Overnight Cybersecurity: Recounts spark new fight over vote integrity

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORY:

ELECTION RECOUNTS: On the left, the "audit the vote" movement believes that Hillary ClintonHillary Diane Rodham ClintonDemocrats' 2020 Achilles's heel: The Senate Democrats' 2020 Achilles's heel: The Senate House Intel Republican: 'Foolish' not to take info on opponent from foreign ally MORE won the election and that hacks or tampering may have been behind Donald TrumpDonald John TrumpTrump cites tax cuts over judges as having biggest impact of his presidency Trump cites tax cuts over judges as having biggest impact of his presidency Ocasio-Cortez claps back at Trump after he cites her in tweet rejecting impeachment MORE's victory.

Those concerns are getting new attention after Green Party presidential nominee Jill Stein filed for a recount in Wisconsin over the weekend and in Pennsylvania on Monday.

ADVERTISEMENT

But there is still no evidence that any vote machine hacking took place in Wisconsin, Michigan or Pennsylvania - just as there is no evidence of Donald Trump's claim that fraudulent voting gave Hillary Clinton the popular vote.

In fact, county-by-county in Wisconsin, Clinton's results parallel Mary Burke's, the 2014 Dem gubernatorial candidate with only a few exceptions. Trump overperformed in rural Ashland county, the second-least prosperous county in the state.

To read our piece on vote hacking fears and why they may be far-fetched, click here.

STEIN'S RECOUNT TOUR HEADS TO PENNSYLVANIA: Green Party presidential nominee Jill Stein, who organized the Wisconsin recount, announced Monday that she filed for a recount in Pennsylvania. "Americans deserve a voting system we can trust," she said in a press release. "After a presidential election tarnished by the use of outdated and unreliable machines and accusations of irregularities and hacks, people of all political persuasions are asking if our election results are reliable. We must recount the votes so we can build trust in our election system."

EXPERTS SAY: Interest in the recounts accelerated after a New York Magazine article mentioned that election experts, including voting machine hacking expert J. Alex Halderman, had a conference call with the Clinton campaign to suggest that irregular voting totals could only be the result of hacking. But Halderman posted to Medium the day before Thanksgiving to dismiss that characterization. "That article, which includes somebody else's description of my views, incorrectly describes the reasons manually checking ballots is an essential security safeguard," he wrote.

"Were this year's deviations from pre-election polls the results of a cyberattack? Probably not," he added. "I believe the most likely explanation is that the polls were systematically wrong, rather than that the election was hacked. But I don't believe that either one of these seemingly unlikely explanations is overwhelmingly more likely than the other."

A HACK THEORY: In his Medium post, Halderman describes how he thinks the machines could have been hacked on a wide scale, sharing an important theory. Even though experts agree that machines are easy to hack one at a time, machines are not connected to the internet. That means they typically need to be hacked in person, one at a time. Halderman says that he believes a virus could be placed on the cartridge used to upload the ballot to the voting machine, infecting each machine as it was formatted with the new candidate names.

But Princeton Professor Andrew Appel testified before Congress this year that this type of attack had only been demonstrated on one model of voting machine, used primarily in Georgia. That machine is used, sparingly, in Wisconsin. Three of Wisconsin's more than 70 counties use it as an accessible option for disabled or hard of vision voters, almost always in conjunction with another type of machine available for voters who can use an optical scan system.

That machine was only used in areas with a population totaling 300,000, including kids, non-voters and those casting Republican ballots. In a state with a population of around six million, where polls predicted Clinton would win by 6.5 percentage points, that wouldn't have been a sound strategy for gaining the 200,000 needed votes. 

FUNDRAISING OFF RECOUNTS: Jill Stein was able to get the money for the recounts thanks to an aggressive online fundraising effort. Now, the Republican National Committee (RNC) is fundraising off the recount she requested in Wisconsin. The RNC's message urges supporters to donate to a "Recount Defense Fund" to counter Stein and Democratic nominee Hillary Clinton. "[H]elp us fight back against Hillary Clinton and her allies as they drag our country through a pointless recount," said the email from Chris Carr, the RNC's political director. "Even Hillary's legal counsel admitted that there is no 'actionable evidence of hacking' of voting machines. This recount is nothing but a distraction -- and a preview of the lengths to which liberals are willing to go over the next four years to try to stop us."

IN DEFENSE OF AUDITS: Pollster Nate Silver, who firmly believes there is no evidence of election hacking, wrote  "In many ways, undertaking an audit of the election results is tantamount to performing a test for a rare but potentially fatal disease."

 

WHAT YOU MISSED OVER THANKSGIVING BREAK:

-- NEW YORKER CLAIMS FLYNN PLAYED FAST AND LOOSE WITH CYBERSECURITY: General Michael Flynn, President-elect Donald Trump's pick for national security adviser, reportedly circumvented rules he did not like in his former military job - including installing internet access to his office at a facility that was supposed to secured from the internet. In theory, the moves could have put countless secrets at risk. 

--BLETCHLEY PARK OPENS CYBER SCHOOL: The infamous home to top secret code-breaking efforts during World War II could become a school to teach cybersecurity skills to 16- to 19-year-olds. The National College of Cybersecurity, developed by an industry nonprofit, is slated to open in 2018 -- and would select students based on aptitude, not academic record, according to the BBC.

--THANKSGIVING ATTACK HITS EUROPEAN COMMISSION: One of the governing bodies of the EU lost internet access on Thursday due to a distributed denial of service (DDoS) attack. In a DDoS attack, large networks of hijacked computers flood targets with so much traffic they can no longer function correctly.

--SAN FRANCISCO LIGHT RAIL FALTERS FROM RANSOMWARE: Riders of the San Francisco Muni received free rides after ransomware encrypted files on 2,000 computers. The attacker or attackers first claimed they would restore the files for roughly $70 thousand in bitcoin, later claiming they would dump 30 gigabytes of data if the ransom was not received.

 

A LIGHTER CLICK:

--TRANSITION TEAM NEWS. I hope you like ham.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

WikiLeaks on Monday released more than 500,000 diplomatic cables from President Jimmy Carter's administration. (The Hill)

The Department of Justice responds to critics of the "Rule 41" changes easing law enforcement hacking in a blog post. (The Hill)

Tech leaders lack the nuance to be politicians. In other news, politicians are nuanced? (FT)

Hacker Lexicon: What is perfect forward secrecy? (Wired)

Stop holding secret documents in ways they can be photographed. This is just going to keep happening. (The Guardian) 

The New York Times Editorial Board likes the Pentagon's bug bounty program. (NYT)

 

If you'd like to receive our newsletter in your inbox, please sign up here.