Stephanie Scott (R), clerk of tiny Adams Township in Michigan, potentially made her township’s election equipment more vulnerable to hacking when she allegedly removed a tablet from an election machine that counts votes from paper ballots and may have tampered with it before police recovered it, the Associated Press reported.
A few days earlier, state officials barred Scott from running her township’s elections after she resisted signing off on state-required logic and accuracy testing for election equipment. Scott has echoed conspiracy theories from Trump, saying she doesn’t trust the election equipment and suggested the testing may have been cover for state officials to rig vote tabulators.
“The county clerk’s office and now Secretary of State are demanding I drop off my machine for unfettered access, and God only knows doing what to it,” she told the nonprofit news organization Michigan Bridge. “When you have the fox guarding the hen house, somebody's got to stand up and guard those hens.”
Scott also blocked a contractor from performing preventive maintenance on voting equipment.
Michigan Secretary of State Jocelyn Benson (D) ordered the clerk in neighboring Hillsdale County to supervise Adams Township elections after Scott was stripped of the responsibility.
“The secretary will continue fighting to hold accountable anyone who threatens the integrity or security of Michigan elections,” a Benson spokeswoman said.
The case is a troubling example of the damage when local election officials buy into baseless conspiracy theories and turn against basic principles of election integrity.
- In fact, election equipment is highly protected against hacking — primarily because it should always be segregated from the Internet. That means most demonstrated election hacks must be conducted with hands-on access to the machines.
- The nation’s thousands of local election officials, who have regular access to election equipment, are the people best equipped to conduct such hacks.
- Yet, even a rogue election official would have difficulty rigging machines in a way that wouldn't be caught by checks on who accesses the machines or by state-required audits.
Not the only one
Less than three months ago, Mesa County, Colo., clerk Tina Peters (R), another supporter of Trump’s conspiracy theories, allegedly leaked images of her county’s Dominion-brand voting machine hard drives and passwords on a website linked with the QAnon conspiracy theory. She later appeared at a conspiracy-theory-heavy cyber symposium hosted by MyPillow CEO Mike Lindell.
She was caught turning off surveillance equipment monitoring the machines and allowing an unauthorized person to access them. She’s now being investigated by the FBI.
Around the country
Those are two isolated incidents at this point. But candidates that back Trump’s phony fraud claims are running for the top election official posts in multiple battleground states.
Here’s a stunning figure via Reuters: 10 out of 15 declared Republican candidates for secretary of state in Arizona, Georgia, Wisconsin, Michigan and Nevada have “either declared that the 2020 election was stolen or called for their state’s results to be invalidated or further investigated.”
Scott’s claims of election malfeasance are particularly suspect in Michigan.
Nearly all of the state’s residents vote using hand-marked paper ballots, which experts say is the least vulnerable to hacking. The only exception is people with disabilities that make hand-marking ballots unfeasible. They vote on machines that print a paper ballot.
The state's ballots are counted using machine tabulators. Officials ensure those tabulators are counting votes correctly by randomly selecting a portion of ballots to be hand reviewed — a process called a risk-limiting audit.
The state was singled out for intense focus by Trump supporters because of incorrect vote tallies that were reported on election night in Antrim County and which Trump supporters claimed in a now-dismissed lawsuit indicated a conspiracy to rig election machines against the former president. An expert review found the tabulators counted votes correctly and that the incorrect election night reports were the result of human error.
An Iran-linked hacking group is threatening to out users of a popular Israeli LGBTQ dating app
The Black Shadow hacking group demanded $1 million in exchange for not posting data from the dating and nightlife app Atraf, Agence France-Presse reports. The compromised information includes reams of personal information about the app’s roughly 1 million users including their HIV statuses, sexual orientations and passwords.
The site “was compromised after Black Shadow hacked CyberServe, an Israeli Internet service provider whose clients include public transportation firms, museums and a travel company,” the AFP writes. Black Shadow has a history of targeting Israeli businesses. Cybersecurity experts have linked it to Iran.
The group released tens of thousands of stolen records online Saturday to show the breadth of its haul — including 1,000 Atraf profiles.
The Israel National Cyber Directorate warned Atraf “several times” that it was vulnerable to hacks, directorate spokeswoman Libi Oz said, according to AFP. Atraf and CyberServe did not respond to requests for comment from AFP.
Iran, meanwhile, has accused the United States and Israel of being behind a hack that disrupted the nation's gas stations.
A government auditor sided with Microsoft in a fight over a $10 billion NSA cloud-computing contract
That probably means the National Security Agency will have to reevaluate its decision on the mammoth contract that it had previously awarded to Amazon. Microsoft challenged that award saying NSA hadn’t properly evaluated the competitors’ plans, FedScoop’s Dave Nyczepir reports. The Government Accountability Office agreed, saying it “found certain aspects of the agency’s evaluation to be unreasonable and, in light thereof, recommended that NSA reevaluate the proposals.”
Microsoft declined to comment to FedScoop. Amazon Web Services did not respond to a request for comment from the outlet. (Amazon founder Jeff Bezos owns The Washington Post.)
“News of the bid protest comes after the Department of Defense in July announced that its Joint Enterprise Defense Infrastructure (JEDI) cloud contract would be scrapped, following a nearly two-year legal dispute waged by Amazon protesting the contract’s award to Microsoft,” Nyczepir writes. “It has been replaced with the Joint Warfighter Cloud Capability acquisition,” which will be built by multiple companies rather than just one.
Embattled spyware company NSO Group is rejiggering its top executives and promoting a shift to cyber defense
Former telecom executive Isaac Benbenisti, who is co-president of NSO, will become its CEO, the company announced. Founder and CEO Shalev Hulio will become NSO’s global president and vice chairman of the board.
The leadership shuffle comes months after an investigation by The Washington Post and 16 media partners found NSO’s government clients were using its Pegasus spyware to target journalists, human rights activists and others.
Hulio described the change-up as part of a shift away from the offensive hacking tools that have driven it’s spyware business but battered his reputation. “My responsibilities will allow me to focus on bringing into action my entrepreneurial experience, knowledge and passion and help to further develop NSO’s strategy together with Isaac toward new directions such as analytics and defensive cyber security,” he said.
Here’s Benbenisti, according to Israel’s Mako news: “Benbenisti, who will take on the role of CEO in the coming weeks, said in a conversation that NSO is no longer a ‘naughty child’ but a company with global impact, and there are not many Israeli companies that are able to say that.” (Our colleague Miriam Berger contributed to this report.)
The U.S. government's top cybersecurity officials posted their Halloween setups. National Cyber Director Chris Inglis:
Rob Joyce, the director of the NSA's Cybersecurity Directorate:
CISA Director Jen Easterly:
CISA launches program to focus on protecting essential critical infrastructure
There are technically 16 categories of critical infrastructure that CISA believes deserve extra protection against hacking, including energy, transportation and agriculture. But critics argue that those categories are so broad that the most important elements often get lost in the shuffle. The new program would aim to identify the most strategically important elements and surge resources toward protecting them, CISA Director Jen Easterly said.
The congressionally-led Cyberspace Solarium Commission recommended last year that the government conduct a similar process to identify “strategically important critical infrastructure” (SICI). Rep. John Katko (R-N.Y.), the top Republican on the House Homeland Security Committee, introduced a bill outlining such a process, MeriTalk’s Grace Dille reports.
Easterly rejected the Solarium Commission’s preferred acronym, SICI, because it sounded too similar to “sickie,” she said. CISA is calling its initiative “Pisces: Primary Systemically Important Entities."
- The Aspen Security Forum begins Tuesday at 9 a.m.
- Keith Alexander, the former director of the National Security Agency and commander of U.S. Cyber Command, discusses cyber threats at a Washington Post Live event on Tuesday at 10 a.m.
- National Cyber Director Chris Inglis and Easterly testify before the House Homeland Security Committee on Wednesday at 10 a.m.
- The House Financial Services Committee holds a cybersecurity hearing on Wednesday at 10 a.m.
- The House Transportation and Infrastructure Committee holds a hearing on infrastructure cybersecurity on Thursday at 10 a.m.
Secure log off
Maybe fondue could be the next pineapple on pizza? Thanks for reading. See you tomorrow.