Analysis | The Cybersecurity 202: Trump’s CrowdStrike conspiracy theory shows he still doubts Russian election interference

By Joseph Marks

13-16 minutes - Source: CNBC

---

Want more security news in your inbox? Sign up for The Cybersecurity 202 newsletter.

President Trump and Ukrainian President Volodymyr Zelensky shake hands during a meeting in New York. (Saul Loeb/AFP/Getty Images)

THE KEY
President Trump's apparent embrace of bizarre conspiracy theories involving the cybersecurity company CrowdStrike in his phone call with Ukraine's president is a striking illustration of his doubts about the U.S. intelligence agencies' unanimous conclusion that Russia hacked Democratic servers in the 2016 presidential election. 
In his July 25 call with Ukrainian President Volodymyr Zelensky, Trump seems to be making reference to strands of conspiracy theories widely spread on right-wing media and conspiracy sites that posit CrowdStrike, which investigated the Democratic National Committee breach, was actually colluding with the DNC to fake the breach — and that a server with evidence of this crime is currently in Ukraine.
Trump muddied the waters even more during a news conference with Zelensky yesterday by saying that 30,000 deleted emails from his 2016 rival Hillary Clinton’s personal server — which was entirely separate from the DNC servers — “could very well” be in Ukraine as well.
While it is Trump’s efforts on that call to enlist a foreign government to dig up dirt on his political rival Joe Biden that have Democratic lawmakers launching impeachment proceedings, the fact that Trump is still suggesting there's some sort of frame job in election interference has officials and cybersecurity experts just as irate. 
“The fact that the president of the United States, contrary to all evidence from his own government and allied governments, is talking about this now is absurd,” Peter Singer, a cyberwar expert and senior fellow at the New America think tank, told me. “The attribution to Russia was a debate to have in 2016 but based on what we know now it’s inarguable.”
That refusal isn’t just a presidential affront to the U.S. intelligence agencies that agreed Russia interfered in the election to help Trump's campaign: Security officials have long warned that the commander-in-chief's skepticism serves as a wink to Russia and other U.S. adversaries that they can interfere in 2020 and get away with it.
DNC spokeswoman Xochitl Hinojosa called it “surreal” on Twitter that Trump hadn’t accepted Russia’s role in the DNC breach in a fairly recent private call with a foreign leader.

This is complete nonsense. Trump still hasn't accepted that Russia interfered in our election, and instead, is using a call with a foreign leader to push conspiracy theories.  This is surreal. https://t.co/bWwYwXzGhq

— Xochitl Hinojosa (@XochitlHinojosa) September 25, 2019

Michael Carpenter, a former top Pentagon official who runs the Penn Biden Center for Diplomacy and Global Engagement at the University of Pennsylvania, which is named for the former vice president, called it “incredible” that Trump was still trying to “undermine charges of Russia's DNC hacking.”

Incredible. After Zelensky says Ukraine would like to buy more anti-tank missiles, Trump says: "I would like you to do us a favor though..." & then talks about how he wants access to a Crowdstrike server. Why? To undermine charges of Russia's DNC hacking? https://t.co/2dfu4gUguy

— Michael Carpenter (@mikercarpenter) September 25, 2019

Johns Hopkins University cybersecurity professor Thomas Rid noted that "none of this appears to have any basis in reality."

“My media monitoring tool has been blowing up!” the Crowdstrike spokesperson said in an email. https://t.co/TT7403M5t3

— Thomas Rid (@RidT) September 25, 2019

Trump’s comments to Zelensky were not verbatim in the rough transcript the White House provided, leaving it unclear precisely what he believes about the DNC breach. They were paraphrased by the note takers and include confusing partial sentences: “I would like you to find out what happened with this whole situation with Ukraine, they say CrowdStrike … I guess you have one of your wealthy people … The server, they say, Ukraine has it.”
But it's clear he was serious about Ukraine's investigation: “I would like to have the Attorney General call you or your people and I would like you to get to the bottom of it,” he told Zelensky.
As my colleagues Craig Timberg, Drew Harwell and Ellen Nakashima reported in an exhaustive accounting of the theory’s many strands, the president is winking at several ideas that are highly implausible or provably false.
The conspiracy theories involving CrowdStrike stem from Breitbart News stories, Reddit threads and from the criminal trial of his friend Roger Stone and show “the shape-shifting nature of misinformation as it moves across media, mixing fact with innuendo before ultimately reaching the president — owner of the world’s loudest megaphone,” Craig, Drew and Ellen report.
Trump's reference to “one of your wealthy people” seems to nod at Dmitri Alperovitch, a Russia-born cybersecurity and national security expert who is a U.S. citizen, who co-founded the Sunnyvale, Calif.-based company. The Ukraine connection got legs, however, because Alperovitch “is also a senior fellow at the Atlantic Council, a major Washington think tank whose donors include the foundation of Viktor Pinchuk, a Ukrainian billionaire,” my colleagues reported.
And “while it’s true that the FBI did not take custody of the affected servers [from the 2016 hack,] people familiar with FBI hack investigations say the agency often relies on forensic analysis by outside firms, including CrowdStrike, which is among the nation’s most prominent, having handled North Korea’s hack of Sony Pictures in 2014, among others,” my colleagues reported.
“The FBI felt it was not necessary to enter the DNC's premises and take custody of the affected servers, as agents were able to obtain complete copies of forensic images made by CrowdStrike, according to people familiar with the investigation.”
CrowdStrike said in a statement that it “provided all forensic evidence and analysis to the FBI.”
Here's Johns Hopkins University cybersecurity professor Thomas Rid explaining how it the idea the servers are in Ukraine doesn't make sense:

1) Who claimed that "Ukraine has the server"? (The claim is wrong and makes no sense.)
btw, evergreen https://t.co/sUNOKIUTQU

— Thomas Rid (@RidT) September 25, 2019

Cybersecurity pros meanwhile worried Trump’s comments about Crowdstrike could make it tougher for them to protect high-profile clients without fearing presidential blowback.
Here’s Andrew van der Stock, a consultant with the security firm Synopsys and Wayne Anderson, a security architect at the anti-virus firm McAfee:

In biz, I compete with @CrowdStrike all the time, but I have to say personally, speaking for myself, this is not OK. This is not appropriate, and smacks of totalitarianism, exactly the stuff our forefathers and our veterans fought and died to keep us safe from.

— Wayne Anderson (@DigitalSecArch) September 25, 2019

Some of the president’s supporters, meanwhile, jumped on the CrowdStrike comments for another purpose: To undercut Democrats’ impeachment calls by arguing Trump’s real interest was in getting Zelensky to investigate the DNC breach rather than the Biden family’s business connections in Ukraine.
Here’s Rep. Mark Meadows (R-N.C.):

Seeing some political conflation about two sections of the report:
The "favor" section of the call is referencing "crowdstrike," or an investigation into election interference. This is NOT the same thing as the Biden section.
Conflating the two is misleading and irresponsible

— Mark Meadows (@RepMarkMeadows) September 25, 2019

And Josh Holmes, former chief of staff for Senate Majority Leader Mitch McConnell (R-Ky.):

Fair point. Clearly the transcript shows crowdstrike is the first order of business and what he’d like them to cooperate with the DOJ to discuss further. Every article reads like the call was intended to ask them to investigate Biden and that’s just not the case.

— Josh Holmes (@HolmesJosh) September 25, 2019

You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.

Not a regular subscriber?

PINGED, PATCHED, PWNED

Joseph Maguire. (Marcus Tappan/AFP/Getty Images)

PINGED: The nation's highest-ranking intelligence official threatened to resign over concerns that the White House would try to force him to withhold information from Congress about a whistleblower complaint against the president, my colleagues Greg Miller, Shane Harris and Karoun Demirjian report.

Acting director of national intelligence Joseph Maguire made the threat to force President Trump to decide whether he was going to assert executive privilege over the complaint, which centers on the late-July call between Trump and the leader of Ukraine, sources told The Post. Democratic lawmakers have criticized Maguire, who took over the top intelligence post last month, for stonewalling their attempts to obtain the complaint. 

Whether Trump decides to exert executive privilege before today's hearing remains to be seen.

Maguire denied the reports. “At no time have I considered resigning my position since assuming this role,” he said in a statement. “I have never quit anything in my life, and I am not going to start now. I am committed to leading the Intelligence Community to address the diverse and complex threats facing our nation.”

 Dominion Energy in Virginia. (Jahi Chikwendiu/The Washington Post)

PATCHED: America's electric grid faces significant cybersecurity risks from Russian and Chinese hackers among other adversaries, according to a new Government Accountability Office report. One culprit for that insecurity is the grid’s increased reliance on Internet-connected devices — which commonly suffer from serious vulnerabilities and have made it far easier for potential hackers to strike, the report says.
The GAO is recommending that the Energy Department develop a cybersecurity strategy to address potential risks to the grid, including from hackable IoT devices and from its reliance on GPS systems, which hackers could disrupt the grid with counterfeit signals. The report also recommends that the Federal Energy Regulatory Commission update its cybersecurity standards and investigate the potential risk of a coordinated cyberattack on the United States.

A man types on a computer. (Steve Marcus/Reuters)

PWNED: Security researchers found the personal data of nearly the entire population of Ecuador exposed online for the second time in little over a week, William Turton, Stephan Kueffner and Nour Al Ali at Bloomberg News report. This week researchers discovered an unsecured server in Germany containing the names, addresses, workplace, family members, phone numbers, vehicle information and emails of nearly 20 million Ecuadoran citizens.

While the data sets from the two compromises appear to be similar, there's no clear connection between them. The first data set belonged to the Ecuadoran company Novaestrat and was hosted in Miami; the new data was traced to a server owned by another Ecuadoran company, DataBook. By Wednesday morning, the website hosting the newly discovered data had been taken offline, Bloomberg reports. 

Government officials have asked prosecutors to investigate the potential data breach, Bloomberg reports. The country's Ministry of Telecommunications and Information Society is still investigating the earlier breach.

PUBLIC KEY

— Cybersecurity news from the public sector:

After months of pressure, Mitch McConnell agreed to spend $250 million for voting security in the 2020 elections. But experts estimate that adequate protection will require billions.
The New York Times

Major automakers are moving full steam ahead with their plans to put self-driving cars on the road, even as lawmakers and regulators in Washington fall behind on creating a cybersecurity framework for those vehicles.
The Hill

The Senate on Tuesday passed legislation intended to boost the federal government’s ability to respond to and assist agencies and private sector companies in the event of debilitating cyber incidents.
The Hill

Fake US veteran hiring website spreads remote access trojan (RAT).
ZDNet

PRIVATE KEY

— Cybersecurity news from the private sector:

A series of cyber attacks on Airbus in the past few months were conducted via the...
Reuters

The life of a trucker was once a solitary one, with an open road and little more than a radio to connect to the wider world. Now, vehicles are packed with technology, opening the door to hackers, experts warn.
Wall Street Journal

A new​ report claims mobile networks​ cannot afford to keep Huawei in its networks for security reasons, and the cost of replacement is almost 95% less than previously thought.
Forbes

Editors in Los Angeles reported being unable to reboot their computers on Monday evening, an issue that software maker Avid says it's looking into.
Vice

THE NEW WILD WEST

— Cybersecurity news from abroad:

Governments are using “cyber troops” to discredit political opponents, bury opposing views and interfere in foreign affairs, according to Oxford researchers.
New York Times

Leak spells out how social media app advances China’s foreign policy aims
The Guardian

ZERO DAYBOOK
— Today:

• Auburn University's Embassy of Estonia in partnership with the Embassy of Estonia and Center for Internet Security will host a forum on securing elections Thursday at 9:30 a.m. in Washington. 

— Coming up:

• The House Energy and Commerce Committee will host a hearing to discuss securing America's wireless future and the deployment of 5G communications on Friday at 9:30 am.
• The House Science Committee will host a hearing on "Online Imposters and Disinformation" Thursday at 2 p.m.
• The House Judiciary Committee will host a hearing on securing America's elections at 9 a.m. on Friday.

CHAT ROOM
Federal Trade Commission Chairman Joe Simons discusses SIM-swapping:

— Tom Graves (@RepTomGraves) September 25, 2019