8LAhGN3Y

1a. In August 2016, it was widely reported that foreign operators breached voter
2registration databases in at least two states and stole hundreds of thousands of
3voter records.
4
5Petitioner Jill Stein alleges and shows to the Wisconsin Elections Commission:
61. That Petitioner was a candidate for the office of the President of the United States in an
7election held on November 8, 2016;
82. That Petitioner is informed and believes that an irregularity has occurred affecting all
9wards in Wisconsin in the counting and return of votes cast for the office of President;
103. The Petitioner is informed and believes that:
11
12a. In August 2016, it was widely reported that foreign operators breached voter
13registration databases in at least two states and stole hundreds of thousands of
14voter records.
15
16b. Around that time, hackers infiltrated the e-mail systems of the Democratic
17National Committee and a campaign official for Democratic presidential
18candidate Hillary Clinton. These e-mails were then published online.
19
200. On October 7, 2016, the Department of Homeland Security (DHS) and the Office
21of the Director of National Intelligence on Election Security issued a joint
22statement regarding these breaches. The statement reads, in pertinent part, as
23follows: “The US. Intelligence Community (USIC) is confident” that there have
24been “recent compromises of e-mails from US persons and institutions, including
25from US political organizations.” It also states that “[t]hese thefts and disclosures
26are intended to interfere with the US election process” and that “similar tactics
27and techniques [have been used] across Europe and Eurasia . . . to influence
28public opinion there.” In the statement, DHS urges state election officials “to be
29vigilant and seek cybersecurity assistance” from that agency in preparation for the
30presidential election.
31
32d. Wisconsin uses two forms of electronic voting machines—optical scan and direct-
33recording electronic (DRE)—both of which are susceptible to compromise. For
34the last decade, computer scientists have warned about the vulnerabilities of these
35machines, including that they can be breached without detection and even after
36certain security measures are put in place.
37
38e. In Wisconsin, there is evidence of voting irregularities in the 2016 presidential
39election that indicate potential tampering with electronic voting systems.
40Specifically, there was a significant increase in the number of absentee voters as
41compared to the last general election. This significant increase could be attributed
42to a breach of the state’s electronic voter database.
43
44f. The well-documented and conclusive evidence of foreign interference in the
45presidential race before the election, along with the irregularities observed in
46Wisconsin, call into question the results and indicate the possibility that
47widespread breach occurred.
48
49g. A hand count of paper ballots, including those used in optical scan machines, and
50a review of the paper record from DRE machines are necessary to make this
51determination. Without utilizing these methods, a recount would not exclude the
52possibility of a breach that resulted in a miscounting of votes; and
53
544. Attached as Exhibit 1, and incorporated fully herein, is the affidavit of J. Alex
55Halderman, Ph.D., a Professor of Computer Science and Engineering and the Director of
56the Center for Computer Security and Society at the University of Michigan in Ann
57Arbor, Michigan, that details the basis for of my belief for the statements set forth in
58paragraph 3 above.
59
60Exhibit 1
61
62
63
64Context: Cyberattacks and the 2016 Presidential Election
65
666. The 2016 presidential election was subject to unprecedented cyberattacks
67apparently intended to interfere with the election. This summer, attackers broke into the email
68system of the Democratic National Committee and, separately, into the email account of John
69Podesta, the chairman of Secretary Clinton’s campaign. Exhibits B and C. The attackers leaked
70private messages from both hacks. Attackers also infiltrated the voter registration systems of
71two states, Illinois and Arizona, and stole voter data. Exhibit D. The Department of Homeland
72Security has stated that senior officials in the Russian government commissioned these
73attacks. Exhibit E. Attackers attempted to breach election offices in more than 20 other
74states. Exhibit F.
75
767. Russia has sophisticated cyber-offensive capabilities, and it has shown a
77willingness to use them to hack elections elsewhere. For instance, according to published
78reports, during the 2014 presidential election in Ukraine, attackers linked to Russia sabotaged
79Ukraine’s vote-counting infrastructure, and Ukrainian officials succeeded only at the last minute
80in defusing vote-stealing malware that could have caused the wrong winner to be
81announced. Exhibit G. Countries other than Russia also have similarly sophisticated
82cyberwarfare capabilities.
83
848. If a foreign government were to attempt to hack American voting machines to
85influence the outcome of a presidential election. one might expect the attackers to proceed as
86follows. First. the attackers might probe election offices well in advance to find ways to break
87
88into the computers. Next, closer to the election, when it was clear from polling data which states
89would have close electoral margins, the attackers might spread malware into voting machines
90into some of these states, manipulating the machines to shifl a few percent of the vote to favor
91their desired candidate. This malware would likely be designed to remain inactive during pre-
92election tests, perform its function during the election, and then erase itself afier the polls
93closed. One would expect a skilled attacker’s work to leave no visible signs, other than a
94surprising electoral outcome in which results in several close states differed from pre-election
95polling.
96The Vulnerability of American Voting Machines to Cyberattack
97
989. As I and other experts have repeatedly documented in peer-reviewed and state-
99sponsored research, American voting machines have serious cybersecurity problems. Voting
100machines are computers with reprogrammable software. An attacker who can modify that
101sofiware by infecting the machines with malware can cause the machines to provide any result of
102the attacker’s choosing. As 1 have demonstrated in laboratory tests, in just a few seconds,
103anyone can install vote-stealing malware on a voting machine that silently alters the electronic
104records of every vote.I
105
10610. Whether voting machines are connected to the lntemet is irrelevant. Shortly
107before each election, poll workers copy the ballot design from a regular desktop computer in a
108government office and use removable media (akin to the memory card in a digital camera) to load
109the ballot design onto each machine. That initial computer is almost certainly not well enough
110secured to guard against attacks by foreign governments. If technically sophisticated attackers
111
112infect that computer, they can spread vote-stealing malware to every voting machine in the
113area. Technically sophisticated attackers can accomplish this with ease.
114
115I 1. While the vulnerabilities of American voting machines have been known for some
116time, states’ responses to these vulnerabilities have been patchy and inconsistent at best. Many
117states, including Wisconsin, continue to use out-of-date machines that are known to be insecure.
118Examining the Paper Record Is the Only Way to Ensure the Integrity of the Result
119
12012. Paper ballots are the best and most secure technology available for casting
121votes. Optical scan voting allows the voter to fill out a paper ballot that is scanned and counted
122by a computer. Electronic voting machines with voter-verified paper audit trails allow the voter
123to review a printed record of the vote he has just cast on a computer. Only a paper record
124documents the vote in a manner that cannot later be modified by malware or other forms of
125cyberattacks.
126
12713. One explanation for the results of the 2016 presidential election is that
128cyberattacks influenced the result. This explanation is plausible, in light of other known
129cyberattacks intended to affect the outcome of the election; the profound vulnerability of
130American voting machines to cyberattack; and the fact that a skilled attacker would leave no
131outwardly visible evidence of an attack other than an unexpected result.
132
13314. The only way to determine whether a cyberattack affected the outcome of the
1342016 presidential election is to examine the available physical evidence—that is, to count the
135paper ballots and paper audit trail records, and review the voting equipment, to ensure that the
136votes cast by actual voters match the results determined by the computers. For ballots cast
137through optical scanners, a manual recount of the paper ballots, without relying on the electronic
138equipment, must occur. Using the electronic equipment to conduct the recount, even afier first
139
140evaluating the machine through a test deck, is insufficient. Attackers intending to commit a
141successful cyberattack could, and likely would, create a method to undermine any pre-tests. For
142votes cast on electronic voting machines, the paper audit trail records must be counted, since the
143electronic records stored in the machines could have been manipulated in an attack. Voting
144equipment that might yield forensic evidence of an attack includes the voting machines,
145removable media, and election management system computers. Paper ballots, paper audit trails,
146and voting equipment will only be examined in this manner if there is a recount.
147
14815. A recount is the best way, and indeed the only way, to ensure public confidence
149that the results are accurate, authentic, and untainted by interference. It will also set a precedent
150that may provide an important deterrent against cyberattacks on future elections.
151
152Exhibit A
153
154Exhibit B
155
1563
157HERE S WHAT WE KNOW ABOUT RUSSIA AND THE DNC
158@ GETTY IMAGES
159A s T H E n E M o I: RAT I I: National Convention continues its week—long stay in
160Philadelphia, accusations of Russian hacking continue to cloud the proceedings. At
161this point, it seems likely that Russia is responsible. What’s less clear is what that will
162mean going forward.
163It’s been a bad stretch for the Democratic National Committee. Hackers broke into its
164servers months ago, stealing private emails, opposition research, and campaign
165correspondence. Last Friday, Wikileaks made nearly 20,000 of those private emails
166public, revealing embarrassing details of the political machine’s inner workings. DNC
167official allege that the Russian government is behind the breach. The New York Times
168reports that US intelligence agencies increasingly share that opinion. According to a
169number of top cybersecurity researchers, they’re probably right.
170A Brief History of a Hack
171
172News of the hack of the Democratic National Committee first broke in mid—June.
173That’s when Crowdstrike, a firm that analyzes threats to network security, revealed
174that the DNC had called it in to inspect the party’s servers, where it found “two
175separate Russian intelligence-affiliated adversaries present in the DNC network.”
176Crowdstrike released a comprehensive report of its findings on June 14, which
177accompanied a Washington Post article detailing the attacks. One of the hacking
178groups, Crowdstrike found, had access to the DNC servers for almost a year.
179
180A day after that report, someone calling themselves Guccifer 2.0 (an allusion to
181notorious hacker Guccifer) claimed responsibility for the hack in a blog post. Through
182the blog and an accompanying Twitter account, Guccifer 2.0 refuted Crowdstrike’s
183claims that this was a Russian operation, instead calling himself a “lone hacker.” He
184also claimed to have handed much of the DNC bounty to Wikileaks.
185
186The following week, two cybersecurity firms, Fidelis Cybersecurity and Mandiant,
187independently corroborated Crowdstrike’s assessment that Russian hackers
188infiltrated DNC networks, having found that the two groups that hacked into the DNC
189used malware and methods identical to those used in other attacks attributed to the
190same Russian hacking groups.
191
192But some of the most compelling evidence linking the DNC breach to Russia was
193found at the beginning of July by Thomas Rid, a professor at King’s College in
194London, who discovered an identical command—and—control address hardcoded into
195the DNC malware that was also found on malware used to hack the German
196Parliament in 2015. According to German security officials, the malware originated
197from Russian military intelligence. An identical SSL certificate was also found in both
198breaches.
199
200The evidence mounts from there. Traces of metadata in the document dump reveal
201various indications that they were translated into Cyrillic. Furthermore, while
202Guccifer 2.0 claimed to be from Romania, he was unable to chat with Motherboard
203journalists in coherent Romanian. Besides which, this sort of hacking wouldn’t
204exactly be outside of Russian norms.
205
206“It doesn’t strain credulity to look to the Russians,” says Morgan Marquis—Boire, a
207malware expert with CitizenLab. “This is not the first time that Russian hackers has
208been behind intrusions in US government, and it seems unlikely that it will be the
209last.” Last year Russian hackers were able to breach White House and State
210
211Department email servers, gleaming information even from President Obama’s
212Blackberry.
213
214Meanwhile, the Kremlin has denied Russian involvement in the DNC breach. But the
215reverberations continue; DNC Chairwoman Debbie Wasserman Schultz will resign at
216the end of the week, after emails revealed what many view as the unfair treatment of
217Bernie Sanders.
218
219From Russia With Love
220
221As compelling as the evidence is, there’s still a small amount of room to argue that
222Guccifer 2.0 was a lone actor, an individual motivated by hacktivist ideals of
223dismantling state power. He wouldn’t be the first. And in a recent interview on NBC,
224Julian Assange of Wikileaks gave a soft disavowal of claims that his whistleblowing
225organization is in cahoots with Russian intelligence, “Well, there is no proof of that
226whatsoever,” he said. “We have not disclosed our source, and of course, this is a
227diversion that’s being pushed by the Hillary Clinton campaign.”
228
229This is, of course, the same Assange who boasts responsibility for helping find
230Snowden a home in Russia and Wikileaks publicly criticized the Panama Papers for
231implicating Putin in financial misdeeds. He’s also an outspoken frequent critic of
232Hillary Clinton’s time at the State Department. A damning document dump the
233weekend before Clinton’s nomination arguably aligns with both Russian interests and
234his own.
235
236If the allegations do prove correct, this is an unprecedented step for Russia. Hacking
237is nothing new, but publicizing documents to attempt to sway an election certainly is.
238Putin would clearly prefer a Trump presidency. The billionaire Republican candidate
239is a longtime admirer of Putin’s, and has publicly stated that he wouldn’t necessarily
240defend NATO allies against a Russian invasion. To top it all off, Trump’s campaign
241manager, Paul Manafort, formerly worked as an advisor to Viktor Yanukovych, the
242Russian-backed President of Ukraine before he was ousted in 2014.
243
244“Due to the nature and timing of this hack, it all seems very political,” says Marquis-
245Boire.
246
247And there’s a whole lot of election left—and likely more leaks to come with it. On
248Sunday, a Twitter user asked Wikileaks if more DNC leaks were on their way. The
249reply: “We have more coming.”
250
251Update: In a press conference Wednesday, Republican presidential candidate Donald
252Trump invited Russia to retrieve “missing” emails from Hillary Clinton’s campaign
253and release them. Cybersecurity experts described the remarks as “unprecedented”
254and “possibly illegal.”
255
256Exhibit C
257
258Pr1vate Securlty Group Says Russ1a
259
260O , 0
261Was Behlnd John Podesta s Emall
262Hack
263By NICOLE PERLROTH and MICHAEL D. SHEAR OCT. 20, 2016
264SAN FRANCISCO — At the start of 2014, President Obama assigned his trusted
265counselor, John D. Podesta, to lead a review of the digital revolution, its potential
266and its perils. When Mr. Podesta presented his findings five months later, he called
267the internet’s onslaught of big data “a historic driver of progress.” But two short
268years later, as chairman of Hillary Clinton’s presidential campaign, Mr. Podesta
269would also become one of the internet’s most notable victims.
270
271On Thursday, private security researchers said they had concluded that Mr.
272Podesta was hacked by Russia’s foreign intelligence service, the GRU, after it tricked
273him into clicking on a fake Google login page last March, inadvertently handing over
274his digital credentials.
275
276For months, the hackers mined Mr. Podesta’s inbox for his most sensitive and
277potentially embarrassing correspondence, much of which has been posted on the
278WikiLeaks website. Additions to the collection on Thursday included three short
279
280email exchanges between Mr. Podesta and Mr. Obama himself in the days leading up
281to his election in 2008.
282
283Mr. Podesta’s emails were first published by WikiLeaks earlier this month. The
284release came just days after James R. Clapper J r., the director of national
285intelligence, and the Department of Homeland Security publicly blamed Russian
286officials for cyberattacks on the Democratic National Committee, in what they
287described as an effort to influence the American presidential election.
288
289To date, no government officials have offered evidence that the same Russian
290hackers behind the D.N.C. cyberattacks were also behind the hack of Mr. Podesta’s
291emails, but an investigation by the private security researchers determined that they
292were the same.
293
294Threat researchers at Dell SecureWorks, an Atlanta-based security firm, had
295been tracking the Russian intelligence group for more than a year. In June, they
296reported that they had uncovered a critical tool in the Russian spy campaign.
297SecureWorks researchers found that the Russian hackers were using a popular link
298shortening service, called Bitly, to shorten malicious links they used to send targets
299fake Google login pages to bait them into submitting their email credentials.
300
301The hackers made a critical error by leaving some of their Bitly accounts public,
302making it possible for SecureWorks to trace 9,000 of their links to nearly 4,000
303Gmail accounts targeted between October 2015 and May 2016 with fake Google login
304pages and security alerts designed to trick users into turning over their passwords.
305
306Among the list of targets were more than 100 email addresses associated with
307Hillary Clinton’s presidential campaign, including Mr. Podesta’s. By June, 20 staff
308members for the campaign had clicked on the short links sent by Russian spies. In
309June, SecureWorks disclosed that among those whose email accounts had been
310targeted were staff members who advised Mrs. Clinton on policy and managed her
311travel, communications and campaign finances.
312
313Two security researchers who have been tracking the GRU’s spearphishing
314campaign confirmed Thursday that Mr. Podesta was among those who had
315inadvertently turned over his Google email password. The fact that Mr. Podesta was
316among those breached by the GRU was first disclosed Thursday by Esquire and the
317Motherboard blog, which published the link Russian spies used against Mr. Podesta.
318
319“The new public data confirming the Russians are behind the hack of John
320Podesta’s email is a big deal,” Jake Sullivan, Mrs. Clinton’s senior policy adviser, said
321Thursday. “There is no longer any doubt that Putin is trying to help Donald Trump
322by weaponizing WikiLeaks.”
323
324The new release of Mr. Podesta’s email exchange with Mr. Obama from 2008
325made clear that Mr. Obama’s team was confident he would win.
326
327In one of the emails, Mr. Podesta wrote Mr. Obama a lengthy memo in the
328evening on Election Day recommending that he not accept an invitation from
329President George W. Bush to attend an emergency meeting of the Group of 20
330leaders.
331
332“Attendance alongside President Bush will create an extremely awkward
333situation,” the memo said. “If you attempt to dissociate yourself from his positions,
334you will be subject to criticism for projecting a divided United States to the rest of
335the world. But if you adopt a more reserved posture, you will be associated not only
336with his policies, but also with his very tenuous global standing.”
337
338The White House did not respond to questions about the email.
339
340Correction: October 22, 2016
341
342An article on Friday about suspected email hacking by Russia’s foreign intelligence
343service misstated the name of one organization that first disclosed that a presidential
344counselor, John D. Podesta, was among those whose accounts were breached. The blog
345is Motherboard, not VICE Motherload.
346
347Nicole Perlroth reported from San Francisco, and Michael D. Shear from Washington.
348Follow The New York Times’s politics and Washington coverage on Facebook and
349Twitter, and sign up for the First Draft politics newsletter.
350
351A version of this article appears in print on October 21, 2016, on page A14 of the New York edition with
352the headline: Private Security Group Says Russia Was Behind Hack of Clinton Campaign Chairman.
353
354Exhibit D
355
356NEWS AUG 30 2016, 4:54 AM ET
357Russians Hacked Two U.S. Voter
358Databases, OfflClaIS Say
359by ROBERT WINDREM, WILLIAM M. ARKIN and KEN DILANIAN
360mamas
361Hackers based in Russia were behind two recent attempts to breach state voter
362registration databases, fueling concerns the Russian government may be trying
363to interfere in the U.S. presidential election, U.S. intelligence officials tell NBC
364News.
365The breaches included the theft of data from as many as 200,000 voter records
366in Illinois, officials say.
367The incidents led the FBI to send a "flash alert" earlier this month to election
368officials nationwide, asking them to be on the lookout for any similar cyber
369intrusions.
370One official tells NBC News that the attacks have been attributed to Russian
371intelligence agencies.
372"This is the closest we‘ve come to tying a recent hack to the Russian
373government," the official said.
374That person added that "there is serious concern" that the Kremlin may be
375seeking to sow uncertainty in the U.S. presidential election process.
376
377Voters cast their ballots at ChiArts High School on March 15 in Chicago, Illinois. 3 Scott Olson /Getty
378Images
379Two other officials said that U.S. intelligence agencies have not yet concluded
380that the Russian government is trying to do that, but they are worried about it.
381
382They said the Russians have long conducted cyber espionage on political
383targets. The question now is whetherthey are moving into a covert intelligence
384operation designed to destabilize the US. political process.
385
386The alert, first reported by Yahoo News, provided IP addresses associated with
387the hack attempts, though it did not mention Russia.
388
389One of the IP addresses was involved in both breaches, the FBI alert said.
390
391"The FBI is requesting that states contact their Board of Elections and
392determine if any similar activity to their logs, both inbound and outbound, has
393been detected," the alert said.
394
395The bulletin does not identify the targeted states, but officials told NBC News
396they were Illinois and Arizona. Illinois officials said in July that they shut down
397their state‘s voter registration after a hack. State officials said Monday the
398hackers downloaded information on as many 200,000 people.
399
400State officials told the Chicago Tribune they were confident no voter record had
401been deleted or altered.
402
403In Arizona, officials said, hackers tried to get in using malicious software but
404were unsuccessful. The state took its online voter registration down for nine
405days, beginning in late June, after malware was discovered on a county election
406official‘s computer. But the state concluded that the system was not successfully
407breached.
408
409Those incidents led Homeland Security Secretary Jeh Johnson to host a call
410earlier this month with state election officials to talk about cybersecurity and
411election infrastructure.
412
413Johnson said DHS isn‘t aware of any specific cyber threat against election—
414related networks, but he urged officials to examine how to better secure their
415systems, according to a summary of the call put out by the department.
416
417US. intelligence officials have previously said Russian intelligence agencies
418were behind hacks into the Democratic National Committee and related
419organizations. There has been a long running debate among intelligence
420analysts about what Russia is up to.
421
422Voting systems have not been considered "critical infrastructure," by the
423Department of Homeland Security, so they are not subject to federal
424government protections.
425
426Independent assessments have found that many state and local voting system
427are extremely vulnerable to hacking. n.
428
429Exhibit E
430
431Joint Statement from
432the Department Of
433Homeland Security and
434Office of the Director of
435National Intelligence on
436Election Security
437
438Release Date: October 7, 2016
439
440For Immediate Release
441
442DHS Press Office
443
444Contact: 202-282-8010
445
446The US. Intelligence Community (USIC) is confident that the
447Russian Government directed the recent compromises of e-
448mails from US persons and institutions, including from US
449political organizations. The recent disclosures of alleged
450hacked e-mails on sites like DCLeaks.com and WikiLeaks
451and by the Guccifer 2.0 online persona are consistent with
452the methods and motivations of Russian-directed efforts.
453
454These thefts and disclosures are intended to interfere with the
455US election process. Such activity is not new to Moscow—the
456Russians have used similar tactics and techniques across
457Europe and Eurasia, for example, to influence public opinion
458there. We believe, based on the scope and sensitivity of
459these efforts, that only Russia's senior-most officials could
460have authorized these activities.
461
462Some states have also recently seen scanning and probing of
463their election-related systems, which in most cases originated
464from servers operated by a Russian company. However, we
465are not now in a position to attribute this activity to the
466Russian Government. The USIC and the Department of
467Homeland Security (DHS) assess that it would be extremely
468difficult for someone, including a nation-state actor, to alter
469actual ballot counts or election results by cyber attack or
470intrusion. This assessment is based on the decentralized
471nature of our election system in this country and the number
472of protections state and local election officials have in place.
473States ensure that voting machines are not connected to the
474Internet, and there are numerous checks and balances as
475well as extensive oversight at multiple levels built into our
476election process.
477
478Nevertheless, DHS continues to urge state and local election
479officials to be vigilant and seek cybersecurity assistance from
480DHS. A number of states have already done so. DHS is
481providing several services to state and local election officials
482to assist in their cybersecurity. These services include cyber
483“hygiene” scans of Internet-facing systems, risk and
484vulnerability assessments, information sharing about cyber
485incidents, and best practices for securing voter registration
486databases and addressing potential cyber threats. DHS has
487convened an Election Infrastructure Cybersecurity Working
488Group with experts across all levels of government to raise
489awareness of cybersecurity risks potentially affecting election
490infrastructure and the elections process. Secretary Johnson
491and DHS officials are working directly with the National
492Association of Secretaries of State to offer assistance, share
493
494information, and provide additional resources to state and
495local officials.
496
497Exhibit F
498
499US. official: Hackers targeted voter registration
500systems of 20 states
501
502In this June 5, 2015, file photo, the Homeland Security Department headquarters in northwest Washington. A Homeland Security
503Department official says hackers have targeted the voter registration systems of more than 20 states in recent months. FBI Director James
504Comey told lawmakers this week that the agency is looking “very, very hard" at Russian hackers who may try to disrupt the U.S. election.
505(Susan Walsh /AP)
506
507By Tribune news services
508SEPTEMBER 30, 2016, 4:42 PM l WASHINGTON
509
510I I ackers have targeted the voter registration systems of more than 20 states in recent months, a
511
512Homeland Security Department official said Friday.
513
514The disclosure comes amid heightened concerns that foreign hackers might undermine voter confidence in the
515integrity of US. elections. Federal officials and many cybersecurity experts have said it would be nearly
516impossible for hackers to alter an election's outcome because election systems are very decentralized and
517generally not connected to the internet.
518
519The official who described detecting the hacker activity was not authorized to speak publicly on the subject and
520spoke to The Associated Press on condition of anonymity. It was unclear, the official said, whether the hackers
521were foreign or domestic, or what their motives might be. ABC News earlier reported that more than 20 states
522were targeted.
523
524The FBI last month warned state officials of the need to improve their election security after hackers targeted
525systems in Illinois and Arizona. FBI Director James Comey told lawmakers this week that the agency is looking
526"very, very hard" at Russian hackers who may try to disrupt the US. election.
527
528Last month, Donald Trump, the GOP nominee for president, suggested that he feared the general election "is
529going to be rigged."
530
531The Homeland Security Department has stepped up its outreach to states and localities, but it is up to them to
532ask for help. So far, 19 states have expressed interest in a general "cyber hygiene" scan of key websites — akin to
533ensuring that windows in a home are properly closed, according to another Homeland Security official directly
534involved in securing local elections who also was not authorized to speak publicly about ongoing efforts.
535
536The FBI has detected a variety of "scanning activities" that are early indications of hacking, Comey told the
537House Judiciary Committee this week.
538
539The FBI held a conference call on Friday with the local officials who run elections in the battleground state of
540Florida. Meredith Beatrice, a spokeswoman for Secretary of State Ken Detzner, called it an "informational call
541related to elections security," but a person on the call who was not authorized to discuss it and requested
542anonymity said authorities had seen evidence of someone probing a local elections website.
543
544Homeland Security Secretary J eh Johnson spoke to state election officials by phone last month, encouraging
545them to implement existing technical recommendations to secure their election systems and ensure that
546electronic voting machines are not connected to the internet.
547
548DHS is offering states more comprehensive, on-site risk and vulnerability checks. Only four states have
549expressed interest in the assessment, and because the election is only weeks away, the department will likely
550only be able to conduct an assessment of one state before Election Day on Nov. 8, the official said.
551
552Two of the hacking attempts involved efforts to mine data from the Arizona and Illinois voter registration
553systems, according to Kay Stimson, a spokeswoman for the National Association of Secretaries of State. She
554said in Arizona a hacker tried to probe voter registration data, but never infiltrated the system, while in Illinois
555hackers got into the system, but didn't manipulate any data.
556
557These systems have "nothing to do with vote casting or counting," Stimson said in an email. "While it is
558theoretically possible to disrupt an election by infiltrating a voter registration system, their compromise would
559not affect election results" and there are system controls in place to catch any fraud.
560
561Rep. Henry Johnson, D-Ga., introduced two bills earlier this month that would require voting systems be
562designated as critical infrastructure and limit purchases of new voting systems that don't provide paper ballots,
563among other measures. It's unlikely the bills will be passed before the election.
564
565The Homeland Security Department is already considering designating voting systems as critical infrastructure
566in the future, though it is unlikely to happen before the election, the second official said.
567
568A presidential directive released in 2013 details 16 sectors that are considered critical infrastructure, including
569energy, financial services, healthcare, transportation, food and agriculture, and communications. The
570designation places responsibilities on the Homeland Security secretary to identify and prioritize those sectors,
571considering physical and cyber threats. The secretary is also required to conduct security checks and provide
572information about emerging and imminent threats.
573
574Associated Press
575
576Exhibit G
577
578. . .
579Ukraine election narrowly avonded
580I ' I
581wanton destruction from hackers
582.
583(+VIdeo)
584A brazen threepronged cyberrattack against iast month‘s Ukrainian presxdentiai
585eiections has set the worid on notice , and bears Russwan finger pr mts, some say.
586ByMarkClayton mH . i », .
587// w i
588j», a
589/ 5" ‘
590V
591/ ‘ .
592,- I
593Dawd MdzlnarlshvllI/Reuters \ VIEW Caption
594A three-pronged wave of cyber-attacks aimed at wrecking Ukraine’s
595presidential vote — including an attempt to fake computer vote totals — was
596narrowly defeated by government cyber experts, Ukrainian officials say.
597The still little-known hacks, which surfaced May 22-26, appear to be among
598the most dangerous cyber-attacks yet deployed to sabotage a national
599election — and a warning shot for future elections in the US and abroad,
600political scientists and cyber experts say.
601National elections in the Netherlands, Norway, and other nations have seen
602hackers probe Internet-tied election systems, but never with such
603destructive abandon, said experts monitoring the Ukraine vote.
604Remmmcndcd: How much do you know about cybersecurity? Take our
605quiz.
606“This is the first time we’ve seen a cyber-hacktivist organization act in a
607mn1:,.:,\....‘...,..m. mm}. .. "mm: No.1,. M m, M .WML .. Mama] “may“. »
608
609mauuuus way Uu sucu a giauu scale to uy w wreck a uauuual enecuuu,
610says Joseph Kiniry, an Internet voting systems cyber—security expert. “To
611hack in and delete everything on those servers is just pillaging, wanton
612destruction.”
613That wanton destruction began four days
614ahead of the national vote, when CyberBerkut, ‘
615a group of pro—Russia hackers, infiltrated
616Ukraine’s central election computers and
617deleted key files, rendering the vote—tallying
618system inoperable. The next day, the hackers
6191:51 voun KNOWLEDGE \ How much do
620declared they had “destroyed the computer you know about cybersecumy? Take
6210 F
622network infrastructure” for the election, u qmz
623spilling e—mails and other documents onto the . . ,
624. ' 2358,4157
625web as proof. ' ' . T’Mflfi“
626. -_ .i .
627r . r :34 T r . ‘
628‘ ‘ '-‘ s. Q.‘ ‘17.
629. . ' ’
630A day later, government officials said the , , |. _‘ .
631system had been repaired, restored from fl l '
632baCkuPSv and was ready to 30- 31“ it was jUSt IN PICTURES \ Ukraine 10 years m 30
633the beginning. wages
634w
635Only 40 minutes before election results were to
636go live on television at 8 pm, Sunday, May 25,
637u-u II
638a team ofgovernment cyber experts removed a -----u n-
639—-l M
640._.. u.
641“virus” covertly installed on Central Election —« I .-
642u—u - I-
643. . . . . “u - i.
644Commisswn computers, Ukrainian security vmeo , Ukrame ammo” ,esms
645officials said later. —
646If it had not been discovered and removed, the malicious software would
647have portrayed ultra—nationalist Right Sector party leader Dmytro Yarosh
648as the winner with 37 percent of the vote (instead of the 1 percent he
649actually received) and Petro Poroshenko (the actually winner with a
650majority of the vote) with just 29 percent, Ukraine officials told reporters
651the next morning.
652Curiously, Russian Channel One aired a bulletin that evening declaring Mr.
653Yarosh the victor with 37 percent of the vote over Mr. Poroshenko with 29
654percent, Ukraine officials said.
655“Offenders were trying by means of previously installed software to fake
656election results in the given region and in such a way to discredit general
657results of elections of the President of Ukraine,” the Ukrainian Security
658Service (SBU) said in a statement.
659Still, there was more to come.
660In the wee hours of the morning after polls closed, as results flowed in from
661Ukrainian election districts, Internet links feeding that data to the vote tally
662system were hit with a barrage of fake data packets — known as distributed
663denial of service (DDoS) attacks. So from about 1 to 3 a.m. on May 26,
664election results were blocked, delaying the finally tally until the early
665
666morning, a preliminary report by international election observers
667recounted.
668
669An analysis of the DDoS attack by Arbor Networks, a Burlington, Mass.,
670cyber—security company, ties it to CyberBerkut.
671
672In the end, international observers declared Ukraine’s vote “a genuine
673election.” But US researchers say it’s clear that Ukraine dodged a major
674cyber—bullet.
675
676“We’ve seen vote fraud before in Ukraine, including a rigged computer
677system in 2004,” says Peter Ordeshook, a California Institute of Technology
678political scientist. “But this wasn’t an effort to steal the election outcome, so
679much as to steal the election itself 7 by entirely discrediting it in the eyes of
680key segments of the population in Ukraine and in Russia, too.”
681
682While it was well understood across most of Ukraine and internationally
683that the far—right candidate Yarosh had little political support, the faked
684results would have lent credibility to Russian—inspired accounts that the
685popular revolt last fall against the Ukraine government was fomented by
686ultra—nationalists.
687
688“In that light, the cyber fakery looks incredibly clumsy from the outside
689because no one there would have believed it,” Dr. Ordeshook says. “But
690these faked results were geared for a specific audience in order to feed the
691Russian narrative that has claimed from the start that ultra—nationalists and
692Nazis were behind the revolution in Ukraine.”
693
694If the virus with the faked computer results had not been discovered, it
695would have fomented unrest across the volatile ethnic—Russian Donetsk
696region now under the shadow of Russian forces on the border with Ukraine,
697he says. Such spurious results also would have undermined the credibility
698of the new Ukraine government and could have paved the way for Russian
699military action, say political scientists who monitor Ukraine elections.
700
701The Ukraine hack is a stark warning for the US and other democracies that
702use the Internet for tabulation and even direct voting, election security
703experts say. One clear lesson, they say, is to always have paper ballots to
704back up election results 7 like Ukraine 7 and to avoid Internet voting.
705
706“The Ukraine attack story demonstrates there is no shortage of methods
707which a determined adversary will make use of to sabotage an election,”
708says Pamela Smith, president of the Verified Voting Foundation, a US group
709that has researched US election systems security.
710
711In the runup to the election, President Obama on May 2 warned Russia not
712to interfere or the US “will not have a choice but to move forward with
713additional, more severe sanctions.”
714
715Since then, US officials appear reluctant to make too much of the attacks.
716References to the cyber—attacks have been brief and oblique. With
717annnvmihr nlnaln'na nvhnr.affnnl{c anrncc Hm Inmrnor if’c Htffinnlr tn ml]
718
719u..m.,....t, “swung c, WI “can“, WNW my Internet, .t s mime“ u, M.
720how deeply involved Russia’s government might have been.
721
722Ukraine experienced “cyber-attacks on the Central Election Commission of
723the kind that generally would require outside support,” Victoria Nuland,
724assistant secretary of State for European affairs, acknowledged in a May 27
725interview on the Charlie Rose show. Mark Green, a former congressman,
726said in Senate testimony June 6 that he had been told by a US diplomat of a
727failed Russian cyber-attack on the election.
728
729Ukrainian officials have been unabashed in throwing blame at Russia,
730saying that arrests were made in the case, although no names have yet been
731made public.
732
733"It was prepared in advance and stored on Russian (Internet) re-sources,"
734Volodymyr Zverev, head of the Ukraine’s Administration of Public Service
735of Special Communication and Protection of Information said of the
736malware that was intended to deliver the fake election results, according to
737Interfax-Ukraine. "They wanted to, and made the preparations, but they did
738not succeed."
739
740While Russian hacktivists appear to be linked to at least some of the
741attacks, not everyone agrees the Russian government had a hand in the
742most devious element. Internet security expert Mr. Kiniry, for instance,
743says there is no solid proof yet to back the Ukrainian government claim ofa
744virus carrying fake election results.
745
746Others say Russia’s paw prints are all over the attack.
747
748“Did Russia attempt to sway the Ukrainian Presidential Election? I honestly
749don’t know the answer to that,” says Jeffery Stutzman, CEO of Red Sky
750Alliance, a cyber-security group in New Hampshire.
751
752But, he adds, “the idea that these guys were trying to poison the election
753result by compromising the election commission computers is amazing to
754me — and this coincidence with the Russian channel showing the same fake
755results — is just too much. If it walks like a duck and quacks like one, maybe
756it’s a duck.”