Penetrated: Today’s Senate Intelligence Committee Hearing on Russian Interference in the 2016 U.S. Elections

If you didn’t catch the Senate Intelligence Committee hearing on Russian influence on 2016 U.S. election on live stream, you should try to catch a replay online. I missed the first panel but caught the second when University of Michigan Prof. J. Alex Halderman began his testimony with his opening statement.

The same Halderman who questioned the 2016 election could have been hacked based on his expertise.

The same Halderman who hacked a voting machine to play Pac Man.

When asked if it was possible Russia could change votes, Halderman told the SIC that he and a team of students demonstrated they were able to hack DC’s voting system, change votes, and do so undetected in under 48 hours. Conveniently, Fox News interviewed Halderman last September; Halderman explained the DC hack demonstration at that time (see embedded video); the interview fit well with Trump’s months-long narrative that the election was ‘rigged’.

If you aren’t at least mildly panicked after watching the second panel’s testimony and reading Halderman’s statement, you’re asleep or dead, or you just plain don’t care about the U.S.’ democratic system.

Contrast and compare this Senate hearing to the House Intelligence Committee’s hearing with former DHS Secretary Jeh Johnson as a witness. Johnson sent out numerous messages last year expressing his concerns about election integrity, but after listening to the second Senate panel, Johnson should have been hair-on-fire (it’s figure of speech, go with it). But the Obama administration erred out of some twisted sense of heightened sensibility about appropriateness (which would have been better suited to its policies on drone use and domestic surveillance). The excess of caution feels more like foot dragging when viewed through the lens of time and Johnson’s testimony.

Early in the hearing, Johnson as well as DHS witnesses Jeanette Manfra and Samuel Liles said there was no evidence votes were changed. It’s important to note, though, that Johnson later clarifies in a round about way there was no way to be certain of hacking at that time (about 1:36:00-1:41:00 in hearing). I find it incredibly annoying Johnson didn’t simply defer to information security experts about the possibility there may never be evidence even if there were hacks; it’s simply not within in his skill set or experience then or now to say with absolute certainty based on forensic audit there was no evidence of votes changed. Gathering that evidence never happened because federal and state laws do not provide adequately for standardized full forensic audits before, during, or after an election.

Halderman’s SIC testimony today, in contrast, makes it clear our election system was highly vulnerable in many different ways last November.

Based on the additional testimony of a representative of National Association of State Election Directors, the President-Elect of National Association of Secretaries of State (NASS) & Secretary of State, Executive Director of Illinois State Board of Elections Illinois — whose combined testimony revealed lapses in communication between federal, state, and local government combined with gaps in information security education — the election system remains as vulnerable today as it was last autumn.

Nothing in either of these two hearings changed the fact we’ve been penetrated somewhere between 21 and 39 times. Was it good for you?

image_print
43 replies
  1. Rayne says:

    Side note: can I just say how much I can’t stand Rep. Trey ‘BENGHAZI!’ Gowdy, who spent his time today (about 0:46:00) trying to make political hay rather than worry about whether his own re-election might be hacked in 2018? Why is he so confident about his prospects that he can piss away the time like this? Is it because his district has been majority white and safe Republican for years, even after 2010 Census and redistricting? NO, Gowdy, DNC turning over their server would NOT guarantee the FBI or other government agency could identify the hacker. Can’t imagine, either why DNC wouldn’t want to their server over to the government in the middle of the campaign season, either. ~eye roll~

    • harpie says:

      NO, Gowdy, DNC turning over their server would NOT guarantee the FBI or other government agency could identify the hacker.

      Our President, on Twitter, just now:

      …Why did Democratic National Committee turn down the DHS offer to protect against hacks (long prior to election). It’s all a big Dem HOAX! / …Why did the DNC REFUSE to turn over its Server to the FBI, and still hasn’t? It’s all a big Dem scam and excuse for losing the election!

      • DavidByron says:

        I’m also not seeing this comment make sense.  Examining the DNC servers is not guaranteed to do anything but nevertheless examining the evidence is pretty usual in an investigation.  Maybe the DNC wouldn’t want to hand over the server, but it’s hardly up to them is it?  At the very least if they could put up some sort of legal case to deny the request then they could be utterly shamed for doing so.  “DNC is refusing to hand over evidence critical to Russian attempts to hack US elections, what are they hiding?” etc etc

        So that only leaves eye rolling as an objection to the argument that there’s something obviously suspicious about the DNC refusing to let the security services see their servers.

        My own guess is that neither the DNC nor the intelligence services thought that the whole Russia hack story was to be taken seriously at the time.  It looks odd today because since then the story has been hyped up as part of a political witch hunt against the new president.  Back then it was a completely unimportant event.  Now it’s said to be critical to our democracy etc etc.

        If you have a better answer I’d love to hear it but the ones you offered above (ie “DNC turning over their server would NOT guarantee the FBI or other government agency could identify the hacker” and “Can’t imagine, either why DNC wouldn’t want to their server over to the government in the middle of the campaign season” seem very weak.

         

         

        • SpaceLifeForm says:

          One reason to not ‘turn over the server’ is loss of chain of custody.

          By maintaining chain of custody one can prevent tampering of evidence.

          There may be ‘fingerprints’.

          Enough clues for now.

  2. earlofhuntingdon says:

    Gathering that evidence never happened because federal and state laws do not provide adequately for standardized full forensic audits before, during, or after an election.

    It would have been nice if Johnson had used that as a lede, urging Congress to fix that very problem.  A fix, however, even a low-tech one, such as making paper ballot back-ups mandatory, doesn’t seem to fit within the worldview of the tramp-down-the-vote Republican Party. 

    Knowing that, however, should have made it even more important for Johnson to make demanding a fix public.  Another missed opportunity for democracy and the Democrats.

    • Rayne says:

      The missed opportunity in both of these hearings is the call for standardization. Johnson rejected it because he was certain states would reject it — but he was thinking in terms of voting machines and systems rather than standardized auditability.

      The standard which works around the world is a paper trail. We use it in banking. There’s no reason we can’t use it to vote.

    • Rayne says:

      Michigan. ~10,000 vote margin. ~70,000 voters removed from rolls.

      Wisconsin. +200,000 voters removed from rolls. Widespread count irregularities.

      I could go on but it is what it is. How do we fix this before the next election, against stiff headwinds?

      • SpaceLifeForm says:

        Papers please. As in paper ballots.

        Education campaign. Do not vote via computer.

        The problem is tabulation, and ‘upstream’.

        But the start is ‘papers please’.

        At least recounts can be semi-effective because at least it is ‘auditable’.

        Exit polling at every voting facility. Not just random, every damn one.

        When results start coming in that are not even close to the exit polling, you know there is a problem.

        I would also make elections, especially national, run for 4 days, saturday thru tuesday. The monday should be a national holiday. This way everyone has an opportunity to vote.

        • martin says:

          verrrrrrrrry late to the party.. I see all the refreshments are gone. Oh well..

          In the meantime… every thing Space said.. bingo!

          Until those happen.. the elections are a joke.

  3. earlofhuntingdon says:

    And Election Day, as it is in the civilized world, ought to be a national holiday. Keeping democracy, encouraging its practice, is at least as important as celebrating its often mythical origins.

  4. Evangelista says:

    Paper ballots, triple hand-counting in each precinct, archiving all ballots for a reasonable length of time, longer where requested for reasonable investigation purpose.

    The above, paper ballots and hand-counting, along with common-pot elections financing (where all election funding contributions go into a common pot and are then distributed equally amongst all candidates, so that equal opportunity for message presentation is provided across the spectrum of opinions) are the requisites for legitimate electioneering and elections.

    Implementation of these is the only thing that requires to be done, and the only thing that matters.  All the rest that may be voiced, by any, is peripheral and irrelevant to the issue.

    While it is unlikely that Russia, as a nation, or any official entity of the Russian State, would bother to hack United States elections (let alone the serious question if Russians would have knowledge of, let alone understanding of, the intricacies of the complexities Constitutionally built into the United States’ Federal election procedures suficient to permit them to competently manipulate those complexities), if Russians could, or would, or did, or did not do so is pure smoke and snow.  The only possible reason “Russian Hacking” might be, now has been, raised is to obscure the central issue that United States mechanical and electronical election systems, mechanisms and paraphernalia are, and have been from their introductions, vulnerable to manipulations.  That they are has been warned of and has been demonstrated possible and has been accused from the times of introductions.  Manipulations have been actually demonstrated nationally to have provably occurred in two signal instances (and more local and so less known):  The two nationally proofed are the Florida election that instigated a Supreme Court interference and the recounts ordered per laws and regulations by the Jill Stein campaign, paid for by contributions to her Recount Fund, and subsequently stopped by suits to stop filed by both major parties and candidates and by federal court interventions to prevent completions.

    In the Stein ordered recounts evidences that appeared before the ordered stoppings, and that were appearing as the stops were being ordered, showed election interferences not dependent on, or result of, internet hacking, or, in all cases even electronic manipulations of device computer components, or even only interior devices:  One blatantly revealed mechanism for skewing vote results was altered alignment of optical reading focus, so that desired-to-be-omitted voter markings were not ‘seen’ by the optical reader and so not recorded.

    As a result of the Jill Stein headed Recount Effort the breadth of the spectrum of election manipulating activities was given an iceberg exposure, the tip revealed that on deeper inspection would have revealed a magnitude that would have justified anulment of the entire 2016 national election result, for all candidates, and would have implicated both major parties in the manipulating.  To avoid what this would have done to U.S. Elections appearances was why both major candidates and the courts interfered.

    It is the scandal of rampant rigging of U.S. elections, by both parties and by corporate manipulators and potentially any others that we have to thank for some official attention being paid to the problem.  It is undoubtedly to some degree also due to the present desire by national opinion manipulators to demonize Russia that we have officials actually broaching the subject of election manipulation.  So we also owe some thanks to Russia and Russians for providing this “Demonic” service.  It is about damn time the ongoing problem got some real attention somehow.

    There is, of course, almost zero likelihood that anyone Russian, let alone the Russian State, was responsible for any of the manipulating of any United States election components in any of the United States where manipulations occurred. Accusing “The Russians” is equivalent to asserting that kids gathering recyclable bottles to return for pennies under the grandstands at a racetrack are the ones responsible for detected dopings of the horses.

    But, tank you, Russia, for being there and being hated by our “elected” officials enough to draw them to poke their heads up and raise a holler about the issues of U.S. elections manipulations, which have been with us at least since Nixon’s ‘Plumbers’ broke into the DNC looking for dirt, and that continued with the ‘Hostage Crisis’ “October Surprise” that marked the Carter-Reagan election contest, and have continued non-stop, growing in sophistication as permited by technology and ingenuity under United States domestic “control”.

  5. RickR says:

    Georgia’s 6th congressional district special election…

    03/03/17: FBI investigating data breach involving state voters….
    http://www.wsbtv.com/news/local/breaking-fbi-investigating-hack-of-ksu-server/499353979

    Kennesaw State (KSU) is in Cobb County, GA. Newt Gingrich is a visiting history professor. Got it?

    03/06/17: FBI still looking… or something…
    http://www.ajc.com/news/state–regional-govt–politics/feds-continue-look-into-alleged-breach-voter-records-georgia/gFlgVnDdpCJAfBmr95gTQO/

    03/14/17: Common Cause weighs in….
    http://www.commoncause.org/press/press-releases/fbi-investigation-of-georgia-election-cyberattack-kennesaw-state-university-elections-center.html

    04/01/17 (April Fools Day): FBI finds no illegal acts……
    http://www.cbs46.com/story/35046902/georgia-university-fbi-finds-no-illegal-acts-in-data-breach

    “….U.S. attorney’s office in Atlanta and FBI declined comment….” What? Later (06/14/17) Politico clears some of this up for us….
    http://www.politico.com/magazine/story/2017/06/14/will-the-georgia-special-election-get-hacked-215255

    Bad security. Actually no security. So easy a Democrat could have done it; then raised hell. But who’s looking? What could be so important about the voter data base? Back to the chronology….

    04/18/17: Voting machines stolen…. you can’t make this stuff up….
    http://www.wsbtv.com/news/local/cobb-county/voting-equipment-stolen-days-before-special-election-sec-of-state-unacceptable/513453377

    04/18/17: No worries, the cops nailed ’em, Fox reports…
    http://www.foxnews.com/politics/2017/04/18/new-details-emerge-in-theft-ga-voting-machines.html

    04/19/17: Then the locals pick up on it….
    http://www.wsbtv.com/news/local/cobb-county/police-make-arrest-in-stolen-voting-equipment/514196080

    The perps also stole a cell phone. How dumb is that? Or something. Cops figured it was too much trouble to try to recover the machines.

    04/18/17: It could possibly have been all over. Ossoff was short of 50% by 3,612 votes. Four other Democrats in the race (why?) took 1,528 votes. So with something over 2,000 votes Ossoff could have won it outright. Russia? I don’t think so. This was Americans on the ground.
    Can you imagine the impact an Ossoff win then would have made?

    Tom Sullivan touched on this peripherally over at digby’s Hullabaloo this morning…
    http://digbysblog.blogspot.com/2017/06/collective-sigh-by-bloggersrus.html?m=1

    “Winning an election is not just a contest of ideas; it is a contest of skills. At a meeting recently, one county Democratic officer expressed interest in learning about all these “high-tech” tools we use. I think that meant computers. Democrats need an upgrade from the grassroots up as much as from the top down.”

    Good candidate. Plenty of outside money. Shortage of inside brains.
    Or maybe it’s just too comfortable cruising in second place.

  6. pdaly says:

    If Congress is incurious about the hacking, perhaps the vulnerability is a feature and not a bug. Wall Street is computerized and people have taken advantage of latency times in market prices. Why wait for the Russians to hack it? Why wouldn’t a shadow US government agency (or private corporation/political party) do something similar with our partly un-auditable U.S. election system and switch votes at the last second?

     

    • RickR says:

      Exactly.
      The commentary always takes the form:
      Q: Do you think Russia meddled?
      A: Yes, in all these awful ways BUT there is no evidence that THEY changed votes.

      For me the big question has always been: Would Putin but his butt this far out in the wind based solely on an “understanding” with a relatively small time conman like Trump?

          • DavidByron says:

            The whole story never held any water even without Trump in it.  With Trump it becomes farce.

             

          • seedeevee says:

            bmaz doesn’t need “rationale” for his (and the Democratic Party’s) xenophobic Russia-all-the-time non-re-election platform.

            • RickR says:

              The forest beyond the trees is the operative word “solely”. Putin would require assurances at a higher level than Trump. That would be the GOP with clearance from their own handlers. It’s entirely likely that Trump & Co. are firewalled from all that for all the obvious reasons.

      • P J Evans says:

        Didn’t need to change votes. Dropping people from the voter rolls would have been enough, in some places. Especially the places that decided they “didn’t need to count” provisional ballots.

    • Rayne says:

      By “Congress,” if you mean GOP MOC, why should they be curious? GOP has ensured the system is vulnerable from secretary of states’ offices to USDOJ Voting Rights Section, to gerrymandering and Crosscheck. They need not question any further the hacking because it doesn’t hurt them in any way, just as all the other vulnerabilities in the system serve them.

      They might pay attention once they realize another entity can just as easily use their failings against them, but they’d have to be smarter to figure that out.

      • harpie says:

        Did you know that Karen Handel was Georgia’s Secretary of State from 2007-2010?
        Karen Handel Has a Long History of Suppressing Votes

        She’s purged voter rolls, blocked Democratic candidates from running, and supported strict voter-ID laws. […] 
        There was more than a little irony in Handel’s e-mail: Not only did she not want more people to register and vote, but shaping election rules to achieve a partisan outcome was exactly what Handel was known for as Georgia’s secretary of state from 2007 to 2010. She has a long record of making it harder to vote—supporting Georgia’s strict voter-ID law, trying to purge thousands of eligible voters from the rolls before the 2008 election, repeatedly challenging the residency of qualified Democratic candidates, and failing to secure the state’s electronic voting machines.

         

    • DavidByron says:

      Well USA elections are rigged at the primary level ordinarily.  Nobody cares who wins the general election because by then the two candidates are both reliable Washington DC insider / war party / deep state / military industrial complex guys.  It’s like many  magic tricks; the substitution already took place by the time you’re trying to see how it happened.  None of the cards are the lady and the ball isn’t under any cup, it’s up the magician’s sleeve.

      Hacking the election at that point would be like rearranging the cards or the cups before the reveal.

      DNC are saying in court they have a legal right to rig the primary and we have the leaked emails saying that the DNC did this.  The only puzzle here is how Trump managed to slip through the primary system.  The answer to that may be also revealed in the email dumps if the one saying that Clinton’s campaign considered boosting a deliberately out there candidate in the RNC primary just to get someone easy to run against, is to be taken seriously.

      If it is then your answer is that Clinton’s campaign deliberately undermined the security of the electoral rigging system by allowing a non-Washington insider candidate to win a primary so that she would personally benefit by it.

       

  7. harpie says:

    Rayne:

    But the Obama administration erred out of some twisted sense of heightened sensibility about appropriateness (which would have been better suited to its policies on drone use and domestic surveillance). The excess of caution feels more like foot dragging when viewed through the lens of time and Johnson’s testimony.

    From 2008, the Obama campaign, transition and Administration suffered from an “excess of caution” because they wanted to seem to be above-the-political-fray. They made it clear from the beginning, that they would go way out of their way [give up lots of land] for “bi-partisanship”. So, I don’t see this final capitulation as an “error”. 

     Why is [Trey ‘BENGHAZI!’ Gowdy] so confident about his prospects that he can piss away the time like this?

    Maybe he knows something about our “free and fair elections” he hopes will stay hidden from US.

    See Sarah Kendzior: Don’t assume that the US will have fair and free elections in 2018

    She says we’re living through a “transition to autocracy”. She may be right.

  8. harpie says:

    Adam Schiff agrees:
    Adam Schiff‏Verified account @RepAdamSchiff 
     

    Key takeaways from today’s hearing with Jeh Johnson: Voter registration databases are vulnerable and we need to do more to protect them. / Was mistake for Obama Admin to wait two months to tell public what Russia was doing out of fear they would be perceived as affecting result. 

  9. Richard Steven Hack says:

    If anyone is going to be hacking US elections, it’s not Russia, who couldn’t care less.

    It will be Democratic and Republican hackers. THEY are the ones who care about 1) preventing people from voting for the other side, and 2) compromising voting machines in swing districts. They’ve proven this for DECADES. Now we’re supposed to assume the Russians are doing it? It is to laugh.

    The whole “Russiagate” story is BS. There was no “DNC hack”, there was a DNC LEAK which the DNC and Clinton covered up using Ukrainian hackers (or none at all – just a compromised third-part security firm.). Podesta could have been hacked by a ten-year-old. The “thirty voting offices” nonsense is completely irrelevant as exactly nothing was accomplished by the alleged hackers..

    Anyone buying into this Clinton-created nonsense is also a believer in the Tooth Fairy.

  10. Jonathan Holland Becnel says:

    “But the Obama administration erred out of some twisted sense of heightened sensibility about appropriateness (which would have been better suited to its policies on drone use and domestic surveillance). The excess of caution feels more like foot dragging when viewed through the lens of time and Johnson’s testimony.”

    OH FFS, OBAMA LET FUCKING EVERYONE OFF BECAUSE HES A CRONY CAPITALIST.

    Tell me, who did Obama arrest?

    Immigrants.
    Poor people.
    Whistleblowers.
    Workers.

    Obama once NEVER arrested Bush, Cheney, Wall St CEOs, hedge fund managers, plutocrats, mining owners, etc

  11. SpaceLifeForm says:

    “we’re here from the government and we are here to help”

    Remember the offer to help states make sure their voting systems were secure?

    https://theintercept.com/2017/06/21/connie-lawson-russia-election-hacking-dhs-states/

    Connie Lawson, the Indiana secretary of state and president-elect of the National Association for Secretaries of State, said that last summer intelligence agencies found that some 20 state networks had been probed by Russian hackers. Yet, she said, the Department of Homeland Security repeatedly assured her that no “specific or credible threats” existed to the 2016 election.

  12. harpie says:

    Finally got around to watching both hearings and reading Halderman’s written testimony, and yes, I am “at least mildly panicked.”

    Halderman:

    Before every election, voting machines need to be programmed with the design of the ballot, the races, and candidates. This programming is created on a desktop computer called an election management system, or EMS, and then transferred to voting machines using USB sticks or memory cards. These systems are generally run by county IT personnel or by private contractors. Unfortunately, election management systems are not adequately protected, and they are not always properly isolated from the Internet. Attackers who compromise an election management system can spread vote-stealing malware to large numbers of machines.  

    Here’s a link to the letter he references in his testimony:
    Security experts warn lawmakers of election hacking risks

    The hundred-plus security experts say many US states are “inadequately prepared” to deal with the rising cybersecurity risks of state and federal elections.

  13. SpaceLifeForm says:

    Mr. President, it is your job now. You can blame others including Obama, but you’re a big boy now, so shit or get off the pot.

    http://www.nbcnews.com/politics/elections/trump-white-house-has-taken-little-action-stop-next-election-n776116

    “Well I just heard today for the first time that Obama knew about Russia a long time before the election, and he did nothing about it,” Trump said.”But nobody wants to talk about that. The CIA gave him information on Russia a long time before they even — before the election. And I hardly see it. It’s an amazing thing. To me — in other words, the question is, if he had the information, why didn’t he do something about it? He should have done something about it.”

    [Well, in theory, Mr. President, *YOU* have the information now. Or do you? Are you thinking that it is all fakenews? If so, why would you not see that Obama may have reached the same conclusion?]

    [methinks a point I made today in different article above is true]

  14. Curious says:

    As a European, I can’t help but wonder, what are the odds/possibility that CIA or someone in US has been hacking the state computers/equipment, while pretending to be someone else?

    Also, it seems to me that the digital age we live in, is something of a “shitshow”, given what seems to be terrible computer security and presumably terrible computer security policies which governments and businesses probably live by.

  15. Buck SMITH says:

    is anyone claiming that Russians were ones who hacked and published Podesta and DNC email accounts?  Podesta was hacked with spearphsishing attacks teens were using 10 years ago.  From his own emails he and others thought DNC were internal.  Were they wrong about that?  Or was DNC penetrated by Russian agents, who after all, have a history of being in there.  probably feel right at home ;)

    • bmaz says:

      Uh, you mean “OTHER” than all the public and private people either claiming or intimating that??

      Also, you may have more than just a small issue as to distinguishing the difference between “claims” and “proof”. But, hey, it is all fair right?

    • John Casper says:

      Buck,

      You wrote, “is anyone claiming that Russians were ones who hacked and published Podesta and DNC email accounts?”

      Yes.

      “Podesta Group files new disclosures in Manafort-linked Ukraine lobbying”

      “But the new paperwork suggests the Justice Department has information tying the think tank to the pro-Russian Ukrainian Party of Regions — a possible source of continuing legal trouble for Manafort, because he never disclosed his own role in the lobbying campaign.”

      http://www.politico.com/story/2017/04/paul-manafort-lobbying-ukraine-podesta-group-237163

      You wrote: “Podesta was hacked with spearphsishing attacks teens were using 10 years ago.”

      I’m guessing you don’t have a link to the age group you limited the “spearphsishing[sic] attacks” to.

      I’m not aware of anyone that disputes that the hackers used outdated malware.

      “US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware”

      https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/

      Why do you think they did?

       

Comments are closed.