If you think they stole it, read this: Elections officials outgunned in Russia's cyberwar against US

Elections officials outgunned in Russia’s cyberwar against America
By Greg Gordon, Ben Wieder and Kevin G. Hall

snip

What Brian and other election officials across eight states didn’t know until the leak of a classified intelligence is that Russian operatives hacked into the Florida headquarters of VR Systems, Inc., the vendor that sold them digital products to manage voter registrations.

A week before the election, the hackers sent emails using a VR Systems address to 122 state and local election officials across the country, inviting them to open an attachment wired with malicious software that spoofed “legitimate elections-related services,” the report said. The malware was designed to retrieve enough additional information to set the stage for serious mischief, said the National Security Agency report disclosed by the Intercept, an investigative web site.

That wasn’t the only type of attack.

snip

In Georgia, where a nationally watched congressional runoff race is scheduled for Tuesday, Politico magazine reported that a U.S. hacker from a national laboratory seeking to expose vulnerabilities in election systems was able to easily download millions of voter records from Kennesaw State University’s Center for Election Systems, which manages them. Election watchdog groups say subsequent warnings to the state about a hole in their system went unheeded for months.

David Jefferson, a computer scientist at the Lawrence Livermore National Laboratory in California who has acted in his personal capacity in trying to safeguard election integrity, said he believes it is “absolutely possible” that the Russians affected last year’s election.

“And we have done almost nothing to seriously examine that,” he said.
The web connecting the Trump administration to Russia

snip

“The Russians really were engaged in a pattern of attacks against the machinery of the election, and not merely a pattern of propaganda or information warfare and selective leaking,” said Alex Halderman, a University of Michigan computer science professor. “The question is, how far did they get in that pattern of attacks, and were they successful?”

Election officials across the country may not even know if they’ve been attacked, computer scientists say, pointing to the scenario that played out in Durham County.

State and local voting systems appear to be easy prey for sophisticated hackers.

snip

“If we don’t fix our badly broken system before the next major presidential election, we’re going to be hacked into,” said Barbara Simons, author of “Broken Ballots,” a 2012 book about election security published by Stanford University. “It might not just be Russia. It might be North Korea, China, Iran or partisans.”

While the Netherlands opted to shift to paper ballots when alerted the Russians were trying to swing its election outcome to the right, U.S. election officials have stood pat.

snip

“The ability to manipulate the vote tally, that’s quite complicated,” the Homeland Security official said. “We didn’t see an ability to really accomplish that even in an individual voting machine. You have to have physical access to do that. It’s not as easy as you think.”

Some of the nation’s top experts in voting security disagree.

Lawrence Livermore’s Jefferson voiced frustration with the “defensive” refrain of denials from state and local election officials, including the National Association of Secretaries of State.

“Election officials do not talk about vulnerabilities,” Jefferson said, “because that would give the advantage to the attacker. And they don’t want to undermine public confidence in elections.”

North Carolina was considered to be a swing state in the presidential race, and Durham County, with an African-American population of more than 37 percent, had voted more than 75 percent in favor of putting and keeping Barack Obama in the White House. Last year’s governor’s race was a dead heat entering Election Day.

The chaos in Durham County led to 90-minute delays. Some voters rang a Voter Protection Hotline to complain that their names had disappeared from the registration system or that they were told they already had voted.

The county hired a contractor to investigate the foul-up, but the inquiry never examined whether the system was hacked.

Twenty other North Carolina counties used the system, including Mecklenburg County, encompassing most of Charlotte. Though none reported problems on the scale of Durham County, release of the NSA report prompted the North Carolina Board of Elections to order a new investigation.

A former FBI agent is leading the inquiry. Critics say the three-member investigative team again lacks expertise in forensics.

snip

Halderman, the University of Michigan expert, said he believes the best solution is for states to require paper trails for all voting equipment and post-election audits to ensure the vote counts are authentic.

“There’s no guarantee that we’ll know we’re under attack,” he said, “unless we do the quality control that we need by doing these audits to detect manipulation.”

Read more here: http://www.mcclatchydc.com/news/nation-world/national/article157039299.html#storylink=cpy

And just so you know there is hope, Verified Voting is doing great work on this:
https://www.verifiedvoting.org/about-vvo/
Most of the experts mentioned in the article are involved with them.
You can sign up for their email list on their site.

Edited to add: Example of one thing Verified Voting did recently:

Verified Voting Blog: Technology Experts’ Letter to Georgia Secretary of State Brian Kemp
Regarding the FBI criminal investigation into an alleged cyber attack of the Kennesaw State University Center for Election Systems
https://www.verifiedvoting.org/verified-voting-letter-to-georgia-secretary-of-state-brian-kemp/