Michigan police execute warrant looking for missing election equipment

The Michigan State Police launched a criminal investigation this week after a piece of election equipment went missing. The inquiry comes after a local official—who has publicly questioned the validity and security of the 2020 election—had refused to allow a company vendor to run maintenance on the machine. Adams Township Clerk Stephanie Scott had been stripped of her election administration authority on Monday for failing to confirm that she would follow state law in certifying that public accuracy testing had been completed. A spokesperson for the Michigan State Police told CyberScoop Friday that the agency executed a search warrant in the rural community as part of an investigation requested by the Secretary of State, but declined to offer any additional information. Neither Scott nor a spokesperson for Secretary of State Jocelyn Benson responded to requests for comment. This is the second example in recent months of election officials taking extreme […]

The post Michigan police execute warrant looking for missing election equipment appeared first on CyberScoop.

Continue reading Michigan police execute warrant looking for missing election equipment

Election officials don’t need to report cyber incidents to the feds. That could soon change.

Security personnel charged with the challenging and high-stakes work of protecting election systems from digital threats might soon have another task on their to-do list: reporting any cyber incidents to the federal government. That’s if election technology, designated critical infrastructure in 2017, falls under proposed rules requiring critical infrastructure owners and operators to notify federal officials about cyber incidents, such as attempted hacks and ransomware attacks. The idea has surfaced again in a recent Stanford Internet Observatory paper authored by a former high ranking election security official who offered recommendations for election administration reform, ranging from increased funding to centralizing election IT infrastructure at the state level. The proposals are consistent with multiple bills under consideration in Congress, where momentum is building to require operators of critical infrastructure—pipeline owners, electrical grids, and other industries key to U.S. interests—to disclose yet-to-be defined cyber “incidents” to the Department of Homeland Security, FBI […]

The post Election officials don’t need to report cyber incidents to the feds. That could soon change. appeared first on CyberScoop.

Continue reading Election officials don’t need to report cyber incidents to the feds. That could soon change.

CISA selects Kim Wyman, GOP official who criticized false election fraud claims, as election security leader

The Cybersecurity and Infrastructure Security Agency named a Republican secretary of state who has challenged GOP attempts to overturn the 2020 presidential race as its top election security official on Tuesday. Kim Wyman, Washington’s secretary of state since 2013, will take the job of senior election security lead at CISA, the Department of Homeland Security’s primary cybersecurity arm. “Her decades of experience, unparalleled expertise, and unimpeachable integrity have earned her bipartisan respect at every level of government,” said CISA Director Jen Easterly. “Free and fair elections are a cornerstone of our democracy; Kim and I share a common view that ensuring the security of our elections must be a non-partisan effort.” CNN first reported that the White House was expected to name Wyman on Monday. CISA hopes her state experience will bolster relationships with election administrators across the U.S., although Republicans who have pushed for ballot reviews in states such […]

The post CISA selects Kim Wyman, GOP official who criticized false election fraud claims, as election security leader appeared first on CyberScoop.

Continue reading CISA selects Kim Wyman, GOP official who criticized false election fraud claims, as election security leader

A former top US election official urges sweeping security improvements, warning ‘democracy is in trouble’

The Cybersecurity and Infrastructure Security Agency’s former lead election security official is recommending comprehensive changes to protect the ballot in future elections, from physical safety upgrades for election workers and federal agency revamps to mandated disclosure of cyber incidents. A report published Thursday from former CISA election adviser Matt Masterson, who now works for Stanford’s Internet Observatory Cyber Policy Center, is a response to the complications that surrounded the 2020 elections. Namely, 2020 was marred by misinformation that undermined public faith in elections, inconsistent funding to mitigate IT vulnerabilities and threats against election officials, the report concludes. The battle over the 2020 presidential race rages on, with the GOP pushing partisan election reviews in several states despite numerous recounts that concluded with Joe Biden as the victor. “Our democracy is in trouble,” Masterson told CyberScoop. “We are in a downward spiral of distrust of the process. If we don’t make […]

The post A former top US election official urges sweeping security improvements, warning ‘democracy is in trouble’ appeared first on CyberScoop.

Continue reading A former top US election official urges sweeping security improvements, warning ‘democracy is in trouble’

FCC proposes record $5 million robocall fine for voter suppression scam

The Federal Communications Commission Tuesday proposed a roughly $5.1 million fine against right wing operatives John Burkman and Jacob Wohl, as well as Burkman’s lobbying firm, for hundreds of robocalls ahead of the 2020 election in which they allegedly used false claims to discourage Americans from voting by mail. The pair, both vocal supporters of former president Donald Trump, allegedly violated federal law that prohibits making pre-recorded calls to a wireless phone without user consent. The FCC found that between late August and early September last year the pair sent robocalls to over 1,000 individuals claiming that if they vote by mail, their information “will be part of a public database that will be used by police departments to track down old warrants and be used by credit card companies to collect outstanding debts.” The call, which encouraged voters to “stay home safe” also falsely claimed that the data would […]

The post FCC proposes record $5 million robocall fine for voter suppression scam appeared first on CyberScoop.

Continue reading FCC proposes record $5 million robocall fine for voter suppression scam

New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them

U.S. cybersecurity officials have scrambled to respond to one major hacking incident after another over the past nine months, from the alleged Russian intrusions into federal networks using bugged SolarWinds software, to the extortion of Colonial Pipeline, which controls the East Coast’s biggest fuel artery. Jen Easterly, the new director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), wants to break that cycle, and spend less time putting out fires and more time preparing for incidents in an attempt to reduce their impact. It’s a goal that will draw on Easterly’s experience working on cyber operations for the military, and her time trying to safeguard one of the largest U.S. investment banks from hackers. To date, actions taken by federal and private sector organizations “to protect us from threats are just not keeping pace,” she said in a recent interview. This month, Easterly set up the Joint Cyber Defense […]

The post New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them appeared first on CyberScoop.

Continue reading New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them

First major voting vendor, Hart InterCivic, partners with Microsoft on ambitious software security tool ElectionGuard

The ElectionGuard technology that Microsoft touts as a way to make elections more secure and verifiable is taking its biggest step yet: Hart InterCivic, one of the big three election vendors, says it will incorporate ElectionGuard into one of its voting systems. The ElectionGuard open-source software development kit gives voters a unique code to track their encrypted vote and confirm it wasn’t manipulated, and it offers a way for third parties to validate election results, according to Microsoft. The two companies jointly announced the partnership on Thursday. Hart InterCivic is the biggest partner to date for ElectionGuard, as one of three vendors — alongside Election Systems & Software and Dominion Voting Systems — that dominate the marketplace for voting machine technology. “We believe we must constantly re-imagine how technology can make voting more secure and also more transparent, and this partnership with Microsoft is a strong step in that direction,” […]

The post First major voting vendor, Hart InterCivic, partners with Microsoft on ambitious software security tool ElectionGuard appeared first on CyberScoop.

Continue reading First major voting vendor, Hart InterCivic, partners with Microsoft on ambitious software security tool ElectionGuard

SolarWinds hackers are behind a widespread phishing campaign impersonating USAID, Microsoft says

The same Russian spies who exploited SolarWinds software to infiltrate U.S. government agencies have in the last week launched a phishing campaign that aimed to hack some 150 organizations in 24 countries, Microsoft said Thursday. The suspected Russian hackers have posed as the U.S. Agency for International Development, a government agency that funds aid projects around the world, to target some 3,000 individual accounts in a blitz of phishing emails since May 25, Microsoft said in a blog post. The majority of the target organizations are in the U.S., and at least a quarter of them work in international development, humanitarian aid and human rights, Microsoft said. The hackers blasted out the nefarious messages by using a breached account that USAID uses to send marketing emails, according to Tom Burt, Microsoft’s corporate vice president for customer security and trust. A USAID spokesperson said that a forensic investigation into the breach […]

The post SolarWinds hackers are behind a widespread phishing campaign impersonating USAID, Microsoft says appeared first on CyberScoop.

Continue reading SolarWinds hackers are behind a widespread phishing campaign impersonating USAID, Microsoft says

‘Ghostwriter’ disinformation campaign rages on as Biden prepares for NATO trip

For over a year, Stanislaw Zaryn, a Polish government official, has not been shy about exposing what he says are suspected Russian attempts to interfere in Polish politics. Zaryn has posted screenshots on Twitter of fake accounts and slapped a blaring “Disinformation” label on them. He has called out a forged letter that criticized the U.S. troop presence in Poland. But a study published by security firm FireEye on Wednesday makes clear that the propaganda flagged by Zaryn is but one front in a multi-pronged information operations effort aimed at sowing political discord in multiple NATO countries. FireEye has linked more than 30 such incidents in Lithuania, Latvia, Germany and elsewhere in the last five years to a previously disclosed, ongoing influence campaign it calls Ghostwriter. That includes more than 20 newly discovered Ghostwriter incidents since an initial FireEye report last summer, including one as recent as last month. The […]

The post ‘Ghostwriter’ disinformation campaign rages on as Biden prepares for NATO trip appeared first on CyberScoop.

Continue reading ‘Ghostwriter’ disinformation campaign rages on as Biden prepares for NATO trip

Hackers target German lawmakers in an election year

Hackers have attempted to breach the private email accounts of certain German parliamentarians, a spokesperson for the legislative body confirmed Friday, in the latest example of cyber campaigns aimed at German politicians. German national security officials have briefed the parliament, known as the Bundestag, on the incident, and all the affected lawmakers have been informed, said Frank Bergmann, a Bundestag spokesperson. It was not immediately clear whether the phishing attempts were successful, who was responsible or what their goal was. Spokespeople for the BSI, Germany’s federal cybersecurity agency, and the BfV, the country’s domestic intelligence agency, declined to comment. The attempted intrusions comes six months ahead of Germany’s national elections. The German parliament has been a recurring target for foreign hackers, including a 2015 breach that the European Union blamed on Russia’s military intelligence agency. Since the Russian hack-and-leak operation aimed at the 2016 U.S. election, governments around Europe have […]

The post Hackers target German lawmakers in an election year appeared first on CyberScoop.

Continue reading Hackers target German lawmakers in an election year