Only 4 percent of state election offices could actually stop hackers from sending emails from their official accounts, an alarming new study from cybersecurity firm Anomali has found. The study was provided to Axios, which published a story Monday that detailed just how easy it is to mess with elections.
The danger stems from how basic email is set up, Axios says. There are no security measures on basic email servers that ensure an email is actually coming from the address it's labeled with. State election systems — or anyone who wants email security — should install a combination of measures known as SPF and DMARC, which together tell recipients that an email is probably fake or can designate a message as spam.
Yet just 4 percent of offices have this system in place, the study found. And only 10 percent of offices use another security protocol called DKIM, which makes sure emails are actually from the sender they appear to be from. All of this could mean hackers could easily send a convincing email to voters saying their polling location or date had changed, among other sneaky suppression maneuvers.
Anomali derived its study from election offices across 50 states, three U.S. territories, and Washington, D.C. Read a more technical explanation of the dangers at Axios. Kathryn Krawczyk
Congressional investigators have uncovered emails that indicate parties involved in the June 2016 meeting at Trump Tower had subsequent communication after their summit, CNN reported Thursday. The meeting between Donald Trump Jr. and Russian lawyer Natalia Veselnitskaya has come under the microscope because Trump Jr. accepted the invitation from British publicist Rob Goldstone after being promised Veselnitskaya would provide incriminating information about Hillary Clinton.
Trump Jr. has maintained that it quickly became clear Veselnitskaya had no such information and the meeting revolved around the subject of Russian adoption. He has also said that nothing came of the event and he never followed up with any of the attendees. None of the emails CNN reported on Thursday were sent to Trump Jr. directly, but were instead missives sent by Goldstone to Dan Scavino, then a top aide to the Trump campaign and now the White House's social media director, as well as Ike Kaveladze, a Russian who was present at the meeting.
Just days after the meeting, Goldstone apparently forwarded a message to Kaveladze referencing a report about Russia's breach of the Democratic National Committee. He sent the missive while "describing the news as 'eerily weird' given what they had discussed at Trump Tower five days earlier," CNN reported.
An attorney for Kaveladze said Kaveladze did receive the email but found it to be "odd because hacking was never discussed in the meeting," CNN wrote. Two sources told CNN that when Trump Jr. published the email chain that resulted in the June 2016 meeting, Kaveladze's son emailed his father asking why Trump Jr. was "admitting 'collusion,'" though it is unclear whether the younger Kaveladze was joking.
The other Goldstone email in question urged Scavino to put then-candidate Donald Trump on the Russian social networking site VX. While testifying before Congress on Wednesday, Trump Jr. reportedly said he did not remember the messages in question. Read more at CNN. Kimberly Alters