmail to leak NSA documents... Seriously ?

As for the Russian intelligence doing their job (notwithstanding the usual caveats about attribution): shock and horror ! Next time I propose to declare war on wet rain.

Still the conclusion of the post is worth reiterating: there is a huge potential to improve the security and transparency of the electoral process in the USA.

Bruce SchneierJune 9, 2017 1:36 PM

"Personally I think the biggest problem is that someone like 'Reality Winner' (if she ever existed) can have a top secret clearance. It means there is a huge vetting issue as all the red flags should have gone off eons ago. And what a bonehead she supposedly is ! Using her own gmail to leak NSA documents... Seriously ?"

Several people have written that there is something wrong with the clearance process if there are so many leakers. I think the opposite. Given that there are so many millions of people with US citizens, the rarity of leakers like this is evidence that the security system is working pretty well.

And, yes, she does exist. And, yes, that is her legal name. (I know. It's not really a name you want to have associated with negative publicity.)

Bruce SchneierJune 9, 2017 1:48 PM

Re the above: It is unclear in the FBI document, but I don't think she used her own GMail account to leak anything. I think she put the paper document in an envelope and mailed it to the Intercept. She was in previous e-mail conversation with the Intercept, probably about something else entirely.

Not much evidence, yes, but it was enough to get a confession out of her.

DanielJune 9, 2017 2:35 PM

Here is the Go Fund Me page for Ms. Winner's legal defense.

https://www.gofundme.com/2d9rnm64

BTW, here is the article I referred to in my first post...


https://www.thestar.com/news/world/2017/06/08/us-contractor-charged-with-top-secret-nsa-leak-denied-bond.html


"Solari said Winner’s laptop also contained software that could enable her to access online black-markets and buy items — such as a fake ID or passport — without revealing her identity or location."

I don't know why journalists (let alone the FBI) persist in doing this. Everyone knows what that description is in reference to: Tor. So why not say Tor. It's not some super secret software.


Who?June 9, 2017 2:40 PM

@ Bruce

Identifying the date and time the leaked document was printed and the serial number of the NSA printer used from the tracking dots on the copy published by The Intercept is enough to find all required evidences against Reality on the internal NSA logs. Obtaning a confession with these strong evidences is easy.

As some people on this forum noted the leaked document will not change anything with relation to Trump, or Comey. It does not damage the United States or its government. However the classification of the document (not only TOP SECRET but also ORCON) will put Reality on huge legal problems.

Hope government will understand this document does not damage national security and release Reality. She did a big mistake for nothing but, as I see it, just a childish mistake.

Reality should have know better that new printers provide tracking mechanisms (not only color laser ones, inkjet ones too) as she was working at the NSA. It is not only her operational security mistake, the Intercept did the very same mistake. The Intercept works with sources whose confidentiality should be protected, and they did the same fundamental OPSEC error by not looking for these tracking marks on the document. Journalists working at The Intercept should have known better too as they have the professional requirement to protect their sources.

milkshakenJune 9, 2017 3:09 PM

I would not be surprised if Ms Winner was being already watched - after all, NSA has been putting in place inside threat programs "to catch the next Snowden", and Ms Winner has been quite outspoken and partisan on her Facebook, and she reportedly used her computer at work for figuring out how to do this, and she even had a previous e-mail correspondence with the Intercept.

The document is not that sensitive (it just supports the allegations of Russian involvement and provides fine detail to what has already been discussed in the news many times before), the intelligence community probably wanted it leaked anyway, and a nice touch is to discredit Intercept with being sloppy and blowing the source. Maybe all this "just happened" but I don't buy it - the arrest was too fast and the story is too neat

Ergo SumJune 9, 2017 3:50 PM

@Bruce...

I think this makes us an easy target for a long time to come.

There goes my hope and loosing whatever little faith I had left about election in the US...

If you think about it, "rigging the election" isn't much different from the software intentionally having backdoors for state actors. While doing so also allows other state and non-state actors to exploit the software just as easily, the "local-state" just has to have it. [Insert the politically correct reason here] Nor can it live without being able to influence the outcome of the election, even if it means external forces might be able to do the same. No wonder the state is asking for encryption keys, without considering the consequences...

albertJune 9, 2017 5:00 PM

@Bruce,
I -did- find the appearance of your 'first strike' comment rather amusing, but it appears to have had the desired effect. So, kudos for that.

As far as I'm concerned, this Russian hacking election issue is a tempest in a teapot, so I'm removing myself from further discussions on that topic. Yay!
. .. . .. --- ....

JFJune 9, 2017 5:38 PM

@ab praeceptis

"Pardon me but standing there and complaining about whatever other nation interfering with with ones elections is first of all and foremost a shameful declaration of utter incompetence (and possibly evil intentions)."

I think that displays ignorance (in the kindest sense of that word) of the historical and political foundations of our (the USA) republic/democracy. Perhaps you would prefer the "competence" displayed by certain regimes which routinely attain electoral successes of 90+ percent?

As Bruce concludes: "Yes, fixing this will be expensive. Yes, it will require federal action in what's historically been state-run systems. But as a country, we have no other option."

@Bruce
Thank you for exercising a little moderation.

AnonJune 9, 2017 6:14 PM

From the reports in the media, the only thing this "leak" attempted to do was show that the election "was" rigged, as if this document somehow proved it above all others, because "it came from a Legitimate(TM) Leaker". Oh look - she was arrested! Must be legit!

As for the "leaks" in general - IMHO 90%+ are staged, and not really leaks at all, but rather a continuation of the politically-charged discourse already occurring.

BillWJune 9, 2017 6:36 PM

"Andrew • June 9, 2017 12:57 PM
Wasn't it a federal job to protect the voting machines and the elections? Other than blaming Russians, who's responsible if they were tampered?"

Elections are all conducted on a local level. Like at the county level. There's no Federal agency tasked with conducting elections in the US. If there were, it would require the bureaucracy of another huge Federal agency, with field offices and employees in every county in the country.

Jared hallJune 9, 2017 6:41 PM

Consider this: This is a NSA document detailing what the NSA *knows* about. And even while this document shows some success on behalf of Russia's GRU, we just don't know to what degree.

Does the NSA know everything? No. Otherwise, they'd be God.

We've picked up a couple of Russians knocking on somebody's door. It's all the crap that the NSA *doesn't know* that should concern everybody here. Regrettably, that paints a much, much darker picture.

ab praeceptisJune 9, 2017 6:41 PM

JF

I don't care the slightest about "the historical and political foundations of our (the USA) republic/democracy." - neither should you (in this context).

Assuming that your desire is to have elections without any outside interference the relevant question is "which route leads to the desired state of things?".

That question is well withing the professional competence of some visitors here. I suggest the well proven engineering approach of first analysing. An analysis will show that the us of a election system is vulnerable (assuming that the allegations of other countries interfering isn't made up in the first place). Et voilà *that's* the problem to solve.

Let me approach it again from another angle: Many countries have legal provisions to protect the privacy of their citizens, yet experience shows that that doesn't work and that the only way to achieve privacy is by technical means.
Analogon: With your elections you may be angry or scold Russia or whomever or even create some international law prohibiting any and all interference in another countries elections (actually such rules might already exist; I don't know, me not a lwayer). I think we both know that most countries might sign such an agreement and break it the next day, the us of a btw. being among the first to break it.

Just like with citizens privacy the solution is to make the system itself better (operationally).

And again, the very first question to examine is whether there has indeed been outside interference. Maybe your election system isn't that bad (regarding safety) and you actually have a quite different problem, e.g. political figures or parties and/or the media inventing things.

ab praeceptisJune 9, 2017 6:53 PM

Jared hall

"We've picked up a couple of Russians knocking on somebody's door." - No, you haven't. What you did pick up is noise in an article of a medium that sold out the (real or invented) whistleblower who gave them some stuff that may or may not be real nsa material and if it is it may or may not reflect the reality.

And btw: A real problem you seem to have in the us of a is your agencies, both regarding the quality and trustworthiness of their work and their trustworthiness in general.

I'd have a lot more trust in the nsa - and you us-americans would be in a lot better situation - if they were on a tight leash and known to work for, and not against, the us americans.

Things being how they are I wouldn't trust nsa to tell me whether it's day or night.

rJune 9, 2017 7:09 PM

They weren't tampered with, the system was 'felt up'. Those who 'felt down' felt motivated to partake when the not so imaginary red carpet was being rolled out.

If direct attack would've led too a 100% success rate the layer 9 and 10 attacks on your aunts and uncles would've never commenced.

Land slide says what?

I wouldn't be surprised if certain specifics of the campaign were left out until the celebratory night at which point the snowball of denial starts rolling.

Milo M.June 9, 2017 7:46 PM

This Oct 2016 CRS report is a pretty nice summary of HAVA and the EAC, including several pages of security discussion:

https://www.fas.org/sgp/crs/misc/RS20898.pdf

On the subject of the EAC's future:

"In the 114th Congress, H.R. 195, reported by the Committee on House Administration, would eliminate the EAC and transfer its functions to the Federal Election Commission. House-passed appropriations bills for FY2014 and FY2015 would have defunded the EAC, but the agency has received about $10 million in final appropriations for each fiscal year since FY2012. Other bills in the 114th Congress would address a variety of issues, and some committees have held hearings on election issues, including security."

The 114th Congress sat in 2015-16. Now in the 115th.

"Most states require that their systems be tested for conformance with EAC guidelines. HAVA does not require that voting systems be federally tested and certified, but it gave the EAC responsibility for managing voluntary testing and certification by laboratories accredited with the assistance of NIST."

The Voluntary Voting System Guidelines (VVSG):

https://www.eac.gov/voting-equipment/voluntary-voting-system-guidelines/

https://www.eac.gov/about/help-america-vote-act/default.aspx

"HAVA mandates that EAC test and certify voting equipment, maintain the National Voter Registration form and administer a national clearinghouse on elections that includes shared practices, information for voters and other resources to improve elections."

"EAC shall establish and maintain a clearinghouse of information available to the public on:
Voluntary guidance adopted by EAC regarding the following HAVA mandates: voting system standards, provisional voting and voting information requirements, computerized statewide voter registration list requirements and requirements for voters who register by mail."

The words "voluntary" and "mandates" sound like near antonyms. Congress should have more English majors.

AndrewJune 10, 2017 4:37 AM

@BillW
"Elections are all conducted on a local level."
In my country the infrastructure and communications are secured by NSA equivalent, the intelligence service taking care of secured diplomatic lines. Only voting office security is ensured at local level. It can't be too different.

From outside, as long as the voting machine were not tampered and noone found guilty of not securing them, everything looks like a desperate attempt to overthrow a democratically elected president. Good or bad, it's still an injustice. Even if minor things were found, it was not a bright idea to throw in chaos the US and the world just because some people are not happy with the result.

RonJune 10, 2017 8:41 AM

I notice that if you look at the VR Systems web site their voter management system includes the ability to print ballots using ordinary laser printers. If those ballots are then read by automated optical systems it seems like if the software was compromised then two names on the ballots could be switched and the voter would see and choose one name, and the reader would register another. From the web site it looks like the ballots are individually printed, onsite, at the polling station. So if some of them had names switched it would be difficult for anyone to tell, unless there was a manual recount. VR Systems doesn't make ballot readers so the ballot printing software and ballot readers are two separate, isolated systems, with no cross checks between them. In fact, the ballot printing software wouldn't even need to be compromised, an attack could compromise the off-the-shelf laser printers if they were network connected and could be identified somehow as being used to print ballots. Instead of switching names, the names on the ballot could be shifted so the reader interprets them incorrectly also, which would be even more difficult for the polling station people to detect, especially if it only affected ballot printing somewhat randomly. It would look like a mis-registration of the paper had occurred in the printer, if anyone noticed. While optical readers might be difficult to fool, on-demand ballot printers may not be.

VJune 10, 2017 10:40 AM

@Ron: Off the shelf laser printers are a potential threat to election secrecy - if the software is keeping a log of when someone's ballot was printed the "secret dots" could be read for a time stamp that would link a voter to one particular ballot.

Eww.

VJune 10, 2017 10:50 AM

Tampering with registration lists is not as direct a way to throw an election as tampering with electronic voting machines... the hackers in this story apparently think it is worthwhile though. States with same-day registration laws are more secure against this attack as anyone deleted from the list can re-register, vote, and then raise a stink about getting purged.

@Bruce or anyone, do the states that were probed have same-day registration laws?

Jack DanielsJune 10, 2017 2:06 PM

Hillary said Comey + Russia == Wikileaks; Wikileaks == Russia.

"Russian Wikileaks." Watch the Access Hollywood/CNN video as published.

QUOTE:

"The Russians are increasingly..launching cyber attacks. A lot of the information they've stolen they use for internal purposes. So this was different because they went public." "That was the conclusion. I think it's fair to ask how did that actually influence the campaign and how did they know what messages to deliver. Who told them? Who were they coordinating with or colluding with? I'm leaning Trump." "Within one hour of the Access Hollywood tapes being leaked, the Russians or say Wikileaks -- same thing -- dumped the John Podesta emails." "The Russians [Wikileaks] in my opinion could not have known how best to weaponize that information unless they had been guided by Americans."


Americans == The Partners of Wikileaks.

Wikileaks == Russia ("same thing" )


Watch the Hillary Interview video:

https://www.realclearpolitics.com/video/2017/05/31/hillary_clinton_russians_couldnt_have_weaponized_stolen_info_without_guidance_from_americans_with_polling_info.html


PROOF:

Look at the "Partners" of "Russian Wikileaks" -- The NYTimes, The Intercept, Der Speigel, The New Zealand Herald, Malaysia Today, The Guardian, The Hindu, The Telegraph, Rolling Stone, The Wall Street Journal, and the Washington Post.

All DNC allies. And they are also the OLDEST Wikileaks financial backers. (The never-heard-of-"Russian" backers have only appeared in the last couple of weeks.)

https://wikileaks.org/-Partners-.html


I guess Comey + all American MSM and UK organizations are guilty of criminal syndicalism, criminal subversion, or an all-out conspiracy of treason with Russian Communists!

Am I right; or, am I right?

https://www.law.cornell.edu/uscode/text/18/part-I/chapter-115
18 U.S. Code Chapter 115 - TREASON, SEDITION, AND SUBVERSIVE ACTIVITIES

Now we know why Comey got fired, too.

He was protecting the Russian hackers while conspiring with them.


GreekLoverJune 10, 2017 2:40 PM

I would think that besides all the mayhem surrounding it the UK election was a good example on how to securely organize a vote: do everything on paper and involve citizens in the tallying process and its control - check the many photos published on election night showing the practical process. Everything on paper not only makes recounts easily possible but also is trust in the veracity of the results among voters strongly supported by the direct involvement of the voters themselves in the vote counting. Only problem: no IT security specialists needed.

As regards voting involving computer systems, it is known since the 1970ies that it is practically impossible to establish a final positive proof that a computer systems works in the intended way (excellent reference on that: Mechanizing Proof by Donald MacKenzie). So there will always remain doubt about manipulation, conspiracy etc.

But besides the technical problems the US seem to have far more basic problems with democracy: How can it be that blunt undermining of the democratic process seems to be merely a trivial offense, with politicians openly boasting about their achievements in voter suppression and gerrymandering?

Turkey ShuteJune 11, 2017 9:59 AM

Commie might be a Comey but what's in the sealed file behind Flynn's internet connection and firing?

EIAOU

Jared hallJune 11, 2017 11:38 AM

ab praeceptis: Good God man, don't be such a Debbie Downer :) I liked your comment "may not reflect the reality". Tongue in cheek, whose Reality? Obviously, not Winners!

I differ from you in that I think that the NSA and CIA people do a great job. US Intel is still probably the best around No, I believe that people don't trust the politicians that run them. Yet ironically, they remain.

I agree with you in that Winner's document is relatively useless. The best-case use for this would be to alert entities and companies associated with the Electoral Process that they need to be more vigilant. The NSA could've done everybody a favor by forking the listed sources off into a separate memo, and then distribute this on a more global scale. France comes to mind since they had the next big election after the US. I mean, what is the point in restricting this to Five Eyes? This is classic, CYA, over-classification; not just of the document, but of the process.

You're spot on with The Intercept; there's obviously no journalistic integrity there. They should change their motto "We'll intercept your communications and notify the authorities".

I like your comment "I wouldn't trust nsa to tell me whether it's day or night".
Ha. When asked, the NSA would probably reply "We cannot confirm or deny that it is day or night!"

RichardJune 11, 2017 12:14 PM

Given the confirmed evidence of widespread Russian interference in the U.S. Presidential election, I found it surprising at first that that no one, not even those on the Democrat side of the aisle in Congress, was willing to outright call the election results tainted and demand a redo.

Then the obvious answer hit me - a 'redo' would mean repeating the ENTIRE election - including all the worthless idiots who had already managed to get themselves elected to Congress and the Senate the first time around.

This explains why it is that, although there is a lot of smoke surrounding the issue of whether or not the Russians were able to actually hack into voting machines or voter roles and directly affect vote totals, there is actually pretty much ZERO interest in congress in pursuing the matter (beyond bluster and posturing) least ALL the election results be invalidated.

Sure the election WAS TAINTED, but by definition, every single one of the serving members is a beneficiary of that tainted election.

I think that this is one reason that juicy tidbits like the recent leaks regarding the fact that, contrary to the earlier reported official lies, the Russians were indeed trying to hack actual voting machines (Gee, I hope none of those voting machines were running XP embedded, or other Microsoft O.S.'s backdoored with Eternal-Blue or any of those other nifty NSA unpatched zero-day vulnerabilities during the election cycle).

Anon from PAJune 11, 2017 11:41 PM

@"Ron • June 10, 2017 8:41 AM" wrote:

...instead of switching names, the names on the ballot could be shifted so the reader interprets them incorrectly...

Yes, that's another reason for hand-counting paper ballots rather than relying on a magic scanner that focuses on small check-box areas and assumes that the background of every paper ballot it identical.

To fortify the hand-counting process, add a video camera mounted on a copy stand. Each ballot is placed in a tray face up and volunteers call out the vote. The checksum of the video file is published in the local newspaper.

Anyone can download the whole video from Vimeo, verify the checksum and recount to their heart's content. An out-of-focus video of people entering voting booths can also establish the exact number of voters (to prevent extra ballots from appearing out of nowhere.)

Ballots should include registration marks to make it easier to create open-source software that counts votes. If the software isolates and clusters the individual regions for every contest, it can also detect if the "static" background is actually shifty.

For a great discussion of election shenanigans--digital and otherwise, see: BlackBoxVoting.org

For a movie about election shenanigans, see: Hacking Democracy

On Amazon: a copy stand for $15.

Dirk PraetJune 12, 2017 3:46 AM

@ Ross Snider

Given the exploratory nature of these hacks it seems much more like espionage than it does sabotage.

I concur, and it's not any different from what other nations with similar capabilities - including the US - are doing. I still have to see the first bit of even remotely conclusive evidence that indeed the Russians directly influenced that election. And the Reality Winner episode really does nothing of the kind. It just shows that indeed the election process - like other critical infrastructure - is a target for foreign state actors, and vulnerable. Which we both already previously knew.

Somebody call the editorsJune 12, 2017 4:49 AM

The missing Comey tapes were beamed (projected, mentally) into the near future for safe keeping behind an (adobe) hut.

rudgleyJune 12, 2017 2:36 PM

Getting to the software companies,consultants and local officials that set up ballots, software and count the election results would be a good attack vector in elections. Some consultants and companies control large parts of states or many counties across several states but there are over 3000 counties and 50 states that control elections and each has local officials.

So how would Russia or other countries or foreign actors with proven interests in US elections (Israel, China, Saudi Arabia,ISIS) use this vector to change results? Usually it would be people that hire the consultant or company that have some leverage over the contractor to put a play for pay scheme in place. Or local officials beholden to local parties that have self interest for their party to win to stay in power.

Most foreign countries would have a hard time getting outright collusion of a contractor or local official without money power, local paramilitary power(police) or local favors of some sort to put pressure on a contractor or official. Maybe a cause or religion could be used influence a few contractors and local officials but those instances are probably very rare compared to local US actors already manipulating elections. And what is the possibility of an already crooked person collaborating with the Russians instead of working for the local crooks who put you in the job in the first place? You wanna swim with the fishes?

Better is to look at US history of manipulating elections like in... Yeltsin of Russia, not too long ago. The US did not run around to every little soviet and Siberian official or ballot printer. Instead they used international finance to stabilize the Russian economy and sent in loads of cash with US election consultants and bought chunks of media manipulation on the scale of the Russian equivalents of NY Times, LA Times, Wash Post, CNN,NBC,CBS,ABC,Fox,Clear Channel to shove Yeltsin down the throat of the Russians. Qatar with all its gas $$ can't even get Al Jezeera on US cable. China is the second largest economy and next to nobody sees its media outlets in the US.

How about US manipulating Haiti elections? Spirit the president away to Africa with US supplied "private security contractors", arm up an insurgency, invade with UN troops infected with cholera, make opposition parties illegal, bring in Bill Clinton with $billions of cash for the "economy" of Haiti. Except for Bill Clinton's Foundation(he's local to the USA) I don't see that stuff happening in the USA. I sure didn't see any evidence of tedious election software changes by the CIA/NSA who used regular intel stuff to get the location of the Haitian president and a jet to send him off.

How are Russia, China, Saudis, ISIS gonna hack the US vote? They better bring loads more lawyers, guns and money. But since the US has most of the money, guns and lawyers in the world it isn't going to be easy to wrest control of US elections from local interests. Of course there is AIPAC, but the $$,guns,lawyers are mostly local to the USA in that case too.

It is a "movie plot", to use a Bruce-ism, to bring in the spectre of foreign hacking of the elections when there is such a crowded local field of US native manipulators using a myriad of techniques to "hack" our own elections including local software companies. How is Vlad, an oil King or the ChiComs gonna elbow their way in past the local crooks?

DHJune 12, 2017 7:02 PM

I like rudgley's mention of 3000 counties.

Dirk, this doc leaked (not another one not yet leaked) likewise to me doesn't seem to to give evidence that any tampering was done on any actual vote count [as far as I've read]. Now, if you identified China has having messed with VR Systems stuff...yes, that would be something to think about. Or Russia. Yet and still, there are many other proprietary vote count programs strung across the USA, aren't there? Anyway...do I remember things wrong, or after the shadow brokers flap or the vault 7 thing [can't remember which at the moment], wasn't the upshot that attribution was a problem?

"But a more worrying prospect, according to Graff, is that hackers would target a company like VR Systems to get closer to the actual tabulation of the vote. An attempt to directly break into or alter the actual voting machines would be more conspicuous and considerably riskier than compromising an adjacent, less visible part of the voting system, like voter registration databases, in the hope that one is networked to the other. Sure enough, VR Systems advertises the fact that its EViD computer polling station equipment line is connected to the internet, and that on Election Day 'a voter’s voting history is transmitted immediately to the county database' on a continuous basis. A computer attack can thus spread quickly and invisibly through networked components of a system like germs through a handshake." The Intercept 6/5


What I think could wind up from this, though, is that rudgley's last point is underscored: There was a real breach that could have, after it crept in farther and farther, ended up altering the count. I may be wrong but it seems like we're getting closer to how the NSA itself would describe a hack...and they're sharing it with us. Sure we need other instances, but if the NSA's trending to getting more specific, say about how it was done to one company, that's an important instance. So, if it makes sense...Palast is right. If it's valid, no matter who did it, scads and scads of people now recognize we need to go to paper. Probably everyone except die hard Trump supporters...34%.

TMJune 13, 2017 7:27 AM

Ever since 2000, I have marveled at the indifference of the American public in the face of blatant election manipulation (manipulation of voter rolls, nakedly partisan oversight authorities, gerrymandering fpr partisan reasons considered legal even by the courts, buying of politicians considered legal, not to mention generally unrepresentative and undemocratic election procedures). It is hard to believe that Americans care all that much about democracy. So I wouldn't expect much to change.

See also: lowest electoral turnout in the developed world.

TMJune 13, 2017 7:33 AM

"Wasn't it a federal job to protect the voting machines and the elections?"

I would be surprised, since in the US, elections are *not* federally overseen.

TMJune 13, 2017 7:54 AM

"Many countries have legal provisions to protect the privacy of their citizens, yet experience shows that that doesn't work and that the only way to achieve privacy is by technical means."

That makes no sense. What evidence do you have that privacy laws don't work?

DHJune 13, 2017 8:58 AM

Don't know who said that, TM, (doesn't seem to make sense to me either) but re your other comments this AM, well said.

Except don't forget Sanders and Corbyn.

Premiere of the Nina Turner Show with Bernie Sanders

What I meant up there three comments back by "if it makes sense" was if the description of the breaches and the description of the method of the breaches ends up more and more sounding authentic...then this is yet again a strong indication that Palast has been right. I know, I know...there have been many indications prior.

GoodbyeJune 13, 2017 5:42 PM

According to cbs Illinois was a successful attack.

Voter rolls are an end run.

JamesonJune 13, 2017 9:45 PM

The Bloomberg article, https://www.bloomberg.com/politics/articles/2017-06-13/russian-breach-of-39-states-threatens-future-u-s-elections got featured on NPR after the Atty Gen. Sessions Russian testimony. 39 states and 122 total local and state government voting technical infrastructure probed and maybe attacked! Scream and shout and run about. Light hair on fire.

We know it is legal to run US Intel services propaganda in US media now, we have been cried wolf to for over a century to go to war, increase "defense" spending, expanding "security" services government like "Homeland Security" all on the secret say so of government sources mostly unamed, and "leaked" by the intel services with "proof" that is too secret for us to know.

Even if the story is true every bit of kit connected to the internet including your phone and laptop is routinely probed over and over by lots and lots of attackers, including crooks, foreign govs, cops, the US intel services and .mil groups. Stop whining, grow a pair of ovaries and get on with it. An election with some technical failures from broken systems will not stop the world from turning, kill a bunch of people or be that big a deal.

The solutions are also not that big a deal, a few standards, a review of basic internet security, etc. just like Bruce says, even if that is not done (and it won't) it ain't that big a deal.

If our society is so fragile that country wide mass riots, every car crashes and zombie apocalypse occurs because someone messed up a vote in an Idaho school board then we deserve to go back to using Flintstone foot powered cars. Somehow the USA survived the "vote failure" in the Florida 2000 Presidential hanging chad coup d'etat and I didn't even have to eat the brains of the neighbor's kids.

Get some perspective.

Dirk PraetJune 14, 2017 3:47 AM

@ Jameson

Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter.

Unless there is now a nation-wide manhunt on the way for these three people, I guess it's reasonable to assume that this story is just more "Russia inside" spin.

It would seem that a significant part of MSM and IC spin doctors still haven't caught on to the fact that the standard of proof required by the more skeptical part of the general population was dramatically raised by people like Snowden and Manning, and that "unnamed officials" just doesn't cut it anymore. The entire article to me reads as Soviet or DPRK-like state propaganda, not journalism.

Next up: "An undisclosed source within the Mueller team has confirmed that Kellyanne Conway was born on the planet Koozebane and the investigation has now widened to collusion with representatives of an alien civilization that hates our freedoms".

DHJune 14, 2017 12:30 PM

I already had a perspective, Jameson. Blame the Russians, or blame Crosscheck, or blame voter suppression, blame the electoral college, or blame the DNC in its dream world...whomever...the interests behind this coup were deleterious to life on planet Earth, especially human life.

Truth ends at my dots "The solutions are also not that big a deal, a few standards, a review of basic internet security, etc. just like Bruce says..."

I listen to Stephen Cohen and Bachelor every time they do a show, but, sorry to say, we are on our way to a Kremlin-world out of Stalin days. More accurate I guess to say one that's "Kafkaesque" right now. Everything's in this swirl of know-nothingness and it all started in 2000.

We've got this guy who most likely was paid to squash an attack on ISIS. Then we've got a "president" obstructing investigation of same, meantime try'n to privatize the universe. An EPA chief enforcing no rules laid out for his agency, but instead dismantling the whole thing. And nothing can move because of what? Because of cyber tyranny. Don't get me wrong, they will be move'n once the art of the deal is gone, but progress'll be goin slow. Why? Because HE and the most dangerous organization on Earth filled up our government with nitwits. IMO.

Yeah man, everything before the dots is real important.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.