Computer Security

Subterms

    More stories

    • 138 Shares129 Views

      in Elections

      Michigan Poll Worker Charged With Breach; Officials Say Primary Was Sound

      by

      A Michigan poll worker in the Aug. 2 primary has been charged with tampering with an election computer at a voting precinct, a breach that those in charge of elections said highlighted the insider threats to the system’s integrity that have proliferated since the 2020 election.While state and local officials emphasized that the breach had no influence on the outcome of the primary election, they said that the equipment involved would no longer be used.The episode happened after the polls closed in Gaines Township, south of Grand Rapids, where a person saw a Republican-affiliated election worker insert a personal USB drive into a special computer known as an electronic poll book, the Kent County Clerk’s office said on Wednesday.Chris Becker, the county prosecutor, identified the poll worker as James Donald Holkeboer.The computer stores voter registration data, including confidential, personally identifying information about all voters in the precinct, but is not connected to any of the tabulation equipment or to the internet, according to Lisa Posthumus Lyons, the county clerk.The case extended a pattern of internal actors’ facing accusations of meddling with election equipment in Michigan, a battleground state where former President Donald J. Trump has falsely asserted that there was widespread voter fraud in 2020. Last month, Dana Nessel, Michigan’s attorney general and a Democrat, requested that a special prosecutor be appointed to continue an investigation into previous breaches and pursue potential criminal charges.The State of the 2022 Midterm ElectionsWith the primaries over, both parties are shifting their focus to the general election on Nov. 8.Sensing a Shift: As November approaches, there are a few signs that the political winds may have begun to blow in a different direction — one that might help Republicans over the final stretch.Focusing on Crime: Across the country, Republicans are attacking Democrats as soft on crime to rally midterm voters. Pennsylvania’s Senate contest offers an especially pointed example of this strategy.Arizona Senate Race: Blake Masters, a Republican, appears to be struggling to win over independent voters, who make up about a third of the state’s electorate.Pennsylvania Governor’s Race: Doug Mastriano, the Trump-backed G.O.P. nominee, is being heavily outspent and trails badly in polling. National Republicans are showing little desire to help him.In Kent County, officials did not discuss what had motivated the tampering.“This incident is extremely egregious and incredibly alarming,” Ms. Lyons said in a statement on Wednesday. “Not only is it a violation of Michigan law, but it is a violation of public trust and of the oath all election workers are required to take.”Ms. Lyons, a Republican, said the clerk’s office would conduct a postelection audit of the precinct, complete with a tally of paper ballots to reaffirm the results and reassure voters. The results had been certified on Aug. 12 and the state board of canvassers accepted them on Aug. 19, according to Robert J. Macomber, the chief deputy clerk for Kent County.Mr. Holkeboer, 68, was charged with falsifying returns or records, and using a computer to commit a crime, Mr. Becker, the prosecutor, said in a statement on Wednesday. Both charges are felonies, and they carry a maximum combined penalty of nine years in prison.Mr. Holkeboer could not be immediately reached for comment on Thursday, and it was not clear whether he had a lawyer. He was issued a summons and remained free as of Thursday morning, according to Lori Latham, a spokeswoman for the county.An arraignment date was also not available on Thursday morning for Mr. Holkeboer, who appeared to be a first-time poll worker during the primary, Mr. Macomber said.Poll workers are responsible for checking in voters, looking them up in the electronic poll book, issuing ballots and helping with crowd flow, Mr. Macomber said in an email on Thursday. About six poll workers are assigned to each precinct for the primary and general elections, and their political affiliations are typically split, said Mr. Macomber, who identified Mr. Holkeboer as a Republican.Angela Benander, a spokeswoman for the Michigan Department of State, which oversees elections, said in an email on Thursday that the agency had learned of the breach from the county.“While our elections remain secure and safe, we take seriously all violations of election law and will continue to work with the relevant authorities to assure there are consequences for those who break the law,” Ms. Benander said. “The breached equipment in this case has been decommissioned and will not be in use for the general election in November. Michigan voters can be confident that their votes will be counted accurately and securely.” More

    • 138 Shares199 Views

      in Elections

      2020 Election Denier Will Run for Top Elections Position in Colorado

      by

      Tina Peters, the Mesa County clerk, has been stripped of her county election oversight but is seeking to oversee her state’s elections as secretary of state.A Republican county clerk in Colorado who was stripped of her responsibility of overseeing county elections is joining a growing movement of people throughout the country who spread false claims about fraud in the 2020 presidential election and want to oversee the next one.Tina Peters, the Mesa County clerk, who is facing accusations that she breached the security of voting machines, announced on Monday that she would run to be the top elections official in Colorado.At least three Republican challengers are already running to unseat the current Colorado secretary of state, Jena Griswold, a Democrat.Colorado is a purple state that President Biden won with 55 percent of the vote in 2020. The state’s primary is on June 28, and Colorado is one of 27 states whose top elections official will be on the ballot this year.In 2020, when former President Donald J. Trump and his allies sought to undo the results of the election, they focused their pressure campaign on these relatively little-known officeholders.“I am the wall between your vote and nationalized elections,” Ms. Peters said during an appearance Monday on a podcast hosted by Stephen K. Bannon, the embattled former top aide to Mr. Trump. “They are coming after me because I am standing in their way — of truth, transparency and elections held closest to the people.”Ms. Griswold, who is also the head of the Democratic Association of Secretaries of State, said in a statement on Monday that Ms. Peters was “unfit to be secretary of state and a danger to Colorado elections,” citing Ms. Peters’s attempts to discredit the results of the 2020 presidential election.Ms. Peters did not immediately respond to telephone and email messages on Monday seeking comment.Elected in 2018, Ms. Peters took office as clerk and recorder of Mesa County, in far western Colorado, in 2019. By late 2021 a Mesa County Court judge had upheld Ms. Griswold’s removing Ms. Peters from overseeing elections in the county and replacing her with an appointee.In May of last year, Ms. Peters and two other people entered a secure area of a warehouse in Mesa County where crucial election information was stored. They copied hard drives and election-management software from voting machines, the authorities said.In early August, the conservative website Gateway Pundit posted passwords for the county’s election machines. In October Ms. Peters spoke at a gathering in South Dakota of people determined to show that the 2020 election had been stolen from Mr. Trump.The gathering also featured a large screen that, at one point, showed the software from the election machines in Mesa County.Ms. Griswold said her office had concluded that the passwords leaked out when Ms. Peters enlisted a staff member to accompany her to surreptitiously record a routine voting-machine maintenance procedure. State and county officials announced last month that a grand jury was looking into allegations of tampering with Mesa County election equipment and “official misconduct.”More recently, Ms. Peters was briefly detained by the police when she obstructed efforts by officials with the local district attorney to serve a search warrant for her iPad. Ms. Peters may have used the iPad to record a court proceeding related to one of her deputies, according to Stephanie Reecy, a spokeswoman for the county.In video of the Feb. 8 encounter, taken by a bystander and posted on Twitter, Ms. Peters can be heard repeatedly saying, “Let go of me,” as officers seek to detain her. “It hurts. Let go of me,” she says, before bending her leg and raising her foot toward the officer standing behind her.An officer responds, “Do not kick,” according to body camera video posted by KJCT News 8, a local station. “Do you understand?”Ms. Peters was charged with obstructing a peace officer and obstructing government operations, according to the Mesa County Sheriff’s Office. She turned herself in to the authorities on Thursday, posted $500 bond and was released, according to county officials.“I still have the bruises on my arm where they manhandled me,” Ms. Peters told Mr. Bannon on Monday. Later she said: “I just want to say I love the people. That’s why I’m doing this.”Mr. Bannon said Ms. Peters had been targeted because of her fight against “this globalist apparatus.”“Thank you,” Ms. Peters told the host. “I’ll work hard for you guys.” More

    • 113 Shares99 Views

      in Elections

      How G.O.P. Election Reviews Created a New Security Threat

      by

      As Republicans continue to challenge the 2020 results, voting equipment is being compromised when partisan insiders and unvetted operatives gain access.Late one night in May, after surveillance cameras had inexplicably been turned off, three people entered the secure area of a warehouse in Mesa County, Colo., where crucial election equipment was stored. They copied hard drives and election-management software from voting machines, the authorities said, and then fled.The identity of one of the people dismayed state election officials: It was Tina Peters, the Republican county clerk responsible for overseeing Mesa County’s elections.How the incident came to public light was stranger still. Last month in South Dakota, Ms. Peters spoke at a disinformation-drenched gathering of people determined to show that the 2020 election had been stolen from Donald J. Trump. And another of the presenters, a leading proponent of QAnon conspiracy theories, projected a portion of the Colorado software — a tool meant to be restricted to election officials only — onto a big screen for all the attendees to see.The security of American elections has been the focus of enormous concern and scrutiny for several years, first over possible interference or mischief-making by foreign adversaries like Russia or Iran, and later, as Mr. Trump stoked baseless fears of fraud in last year’s election, over possible domestic attempts to tamper with the democratic process.But as Republican state and county officials and their allies mount a relentless effort to discredit the result of the 2020 contest, the torrent of election falsehoods has led to unusual episodes like the one in Mesa County, as well as to a wave of G.O.P.-driven reviews of the vote count conducted by uncredentialed and partisan companies or people. Roughly half a dozen reviews are underway or completed, and more are being proposed.These reviews — carried out under the banner of making elections more secure, and misleadingly labeled audits to lend an air of official sanction — have given rise to their own new set of threats to the integrity of the voting machines, software and other equipment that make up the nation’s election infrastructure.Election officials and security experts say the reviews have created problems ranging from the expensive inconvenience of replacing equipment or software whose security has been compromised to what they describe as a graver risk: that previously unknown technical vulnerabilities could be discovered by partisan malefactors and exploited in future elections.In Arizona, election officials have moved to replace voting machines in the state’s largest county, Maricopa, after conservative political operatives and other unaccredited people gained extensive access to them as they conducted a widely criticized review of the 2020 results. In Pennsylvania, the secretary of state decertified voting equipment in rural Fulton County after officials there allowed a private company to participate in a similar review.And in Antrim County, Mich., a right-wing lawyer publicized a video showing a technical consultant with the same vote tabulator the county had used — alarming county officials who said that the consultant should not have had access to the device or its software.Tina Peters, the clerk of Mesa County, Colo., during a news conference in June 2020.Mckenzie Lange/The Grand Junction Daily Sentinel, via Associated PressWhen such machines fall into the wrong hands — those of unaccredited people lacking proper supervision — the chain of custody is broken, making it impossible for election officials to guarantee that the machines have not been tampered with, for example by having malware installed. The only solution, frequently, is to reprogram or replace them. At least three secretaries of state, in Arizona, Pennsylvania and Colorado, have had to decertify voting machines this year.Far from urging panic, experts caution that it would be extremely difficult if not impossible to meddle with voting results on a nationwide scale because of the decentralized nature of American elections.But experts say that the chain of custody for election machines exists for good reason.Already this year, three federal agencies — the Justice Department, the Cybersecurity and Infrastructure Security Agency and the Election Assistance Commission — have issued updated guidance on how to handle election machines and preserve the chain of custody.“There are some serious security risks,” said J. Alex Halderman, a professor of computer science and engineering at the University of Michigan who studies election security. “Especially given the constellation of actors who are receiving such access.”Republicans say they are simply looking for the answers their constituents are demanding about the 2020 election.“This has always been about election integrity,” Karen Fann, the Republican leader of the Arizona Senate, which authorized that state’s election review, said in an interview posted on the state party’s website last month. “Nothing else. Absolutely nothing else. This is about making sure that our votes are counted.”Security experts say that election hardware and software should be subjected to transparency and rigorous testing, but only by credentialed professionals. Yet nearly all of the partisan reviews have flouted such protocols and focused on the 2020 results rather than hunting for security flaws.In Arizona, the firm chosen by the Republican-led Legislature, Cyber Ninjas, had no previous experience auditing elections, and its chief executive has promoted conspiracy theories claiming that rigged voting machines cost Mr. Trump the state. The company also used Republican partisans to help conduct its review in Maricopa County, including one former lawmaker who was at the Jan. 6 protest in Washington that preceded the Capitol riot..css-1xzcza9{list-style-type:disc;padding-inline-start:1em;}.css-3btd0c{font-family:nyt-franklin,helvetica,arial,sans-serif;font-size:1rem;line-height:1.375rem;color:#333;margin-bottom:0.78125rem;}@media (min-width:740px){.css-3btd0c{font-size:1.0625rem;line-height:1.5rem;margin-bottom:0.9375rem;}}.css-3btd0c strong{font-weight:600;}.css-3btd0c em{font-style:italic;}.css-w739ur{margin:0 auto 5px;font-family:nyt-franklin,helvetica,arial,sans-serif;font-weight:700;font-size:1.125rem;line-height:1.3125rem;color:#121212;}#NYT_BELOW_MAIN_CONTENT_REGION .css-w739ur{font-family:nyt-cheltenham,georgia,’times new roman’,times,serif;font-weight:700;font-size:1.375rem;line-height:1.625rem;}@media (min-width:740px){#NYT_BELOW_MAIN_CONTENT_REGION .css-w739ur{font-size:1.6875rem;line-height:1.875rem;}}@media (min-width:740px){.css-w739ur{font-size:1.25rem;line-height:1.4375rem;}}.css-1dg6kl4{margin-top:5px;margin-bottom:15px;}#masthead-bar-one{display:none;}#masthead-bar-one{display:none;}.css-12vbvwq{background-color:white;border:1px solid #e2e2e2;width:calc(100% – 40px);max-width:600px;margin:1.5rem auto 1.9rem;padding:15px;box-sizing:border-box;}@media (min-width:740px){.css-12vbvwq{padding:20px;width:100%;}}.css-12vbvwq:focus{outline:1px solid #e2e2e2;}#NYT_BELOW_MAIN_CONTENT_REGION .css-12vbvwq{border:none;padding:10px 0 0;border-top:2px solid #121212;}.css-12vbvwq[data-truncated] .css-rdoyk0{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);transform:rotate(0deg);}.css-12vbvwq[data-truncated] .css-eb027h{max-height:300px;overflow:hidden;-webkit-transition:none;transition:none;}.css-12vbvwq[data-truncated] .css-5gimkt:after{content:’See more’;}.css-12vbvwq[data-truncated] .css-6mllg9{opacity:1;}.css-1rh1sk1{margin:0 auto;overflow:hidden;}.css-1rh1sk1 strong{font-weight:700;}.css-1rh1sk1 em{font-style:italic;}.css-1rh1sk1 a{color:#326891;-webkit-text-decoration:underline;text-decoration:underline;text-underline-offset:1px;-webkit-text-decoration-thickness:1px;text-decoration-thickness:1px;-webkit-text-decoration-color:#ccd9e3;text-decoration-color:#ccd9e3;}.css-1rh1sk1 a:visited{color:#333;-webkit-text-decoration-color:#ccc;text-decoration-color:#ccc;}.css-1rh1sk1 a:hover{-webkit-text-decoration:none;text-decoration:none;}In Wisconsin, the Republican Assembly speaker, Robin Vos, is pushing for a review of the 2020 results to be led by a former State Supreme Court justice who claimed in November that the election had been stolen. And in Pennsylvania, the Republican leader of the State Senate has announced hearings that he likened to a “forensic investigation” of the election, saying it could include issuing subpoenas to seize voting machines and ballots.Christopher Krebs, the former head of the federal Cybersecurity and Infrastructure Security Agency, said such reviews could easily compromise voting machines. “The main concern is having someone unqualified come in and introduce risk, introduce something or some malware into a system,” he said. “You have someone that accesses these things, has no idea what to do, and once you’ve reached that point, it’s incredibly difficult to kind of roll back the certification of the machine.”Decertifying machines effectively means replacing them, often in a hurry and at great cost. Philadelphia’s elections board rejected an earlier G.O.P. request for access to the city’s election machines, saying it would cost more than $35 million to buy new ones.In Arizona, Secretary of State Katie Hobbs, a Democrat, told Maricopa County in May that her office would decertify 385 machines and nine vote tabulators that had been handed over for the G.O.P.-led election review.“The issue with the equipment is that the chain of custody was lost,” Ms. Hobbs said in an interview. “The chain of custody ensures that only authorized people have access to it, so that that vulnerability can’t be exploited.”Pulling compromised machines out of service and replacing them is not a foolproof solution, however.The equipment could have as-yet-undiscovered security weaknesses, Mr. Halderman said. “And this is what really keeps me up at night,” he said. “That the knowledge that comes from direct access to it could be misused to attack the same equipment wherever else it’s used.”A polling place in Philadelphia in November. Subpoenas could be issued to seize voting machines and ballots as part of a Republican-led investigation into Pennsylvania’s results in the 2020 election.Kriston Jae Bethel for The New York TimesAs an example of his concerns, Mr. Halderman pointed to Antrim County in northern Michigan, where, months after a court-ordered forensic audit in the county, a lawyer involved with the case who has frequently shared election conspiracy theories still appeared to have access to a Dominion Voting Systems ballot-scanning device and its software.The lawyer, Michael DePerno, posted a video from a conservative news site featuring a technical consultant who went to elaborate and highly implausible lengths to try to show that votes in the county — which Mr. Trump carried by a wide margin — could have been switched. (County officials said this could not have happened.)The device and its software are only supposed to be in the possession of accredited officials or local governments. “I was shocked when I saw they had a tabulator in their video,” said Sheryl Guy, the county clerk, who is a Republican.Neither Mr. DePerno nor Dominion Voting Systems responded to requests for comment.Easily the most bizarre breakdown of election security so far this year was the incident in Mesa County, Colo.The first sign of suspicious activity surfaced in early August, when a conservative news site, Gateway Pundit, posted passwords for the county’s election machines, the result of a separate breach in the county from the same month.A week later, the machines’ software showed up on large monitors at the South Dakota election symposium, organized by the conspiracy theorist Mike Lindell.Jena Griswold, the Colorado secretary of state, said her office had concluded that the passwords leaked out when Ms. Peters, the Mesa County clerk, enlisted a staff member to accompany her to and surreptitiously record a routine voting-machine maintenance procedure. Gateway Pundit published the passwords a week before the gathering in South Dakota.Ms. Griswold’s office is investigating and has said that Ms. Peters will not be allowed to oversee elections in November.Ms. Peters, who has called the investigation politically motivated, did not respond to repeated requests for comment. In an online interview with Mr. Lindell, the chief executive of MyPillow, she admitted to copying the hard drives and software but insisted she had simply backed them up because of some perceived but unspecified threat to the data. She also cited unfounded conspiracy theories about Dominion equipment.“I was concerned that vital statistics and information was being deleted from the system or could be deleted from the system, and I wanted to preserve that,” she said.But she flatly denied leaking the passwords or software. “I did not post, did not authorize anyone to post, any election data or software or passwords online,” she said.Even so, the secretary of state’s office said that Colorado counties had never been advised to make copies of their election machines’ hard drives.“It is a serious security breach,” Ms. Griswold said in an interview. “This is election officials, trusted to safeguard democracy, turning into an internal security breach.”The local district attorney has opened a separate inquiry into the episode and is being assisted by the F.B.I. and the Colorado attorney general’s office. Ms. Griswold, a Democrat, said she had also alerted the Cybersecurity and Infrastructure Security Agency.But Ms. Griswold said she worried that with so many Republican leaders “leaning into the big lie,” the risks of what she called an “insider security issue” were growing.“I think it’s incredibly time-sensitive that elections are set up to guard both from external and internal threats,” she said. More

    • 113 Shares149 Views

      in Elections

      The D.N.C. Didn’t Get Hacked in 2020. Here’s Why.

      by

      A devastating email breach of the D.N.C. roiled Democrats in the final months of 2016. An unassuming security official made it his mission to prevent a recurrence.As the country learns more about a broad Russian hijacking of American federal agencies and private companies and now another Russian hack, which was revealed on Thursday, it can look to the Democratic National Committee for a more positive development in the effort to prevent cyberattacks: Unlike four years ago, the committee did not get hacked in 2020.It’s worth remembering the D.N.C.’s outsized role in Russia’s interference in the 2016 election, when a spearphishing email roiled the Democratic Party in the final months of the campaign.That March, Russian hackers broke into the personal email account of John Podesta, Hillary Clinton’s campaign chairman, unlocking a decade’s worth of emails, before dribbling them out to the public with glee. The D.N.C. chairwoman, Representative Debbie Wasserman Schultz of Florida, resigned after emails appeared to show her favoring Mrs. Clinton over Senator Bernie Sanders of Vermont.A simultaneous Russian hack of the D.N.C.’s sister organization, the Democratic Congressional Campaign Committee, tainted congressional candidates with accusations of scandal in a dozen other races.By the time Donald J. Trump was in the White House in January 2017, “The D.N.C.’s house was ablaze,” Sam Cornale, the committee’s executive director, said in an interview this week.That month, Bob Lord, an unassuming, bespectacled chief security officer at Yahoo, was still mopping up the largest Russian hacks in history: a 2013 breach of more than three billion Yahoo accounts and a second breach in 2014 of 500 million Yahoo accounts. Mr. Lord, who discovered the breaches when he took over the job, helped the Federal Bureau of Investigation identify the assailants. A courtroom sketch of Karim Baratov, one of the hackers in the Yahoo case, still hangs on his wall.Mr. Lord left the team Yahoo affectionately calls “The Paranoids,” took a six-figure pay cut and headed to Washington in January 2017 to become the D.N.C.’s first chief information security officer.The way he saw it, the D.N.C.’s 2016 breach wasn’t so much a cybersecurity issue as it was a problem of workflow and corporate culture.Mr. Podesta’s aide, for instance, had asked a staff member to vet whether the infamous Russian spearphishing email was safe, and the aide responded that the email was “legitimate.” It was a typo; he later said he had meant to write “illegitimate.” By the time anyone realized what was happening, Mr. Podesta’s risotto recipes, and excerpts from Mrs. Clinton’s Wall Street speeches, were being dissected online by the news media and conspiracy theorists.“After that, few would even pick up a flier, let alone a hose to help in 2017,” Mr. Cornale said. “Bob showed up with five fire trucks while putting on his suspenders, and ran in to the house.”.css-1xzcza9{list-style-type:disc;padding-inline-start:1em;}.css-3btd0c{font-family:nyt-franklin,helvetica,arial,sans-serif;font-size:1rem;line-height:1.375rem;color:#333;margin-bottom:0.78125rem;}@media (min-width:740px){.css-3btd0c{font-size:1.0625rem;line-height:1.5rem;margin-bottom:0.9375rem;}}.css-3btd0c strong{font-weight:600;}.css-3btd0c em{font-style:italic;}.css-w739ur{margin:0 auto 5px;font-family:nyt-franklin,helvetica,arial,sans-serif;font-weight:700;font-size:1.125rem;line-height:1.3125rem;color:#121212;}#NYT_BELOW_MAIN_CONTENT_REGION .css-w739ur{font-family:nyt-cheltenham,georgia,’times new roman’,times,serif;font-weight:700;font-size:1.375rem;line-height:1.625rem;}@media (min-width:740px){#NYT_BELOW_MAIN_CONTENT_REGION .css-w739ur{font-size:1.6875rem;line-height:1.875rem;}}@media (min-width:740px){.css-w739ur{font-size:1.25rem;line-height:1.4375rem;}}.css-1dg6kl4{margin-top:5px;margin-bottom:15px;}#masthead-bar-one{display:none;}#masthead-bar-one{display:none;}.css-12vbvwq{background-color:white;border:1px solid #e2e2e2;width:calc(100% – 40px);max-width:600px;margin:1.5rem auto 1.9rem;padding:15px;box-sizing:border-box;}@media (min-width:740px){.css-12vbvwq{padding:20px;width:100%;}}.css-12vbvwq:focus{outline:1px solid #e2e2e2;}#NYT_BELOW_MAIN_CONTENT_REGION .css-12vbvwq{border:none;padding:10px 0 0;border-top:2px solid #121212;}.css-12vbvwq[data-truncated] .css-rdoyk0{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);transform:rotate(0deg);}.css-12vbvwq[data-truncated] .css-eb027h{max-height:300px;overflow:hidden;-webkit-transition:none;transition:none;}.css-12vbvwq[data-truncated] .css-5gimkt:after{content:’See more’;}.css-12vbvwq[data-truncated] .css-6mllg9{opacity:1;}.css-1rh1sk1{margin:0 auto;overflow:hidden;}.css-1rh1sk1 strong{font-weight:700;}.css-1rh1sk1 em{font-style:italic;}.css-1rh1sk1 a{color:#326891;-webkit-text-decoration:underline;text-decoration:underline;text-underline-offset:1px;-webkit-text-decoration-thickness:1px;text-decoration-thickness:1px;-webkit-text-decoration-color:#ccd9e3;text-decoration-color:#ccd9e3;}.css-1rh1sk1 a:visited{color:#333;-webkit-text-decoration-color:#ccc;text-decoration-color:#ccc;}.css-1rh1sk1 a:hover{-webkit-text-decoration:none;text-decoration:none;}Mr. Lord told his staff on Friday that he was leaving, clearing the way for the D.N.C. to get a replacement to get ahead of whatever adversaries may have planned for the midterms.Over the past four years, Mr. Lord has been a persistent and pervasive presence, speaking at every all-hands meeting, reminding employees that staving off the next cyber threat would come down to individual accountability: not reusing passwords, turning on two-factor authentication, running software updates. He urged them to use Signal, an encrypted messaging app, to lock down their Venmo accounts; he also advised them to avoid clicking on suspicious links.A “Bobmoji”— a digital caricature of Mr. Lord — hangs above the men’s urinal and adorns the walls of the women’s restroom, reminding staff members of the checklist.Mr. Lord has had significantly smaller security budgets than he did at Yahoo, or that of any government agency and technology companies that Russia breached over the past year. And so he became something of a digital Marie Kondo — the Japanese tidying expert — decluttering the D.N.C.’s networks, excising old software and canceling extraneous vendor contracts, then took those extra discretionary funds and put them towards cybersecurity. But he knew cybersecurity technologies can go only so far. “If adding security technologies could fix our cybersecurity problems, we would have fixed things 25 years ago,” he said in an interview.His real legacy, D.N.C. staff members said, is that he single-handedly changed a culture.“To survive in Bob’s role, you have to drive people a little crazy,” Nellwyn Thomas, chief technology officer at the D.N.C., said.When the committee sent out an innocuous email asking staff members to enter their T-shirt size and address for some free swag, not a single employee complied, employees said.Mr. Lord had proudly turned them paranoid. More

    • 113 Shares179 Views

      in Elections

      Florida Finds Election Fraud in High School Homecoming Votes

      by

      A student and her mother were arrested after the authorities found more than 100 votes suspiciously cast from a single school login.MIAMI — The report about vote tampering reached the Florida Department of Law Enforcement in early November: Someone had gained access to electronic accounts without authorization. At least 117 votes had been suspiciously cast — in J.M. Tate High School’s election for homecoming court.It was a case reminiscent of the 1999 dark comedy film “Election.”Department agents arrested Laura Carroll, 50, and her daughter, Emily Grover, 17, on Monday and charged them with conspiracy to use Ms. Carroll’s school district login to help Ms. Grover get elected homecoming queen.Laura Rose Carroll was arrested on Monday in Escambia County, Fla.The Escambia County Department of CorrectionsA five-month investigation found that the login for Ms. Carroll, an assistant principal at Bellview Elementary School near Pensacola, was used to gain access to the internal accounts of 372 Tate High students since August. The accounts include personal information such as students’ grades, medical history and disciplinary records.Students use the same accounts with an application to cast votes for homecoming.Ms. Grover often spoke about obtaining students’ information using her mother’s login, eight students and one teacher said in witness statements.“She looks up all of our group of friends’ grades and makes comments about how she can find our test scores all of the time,” one of the witnesses said, according to the arrest affidavits.Escambia County School District employees are supposed to change their password to log in to the internal system every 45 days.One witness told the agents that Ms. Grover had said she knew using her mother’s login would result in a “ping” that showed that Ms. Carroll had logged on at Tate High. Agents interviewed Ms. Carroll in November and knocked on her door last month to talk further, but she referred them to her lawyer, according to her arrest affidavit.Ms. Grover was expelled, according to police records, a decision that the family contested, but the expulsion was upheld. Ms. Carroll was suspended from her job, Tim Smith, the superintendent of the Escambia public schools, said in an email. He declined to comment further.Ms. Carroll was taken into custody on Monday and released on $8,500 bail. Ms. Grover was sent to juvenile detention for an evaluation, according to the Department of Law Enforcement.Through her lawyer, Ms. Carroll declined to comment. “She’d love to give out her side of the story, but it would probably be after we resolve the case,” the lawyer, Randall J. Etheridge, said.The school district’s elections contractor contacted school administrators in October after flagging more than 100 votes that were cast in a short period of time, all from the same unique IP address. The student council coordinator also heard reports that Ms. Grover had boasted about using her mother’s login to get into students’ accounts during the election, according to witness statements.Investigators later determined through IP addresses that 124 votes had been cast from Ms. Carroll’s phone, and 122 from Ms. Carroll’s and Ms. Grover’s residence.On Oct. 30, Ms. Grover was elected homecoming queen.Jack Begg contributed research. More

    • 163 Shares159 Views

      in Elections

      Biden to Restore Homeland Security and Cybersecurity Aides to Senior White House Posts

      by

      #masthead-section-label, #masthead-bar-one { display: none }The Coronavirus OutbreakliveLatest UpdatesMaps and CasesA Future With CoronavirusVaccine InformationF.A.Q.TimelineAdvertisementContinue reading the main storySupported byContinue reading the main storyBiden to Restore Homeland Security and Cybersecurity Aides to Senior White House PostsThe two appointments illustrate how the president-elect appears determined to rebuild a White House national security team to focus on threats that critics say were ignored by President Trump.The headquarters of the National Security Agency at Fort Meade, Md. President-elect Joseph R. Biden Jr. is expected to take a harder stand against Russian hacking.Credit…T.J. Kirkpatrick for The New York TimesJan. 13, 2021Updated 7:51 a.m. ETPresident-elect Joseph R. Biden Jr., facing the rise of domestic terrorism and a crippling cyberattack from Russia, is elevating two White House posts that all but disappeared in the Trump administration: a homeland security adviser to manage matters as varied as extremism, pandemics and natural disasters, and the first deputy national security adviser for cyber and emerging technology.The White House homeland security adviser will be Elizabeth Sherwood-Randall, according to transition officials. She is a longtime aide to Mr. Biden who served under President Barack Obama as senior director for Europe and then deputy secretary of energy, where she oversaw the modernization of the nuclear arsenal.And for the complex task of bolstering cyberoffense and defense, Mr. Biden has carved out a role for Anne Neuberger, a rising official at the National Security Agency. She ran the Russia Small Group, which mounted a pre-emptive strike on the Kremlin’s cyberactors during the 2018 midterm elections, part of an effort to counter Moscow after its interference in the 2016 presidential election.For the past 15 months, she has overseen the agency’s Cybersecurity Directorate, a newly formed organization to prevent digital threats to sensitive government and military industry networks. But it has also been an incubator for emerging technologies, including the development of impenetrable cryptography — the National Security Agency’s original mission nearly 70 years ago — with a new generation of quantum computers.Taken together, the two appointments show how Mr. Biden appears determined to rebuild a national security apparatus that critics of the Trump administration say withered for the past four years. The new White House team will focus on threats that were battering the United States even before the coronavirus pandemic reordered the nation’s challenges.Transition officials say that Ms. Sherwood-Randall and Ms. Neuberger will be given new powers to convene officials from around the government to deal with emerging threats. Both are expected to begin their jobs on Jan. 20, since neither position requires Senate confirmation.Ms. Sherwood-Randall will have to oversee the effort to contain right-wing groups that laid siege to the Capitol last week, and Ms. Neuberger will face the aftermath of the most unnerving cyberbreach to affect the federal government. She will, senior officials say, have to help determine how to make good on Mr. Biden’s vow that the hackers behind the recent intrusion, which has spread across government networks, “will pay a price.”Ms. Sherwood-Randall, a Rhodes Scholar who in recent years has been a professor at the Georgia Institute of Technology, had been considered a candidate for secretary of energy. The job went to Jennifer Granholm, a former governor of Michigan.She will serve as the White House homeland security adviser, a position created by President George W. Bush that became more powerful under Mr. Obama, and is distinct from the secretary of the Department of Homeland Security, who sits in the cabinet.“We’re going to be dealing at once again with border security, biosecurity, global public health and strengthening the resilience of our own democracy,” she said in a brief interview. “The last of those have grown more urgent.”The Coronavirus Outbreak More

    • 100 Shares149 Views

      in Elections

      Trump Contradicts Pompeo Over Russia’s Role in Hack

      by

      AdvertisementContinue reading the main storySupported byContinue reading the main storyTrump Contradicts Pompeo Over Russia’s Role in HackHours after the secretary of state said that Moscow was behind the vast cybersecurity breach, the president suggested it might have been China and downplayed the severity of the attack.Secretary of State Mike Pompeo at the White House last week. In an interview on “The Mark Levin Show,” Mr. Pompeo called the attack a “very significant effort.”Credit…Oliver Contreras for The New York TimesDavid E. Sanger and Dec. 19, 2020Updated 3:54 p.m. ETHours after Secretary of State Mike Pompeo told a conservative radio show host that “we can say pretty clearly that it was the Russians” behind the vast hack of the federal government and American industry, he was contradicted on Saturday by President Trump, who sought to muddy the intelligence findings by raising the possibility that China was responsible.Defying the conclusions of experts inside and outside the government who say the attack was a cybersecurity breach on a scale Washington has never experienced, Mr. Trump also played down the severity of the hack, saying “everything is well under control,” insisting that the news media has exaggerated the damage and suggesting, with no evidence, that the real issue was whether the election results had been compromised.“There could also have been a hit on our ridiculous voting machines during the election,” he wrote on Twitter in his latest iteration of that unfounded conspiracy theory. He tagged Mr. Pompeo, the latest cabinet member to anger him, in his Twitter post. With 30 days left in office, Mr. Trump’s dismissive statements made clear there would be no serious effort by his administration to punish Russia for the hack, and national security officials say they are all but certain to hand off the fallout and response to President-elect Joseph R. Biden Jr.So in the midst of a global pandemic, Mr. Biden will inherit a government so laced with electronic tunnels bored by Russian intelligence that it may be months, years even, before he can trust the systems that run much of Washington. And in his first days in office, even as he has to deal with Russia on arms control and other issues, he will have to confront a quandary that has confounded his predecessors for a quarter of a century: Retaliation for cyber intrusions often results in escalation.As Michael Sulmeyer, now a senior adviser to United States Cyber Command, put it before he entered government, America “lives in the glassiest of glass houses.” The United States is more reliant than almost any other nation on fragile computer networks that make the government and economy hum, making it an especially ripe target for short-of-war attacks like the one executed by the Kremlin.In contrast to Mr. Trump, who has always been reluctant to confront Moscow and President Vladimir V. Putin, Mr. Biden has signaled that he will not let the intrusion, whose full extent is not yet known, go unanswered.“A good defense isn’t enough,’’ Mr. Biden said Thursday, vowing to impose “substantial costs on those responsible for such malicious attacks.”He will not find that easy.Mr. Trump’s tweet was his first comment on the hack, which came to light a week ago. Privately, the president has called the hack a “hoax” and pressured associates to downplay its significance and push alternate theories for who is responsible, two people familiar with the exchanges said. Larry Kudlow, his economic adviser, told reporters on Friday, “People are saying Russia. I don’t know that. It could be other countries.”The president’s unexplained reluctance to blame Russia — which through its embassy in Washington has denied complicity in the attack — has only complicated the response, investigators say. The government only learned of the hack from FireEye, a cybersecurity company, after the firm was itself breached. And Microsoft’s president, Brad Smith, said Thursday that government agencies are approaching Microsoft — not the national security establishment — to understand the extent of the Russian breach.“This is the most consequential cyberespionage campaign in history and the fact that the government is absent is a huge problem for the nation,” said Dmitri Alperovitch, a co-founder of CrowdStrike, a security firm, who is now chairman of Silverado Policy Accelerator, a think tank.“The response has been a total disaster, not just because of the president, but because whoever is left is just polishing up their resumes,” he said. “There’s no coordination and every agency is just doing whatever they can to help themselves.”Mr. Trump’s comments on Saturday had echoes of his stance toward the hacks during 2016 presidential campaign, when he contradicted intelligence findings to claim it was China, or a “400 pound” person “sitting on his bed,” not Russia, who interfered in that election. Two years later, Mr. Trump’s own Justice Department indicted 12 Russian intelligence officers.“Never has there been a President work so hard to provide cover for Russia,” said Clint Watts, a former F.B.I. special agent and Russian information warfare expert at the Foreign Policy Research Institute. All countries spy on each other, of course, and — for now — that appears to have been the first objective of the Russian campaign, one that researchers said on Friday appears to date back to October 2019, six months earlier than initially believed.That was when hackers, presumed to be working for the SVR, one of the most elite and talented of the Russian spy agencies, first broke into the SolarWinds network management software, which is used across the federal government and by three-quarters of the nation’s Fortune 500 companies.The theory is that the Russians were trying to figure out whether they could get into the “supply chain” of software that would give them broad access to the array of systems that make America tick.What no one in the Trump administration wants to address, at least publicly, is how the Russians managed to evade billions of dollars in American-built defenses designed to alert agencies to foreign intrusions. That question, too, now seems certain to be left to Mr. Biden to answer.From their new cyber command center in Fort Meade, Md., the NSA and Cyber Command monitor incoming attacks, the way generations of American military officials jammed underground command centers to look for incoming missile attacks. In this case, the sensors never went off, and the commander of those cyber forces, Gen. Paul M. Nakasone, one of the nation’s most experienced cyber warriors, has said not one word in public about what went wrong.The private sector will face hard questions as well. The majority of infections, Microsoft said, were of private firms, many of them cybersecurity companies. FireEye only detected the attack after Russians cleaned it out too, taking the “Red Team” tools the firm uses to probe corporate and government systems for vulnerabilities.The Russian attack was carefully calibrated to avoid cybersecurity defenses. It gained access to the updates of the SolarWinds software — akin to the updates Apple and other phone makers push onto cellphones as they charge overnight — betting that small changes in code would not be noticed.By compromising the updates, they gained access to 18,000 government agencies and companies. From there they planted “back doors” into the networks of some 40 companies, government agencies and think tanks, according to Microsoft, that allowed them to come and go, steal data and — though it apparently has not happened yet — alter data or conduct destructive attacks.“This was a cybersecurity superspreading event,’’ Mr. Smith said in an interview on Thursday evening, calling it “a moment of reckoning.” While Mr. Trump began his time in office with a strong cybersecurity team in the White House, his third national security adviser, John R. Bolton, ousted them and eliminated the post of a cyber czar with direct access to the president.The new National Defense Authorization Act, which Mr. Trump is threatening to veto for other reasons, would recreate such a post. Yet until Mr. Pompeo, who ran the C.I.A. for the first two years of the Trump administration, made his assessment in an interview on “The Mark Levin Show,” the administration had all but ignored the attack in public — perhaps realizing that an administration that came into office on the heels of Russian interference in the 2016 election was leaving as the victim of one of Russia’s most well-executed cyberattacks.“This was a very significant effort,” Mr. Pompeo said, adding that “we’re still unpacking precisely what it is.” He said he expected most of the details would remain classified.“Given the gravity of this breach, it’s concerning that President Trump is paying so little attention to it,” said Senator Martin Heinrich, the Democrat from New Mexico, home to the Los Alamos nuclear lab that Russians breached in the attack.He and other Democrats have pushed for an aggressive response. “We have failed to deter the Russians,” Senator Chris Coons of Delaware, a Democrat who is close to Mr. Biden, said on Thursday. “We are only going to see Putin stop this action when we stop him.” But if history is any guide, finding the right way to retaliate will be difficult. The United States conducts its own spying missions. America has carried out supply chain attacks, too, including against Iran’s nuclear centrifuges and its missile program. It has been running them against North Korea for years.“The U.S. government has no principled basis to complain about the Russia hack, much less retaliate for it with military means, since the U.S. government hacks foreign government networks on a huge scale every day,” Jack Goldsmith, a Harvard Law School professor who worked in the Bush administration.“Indeed, a military response to the Russian hack would violate international law.” he added. “The United States does have options, but none are terribly attractive.”That is the core of Mr. Biden’s problem. In the first 16 days of his presidency he will have to deal with Mr. Putin to address the renewal of New START, the nuclear arms control treaty that expires on Feb. 5. Mr. Biden has said he favors a clean renewal of the agreement, which can be extended five years without having to return to the Senate for approval.But he will be conducting that negotiation while also dealing with the question of how to retaliate to an ongoing attack whose full extent is still unknown.“They had unfettered access for nine months,” said Stephen Boyer, an executive at BitSight, a cybersecurity firm. “We may never know what we lost.” Reporting was contributed by Steve Kenny, Eric Schmitt and Julian Barnes.AdvertisementContinue reading the main story More

    • 100 Shares159 Views

      in Elections

      Pompeo Says Russia Was Behind Cyberattack on U.S.

      by

      AdvertisementContinue reading the main storySupported byContinue reading the main storyPompeo Says Russia Was Behind Cyberattack on U.S.Secretary of State Mike Pompeo is the first member of the Trump administration to publicly link the Kremlin to the hacking of dozens of government and private systems.Secretary of State Mike Pompeo at the White House last week. In an interview on the Mark Levin Show, Mr. Pompeo called the attack a “very significant effort.”Credit…Oliver Contreras for The New York TimesDec. 19, 2020Updated 8:12 a.m. ETSecretary of State Mike Pompeo said Friday it was clear that Russia was behind the widespread hacking of government systems that officials this week called “a grave risk” to the United States.Mr. Pompeo is the first member of the Trump administration to publicly link the Kremlin to the cyberattack, which used a variety of sophisticated tools to infiltrate dozens of government and private systems, including nuclear laboratories, the Pentagon, and the Treasury and Commerce Departments.“I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” Mr. Pompeo said in an interview on “The Mark Levin Show.”“This was a very significant effort,” he said, adding that “we’re still unpacking precisely what it is.”President Trump has yet to address the attack, which has been underway since spring and was detected by the private sector only a few weeks ago. Until Friday, Mr. Pompeo had played down the episode as one of the many daily attacks on the federal government.But intelligence agencies have told Congress that they believe it was carried out by the S.V.R., an elite Russian intelligence agency. As evidence of the attack’s scope piled up this week, the Cybersecurity and Infrastructure Security Agency sent out an urgent warning on Thursday that the hackers had “demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks.”The agency added that it was likely that some of the attackers’ tactics, techniques and procedures had “not yet been discovered.” Investigators say it could take months to unravel the extent to which American networks and the technology supply chain have been compromised.Microsoft said it had identified 40 companies, government agencies and think tanks that the hackers had infiltrated. Nearly half are private technology firms, Microsoft said, many of them cybersecurity firms, like FireEye, that are charged with securing vast sections of the public and private sector.“There are more nongovernmental victims than there are governmental victims, with a big focus on I.T. companies, especially in the security industry,” Brad Smith, Microsoft’s president, said in an interview on Thursday.FireEye was the first to inform the government that the hackers had infected the periodic software updates issued by a company called SolarWinds since at least March. SolarWinds makes critical network monitoring software used by the government, hundreds of Fortune 500 companies and firms that oversee critical infrastructure, including the power grid.The national security adviser, Robert C. O’Brien, cut short a trip to the Middle East and Europe on Tuesday and returned to Washington to run crisis meetings to assess the situation. The F.B.I., the Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence formed an urgent response group, the Cyber Unified Coordination Group, to coordinate the government’s responses to what the agencies called a “significant and ongoing cybersecurity campaign.”The Russians have denied any involvement. The Russian ambassador to the United States, Anatoly I. Antonov, said Wednesday that there were “unfounded attempts by the U.S. media to blame Russia” for the recent cyberattacks.According to a person briefed on the attack, the S.V.R. hackers sought to hide their tracks by using American internet addresses that allowed them to conduct attacks from computers in the very city — or appearing so — in which their victims were based. They created special bits of code intended to avoid detection by American warning systems and timed their intrusions not to raise suspicions.The attacks, said the person briefed on the matter, shows that the weak point for the American government computer networks remains administrative systems, particularly ones that have a number of private companies working under contract.President-elect Joseph R. Biden Jr. said Thursday that his administration would impose “substantial costs” on those responsible.“A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Mr. Biden said, adding, “I will not stand idly by in the face of cyberassaults on our nation.”Investigators and other officials say they believe the goal of the Russian attack was traditional espionage, the sort the National Security Agency and other agencies regularly conduct on foreign networks. But the extent and depth of the hacking raise concerns that hackers could ultimately use their access to shutter American systems, corrupt or destroy data, or take command of computer systems that run industrial processes. So far, though, there has been no evidence of that happening.Across federal agencies, the private sector and the utility companies that oversee the power grid, forensic investigators were still trying to unravel the extent of the compromise. But security teams say the relief some felt that they did not use the compromised systems turned to panic on Thursday, as they learned other third-party applications may have been compromised.Inside federal agencies and the private sector, investigators say they have been stymied by classifications and a siloed approach to information sharing.“We have forgotten the lessons of 9/11,” Mr. Smith said. “It has not been a great week for information sharing and it turns companies like Microsoft into a sheep dog trying to get these federal agencies to come together into a single place and share what they know.”Reporting was contributed by David E. Sanger, Nicole Perlroth, Eric Schmitt and Julian Barnes.AdvertisementContinue reading the main story More