Translate

Search This Blog

Search Tool




Apr 29, 2019

Analysis | The Cybersecurity 202 | Democrats rally around pledge not to use hacked documents

By Joseph Marks



THE KEY

Sen. Kirsten Gillibrand, D-N.Y. (AP Photo/Manuel Balce Ceneta)
Democrats are rallying around a pledge not to reference hacked documents in the 2020 contest — and using it as a cudgel to pound President Trump and other Republicans who won’t make similar guarantees.
Out of 20 Democratic presidential candidates polled by The Post, 18 renounced using hacked material in their campaigns to some degree while two didn’t respond, my colleagues Sean Sullivan and Michael Scherer reported. President Trump’s reelection campaign, however, declined to say whether or how it would use hacked materials in the race.
The message isn't just shared by those running for the highest office: Democratic Congressional Campaign Committee Chairwoman Cheri Bustos (Ill.) has challenged her Republican counterpart Tom Emmer (Minn.) to make a similar pledge.
Bumping this for you, Rep. @tomemmer!
In case you forgot, I’m still waiting for a response on whether the @NRCC will continue to use hacked or stolen material in our elections. I sincerely hope you'll join our pledge to protect America's treasured democracy. https://t.co/3hASL0LY5j
— Cheri Bustos (@CheriBustos) April 26, 2019
The all-hands push just months into the presidential race shows Democrats plan to make Russian interference a wedge issue in 2020 -- to rally their base by reminding voters that intelligence agencies concluded that Moscow sought to influence the last election in favor of Trump and damage Democratic nominee Hillary Clinton.
And Trump, who openly sought to make hay of the hacked documents in the 2016 race, may be especially vulnerable to charges he isn't serious about stopping Russian election interference in 2020.
While special counsel Robert S. Mueller III didn’t find evidence any Trump campaign officials knowingly assisted the Russian hacking effort, the Mueller report documented numerous contacts between Trump campaign officials and WikiLeaks, which published the hacked emails. Trump frequently urged his supporters to read the hacked documents -- and even publicly urged Russia to find more of Clinton’s emails.
Democrats are seizing the pledge as a way to press the issue this time around. From Democratic National Committee Chairman Tom Perez:
No surprise coming from the same person who openly called for Russia to steal and spread his opponent’s data. https://t.co/NWnUUTv9dc
— Tom Perez (@TomPerez) April 25, 2019
From Sen. Kirsten Gillibrand (D-N.Y.), who was the first 2020 candidate to publicly come out against using hacked material:
Russia is a foreign adversary of the US, and the Trump administration is refusing to stop them from attacking our elections again.
I pledge that my campaign won't use stolen or hacked information from foreign actors, and I urge 2020 candidates to join me. https://t.co/cgjVIGfY3E
— Kirsten Gillibrand (@SenGillibrand) April 22, 2019
Democrats made a similar push to get Republicans to swear off hacked documents in advance of the 2018 midterms but didn’t press the issue nearly as hard. Talks about a joint pledge dragged on until just two months before the midterm vote when Republicans withdrew amid squabbles over specific wording, CNN reported at the time.
But with Trump at the top of the ticket, any effort at compromise seems to be out of the question.
The president’s attorney Rudy Giuliani stoked Democrats’ ire when he said on CNN last week that there’s "nothing wrong" with taking dirt on an opponent from Russian sources.
That drew a quick rebuke from Perez:
Why don’t Republicans see this as a national security issue? Because they benefit from it. It’s party over country every time with Trump’s team. https://t.co/97cBox2aEf
— Tom Perez (@TomPerez) April 23, 2019
Vice President Pence also ducked a question about using hacked material, according to NBC News’s Vaughn Hillyard.
Vice President Mike Pence refuses to answer if 1) he regrets using hacked emails during the 2016 campaign & 2) if he pledges not to do so in the next presidential campaign. He walked away upon attempted follow-up. pic.twitter.com/l2TficTFn2
— Vaughn Hillyard (@VaughnHillyard) April 24, 2019
But even Democrats aren’t all on the same page about hacked material in certain circumstances, my colleagues reported.
A spokeswoman for Democratic candidate Marianne Williamson, for example, said the campaign reserved the right to talk about hacked material if it had already been reported and verified by the mainstream media.
And some want the candidates to go further and make specific pledges about how they’ll deal with online disinformation operations and other tactics used by Russian agents in 2016.
“Refusal to forgo both hacking and the use of hacking materials is a great start, but clear stances on use of fake social media accounts, fake websites and images, high-volume bots, troll farms, and other illicit tactics in common use today by Russia, Saudi Arabia, China and other authoritarian nations will also be necessary,” Simon Rosenberg, who was a senior adviser to the House Democratic campaign arm in 2016 and helped run a program to search for online election interference, told Sean and Michael.
You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.
Not a regular subscriber?

PINGED, PATCHED, PWNED

PINGED: Russian hackers were “in a position” to alter voter roll data in one Florida county in advance of the 2018 elections, Sen. Marco Rubio (R-Fla.) told the New York Times’s Frances Robles this weekend, ratcheting up concerns about a vulnerability that was mostly dismissed before the midterm contest.
Russian hackers probably compromised election systems in that county with a malware-laden email that appeared to come from the county’s voting system vendor, Robles reported. But U.S. intelligence agencies that discovered the breach didn’t alert the county, Rubio said — instead issuing a general warning to all counties.
Before the 2018 contests, Rubio and then-Sen. Bill Nelson (D-Fla.) sent a letter to all Florida election officials warning about Russian hacking — written at the request of Senate Intelligence Chairman Richard Burr (R-N.C.) and ranking Democrat Mark Warner (Va.). Nelson also warned that Russians were actively inside Florida county networks at the time, but that wasn’t confirmed by the Department of Homeland Security or the other senators.
The issue was reopened by the Mueller report, which revealed for the first time that FBI officials believed Russian hackers had penetrated a Florida county government’s computer networks. Nelson told me last week he felt vindicated by the report.
The FBI will brief Sen. Rick Scott (R-Fla.), who was governor at the time of the breach, and Gov. Ron DeSantis (R) in the next few weeks, Politico reported.

Former White House chief of staff Denis McDonough. (Glen Stubbe/Star Tribune/AP)
PATCHED: A new working group of former government officials and academics is hoping to launch a “more constructive” public conversation about end-to-end encrypted communication systems — which are inaccessible to law enforcement even with a warrant. The group is sponsored by the Carnegie Endowment for International Peace.
The dispute between law enforcement officials who say such systems allow criminals and terrorists to “go dark” online and tech companies that say there’s no way to give police special access to encrypted communications without weakening cybersecurity for everyone reached a climax in 2016. That's when Apple refused to help the FBI crack into an encrypted iPhone used by San Bernardino, Calif., shooter Syed Farook.
The new working group plans to “take a step back” from that big question about police access and focus on broader encryption issues that haven’t received as much focus, Tim Maurer, co-director of the Carnegie Endowment’s Cyber Policy Initiative, told me. One of the group’s first white papers, for example, focuses on how new super-powerful quantum computers will require more powerful encryption systems.
The group may or may not ultimately weigh in on law enforcement access to encryption, Maurer told me.
The group does not include any representatives from law enforcement or the tech industry but is weighted toward former government officials, including former FBI general counsel Jim Baker, former CIA deputy director Avril Haines and former NSA deputy director Chris Inglis as well as former Obama White House chief of staff Denis McDonough and homeland security adviser Lisa Monaco.

Facebook CEO Mark Zuckerberg delivers the keynote speech at F8, Facebook's developer conference, in San Jose. (Marcio Jose Sanchez/AP)
PWNED: An Irish data regulator has opened an investigation into Facebook’s failure to properly secure hundreds of millions of user passwords — adding to the social media company's growing security and regulatory woes.
 “The latest regulatory headache for Facebook comes a day after it confirmed to investors that the company had set aside $3 billion for a potential privacy fine linked to an ongoing investigation by the U.S. Federal Trade Commission,” Politico’s Mark Scott reported.
And “Canada’s federal privacy commissioner on Thursday announced the results of a probe that found Facebook had committed serious contraventions of privacy law and failed to take responsibility for protecting the personal information of citizens,” Reuters noted.
Facebook earlier acknowledged it stored the passwords in an unencrypted format on an internal server that employees could access. There’s no evidence any of the passwords leaked out to malicious hackers or that employees used the passwords inappropriately, Facebook has said.
PUBLIC KEY
Cybersecurity news from the public sector:

The Republican senator said Russia’s interference in the 2016 election was “not just a few Facebook ads,” as Trump’s son-in-law asserted last week. 
Rachael Bade

The two selected vendors will prototype cloud-based systems that isolate the department’s internal network from the public internet while still allowing employees to browse the web.
Nextgov

The Government Accountability Office is pushing the Department of Homeland Security on tardy cybersecurity reforms.
FCW
PRIVATE KEY
Cybersecurity news from the private sector:

City of Cleveland says the system was not hacked nor were there any ransom demands made as a result of the technical problems.
Cleveland.com

Slack fears nation-state hackers above all, expects to see attacks, warns of potential stock hit.
ZDNet

Two years after highly classified exploits built by the National Security Agency were stolen and published, hackers are still using the tools for nefarious reasons.
THE NEW WILD WEST

Source: The Washington Post

No comments:

Post a Comment