This website does readability filtering of other pages. All styles, scripts, forms and ads are stripped. If you want your website excluded or have other feedback, use this form.

The US Is Unprepared for Election-Related Hacking in 2018 - Schneier on Security

Schneier on Security

Blog >

The US Is Unprepared for Election-Related Hacking in 2018

This survey and report is not surprising:

The survey of nearly forty Republican and Democratic campaign operatives, administered through November and December 2017, revealed that American political campaign staff -- primarily working at the state and congressional levels -- are not only unprepared for possible cyber attacks, but remain generally unconcerned about the threat. The survey sample was relatively small, but nevertheless the survey provides a first look at how campaign managers and staff are responding to the threat.

The overwhelming majority of those surveyed do not want to devote campaign resources to cybersecurity or to hire personnel to address cybersecurity issues. Even though campaign managers recognize there is a high probability that campaign and personal emails are at risk of being hacked, they are more concerned about fundraising and press coverage than they are about cybersecurity. Less than half of those surveyed said they had taken steps to make their data secure and most were unsure if they wanted to spend any money on this protection.

Security is never something we actually want. Security is something we need in order to avoid what we don't want. It's also more abstract, concerned with hypothetical future possibilities. Of course it's lower on the priorities list than fundraising and press coverage. They're more tangible, and they're more immediate.

This is all to the attackers' advantage.

Tags: cyberattack, cybersecurity, national security policy, security awareness, voting

Posted on May 8, 2018 at 9:07 AM • 58 Comments

Comments

David Rudling • May 8, 2018 11:05 AM

Until, of course, their candidate loses and their opponent wins.
But perhaps litigation by unsuccessful candidates will be the spur needed to take the issue seriously and invest resources.

albert • May 8, 2018 11:44 AM

I'll go on record and make a prediction:

If he runs, Trump will win the next election!

Seriously, in the future, Presidential elections will be won by either a Republican or a Democrat.

. .. . .. --- ....

(required) • May 8, 2018 12:28 PM

This is Trump's executive decision - to ignore it, because acknowledging it would undermine his election.

As if he hadn't undermined it enough himself, and left the next one as open as possible to more manipulation.

All this squawk about the wall, the "gun-theft" that isn't happening...

All while he leaves the barn door open intentionally. At some point dereliction IS treason.

(required) • May 8, 2018 12:29 PM

@Albert

That assumes he's not in prison 2 years from now, or headed there shortly after. I will take that bet.

jonesMay 8, 2018 12:31 PM

It could just be realpolitic if these staffers know that an election settled by less than a percentage of the votes here or there may as well be settled by chance anyway... Hey they're just follwing orders ... uh, I mean, hey, it's just a job...

Clive Robinson • May 8, 2018 2:22 PM

The real point is,

The overwhelming majority of those surveyed do not want to devote campaign resources to cybersecurity or to hire personnel to address cybersecurity issues.

The real reason is that in the US the way to win is to out spend the opponent.

Nobody including the voters actually belive any of the guff the perspective idiots who put themselves forward on somebody elses dime says. As long as the crock full they spout can provide a back and forth across a couple of beers and thus make the voters feel like they are included, then it serves the purpose those who hold the money want which is to divert attention to the fix being put in.

It is nolonger religion that is the opiate of the masses it's the faux inclusion in the political process.

Thus cyber security matters not one jot to anyone except for the colomn inches that will sell advertising.

Lets face it even those who post here about treason etc etc have not woken up to the fact their strings are being pulled and they are dancing like puppets to some fiddlers tune.

Get to understand that the entire election is about vacuous propaganda then realise that it is very very unlikely to make any difference. It is almost always "the same old same old", only it costs more every time around. As was once observed by Adlai E. Stevenson

    If the Republicans will stop telling lies about the Democrats, we will stop telling the truth about them.

But the chances are you will not remember it because he died before most people hear were born.

Even Einstein understood the problem,

    Who ever is careless with the truth in small matters, can not be trusted with important matters

Politician's lie to people as a first response, both Machiavelli and Orwell knew this well and said as much in their various ways. The thing that scared the politicians most when the Intetnet first really got going was that all their lies would be reveled. So they started "spin doctoring" and "sound bites" that are devoid of meaning but sound vaguely promissing like "think of the children"... Then the politicians discovered that even if the truth did come out it did not matter as "I did not have sex with that woman" proved it was the way you put out the message.

As for "Russia stole the election" get real all thay idiocy showed is that the American people can be led by the nose like cattle at market. Funnily for observers not by the Russian's but the US MSM and their pay masters, who realise if you tell a lie often enough then people belive it despite the facts --or lack thereof- comming out...

So I can confidently predict that at the end of this year we will have more bleating about propaganda and lack of cyber security. Simply because those holding the purse strings don't care about either as long as the legislation they have bought gets passed and they make a tidy profit out of everyone else...

Slag • May 8, 2018 4:02 PM

I don't know about you all, but I plan on volunteering my services as a security professional to any candidate from my state. This is our only country and I'm not willing to let fatigue and cynicism convince me to give it up without a fight. You can tell me it's a waste of time, you can claim all politicians are the same, but if ever an honest person does step up, I want them to have a fair shot as best I can provide it.

Sancho_P • May 8, 2018 4:33 PM


Seriously, why should they be concerned about cybersecurity?
Elections are a local race for power = money.
Bribery, lobbying and tricking is much more effective.

OK, revealing dirt - may hurt!

[didn't find a rhyme ending in "- may trump" ;-) ]

(required) • May 8, 2018 5:46 PM

[thehill.com]

Stormy Daniels’s attorney Michael Avenatti said Tuesday that President Trump’s personal lawyer Michael Cohen received $500,000 in the months after the 2016 election from a company run by a Russian oligarch with ties to Russian President Vladimir Putin.

After significant investigation, we have discovered that Mr. Trump’s atty Mr. Cohen received approximately $500,000 in the mos. after the election from a company controlled by a Russian Oligarc with close ties to Mr. Putin. These monies may have reimbursed the $130k payment.
— Michael Avenatti (@MichaelAvenatti) May 8, 2018

The Executive Summary from our first Preliminary Report on Findings may be accessed via the link below. Mr. Trump and Mr. Cohen have a lot of explaining to do.https://t.co/179WvIkRlD
— Michael Avenatti (@MichaelAvenatti) May 8, 2018


Funny that it takes this situation to bring out that the President's close adviser takes Russian money.
Directly. Secretly. All the lies up to now, and now this.

Or is that ok too, Clive?

Ratio • May 8, 2018 6:00 PM

Never interrupt an enemy of truth when he is making yet another colossal mistake.

(required) • May 8, 2018 6:01 PM

An enemy of truth, or defender of something they value more than that? I do wonder.

(required) • May 8, 2018 6:22 PM


[en.wikipedia.org]

Exactly 1 party is in control of this situation, and they wish to sustain it.

Putin's 4th term is going swimmingly also, according to internal sources.

Que legit.

tyr • May 8, 2018 6:24 PM


@Clive

The only real question that I have seen no
evidence of is.
How many mmembers of the electoral college
have been pulled into the investigation
by Meuller ?

They are the people who would need to be on
the take from Russia to change an election
in USA. The ridiculous sideshow of the
'popular' vote is just a scam cooked up
to gull the ordinary fool in the street.

Of course if you don't know how the system
works you can be panicked by extraneous crap.
It was designed to make sure nobody with a
radical idea ever gets into power to oppose
the carefully crafted system.

They chained Jill Stein to a chair to keep
her from being in the audience during the
debates. Same thing happened with Ralph
Nader years before. They are so afraid of a
new idea being heard it makes them itch.

The whole voting machine thing is a bad joke
played out on the ordinary yokel by both parties
so don't look for a sudden explosion of common
sense to take place.

(required) • May 8, 2018 6:36 PM

[www.archives.gov]

"As a historical matter, the 14th Amendment provides that state officials who have engaged in insurrection or rebellion against the United States or given aid and comfort to its enemies are disqualified from serving as Electors. This prohibition relates to the post-Civil War era."

Would that disqualify most of the Tea Party then?

Actually the EC is comparably well regulated compared to election SuperPAC money moving.
THAT is what convinces average masses to vote one way or another : repetition.

Allowing lies to be repeated was not an American tradition until we stopped dueling.

(required) • May 8, 2018 6:52 PM

[www.washingtonpost.com]

What should this tell you? If you can't compete in terms of fundraising, collude.

This election was entirely about security deficiencies, admitted or not.
Those Guccifer emails being published turned the tide.

If someone had hacked Donald's taxes do you really think he'd be around now?

You don't need to steal votes directly, saying that's the only way is nonsense.

Ratio • May 8, 2018 7:00 PM

But but but… it was a leak by a disgruntled Bernie supporter. You have no§ evidence!

§ No evidence after ignoring all the available evidence.

Chris • May 8, 2018 7:31 PM

The phrase "election-related hacking" is too vague. Most people don't consider social media targeting to be election hacking. If a foreign power is hacking (i.e., tampering with) our voting machines, then that needs to stop. Otherwise this is much ado about nothing.

Keep in mind Obama stood in London and urged Brits to vote against Brexit. Obama stood in Israel and urged Israeli's to vote against Netanyahu. Were those examples of hacking? Were those examples of interfering?

I'm just asking.

(required) • May 8, 2018 8:04 PM

" Otherwise this is much ado about nothing. "

That's not exactly true. This is much ado about blackmail, fraud, stonewalling, obstruction, treason.

"Keep in mind Obama stood in London and urged Brits to vote against Brexit. Obama stood in Israel and urged Israeli's to vote against Netanyahu. Were those examples of hacking?"

He didn't pretend to be anyone else, and he made factual points. That's two strikes for you though.

Why exactly are you defending another country's "right" to spend money deciding who runs your country?
Especially in secret like this, with all (incompetent) parties admitting guilt only after caught?

Why are you putting out that this is normal or defensible?

(required) • May 8, 2018 8:12 PM

For the historical record, Obama was correct on both those counts.

There's also a reason Trump and Nyetanyahu are doubling down against a world of common sense right now:
They both need the distraction from their imminent criminal downfall. Let's face it.

The world isn't wrong, Obama didn't need to say anything that wasn't true or misrepresent his own voice.

(required) • May 9, 2018 12:44 AM

"She was no real alternative, either."

I agree with that much. But imagine she had done what Trump is credibly accused of?

We wouldn't be resisting the Constitutional crisis we are circling toward now. We'd be there already.

Clive Robinson • May 9, 2018 3:19 AM

@ tyr,

Of course if you don't know how the system works you can be panicked by extraneous crap. It was designed to make sure nobody with a radical idea ever gets into power to oppose the carefully crafted system.

Apparently the cosy arrangement was set up before "party politics" happened. From what historians have said, originally the idea of the Presidential Election would be that the winner would become President and the runner up vice President... Further to quallify to enter you had to be part of the club as it were. So yes it was designed to keep out "the wrong sort of people" and it's gloriously backfired...

If anyone "hacked the election" and showed it up for what it is, it was Trump himself. He realised or was advised about the failing of a "close call two party system". It's wide open to blackmail of the most public form and he played the hand well and won.

For those that don't know, what he did it was simply blackmail the Republicans very publically. As I've noted befor Donald Trump is not a Republican, never was and never will be. He is without a doubt a "self believer" and as such it was his hate for Obama that drove his ambition to the Whitehouse, in effect to make Obama eat his words.

The probability was that the Republican's were going to lose the 2016 election anyway, all Donald Trump did was make it clear to the GOP that he had the money to take their voters away and make it an absolute certainty they would lose. They tried to call his bluff but then folded when he called them in return. Thus they dropped their "chosen idiot", and accepted Donald Trump as the replacment.

As it was the votors called Trumps bluff by a hair or two, and that should have been the end to it. But by that time other things had happened, what it was that made various members of the electrol college do what they did we currently don't know, and they certainly are not saying.

The result was that instead of keeping the radical outsider out, it gave him the job instead.

Which brings us around to the question of "crazies". From an outsiders perspective the least crazy person who put their hat in the ring was Bernie... But for various reasons he is not popular with those who control the money and access to the MSM.

The Republican's have a recent history of chosing the wrong people as their candidates. The switch to Trump was perhaps the least crazy option for them when seen from the outside. Which leaves us with HRC, trying yet again to make history. She got the popular vote but I guess she was then seen by the electoral college as being "the bigger threat/crazy" so they blocked her out.

Something tells me HRC was not going to getva Noble Prize, and her previous history has more skeletons than a village grave yard. Would she have made a good President, I don't know. The nearest comparison we have as a current example is the UK Prime Minister Mrs "snoopers charter" May, who has turned out to be a massive train wreck...

Thus historians at some point will nodoubt point out the electoral college got it right.

As for President Trump, his fate probably rests on the results of these mid-terms and the resulting composition of the two houses. As I've indicated before whilst Trump may not be popular with many Republicans he is delivering to those who hold the purse strings, so as long as the public image can be mannaged then it is unlikely he will get impeached. Because when all things are considered Trump is "a useful idiot" that can get all sorts of policy through that will please only the likes of the Koch brothers. The advantage for the Republicans is he becomes the future "fall guy" for any fall out whilst the Republican's will appear to have kept their hands clean...

Thus we have a situation in the US that is almost laughable. The "Russian's hacked the election" is being used like a laser pointer to fixate the attention of a cat, that leaps and chases it any which way unthinkingly. And whilst "the cat is away" being distracted, the mice are nolonger playing they have got serious and are clearing out not just the pantry, but the fridge and bank account...

As a previous US politico advised "The price of freedom is etetnal vigilance", well the US populous are to busy following the bright spot on the wall as their freedoms get stolen from them.

Oh and Trump will almost certainly get a lasting political legacy. His name will be used as a red flag to wave along with phrases like "This must never happen again" to ensure that the "invite only" club that is US Politics closes the loop hole he used to become President.

Winter • May 9, 2018 5:59 AM

@Clive
"and as such it was his hate for Obama that drove his ambition to the Whitehouse, in effect to make Obama eat his words."

I think Trump is also driven by Obama Envy. Everything he does seems to be to "best" Obama. In this Iran deal business, he cancels the deal Obama made, to replace it by a "better" deal he made. The same with Obamacare (Something Really Marvelous to replace it) and the Trans-Pacific Partnership, that he now wants to re-enter in a New and Marvelous Deal. Even the speech Melania gave during the campaign was copied from Michelle. And now Melania's Be Best cyber-bullying campaign is copied word for word from an Obama era campaign.

@required
"If Boris or Nigel took a half million from Russia on the Brexit-yes campaign."

American voters always vote for the most corrupt politician. That is why they will vote for the one that spends most money. Somehow, they are convinced that money equals success and competence. Even the US evangelicals thoroughly believe that money is god's reward for true faith or something.

In many other countries the opposite is true. I have seen quite a number of candidates in Europe burn to the ground because they were seen to spend too much money in their campaigns. Campaign money should be spend wisely, and out of sight.

David Rudling • May 9, 2018 6:21 AM

I have admittedly read with interest some of the discussion here about US politicians and the 2016 election. Interesting and possibly educational as it is, if I may be so bold, some of the discussion appears to be a little off-topic.

What Bruce flagged was a report about the forthcoming 2018 elections illustrating, inter alia,

" ... political campaign staff -- primarily working at the state and congressional levels -- are not only unprepared for possible cyber attacks, but remain generally unconcerned about the threat."

Electoral cyber attacks being the key theme and the associated security, or rather lack of it.

To amplify my earlier comment, when the losers start clutching at straws, as they so often do, they may find that in cyber security failings they have laid hands on a big stick suitable for beating ... who?

Dan H • May 9, 2018 7:41 AM

@(required)
A mental hospital has lost a patient.

@Clive
Hillaryous was as corrupt a politician as they come. Everyone keeps saying Trump/Russia, but ignore that Russia gave millions to the Clinton Foundation; that her campaign chairman has ties to the Russian energy firm Joule; that she paid a former foreign spy to dig up dirt to interfere in the election; Hillaryous rigged the DNC primary because she couldn't legitimately defeat a nearly 80-year-old communist. She started a war in Libya which has left a failed state that is now one of the most vioent places on the planet. Then we could turn to her illegal email server that was hacked by Russia, and her deleting emails under subpoena, and destroying mobile devices.

The media is doing their best to make Trump look bad so the left will win more seats in 2018. All one has to do is look at the headlines each day from NBC, ABC, CBS, PMSNBC, HuffPost, NYT, Washington Post, Yahoo News. They all go out of their way to create salacious headlines and stories that are anti Trump. The American public is not smart enough to see through this and take everything at face value. They are also stupid enough to believe they know more than the experts. In reality, Trump is not doing that bad, although he should lose his Twitter account.

VinnyG • May 9, 2018 8:46 AM

@David Rudling re: "discussion" - Given that the original post concerned US national political elections later this year (regardless of the stated focus of that concern,) I hope you didn't expect many of the replies to relate to security. Given the recent history of this blog, the nature of the ensuing conversation was entirely predictable. By all.

moops • May 9, 2018 9:47 AM

The Senate Intelligence Committee on Tuesday released the unclassified version of its investigation into Russian cyberattacks on digital U.S. voting systems ahead of the 2016 presidential election.

The report finds that Moscow conducted an “unprecedented, coordinated cyber campaign” against the nation’s voting infrastructure. Through its investigation, the committee found that Russia-linked hackers were in a position to “alter or delete voter registration data” in a small number of states before the 2016 vote.

“In a small number of states, Russian-affiliated cyber actors were able to gain access to restricted elements of election infrastructure,” the report states. “In a small number of states, these cyber actors were in a position to, at a minimum, alter or delete voter registration data; however, they did not appear to be in a position to manipulate individual votes or aggregate vote totals.”

“The Committee saw no evidence that votes were changed and found that, on balance, the diversity of our voting infrastructure is a strength,” the report says. “However, the Committee notes that a small number of districts in key states can have a significant impact in a national election.”

The Hill May 9, 2018

Slag • May 9, 2018 10:05 AM

So to sum up the arguments made as I under stand them as relevant to the post:

1) Elections don't matter because all politicians are the same
2) Election security doesn't matter because the winner is who spent the most
3) The only election security that matters is for the electoral college
4) Election security matters, but is not important compared to other attacks on freedoms


In response:

1) Do not let cynicism blind you to the very real differences in position and focus. This is particularly true for the smaller races, the state level assembly or a congressional seat that might cover only few cities. These are not presidential races, these are local. The greatest power a politician has is eminent domain, the right to forcibly take your home. That power resides at the township level, the city council, the mayor. Small races matter most.

2) This is a simplistic reduction. Having more money is a great advantage, but if someone steals your voter rolls, scrambles your communications, erases your records and implicates you in criminal behavior, you won't have enough money to recover in time. Imagine trying to "Get out the vote" when your phone lines get swamped by robo calls?

3) The article is about state and congressional races. The electoral college is purely presidential. If you think the composition of congress doesn't matter, feel free to check the record on Nixon's impeachment, Clinton's impeachment, the McCarthy commission, the affordable care act and the current administrations ability to ignore scandals that would have seen Reagan hounded out of office.

4) Local government shapes the national government shapes the corporate environment shapes the global environment. Chase one rabbit, catch one rabbit.

parabarbarian • May 9, 2018 10:16 AM

This may be sensible on their part. If the campaign staff really believe that voter fraud is a negligible threat then the campaign's limited resources are is better spent on things directly related to winning.

(required) • May 9, 2018 12:32 PM

@DanH

" mental hospital has lost a patient "

Well you'd better get back before head count. Still talking about Hillary? Lol.

(required) • May 9, 2018 12:37 PM

Trump's 2-3 decade "lawyer" and associate took money from a Kremlin linked Russian agent.
Half a million dollars at least. He failed to report that, Trump lied about it, etc.

You can twist in the wind but this will not go away, and it's not "the media" inventing it either.
It's frankly just cowardly to continue to need to bring up Hillary as a distraction from the reality:

The sitting President potentially faces life in prison on a multitude of counts.
He is aiding and abetting the Russian effort to illegally influence US elections - ongoing.

(required) • May 9, 2018 12:46 PM

File under : Paper thin skin.

How can we even have a discussion about security with troll-in-chief trying to shut down all critiques?
If you can't stand honest dissent from the free press you don't belong in this country. Period.

[thehill.com]

The White House Correspondents' Association fired back at President Trump on Wednesday after he suggested revoking press credentials for journalists who cover his administration critically.

"Some may excuse the president's inflammatory rhetoric about the media, but just because the president does not like news coverage does not make it fake," Margaret Talev, the group's president and a White House correspondent for Bloomberg, said in a statement.

"A free press must be able to report on the good, the bad, the momentous and the mundane, without fear or favor," she continued. "And a president preventing a free and independent press from covering the workings of our republic would be an unconscionable assault on the First Amendment."


Dan H • May 9, 2018 12:50 PM

@(required)
Oh, how soon the mentally ill on the left forget that 0bama tried to ban Fox News.

(required) • May 9, 2018 12:53 PM

Yeah Obama "tried to ban Fox News" lol. Where do you find the ether you breathe?

[www.cnn.com]

Trump hit a(nother) milestone: He topped 3,000 untrue or misleading statements in 466 days in office.

That means that, on average, Trump says 6.5 things that aren't true a day. Every. Single. Day.

Yeah Obama and Hillary though, right? Get a clue. Your need for red herrings would be laughable
if it weren't so dependably pathetic.

EvilKiru • May 9, 2018 12:56 PM

@justinacolmena: What divorce? Bill and Hillary Clinton are still married to each other.

Read the Darn Rules • May 9, 2018 1:12 PM

How many mmembers of the electoral college have been pulled into the investigation by Meuller ?
They are the people who would need to be on the take from Russia to change an election in USA.

As usual, multiple commenters are writing about what they think is true, rather than getting underlying facts straight. All but two states assign their full delegation to the party winning the statewide popular vote, making individual electors irrelevant unless plenty of them go directly and publicly against their state's winner, which would be extremely obvious even to ordinary citizens. This is not how the 2016 election was swayed.

In USA Presidential elections (from the Wikipedia "Faithless electors" article) :
The United States Constitution does not specify a notion of pledging; no federal law or constitutional statu[t]e binds an elector's vote to anything. All pledging laws originate at the state level. ... Twenty-one states do not have laws compelling their electors to vote for a pledged candidate.

From the Wikipedia "Faithless electors in the United States presidential election, 2016" article:
... seven members of the U.S. Electoral College voted for a candidate different from the one for whom they were pledged to vote. The Democratic Party nominee, Hillary Clinton, lost five of her pledged electors while the Republican Party nominee and then president-elect, Donald Trump, lost two. Three of the faithless electors voted for Colin Powell while John Kasich, Ron Paul, Bernie Sanders, and Faith Spotted Eagle each received one vote. ... The defections fell well short of the number needed to change the result of the election; only two of the seven defected from the presumptive winner, when 37 were needed to change the outcome.

The three really close states that swung the election refused to do full audits, but the state and federal governments have indicated there was no known direct tampering, only data-gathering intrusions. The election was "changed" instead by propaganda that dissuaded Clinton voters from turning out, and by selective public statements from FBI director James Comey that had the same effect.

The article that started this thread isn't about that at all. It's about the insecurity of the state voting systems, and the lack of interest by candidates' campaigns in making sure the vulnerabilities are fixed by properly funded, trained, informed, and empowered teams.

(required) • May 9, 2018 1:28 PM

How do you propose to debate secure systems when people are plainly lying about common facts though?

There is no leadership toward securing election systems. There are "official" lies in that stead.

The President insists there are over 3 million *(!) "phantom" illegal voters committing fraud.
He went to set up a body to investigate this - which found very little and shut itself down.

How exactly should states go about even engendering meritorious debate on this topic?
How can they put forth common sense security paradigms that partisans don't want?

How can anyone compromise with a group pushing voter restrictions and exclusions and extra hassles?
This is as much about the spirit and function of our Republic as it is actual 'vote' security.

Dan H • May 9, 2018 1:39 PM

@(required)
Everyday it is a relief we don't have the stain of Hillaryous as president. It is laughable how you ignore her lies. She can't recall her State briefing about security, she can't remember what happened to her mobile devices, all 33,000 emails were about Chelsea's wedding.

It is typical of the left to just ignore the fact her illegal email server was hacked by Russia and they have everything that was on there. Windows server with remote desktop enabled and connected to the Internet. Told by DS to get a secure State-issued device and she's like "okay," and continues with her hackable Best Buy phones.

Just ignore her complete lack of security which was done for her own benefit, not for the nation.

(required) • May 9, 2018 1:56 PM

Republican Jim Comey :

"there was evidence of hacking directed at state-level organizations, state-level campaigns, and the RNC, but old domains of the RNC, meaning old emails they weren't using. None of that was released."

[www.cnn.com]

"When you lie and get caught, try to double down until you forget what you were lying about."
-Trump advice.

Anura • May 9, 2018 2:01 PM

@Dan H

Yes, any wrongdoing by Trump, no matter what, is justified because Hillary was obviously worse (which should be accepted without evidence). Anything Trump did wrong, Hillary did worse and therefore we should ignore Trump's wrongdoing, any foreign influence in our elections, and we shouldn't talk about how all that Russian propaganda was allowed to go unchecked and was even promoted by right-wing media. Trump's lawyer getting millions in cash through a shell company from people with interests in influencing the government policy? We should not care, because Russians donated to the Clinton's charity with no evidence whatsoever that she, personally, benefited from it or that she was influenced by it. The President bragging about sexually assaulting women? Clinton. The President calling the free press the enemies of the American people? Clinton.

Also, do you have a source on Clinton's server being hacked? We know Russia hacked the state department email system, but that Clinton's server was hacked is new. Or are you just referring to the phishing emails that they found?

Trump is an amoral authoritarian President who is part of an amoral authoritarian party who will do absolutely anything they can to keep white men in power.

(required) • May 9, 2018 2:05 PM

Fortunately his attempts at totalitarianism will be short lived, mostly in Leavenworth.

Julian Assange was right. Credit where due.

Dan H • May 9, 2018 2:20 PM

@Anura

You're a left wing idealist. But you really believe all these companies and governments are hacked, yet the pretend US Secretary of State with an unsecured email server wasn't hacked? That is ludicrous.

Even Comey in a brief said it was highly probable her server was hacked.

So again, (required) won't accept that Hillaryous gave away top secret information.

I don't notice any totalitarianism from Trump. That is left wing hysteria.

Anura • May 9, 2018 2:29 PM

@(required)

I wouldn't bet on it. My prediction is that there will be a hung jury in every major trial in this case, just due to the political nature of it. I'm pretty sure this is the objective in smearing the FBI investigations. Trump will not be convicted by the Senate, and no one will really face consequences. Republican propaganda has created an environment where they can act with impunity and not face consequences from their voters (even in the case of child molestation or assaulting journalists).

If the FBI started investigating journalists who were critical of Trump and Republicans and arrested them on whatever they could find or planted evidence if they couldn't, there would be absolutely nothing to stop them. Republicans already convinced themselves that the country would be better off if San Francisco was nuked, that most Americans are not Real Americans™, that all of their problems are caused by a lack of "traditional family values" (aka Nazi values), feminists, minorities, and anything that limits the ability of white men to make money without concern for the consequences.

@Dan H

I asked for evidence; you responded with assumptions.

I don't notice any totalitarianism from Trump

I don't believe I said totalitarianism.

(required) • May 9, 2018 2:39 PM

@Anura Thankfully it will be more than a single trial, and more than a single conviction.
They build on each other. The full volume of truths is insurmountable in this case.

DanH is obviously not able to function in honest society, just another victim of Fox News.
- Or from their perspective, another addict of an invented reality that doesn't exist, another easy mark without the mental faculties to gauge truth or fact whatsoever. Low lying fruit.

What good is securing voting if "useful" dishonest anti-intellectuals like Dan become the norm?

Vote security is important and a basic function, and so is truthful verifiable information.
It seems the Fox News crowd has evolved away from that requirement. It's a problem.
Over 50% of their claims are reported as "lies" by independent fact checkers.

This on the "most popular" news network in the country? This too must change.
The source of this brain damage must be held accountable. It destroys any debate.

Clive Robinson • May 9, 2018 11:40 PM

@ Winter,

I think Trump is also driven by Obama Envy. Everything he does seems to be to "best" Obama.

It would appear that even the rightwing press in the UK are of that opinion.

The UK's Evening Standard has a main cartoon that depicts that very idea. It has an image of The Doh-gnarled saying "who will rid me of this evil regime" with his left arm cast wide as though pointing to his left where there is an image of Obama as a poster with his dates in office.

But as increasing numbers of Europeans are rralising, the undoing of anything Obama appears to be The Doh-gnarled's only policy, that he intends to follow.

Which will no doubt please the GOP and it's more rightwing associates, as they can just sit there and let it happen, whilst pretending there is nothing they can do to stop him.

So yes The Doh-gnarled is most definitely "A usefull fool/idiot" for the likes of the Koch Brothers and similar. A point I wish the US voters would get to understand before they vote, as it realy does not bode well for the 99% of them.

Bong-Smoking Primitive Monkey-Brained Spook • May 10, 2018 1:15 AM

@Sancho_P,

[didn't find a rhyme ending in "- may trump" ;-) ]

Go to [www.rhymezone.com]
Type "may trump" in the box
Hit the button that's labeled "Rhymes"
Find a rhyme that ends with one of the list items

Kind of a birthday attack approach ;)

Dan H • May 10, 2018 6:55 AM

@(required)
Since this is a security forum we will narrow this down to one specific security-releated topic that you've ignored.

Hillaryous had an illegal email server that would never have been sanctioned by State, but to control communications for her own benefit, she ignored the law and proceeded to install an unsecured email server. Never mind the fact it is a conscious decision and not easy to move data from a secured network for Top Secret and compartmentalized classifications to an unsecured public network.

Various branches of the government, State, White House, OPM, and commercial entities such as, Jimmy Johns, Sears, Wendy's, Best Buy, Sony, Yahoo, eBay, Equifax, Target, Uber, JP Morgan Chase, ad nauseam, have been hacked. All of these companies had security in place, something that Hillaryous didn't have. Yet they were hacked.

How do you reasonably explain that government branches and businesses with any modicum of security were able to be hacked, yet the US Secretary of State who is one of the most powerful people on the planet, and a rich target, was able to stay impervious to hacking with an unsecured Windows email server?

Remember, in one of Comey's drafts (before it was edited by the anti-Trump FBI agent Storczyk), he said it was highly probable that her email server was hacked.

Also, there was inconsistent metadata from her computer suggesting it was tampered with, but the FBI never bothered to investigate that anomally (we all know why).

So, please, how Hillaryous able to keep her unsecured email server from being hacked? (hint: it was hacked. saying it wasn't defies logic)

echo • May 10, 2018 8:12 AM

@Dan H

I cannot speak much of US law but in the UK I suspect in common law there would need to be a discussion about intent, the balance of duty and expertise and negligience, and public interest. From what I understand the FBI line was there was not prosecutable case which amounts to something similar. There is also a human/civil rights angle. In the UK parliament has been in hot water for instititional sexism. This is one of those tricky subjects because it involves a lot of preconceptions and developmental psychology and historical and legal drift. My sense is the US is not different from anywhere else in this respect.

Given a lot of IT is not fit for purpose (from the monster C++ has become through to OS and the latest CPU scandals) I would suggest vendors bear some responsibility otherwise this becomes victimisation for walking down a dark alley in a short skirt syndrome.

Speaking of which after faffing with my ISPs modem this week I discovered they had greyed out the insecure wifi option which was nice of them. I also read they block certain "high risk in practice" ports at the network level. This default can be inconvenient but it means nobody is going to have an accident. If you need certain services (such as Samba) to be accessible to the wider internet this has to be a deliberate none routine choice and assumes a certain level of expertise and forwarning, and an opportunity to take necessary precautions.

Sancho_P • May 10, 2018 5:03 PM

@Bong-Smoking Primitive Monkey-Brained Spook

Thanks for the link!
You know, what I wanted to convey was something like:
“Revealing Hillaryous dirt may even Trump a cybersecurity breach”.
Hard to make it a rhyme. Maybe it’s stupid.
Mind you, I’m neither pro nor contra, I was simply horrified by the options.

(required) • May 10, 2018 7:12 PM

@DanH

"Since this is a security forum we will narrow this down to one specific security-releated topic that you've ignored."

No, we won't. You'll blather on about Hillary Clinton like an idiot lost in time.

FTFY

bttb • May 11, 2018 12:02 PM

regarding: Russian Targeting of Election Infrastructure During the 2016 Election, here is a perspective from the US Senate

From emptywheel on 9 May:
"The Senate Intelligence Committee released a 6-page report, titled “Russian Targeting of Election Infrastructure During the 2016 Election: Summary of Initial Findings and Recommendations,” on how to secure elections last night.

While it is carefully hedged (noting that states may have missed forensic evidence and new evidence may become available), it confirms that “cyber actors affiliated with the Russian Government” conducted the operation and that no “vote tallies were manipulated or [] voter registration information was deleted or modified.” It says the intrusions were “part of a larger campaign to prepare to undermine confidence in the voting process,” but in its admission that, “the Committee does not know whether the Russian government-affiliated actors intended to exploit vulnerabilities during the 2016 elections and decided against taking action,” doesn’t explain that the reason Russia would have decided against action was because Trump won.

The report is laudable for the care with which it describes the various levels of intrusion: scan, malicious access attempts, and successful access attempts. As it concludes, in a small number of states (which must be six or fewer), hackers could have changed registration data, but could not have changed vote totals.

'In a small number of states, Russian-affiliated cyber actors were able to gain access to restricted elements of election infrastructure. In a small number of states, these cyber actors were in a position to, at a minimum, alter or delete voter registration data; however, they did not appear to be in a position to manipulate individual votes or aggregate vote totals.'

Among its recommendations, the report suggests that,

'Election experts, security officials, cybersecurity experts, and the media should develop a common set of precise and well-defined election security terms to improve communication.'

This would avoid shitty NBC reporting that falsely leads voters to believe over 20 states were successfully hacked.

Ultimately, though, this report offers weak suggestions, using the word “should” 18 times, never once calling on Congress to fulfill some of its recommendations (such as providing resources to states), and simply suggesting that the Executive warn of consequences for further attacks.

'U.S. Government should clearly communicate to adversaries that an attack on our election infrastructure is a hostile act, and we will respond accordingly.'

Predictably (especially coming from a Chair whose own reelection in 2016 is due, in part, to his party’s abuse of North Carolina’s administration of elections, the report affirms the importance of states remaining in charge.

'States should remain firmly in the lead on running elections, and the Federal government should ensure they receive the necessary resources and information.'

I guess Richard Burr would like the Federal government to give his colleagues more money to disenfranchise brown people.

But it’s not just in its weak suggestions that the report falls short. There are two significant silences that discredit the report as a whole: Mitch McConnell, and vendors." ...
[www.emptywheel.net]
and Select Senate Intelligence Committee ("'SSIC'") report
[www.burr.senate.gov]

Bruce Schneier • May 11, 2018 7:14 PM

Please take the political discussions elsewhere.

I thought about deleting half the comments above, but decided instead to put a line here. No more, please.

(required) • May 12, 2018 3:39 PM

So we can't talk about politics so nobody mention the fact that the current sitting President sought and accepted help from foreign hacker groups to undermine his political opponent with stolen correspondence, bragged about it on national television, and has steadfastly refused to either investigate the issue competently or do anything at all to secure either voting systems or communication systems in the year plus interim, and has pushed a campaign to disenfranchise legitimate voters instead.

Treason is politically defended now. And we expect a technological solution? Ha. Right.

Jim • May 14, 2018 8:39 AM

There are two distinct problems here:
1) Campaign security. As Hillary found out to her dismay, hacking private e-mail accounts (such as the DNC) and selling/leaking that information IS a new form of leak and it can have impacts on an election. So, if campaigns or parties don't take security seriously, they're taking a HUGE risk. They may prefer to spend their mountains of money on annoying TV ads and expensive print 'slicks' instead of decent security, but it can bite them in the butt if their candidate's shady back room deals appear on the front page.

2) Election/registration security. The problem of securing the actual voting and registration processes is quite different and IS a government problem. The thing that makes this so challenging is that the US doesn't have ONE election system, it has over 50 different systems in 50 states. More than that, within each of those states, the systems vary by county or district. So, we literally have hundreds of different systems, run by different organizations, with different funding and policies. Probably the best we can do is for the federal government to stress the importance, provide some best practices, and share information on issues. The state level can do likewise, but may need to fund security support in some counties that are simply too small/poor to do what's necessary.

Wim Ton • May 15, 2018 6:01 AM

Is the majority of fraud not performed before the actual election? For example by manipulation of district boundaries and by preventing the 'wrong' people to vote?

Subscribe to comments on this entry

Leave a comment

← Ray Ozzie's Encryption Backdoor Virginia Beach Police Want Encrypted Radios →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.