The Democratic Party continues to count the Iowa caucus results. As we write, those results remain incomplete, with 71% of the precincts accounted for. The problems at the caucus are attributed not to hacking, the Washington Post reports, but to a buggy, inadequately tested app produced by Shadow, effectively a for-profit tech arm of the progressive Washington not-for-profit consultancy ACRONYM. Sources at the Democratic National Committee say they warned Iowa not to try to run the caucus through the app; CISA says it offered to test the app but was turned down by the Iowa party. Iowa Democrats "rebuffed" the warning and say they didn't know about CISA's offer, according to the Washington Post.
There aren't many lessons about election security to be drawn from Iowa, because the caucus isn't conducted like an election and doesn't use standard voting machinery. But two at least are worth considering. First, don't deploy election software until it's thoroughly tested (and Shadow's app seems hardly to have been tested at all, judging from the Wall Street Journal's account). Second, a technical problem, even if it's an innocent mistake, erodes trust and spawns unfounded rumors (what the Washington Post calls "a cesspool of toxic...conspiracy theories").
PerimeterX reports finding a major vulnerability in the WhatsApp desktop platform.
Reuters says that emails spoofing the accounts of journalists are being used to prospect targets with bogus approaches for interviews. It appears to be an espionage campaign, and the circumstantial evidence of targets and topics suggests an Iranian operation.