New York Times: Bombing Kills at Least 14 Afghans Registering to Vote

By Fahim Abed and Rod Nordland
May 6, 2018

KABUL, Afghanistan — A bomb blast killed at least 14 Afghan civilians on Sunday as they lined up in a mosque to register to vote in coming national elections, according to officials.

The explosion was at least the sixth attack on voter registration activities in Afghanistan since the authorities last month began requiring citizens to register to vote in person at centers across the country.

According to Bashir Khan, a spokesman for the police department in Khost Province, explosives apparently had been hidden in the mosque and were detonated while some people were praying and others registering to vote.

He said that at least one woman was among those killed, and that 33 others had been wounded.

Mohammadin Mangal, deputy head of the health department for Khost, said that at least 12 bodies and the wounded had been taken to the hospital after the attack. (Some Afghans take the dead directly to funerals rather than to the hospital).

The attack occurred two weeks after a suicide bomber struck a voter registration office in Kabul, the capital, killing at least 57 people. The Islamic State in Afghanistan claimed that attack; Taliban insurgents denied any responsibility for it.

The Taliban also denied any role in the attack on Sunday.

Voter registration began on April 14, after voting cards issued in previous elections were invalidated because of widespread forgery. Citizens must now go to registration centers to have their national identity documents stamped to show that they can vote in the elections for the national parliament, planned for October.

The elections are three years behind the schedule mandated by the Afghan Constitution. A disastrous and disputed presidential election in 2014 led to widespread disagreement among political parties about how to conduct elections, both for Parliament this year and for presidency in 2019.

Voter registration has proceeded very slowly, according to officials. In addition to the attack on a registration center in Kabul on April 22, there have been at least four other attacks reported on registration centers or officials since the voter drive began.

Maliha Hassan, an election commissioner, said that 1.2 million Afghans had registered to vote so far, out of what is believed to be 14 million who are eligible. The registration process ends June 15, which, at the current rate, would leave most Afghan voters unregistered.
EDITORS’ PICKS
On Social Media’s Fringes, Extremism Targets Women
A Simple Way to Improve a Billion Lives: Eyeglasses
Storms, Missteps and an Ailing Grid Left Puerto Rico in the Dark

“We don’t have a specific target for the number of people we expect to register,” Ms. Hassan said. “Let’s wait until the end of the process and see how many people register.”

Abdullah Abdullah, Afghanistan’s chief executive, in a recent speech blamed the slow registration drive on “insecurity, lack of trust in the government and lack of awareness.”

Follow Fahim Abed and Rod Nordland on Twitter: @fahimabed and @rodnordland.

Fahim Abed reported from Kabul, and Rod Nordland from London.

NPR Story: Six States Hit Harder By Cyberattacks Than Previously Known, New Report Reveals

Two years after Russia’s wave of cyberattacks against American democracy, a Senate committee investigating election interference says those hackers hit more states harder than previously thought.

The committee also added that it still doesn’t know with complete certainty exactly how much of U.S. voting infrastructure was compromised.

The report summary released this week by the Senate intelligence committee gives an overview of initial findings focused specifically on how Russian government operatives affected U.S. elections systems. The full report is undergoing a review to check for classified information.

“U.S. election infrastructure is fundamentally resilient,” the Senate report said.

Committee members also said that they uncovered no evidence that any vote tallies were manipulated, or any voter registration data was deleted or changed, which is similar to what the intelligence community and other lawmakers have said consistently since 2016.

Some of the report’s other findings also are familiar: Russian cyber attackers targeted or scanned the elections systems in at least 21 states, and the Department of Homeland Security was slow in reaching out to the correct officials in those states to let them know.
Will Your Vote Be Vulnerable On Election Day?
Politics
Will Your Vote Be Vulnerable On Election Day?

New details about cyberattacks

But the report also says that in at least six of those states, the Russian-affiliated cyber operatives “went beyond scanning and conducted malicious attempts on voting-related websites” — a specific detail that had not been previously reported.

In most of those six instances, the Russian cyber attackers attempted to use a “SQL” injection, which involves using special characters on a public facing website to gain access and either read or manipulate data.

The report says that in “a small number of states,” the Russian operatives were in a position to alter or delete voter registration data. DHS has previously said Russian hackers only broke into the voter registration system in Illinois, but that there’s no indication any records were altered.

While the security of state election websites isn’t tied to the security of vote tallying — they are completely separate systems — displaying the results of an election correctly is key to maintaining voter trust.

In detailing an election hacking worst-case scenario at a Senate Intelligence Committee hearing in March, Sen. Marco Rubio, R-Fla., mentioned hacking a state election website that posts results as a way to sow doubt among the voting population.

Imagine an Election Day on which officials counted ballots correctly but lost control of the official website on which they’d intended to announce the results. It could display the name of the loser as the winner or serve as some other kind of avenue for mischief.
FACT CHECK: Trump Repeats Voter Fraud Claim About California
Politics
FACT CHECK: Trump Repeats Voter Fraud Claim About California

The reporting issue

NBC News reported earlier this year that the intelligence community had evidence in 2017 that Russian operatives compromised the voting systems of seven states, including in some cases, their public websites. The Department of Homeland Security responded by slamming the report as “factually inaccurate and misleading.”

In response to an inquiry by NPR about the number of states that had their websites attacked, a DHS spokesperson declined comment but referred back to Senate testimony given last summer by Jeanette Manfra, the chief cybersecurity official at DHS. The testimony does not detail how many states specifically had their websites attacked in the way the Senate Intelligence Committee report says — but it also does not contradict the finding.

DHS Secretary Kirstjen Nielsen told the Senate intelligence committee in March that DHS won’t reveal specific information about cyberattacks and the states because of fears they will stop reporting. Nielsen’s agency depends on the states to volunteer what has happened to them; she cannot compel them to talk or detect many attacks on her own.

“Unfortunately, throughout the last 15 years at DHS, when it comes to this situation, the victims stop reporting,” Nielsen said. “When they stop reporting, we’re just not aware of the attacks.”

The Senate report also spotlighted this reporting issue.

Although it says “the diversity of our voting infrastructure is a strength,” because it makes a large coordinated attack on vote tallies almost impossible, it also means neither Congress nor the Department of Homeland Security get an unimpeded look at the security of state voting systems.

“[They] are required to notify no one” about attacks, said Joseph Lorenzo Hall, a cybersecurity expert with the Center for Democracy and Technology.

Because of that, the Senate committee says “it is possible that additional activity occurred and has not yet been uncovered.” And: “In light of the technical challenges associated with cyber forensic analysis, it is also possible that states may have overlooked some indicators of compromise.”
Election Chiefs ‘Straddle The Line Between Sounding The Alarm And Being Alarmist’
National Security
Election Chiefs ‘Straddle The Line Between Sounding The Alarm And Being Alarmist’

For example, an attack on Alaska’s election website in 2016 just became public this week, because the Anchorage Daily News made a public records request that revealed emails about the event. A website called Cyberwar News had also previously reported the incident, but Alaska only acknowledged it this week.

The hacker, whom Alaska officials told the Daily News was unrelated to the Russian scans of the 21 states, posted a photo on Nov. 8, 2016, of an administrator’s view of the Alaska elections website on Twitter.

Despite bragging about “ballot administrator access,” the user wasn’t actually able to view any confidential information nor affect any data. The state deemed the threat as “election disinformation” and did not disclose it because the elections process wasn’t “impeded” by the event, according to the Daily News.

Elections experts such as Hall viewed the Alaska event as a positive because it showcased how many layers a hacker would have to break through to actually affect an elections system. Hall compared the event to an intruder breaking through a home’s screen door, but not being able to get any further into the house.

He said he wished the state had been more proactive in talking about the issue, rather than hiding it because of worries about voter confidence. Many elections officials argue that announcing each individual hacker could embolden them.

“I think it’s more of a success story that I would have loved to seen detailed earlier,” Hall said.