Showing posts with label The Cybersecurity 202. Show all posts
Showing posts with label The Cybersecurity 202. Show all posts

Oct 7, 2020

Analysis | The Cybersecurity 202: Russia’s the top election threat but top Trump officials rarely say it.

Joseph Marks


The Kremlin’s “overarching objective is to undermine the U.S. electoral process and weaken the United States through discord, division, and distraction in hopes America becomes less able to challenge Russia’s strategic objectives,” the report states. 

That’s far starker language than the foreword by acting DHS secretary Chad Wolf, which draws no clear distinction between Russian efforts to influence the election and those of other adversaries. “While Russia has been a persistent threat by attempting to harm our democratic and election systems, it is clear China and Iran also pose threats in this space,” that section states. 

The divergence reflects a broad pattern by top Trump administration officials to play down Russian efforts to influence the election, as Shane Harris and Ellen Nakashima note. That’s a topic that particularly irks President Trump, who seems to view any talk about Russian election interference as questioning the legitimacy of his 2016 victory over Hillary Clinton. 

The report seems to be trying to appease Trump while also setting the record straight. 

On one hand, it suggests the department’s analysts haven’t succumbed to administration pressure to soft-pedal intelligence that might upset the president. 

“Given the politicization that has occurred on so many issues within the department, it’s encouraging that the homeland threat assessment takes a much more objective and nonpartisan perspective on cataloguing all these threats,” Javed Ali, a former DHS senior intelligence analyst who now teaches public policy at the University of Michigan, told Ellen and Shane.

Yet the foreword makes it tough to describe the report as apolitical

“It seems designed a bit to try to appease the president in case he sees the report,” said Elizabeth Neumann, former DHS assistant secretary for counterterrorism and threat prevention.

Trump administration officials have faced intense criticism for seeming to falsely equate election threats from Russia, China and Iran. 

Or at least for not highlighting Russia as the greatest threat.

Top Democrats, for example, criticized William Evanina, director of the National Counterintelligence and Security Center, this summer for a statement they said “treats three actors’ differing intent and capability as equal threats to our democratic elections.” An intelligence official responded that “each of these adversaries poses a threat to our election and it’s imperative that we all work together as a nation to combat them.”

Brian Murphy, former acting head of DHS’s Office of Intelligence and Analysis, accused Wolf in a whistleblower complaint last month of directing him to play down reports on Russian interference to avoid making “the president look bad.” Wolf rejected those charges in Senate testimony last month and denied he had sought to politicize intelligence or minimize the threat from Russia. 

In a message on election security yesterday, FBI Director Chris Wray pledged, “We’re not going to tolerate foreign interference in our elections or criminal activity that threatens the sanctity of your vote or undermines public confidence in the outcome of the election.” 

No specific adversaries were named in the address, in which Wray was joined by Evanina and top officials at DHS and U.S. Cyber Command. 

National Security Adviser Robert O’Brien said the United States will not tolerate any election interference and reiterated that he’d told his Russian counterpart, Nikolai Patrushev, to “stay out” of the November election.

“The Russians said that they had no plans to do anything of that nature,” O’Brien told reporters, the Associated Press reports.

Outside analysts have also called out the government for conflating threats from Russia and other U.S. adversaries. 

“Calling them all equal in the scale and scope of activity, the evidence just doesn't bear that out,” Graham Brookie, director of the Atlantic Council’s Digital Forensic Research Lab, which tracks disinformation, told me during a Post Live event. 

What we've seen is that the scale and scope of activity in this election from Russia is far greater than any other foreign adversary,” he said. 

Trump officials might even be peddling Russian disinformation in an effort to aid the president as the election nears. 

Within hours of the DHS report release, Director of National Intelligence John Ratcliffe declassified a Russian intelligence estimate obtained by U.S. spies that critics say they fear is intentional disinformation. 

The documents are aimed at supporting an assertion that Hillary Clinton actively tried to “stir up a scandal” in 2016 by tying the Trump campaign to Russia's hack of the Democratic National Committee. 

“Pro-Trump media outlets have suggested that this Russian intel assessment adds evidence to their claim that Moscow fed former British intelligence officer Christopher Steele disinformation, prompting the FBI investigation into Russia’s interference in the 2016 election,” Post Columnist Josh Rogin notes. “Pro-Trump lawmakers immediately celebrated the latest disclosures as a ‘smoking gun,’ pointing to Clinton’s supposed guilt and the FBI’s refusal to investigate the Russian information.” 

Trump applauded the release on Twitter, boasting that he “fully authorized the total Declassification of any & all documents pertaining to the single greatest political CRIME in American History, the Russia Hoax. Likewise, the Hillary Clinton Email Scandal. No redactions!”

The keys

National Security Agency Director Gen. Paul Nakasone is quarantining after potential exposure to the coronavirus.

Nakasone previously tested negative for the virus, but it's unclear when his last test was, Shannon Vavra at CyberScoop reports. Nakasone leads the country's main military hacking unit, raising concerns about the United States' ability to beat back Russia and other actors looking to influence the U.S. elections. 

The precautions come as a slew of White House officials, including Trump himself and senior adviser Stephen Miller have tested positive for the virus. The chairman of the Joint Chiefs and Staff and chiefs of the Army, Navy and Air Force are also quarantining after potential exposure to the virus.

“Cyber Command and NSA maintain strict safety protocols to achieve our missions and defend the nation, a National Security Agency representative told Shannon. Nakasone is also director of the NSA. 

More from Shannon:

Nakasone can work effectively from his home, a military official at Fort Meade, the facility that houses Cyber Command, told Shannon. 

Facebook will remove all QAnon-affiliated groups and pages. 

The ban is an escalation of the platform's previous decision to restrict content associated with the conspiracy theory that violates Facebook's policies against inciting violence and hate speech, Craig Timberg and Isaac Stanley-Becker report.

The ban will not touch on individual posts or pages.

QAnon followers support baseless accusations that Democratic officials and celebrities engage in crimes including eating children and that Trump is engaged in a secret battle with them. The conspiracy theory has been picked up by several Republicans running for Congress and has fueled coronavirus misinformation. 

Facebook launched a more limited sweep of 3,000 QAnon-related pages in August that violated its policies around violence and hate speech. But the content quickly resurfaced in new ways.

 “We aim to combat this more effectively with this update that strengthens and expands our enforcement against the conspiracy theory movement,” the company said in its blog post. 

The action drew some praise but also skepticism. 

“Ultimately the real test will be whether Facebook actually takes measures to enforce these new policies — we’ve seen in myriad other contexts, including with respect to right-wing militias … that Facebook has repeatedly failed to consistently enforce its existing policies,” said Sen. Mark R. Warner (D-Va.).

There’s no evidence of hacker activity in a web crash that took down Florida’s online voter registration system before a registration deadline.

Gov. Ron DeSantis (R) extended the registration deadline by one day following the crash after civil liberties groups threatened a lawsuit. 

“At this time, we have not identified any evidence of interference or malicious activity impacting the site. We will continue to monitor the situation and provide any additional information as it develops,” Florida Secretary of State Laurel Lee said in a statement. 

The crash is an early test case for how election officials will manage the onslaught of technical foul ups, mistakes and digital mischief that are sure to beset this election season in even in the best of circumstances.

A spokeswoman for DHS’s Cybersecurity and Infrastructure Security Agency said the site went down “due to a high volume of traffic” and that there’s "no indication of malicious activity causing the outage.”

“We will continue to monitor the situation and support Florida and other states in protecting the 2020 Election,” the spokeswoman said. 

Government scan

An IRS watchdog will investigate the agency's use of commercial location data to track Americans without a warrant.

The inspector general will investigate concerns from lawmakers including that using the database unlawfully allowed IRS criminal investigators to bypass getting a warrant for cellphone data, Joseph Cox at Motherboard reports

The IRS admitted to using the commercial database, which draws from ordinary cellphone apps such as games, after a Wall Street Journal article uncovered documents showing the agency had used it in criminal investigations. Sens. Elizabeth Warren (D-Mass) and Ron Wyden (D-Ore.) called for the agency watchdog to launch an investigation last month.

A federal judge will hold a hearing on the TikTok ban on Nov. 4.

The judge will decide at the hearing whether to block the next phase of a full ban of the app, which would go into effect Nov. 12, Reuters reports.

More cybersecurity news:

Chat Room

Trump resumed attacking the integrity of mail voting on Twitter just over a day after returning to the White House from Walter Reed Medical Center following his coronavirus diagnosis. 

Daybook

  • The Knight First Amendment Institute at Columbia University is hosting an online symposium on Data and Democracy on October 15 and 16.
  • New America will host an event "Will We Ever Vote on Our Phones" on Oct. 21 at noon.

Secure log off

Sep 23, 2020

Analysis | The Cybersecurity 202: This was the month cyberattacks turned fatal

Joseph Marks


It was the most concrete evidence to date of the real-world consequences of digital hacking. And it’s a scenario that’s likely to play out again and again as technology becomes more deeply entwined in people’s daily lives and security protections fail to keep up. 

This is something people have been warning about for a long time now and you’re going to see more and more of it,” Peter Singer, a senior fellow at the New America think tank who focuses on cybersecurity, told me. 

The case is especially noteworthy because after years of fears about potential life-threatening cyberattacks from Russia, Iran or North Korea that could resemble a “cyber 9/11” or “cyber Pearl Harbor,” the first attack directly linked to a death came from common criminals who may not even have known they were targeting a hospital. 

Indeed, the hackers who locked up the hospital’s IT systems seem to have been targeting Heinrich Heine University, which is affiliated with the hospital, rather than the hospital itself, according to a note the hackers sent demanding a ransom payment, the Associated Press reported

That scenario of a criminal hack accidentally cascading into a life-threatening situation is only going to become more common

“Human life is more tied up with cyberspace now than it was before because of this ongoing march of digitization and the interconnection of networks with all human activities,” Jon Bateman, a former Defense Intelligence Agency analyst and now a cybersecurity fellow for the Carnegie Endowment for International Peace, told me. “Hospital are more online than they were before, and that’s true of many industries. So it stands to reason that cyber incidents with life-and-death consequence will be happening more and more.” 

Just because this death was probably an accidental consequence of a cyberattack doesn’t mean future such deaths won’t be deliberate. 

That will become especially likely with the proliferation of a slew of things connected to the Internet and vulnerable to hacking such as medical devices, driverless cars and connected home features. 

“People may want to think of a world where someone is murdered in their smart home by a cybercriminal or where a city’s entire water system is sabotaged as science fiction. But the reality is it’s coming,” said Singer, who has written novels speculating about the dangers of cyberattacks, artificial intelligence and Internet-connected systems.  

It’s likely that other deaths have indirectly resulted from earlier cyberattacks — but this is the first time there was a direct link. 

A massive 2017 wave of ransomware attacks, known as WannaCry, for example, crippled parts of the United Kingdom’s National Health Service. But prosecutors and researchers there never tied the attacks to any particular patient’s death. U.S. officials blamed North Korea for the attacks, which affected more than 230,000 computers across 150 countries and cost billions of dollars. 

A surge in ransomware attacks in recent years has also dramatically increased the likelihood of such deaths.  

Ransomware is specifically designed to make computers stop operating, making those attacks far more disruptive than hacks aimed simply at stealing victims’ money or personal information. 

Such attacks have been increasing exponentially since about 2015, and the growth seems to have spiked further during the pandemic. A report from the cybersecurity company Bitdefender this month tallied a 700 percent increase in ransomware attacks this year over last year. 

Ransomware hackers also frequently target industries that perform vital functions, such as hospitals, schools and city governments

Yet it’s not clear whether U.S. law enforcement is on the lookout for similar cyber-enabled killings in the United States.

Or if authorities will be prepared to investigate and prosecute them.

“I’d hope the U.S. would take this as a precedent. But we’ve been through so many times where we’ve gone over some line or other and we just say, ‘Oh, my God, why isn’t anyone doing anything about this?’ ” Columbia University senior research scholar Jason Healey told me. 

Healey, a former government cybersecurity official, warned on Twitter in March that ransomware attacks against hospitals were likely to turn deadly during the coronavirus pandemic. 

In a Council on Foreign Relations blog post with Columbia graduate student Virpratap Vikram Singh, he urged U.S. officials and officials from foreign governments to preemptively declare such attacks would be “prosecuted to the maximum extent of the law, not just as computer crimes but reckless endangerment and even manslaughter or murder.”

Such declarations may have limited impact, however, against ransomware hacking gangs that are often spread across different nations and have shown little concern for the damage they cause. 

Indeed, a group of ransomware hackers pledged to steer clear of hospitals during the early days of the pandemic, but there’s little evidence they followed through. 

And victims aren’t doing as much as they should to defend themselves. 

The hospital in Germany, for example, was compromised because the hackers were able to exploit a well-known computer bug that Germany's cybersecurity agency warned hospitals to protect against more than six months ago. Most ransomware attacks against U.S. hospitals have similarly exploited bugs that were well known and warned about. 

In the wake of the homicide investigation being opened, Germany's top cybersecurity officer, Arne Schoenbohm said, “I can only urge you not to ignore or postpone such warnings but to take appropriate action immediately. This incident shows once again how seriously this danger must be taken.” 

The keys

Facebook announced its first takedown of Chinese accounts targeting the 2020 election.

The 10 accounts and five pages the company removed promoted and criticized both President Trump and Democratic presidential nominee Joe Biden, Craig Timberg reports. Other accounts supported former Democratic presidential candidate Pete Buttigieg. 

It's unclear if the accounts had any affiliation with the Chinese government, Facebook says. The inauthentic groups had fewer than 2,000 members in total. One pro-Trump group had only three members.

Overall from China, Facebook removed 155 accounts, 11 pages, and nine groups from its main platform. It also removed six accounts from Instagram. The operation largely focused on influencing audiences in Taiwan and the Philippines on Chinese policy concerns such as the U.S. presence in the South China Sea. 

“The U.S.-focused content was the least and last part of the operation,” said Ben Nimmo, head of investigations for Graphika. “Most of the U.S.-focused assets were taken down when they were a few months old, so they didn’t have time to build a substantial audience.”

The takedowns were announced the same day the FBI and the Department of Homeland Security's cybersecurity division issued a warning that foreign actors are seeking to spread disinformation regarding 2020 election results. Here's more DHS's top cybersecurity official Chris Krebs:

Lack of leadership at the White House is putting U.S. cyber defenses at risk, a government watchdog says. 

The Government Accountability Office report slams the Trump administration for not fully implementing its cybersecurity strategy and warns it's unclear who in the executive branch is responsible for managing cybersecurity after the White House eliminated a cybersecurity czar role in 2018.

“Without a clearly defined central leader to coordinate activities … [the] White House cannot ensure that entities are effectively executing their assigned activities intended to support the nation’s cybersecurity strategy and, ultimately, overcome this urgent challenge,” the report says.

The report recommends Congress consider legislation to reinstate the White House cybersecurity coordinator role. A congressionally led panel called the Cyberspace Solarium Commission made a similar recommendation in its report earlier this year.

“Today’s GAO report is further confirmation of the Solarium Commission’s conclusion that strong, central leadership is needed to address increasing cyber threats,” the commission's co-chairs, Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.), and two commissioners, Sen. Ben Sasse (R-Neb.) and Rep. Jim Langevin (D-R.I.), said in a statement following the GAO report.

The CIA is limiting Russian intelligence that reaches the White House.

The shift was confirmed by nine current and former agency officials, Politico’s Natasha Bertrand and Daniel Lippman report. It comes after Trump has repeatedly expressed doubt about Russian interference in the 2016 election and is stoking fears among critics that intelligence is being suppressed to please the president, they report. 

CIA Director Gina Haspel has also tasked General Counsel Courtney Elwood with reviewing virtually all intelligence from the agency’s Russia division before it goes to the White House, Politico reports. 

“Four of the [sources] said the change has resulted in less intelligence on Russia making its way to the White House, but the exact reason for that — whether Elwood has been blocking it, or whether Russia officers have become disillusioned and are producing less, or even self-censoring for fear of being reprimanded — is less clear,” Politico reports. 

Policing the dark Web

International law enforcement made 179 arrests in a massive crackdown on opioid traffickers on the dark web. 

Those arrested allegedly engaged in tens of thousands of sales of illicit goods across the United States and Europe, the Justice Department said. Authorities seized over $6.5 million in cash and virtual currencies and about 500 kilograms of drugs, making it one of the biggest dark net busts to date. 

Of the 179 arrests made in “Operation DisrupTor,” 121 were in the United States. The dark Web is a network of secret Internet sites uses for illicit purposes that are hidden from public view.

“Operation DisrupTor demonstrates the ability of DEA and our partners to outpace these digital criminals in this ever-changing domain, by implementing innovative ways to identify traffickers attempting to operate anonymously and disrupt these criminal enterprises,” acting Drug Enforcement Administration administrator Timothy J. Shea said. 

The operation also involved the FBI, Immigration and Customs Enforcement and the U.S. Postal Inspection Service.

Chat room

The Justice Department boasted the dark web takedowns were the biggest in history. But new markets are likely to spring up quickly. MIT Technology Review's Patrick Howell O'Neill:

Forbes's Thomas Brewster:

Some crazy details from Wired's Brian Barrett:

Securing the ballot

Pennsylvania Republicans are asking the Supreme Court to block mail ballots received after Election Day.

They're asking the court to delay implementing a recent state court ruling that upheld an effort by Democrats to allow ballots to be returned up to three days after Election Day, Amy Gardner reports. They argue the decision would allow votes to be cast after Election Day.

More election news:

Government scan

The Department of Housing and Urban Development is putting the data of tens of millions of Americans at risk.

HUD failed to report all its external vendors that are receiving sensitive information and how they're securing it, a new GAO report says. The agency's privacy gaps could expose the personal information of tens of millions of Americans, including their Social Security numbers.

HUD said in a letter in response to the agency that it is “taking actions to correct the noted deficiencies in the draft report” but did not elaborate on which of the GAO's recommendations it was adopting, if any.

More government news:

Bookmark this

Daybook

  • The Senate Commerce Committee will hold a hearing, “Revisiting the Need for Federal Data Privacy Legislation,” today at 10 a.m.
  • The Senate Homeland Security Committee will hold a hearing on the nomination of Chad Wolf to be the next homeland security secretary today at 10 a.m.
  • The Senate Homeland Security Committee will hold a hearing on threats to the homeland with FBI Director Christopher A. Wray as a witness at 10 a.m. Thursday.
  • New America’s Open Technology Institute will hold a virtual panel exploring how Internet platforms are addressing the spread of election-related misinformation on Oct. 1 at 1:30 p.m.

Secure log off

It's still not too late!

Sep 8, 2020

Analysis | The Cybersecurity 202: Internet domain names are ripe for scam during coronavirus crisis


Tonya Riley


Researchers at the Internet safety nonprofit say that between May and July, they were easily able to purchase coronavirus-related domains such as Getcoronavirusvaccines.com, freecoronavaccine.net and Bleachcoronaviruscure.com. from registrars including GoDaddy, Domain.com and Google Domains. There is no available government-approved vaccine for the coronavirus. 
When asked about the Digital Citizens findings and about a number of suspensions of fraudulent coronavirus domains, GoDaddy referred The Washington Post to a blog post from March.
Google prohibits using domains for illegal or unlawful purposes, Google spokesperson Alex Krasov said. 
We regularly scan registrations using account signals and review all reports of possible abuse, Krasov said. If we find that a domain name registered through Google Domains violates our Terms of Service, we may suspend, cancel or terminate the domain and associated account.
Digital Citizens researchers also were able to purchase domains that could be used for scams from resellers who make a profit by acquiring already-registered domain names.
In one instance, an agent for the site DomainAgents offered to broker the sale of the domain name coronavaccine.com to Digital Citizens researchers even after the researchers made it clear they wanted the domain to sell a non-existent cure.
We represent neither the buyer or the seller and it is unusual for a buyer to share their intended use of a domain, DomainAgents chief executive Ryan McKegney wrote in an email to The Post. McKegney said the company forbids the use of its service to obtain domains for illegal uses like fraud.
Covid hadnt been on our list of exclusions, but with the amount of misinformation that is floating around, the point is taken and we will train our Customer Service Representatives to watch for it and exclude the purchase of covid-related terms going forward.

Domains found by Digital Citizens researchers are just a fraction of those registered since the start of the pandemic that are ripe for scam.

Researchers at  Check Point found that since the beginning of the year, at least 114,219 new virus-themed domains have been registered, over half of which were registered by GoDaddy. While not all the domain names are fraudulent, Check Point researchers noted in March coronavirus-related domains were 50 percent more likely to be malicious than other domains registered in that time.
“Domain name registrars should not allow cybercriminals and online scammers to register provocative domain names used to lure people to their sites, Sen. Mazie Hirono (D-Hawaii) said in response to the Digital Citizens report. Too many of these companies put their heads in the sand while criminals use their services to prey on the public, even when criminal intent is clear in the domain name itself. Domain name registrars need to take responsibility and stop enabling scams perpetrated on the public.”
Online coronavirus-themed scams have exploded since the start of the pandemic. The Federal Trade Commission has received more than 170,000 consumer complaints about coronavirus-related fraud, for everything from miracle cures to fake masks to false coronavirus relief checks. Coronavirus scams have stolen more than $114 million from consumers, the FTC reports. 
The Justice Department has sought court orders to shut down more than 300 fraudulent websites designed to sell health and safety items related to the coronavirus.
In addition to setting up domains, scammers have utilized popular social media sites including Facebook, Google and Twitter to spread medical misinformation and to sell bogus cures and masks. And despite tech giants taking an aggressive approach to the content, misinformation and scams continue to slip through.
Unlike social media companies, domain registrars have largely declined to take proactive steps to prevent potentially problematic domains from going up. 
A group of senators led by Hirono wrote a letter to eight domain registrars in April asking them to act more quickly to cancel or suspend domains hosting scams or misinformation. In response to the letter, GoDaddy argued “at a time that a domain is registered we do not know if it will be used for nefarious purposes or legitimate ends.”
Instead, the company relies on a human review process of reported abuse complaints to ensure “the public is protected while not interfering with free expression.” GoDaddy told Hironos office that as of April, it had suspended 151 coronavirus-related domains and touted its increased resources dedicated to coronavirus fraud reports and cooperation with law enforcement.
Other companies echoed GoDaddys defense they couldnt know what kind of content buyers would host. Several companies told Hirono they were unable to answer the letters question about many coronavirus-related domains they hosted. 
The Digital Citizens report, which also looked at the ease of buying domains associated with sexual abuse and dangerous drugs, concludes the issues accompanying domain registrars policies go well beyond the coronavirus crisis.
Its this idea that theyre helping on something that probably shouldnt be there in the first place or many people would say shouldnt be there in the first place, said Tom Galvin, executive director of the Digital Citizens Alliance. He pointed out Digital Citizens was able to purchase date-rape-drug.com from Namecheap. I think this is a red flag. 
Digital Citizens Alliance, which has conducted previous investigations into the unauthorized sales of opioids and steroids online, receives funding from telecommunications, pharmaceutical and tech organizations, as well as some members of the Motion Picture Association of America.

Consumer advocates are asking domain registrars to do more.

The National Association of Boards of Pharmacy, which has raised concerns about how fake online pharmacies have capitalized on the pandemic, say that domain registrars could work with organizations like theirs to verify online pharmacies before they give them domain names. 
Of the eight domain registrars Hirono wrote to, only Donuts Inc., which owns Name.com, said in its response that it works with a trusted notifier to verify registrations for pharmaceutical sales.

Legal action can also put pressure on domains.

For instance, in March a federal judge ordered Namecheap, one of the registrars reviewed by Digital Citizens Alliance, to take down a domain it registered accused of stealing credit card information for fake vaccine kits. Namecheap now requires interaction with a support agent to register a related domain instead of permitting buyers to automatically register them.
Some upstanding registrars refuse to do business with illegal online drug sellers, said Lemrey Carter, executive director of the  National Association of Boards of Pharmacy. Unfortunately, many other registrars believe they are under no responsibility to take action without a court order, which is often difficult or impossible to obtain due to the international nature of the Internet. 
Congress could also step in to pass legislation that requires registrars to lock and suspend domain names registrars know are being used illegally. Lawmakers could amend current law giving registrars protection from liability for content posted on their domains, Carter said.
Digital Citizens advocates for registrars to work with trusted notifiers such as the Food and Drug Administration. But Galvin said before regulators step in, registrars could use a combination of technology to flag potentially malicious terms and require a manual review process for domains before selling them.
Theres an opportunity here for the domain industry to raise the bar itself, said Galvin. “In the last 10 years, weve seen the Internet take a darker turn. Whether its manipulation or exploitation, disinformation, this is something we need leadership on more broadly.”

The keys



China launched its own global data-security initiative to counter a U.S. push against Chinese tech. 

The new rules increase tensions with Washington over technological competition amid U.S. allegations Chinese technologies pose a national security threat, Chun Han Wong at the Wall Street Journal reports.  
The initiative calls on partnering nations to maintain an open and secure supply chain, and respect other countries cyber sovereignty."
It also urges members to oppose “mass surveillance against other states” and calls on tech companies not to install “back doors in their products and services to illegally obtain users’ data. The U.S. government has accused Beijing of both practices, placing restrictions on companies including Huawei as a result.
The United States last month launched its “Clean Network” program, an initiative to develop digital standards to safeguard U.S. citizens data from foreign threats including the Chinese Communist Party. More than 30 countries are participating in the program. 
“Bent on unilateral acts, a certain country keeps making groundless accusations against others in the name of ‘clean’ network and used security as a pretext to prey on enterprises of other countries who have a competitive edge,” Chinese Foreign Minister Wang Yi said in announcing that country's initiative “Such blatant acts of bullying must be opposed and rejected.”

The U.S. extradition trial of WikiLeaks founder Julian Assange resumed in London.

The trial, which will decide whether Assange will be extradited from the United States to Britain, had been on pause during the coronavirus crisis, William Booth reports.
Assanges lawyers asked for a four-month delay, arguing the prosecutions updated indictment in June included new information that required more time for discovery.
The judge denied the request.
Cybersecurity advocates, however, worry that stretches the interpretation of the law too much and could set a dangerous precedent. 
Assanges lawyers call the charges purely political offenses.
Only one witness was called Monday, Mark Feldstein, a former investigative reporter and now a University of Maryland journalism professor. However, his testimony was largely derailed by technical issues. The hearings will resume Thursday.

China is slamming the U.S. government for potentially restricting exports to its biggest chipmaker.

The addition of chipmaker SMIC to the Commerce Department restriction list over national security concerns would block U.S. companies from selling SMIC technology without a license, Jeanne Whalen reports.  
Its the same list that Commerce added Huawei to last year in light of concerns that it could provide a back door to Chinese espionage.
The act would be blatant hegemony, Zhao Lijan, a spokesman for the Chinese Foreign Ministry, told reporters Monday, CNBC reports
“What the U.S. has been doing uncovers the fig leaf of market economy and fair competition, which the U.S. has long been touting,” he said. “This not only breaks international trade rules, global industry chain, supply chain and value chain, but also spoils national interests and image of the U.S. itself.” 
SMICs stock plunged over 23 percent when markets opening on Monday after the news.

Hill happenings



The House Oversight Committee will investigate Postmaster General Louis DeJoy.

House Democrats also called for his immediate suspension, Amy Gardner reports.
The investigation follows a Washington Post report in which former employees of DeJoy's logistics company accused DeJoy of pressuring them into making political contributions that would be reimbursed in the form of bonuses later. Such a scheme would have been illegal.
Rep. Carolyn B. Maloney (D-N.Y.) said in a statement the Oversight panel, which she chairs, would begin an investigation, adding that DeJoy may have lied to her committee under oath.
Maloney also urged the Board of Governors of the U.S. Postal Service to immediately suspend DeJoy, whom “they never should have hired in the first place,” she said.
DeJoy, a prolific GOP fundraiser, has come under significant scrutiny and accusations of political bias for his postal operations changes that have delayed deliveries and could interfere with the election.
The Post’s findings also prompted calls for an independent investigation from other Democrats, including the Democratic Attorneys General Association. Rep. Adam B. Schiff (D-Calif.). Senate Minority Leader Charles E. Schumer (D-N.Y.) urged the North Carolina attorney general to launch a criminal investigation.

Industry report



Verizon signed a $6.65 billion contract for Samsung to provide network equipment for 5G.

The Verizon deal could help bolster Samsung’s credibility, as many carriers seek an alternative to Chinese-owned equipment in light of U.S. restrictions, the Wall Street Journal reports.

Daybook


  • The House Oversight and Reform Committee will hold a hearing on “Ensuring a Free, Fair, and Safe Election During the Coronavirus Pandemic” at 1 p.m. tomorrow.
  • The House Oversight and Reform Committee will hold a hearing on “Providing the Census Bureau with the Time to Produce a Complete and Accurate Census” on Thursday at 11 a.m.
  • The Senate Judiciary Committee will hold a hearing to examine threats to U.S. intellectual property, focusing on cyberattacks and counterfeits during the coronavirus pandemic on Sept. 23 at 2:30 p.m.

Secure log off


Aug 13, 2020

Analysis | The Cybersecurity 202: The TikTok ban is just a proxy battle in the U.S.-China tech war


Joseph Marks


This administration appears to be moving toward forcing a rupture between the U.S. and China, at least in the tech space," Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies and a former official at the State and Commerce departments, told me.
The conflict has been bubbling for years as U.S. national security officials increasingly worried that Chinese tech firms simply can’t be trusted not to steal trade secrets and intellectual property from U.S. companies and personal information from American citizens under orders from the Chinese Communist Party. The rupture, Lewis said, is “unavoidable….given the scale of Chinese espionage.”
Officials also warn that the open doors the United States offers to Chinese companies haven’t been reciprocated in China, where U.S. tech firms are often shut out — especially if they won’t abide by Beijing’s requirements to share their source code or censor Web content. With the relationship between Washington and Beijing even more deeply damaged due to China’s early handling of the coronavirus pandemic, the Trump administration seems poised to escalate.
One potential outcome if the split continues: A world in which Chinese technology reigns in Asian and African nations that have strong ties to Beijing but is largely blocked in the West. 
“This is a conflict of two different visions of the world,” Jeff Moss, founder of the Black Hat and Def Con cybersecurity conferences told me on an episode of C-SPAN’s “Communicators” show that will air next week.
“There’s going to be ultimately, I believe, two spheres,” Moss said, “the rule of law, data protection Internet world and the ‘We don’t know why we were taken [offline], these are the banned words, don’t use them’ online world.”

TikTok is the lone major social media company owned outside the U.S. – and in a non-democracy to boot.

TikTok denies sharing any customer data with Beijing and has said its data and security practices are in line with other social media companies, but experts say it likely would be under scrutiny regardless. “If Russia had a big popular app that happened to be used in America we’d be having a similar discussion,” Robert Chesney, a former Justice Department official and University of Texas law professor, told me.
A change in administration won't necessarily change the track. Former vice president Joe Biden, the presumptive Democratic presidential nominee, has been highly critical of China as have Democratic leaders including Senate Minority Leader Charles Schumer (D-N.Y.).
By then, the TikTok ban, which Trump instituted by executive order, will have either taken effect or been challenged in court. That’s unless TikTok’s Chinese owner ByteDance manages to sell the app to a U.S. firm by Sept. 20. Microsoft is the leading contender.
The ban would also apply to the social app WeChat, which is widely used in China and by Chinese Americans to keep in contact with relatives back home.
Although there’s no smoking-gun evidence that the Chinese government has used TikTok to spy on Americans, there is substantial evidence that WeChat helps conduct surveillance on users outside China’s borders, according to research by the University of Toronto Group Citizen Lab. But WeChat is also so integral to Chinese communications that there’s no real option to keep it alive in the United States by selling some portion of it to a U.S. company.

There's a tit-for-tat element too because Facebook, Twitter and Google are all unavailable in China. 

“Yes, America’s taking action against TikTok, but this has never really been a level playing field in terms of access for one another’s companies,” Chesney told me.

Huawei is another prime battle in the U.S.-China tech war. 

In that case, U.S. officials launched a global pressure campaign urging allies to ban Huawei from their 5G networks after they essentially realized too late that the Chinese telecommunications company had a leg up on its European competitors to build next-generation 5G wireless networks that would span the globe.
They feared that would effectively allow Beijing to vacuum up troves of information to give Chinese companies a competitive advantage, slow down U.S. communications during vital moments or even sabotage Internet-dependent technology such as medical devices or connected cars. Huawei has steadfastly denied that it would aid Chinese spying.
TikTok doesn’t have near Huawei’s power. But it creates concerns of its own, especially as China, Iran and other nations are increasingly following Russia’s lead in using phony accounts on social media to surreptitiously promote their vision of the world and stoke conflict in the United States.
“The power of social media to shape the perspectives of the country and the idea that power is in the hands of a company beholden to the Chinese Communist Party gave everyone pause,” Stewart Baker, a former general counsel at the National Security Agency and top policy official at the Department of Homeland Security, told me. “TikTok became a trial case for how we feel about China succeeding in our social media environment, and nobody was comfortable with that.”

Apps probably are just the beginning. 

Secretary of State Mike Pompeo released a plan this month dubbed the “Clean Network” that lists five main areas where the administration wants to block out any connection to China. In addition to telecommunications networks and mobile apps, the list includes computer cloud services, and undersea cables that carry Web data between nations.
The plan also urges U.S. companies to remove their apps from Chinese app stores.
“Building a clean fortress around our citizens’ data will ensure all of our nations’ security,” the plan states.

Some experts say the bans would be counterproductive to U.S. technology goals. 

Josephine Wolff, an assistant professor of cybersecurity policy at Tufts University, called the TikTok and WeChat bans “deeply misguided and unproductive” in a New York Times op ed. The United States could protect its data much better by improving cybersecurity protections of U.S. companies than by banning Chinese ones, she argued.
Indeed, Chinese hackers have been accused of stealing reams of sensitive data, including from U.S. government agencies, without the help of companies, she notes.
The president’s executive orders are not about cybersecurity — they are a retaliatory jab in the ongoing tensions between China and the United States,” Wolff writes. “In fact, the ban’s greatest impact will probably not be on the bottom lines of TikTok and WeChat’s parent companies, but instead on promoting a fundamentally Chinese view of internet security.”
Times Wang, a human rights litigator, and Yang Jianli, a former Chinese political prisoner argued in a separate Times op ed that the WeChat ban will make it harder to get out information about Chinese government misdeeds and “threatens to bring the United States down to China’s level when it comes to free expression.”

Even some proponents of breaking ties with China warn there will be negative consequences. 

To begin with, China probably will strike back by punishing U.S. companies. In the longer term, U.S. and Chinese tech firms are less likely to have to adapt if they don’t face competition from one another, which could make the global technology sector less vibrant and innovative.
“China’s doing some remarkable research and development that’s similar to what Silicon Valley is doing and we’ll lose touch with that. Both sides are likely to be slower and less effective in their R&D,” Baker said.
And innovation may be harmed generally because the markets where any company can sell its products will be smaller.
But those consequences may be unavoidable if the United States wants to ensure that technology within the Western world remains as free as possible of Chinese influence.
“The fact that China loses doesn’t mean that America wins,” Lewis said. “A world where no one wins is the most likely outcome.”

The keys



Social media companies are touting their efforts to address voting misinformation ahead of the conventions.

Twitter will broaden its policies to limit misleading statements about voting by mail. So far the platform has cracked down on a case by case basis, leaving some misleading Trump tweets slammed by voting rights advocates untouched. An expansion of the policy could have big implications for Trump's tweets and his relationship with Silicon Valley.
Here's what other platforms have planned:
  • Facebook said it would start labeling posts about voting from any user with a link to its new voting information center. The center is designed to correct misinformation about voting and post relevant announcements about mail-in ballots, registration deadlines and other election issues. 
  • Google launched two search features that will allow voters to find information about how to register and vote based on their search location. 
  • YouTube will begin surfacing information panels when users search for 2020 congressional or presidential candidates. It will also provide fact-check panels on other election-related searches.

A Twitter user posed as a WHO official to spread racist lies about the United States' coronavirus testing.

The verified account, which posed as Dr. Jaouad Mahjour, assistant director-general of the World Health Organization, claimed the Trump administration wanted to test a vaccine on Black Americans without their consent. Twitter has since removed the account, Shannon Vavra at CyberScoop reports.
The disinformation scheme, first reported by the Daily Beast, also included tweets that implied the United States had lobbied the WHO to try vaccines on immigrants and prisoners.
The activity resembles the work of a network of Iranian disinformation actors who have previously posed as legitimate news outlets and public figures to spread fake news. The Defense Department has accused Iran as well as Russia and China of spreading coronavirus misinformation.

Israel says it stopped a cyberattack on its defense industry by hackers with ties to North Korea. 

The hackers posed as employers offering defense workers jobs, Rami Ayyub at Reuters reports. The group used LinkedIn to try to gather sensitive information from the defense workers that they later used to launch hacks against their companies’ websites. 
Israel’s Defense Ministry did not name the firms or when the incidents took place but said the attacks were stopped before they could disrupt networks. The ministry also did not name the foreign country backing the hacking group, known as Lazarus. But U.S. officials have tied the group to North Korea's intelligence bureau.

Securing the ballot



Facebook, Google, Twitter and Microsoft will partner with the government  to combat election interference. 

Other members of the group include Pinterest, Reddit, LinkedIn and the Wikimedia Foundation, Mike Isaac and Kate Conger at the New York Times report. Informal discussions between major tech companies and government agencies have been going on since U.S. intelligence reports revealed online interference played a part in the 2016 election. But this is the first time the tech industry has created a formal working group on the issue.
Government participants include the FBI, DHS and the Office of the Director of National Intelligence.
“We discussed preparations for the upcoming conventions and scenario planning related to election results,” the coalition's spokesman said of the first formal meeting. “We will continue to stay vigilant on these issues and meet regularly ahead of the November election.”
More election news:

Cyber insecurity



Hackers could have used vulnerabilities in Alexa to access private user data.

The vulnerability could have allowed hackers to swap out legitimate Alexa apps for malicious ones and to steal personal information such as users’ phone numbers and addresses and some information shared with their banks, researchers at Check Point found.
Amazon fixed the issues in June after researchers flagged them. (Amazon CEO Jeff Bezos owns The Washington Post.)

A leading institute for cybersecurity professionals was hacked. 

The breach compromised 28,000 records that included personal information such as addresses, Sean Lyngaas at CyberScoop reports. The hackers got in with a phishing email. SANS stopped the breach on Aug. 6.
The institute is still investigating the scope of the breach and who might be behind it. SANS works with more than 165,000 cybersecurity professionals around the world, making it one of the largest such organizations.
More news about hacks and bugs:

Chat room


Motherboard reporter Joseph Cox has a play-by-play behind his latest story on Russian SIM cards that can make a phone seem like it's calling from any location:

Daybook


  • The Democratic National Convention will take place Monday through Thursday.
You can suggest events for the Daybook by emailing tonya.riley@washpost.com.

Secure log off


Some comedy history behind the Democratic VP pick:

Jul 30, 2020

Analysis | The Cybersecurity 202: Klobuchar is bullish Congress will deliver more election money for states


Joseph Marks


with Tonya Riley

Sen. Amy Klobuchar (D-Minn.) is confident Congress will deliver another surge of funding to help states run safe and secure elections in November despite opposition from many Republicans and a barrage of attacks on mail voting by President Trump.
The main driver, she says, will be state and local election officials of both parties convincing lawmakers and the public the money is necessary to manage massive increases in voting by mail and to buy protective equipment and other resources to ensure in-person voting doesn’t become a hotbed for spreading the coronavirus.  
No matter what party anyone belongs to, they understand we’re going to have a cataclysmic change in how people are going to vote this fall,” Klobuchar told me. “There are states that are changing from 3 percent to up to 60 percent vote by mail…People have figured that out.”
The last chance for any significant election funding boost before November’s contest is approaching quickly: a massive coronavirus relief measure that lawmakers are struggling to pass before millions of Americans are hit with a drop in unemployment benefits.
Republicans didn’t include any money for elections in their $1 trillion first draft of that bill. But Democrats are pushing hard to add funding in a compromise measure. And Sen. Roy Blunt (R-Mo.), chairman of the Senate Rules Committee, which oversees election issues, has acknowledged states may need more help for elections. Klobuchar is the top Democrat on that committee and has been working with Blunt on funding plans.
If the money doesn’t come through, Klobuchar said, she fears the sort of Election Day breakdowns that took place during primaries in Wisconsin, Georgia and the District of Columbia, where voters didn't receive mail ballots they requested, were stuck in long in-person voting lines and even risked contracting the coronavirus.
In Wisconsin, 71 people who voted in person on primary day or worked at polling places later tested positive for the virus, the state’s health department said.
My concern is that we’re going to have Wisconsin on steroids,” Klobuchar told me. “You’ll have so many more people voting than you did in the primaries…[and] you’re going to have people that get sick from voting.”

Klobuchar has led Senate Democrats in pushing for another $3.6 billion to protect elections during the pandemic. 

She declined to say how much election money she believes will emerge from negotiations but it’s unlikely to be nearly that high.
Republicans have repeatedly balked at Democratic efforts to increase federal spending to protect elections against digital threats from Russia and China and more recently to ensure safe voting during the pandemic. And during two other rounds of negotiations over cybersecurity money in the past two years, Republicans have always agreed to more funding at the last minute. In total they've delivered about $1.2 billion for election security and safety, including $400 million in the first coronavirus relief bill in March.
It's also unlikely the latest measure will include mandates that are in a Senate bill Klobuchar sponsored and a House-passed coronavirus relief bill that states must offer mail voting to all residents in future elections and provide early voting days.

Whatever money does reach states can be extremely useful before November, she said.

Mail voting is expected to rise significantly across the country, especially in about half of states that allow all residents to vote by mail without an excuse and about a dozen more that are allowing no-excuse mail voting during the pandemic.
Time’s running short for some of those states to buy some specialty equipment such as high-speed scanners and drop-off boxes for mail votes, according to a timeline prepared by the Election Reform Program at New York University's Brennan Center for Justice.
But there’s still plenty of time for election officials to buy vital materials that are in much broader supply, she said. And the money could help reimburse states that have drained their limited funds preparing for the pandemic and are now short in other areas.
“There are a lot of things that are pretty fundamental,” she said. “You can buy stamps in three months. You can buy envelopes. You can buy training for poll workers. You can buy [personal protective equipment] for poll workers.”

Klobuchar also thinks Trump’s persistent attacks on voting by mail are likely to backfire. 

The president has claimed without evidence that voting by mail will lead to widespread fraud, despite having voted by mail himself this year.
But that message is unlikely to resonate with the presidents’ opponents who are likely to take advantage of mail voting in record numbers, Klobuchar said.
“They won’t have an effect on Democrats and independent voters,” she said. “I suppose he might scare some of his own base from wanting to vote by mail. I don’t understand what he’s doing. Nor do [many] Republicans.”
In fact, a Washington Post analysis found possible voter fraud cases in states that vote primarily by mail accounted for just 0.0025 percent of ballots in 2016 and 2018  — or about one out of every 39,000. And primary turnout suggests Trump’s attacks on mail voting may already be dissuading Republicans from using the system.
Trump expanded his attacks yesterday, seemingly pointing to a New York primary contest that has been riddled with problems and delays to argue mail voting will cause confusion and chaos.  Voters returned about 403,000 mail ballots in that race compared with 23,000 in the 2016 primary and officials have struggled to process them.
Klobuchar, meanwhile, pointed to the same primary as evidence that states need more money to properly handle mail in ballots. New York has historically had a very low percentage of people voting by mail and lacks much of the infrastructure that helps mail voting go smoothly in states where it’s more common.
“We have the facts on our side,” she said.

The keys



A national security review of TikTok will land on Trump’s desk this week. 

The inquiry focuses on whether Byte Dance,  the Chinese company that owns TikTok, might use it to aid Bejing's spying or to spread Chinese propaganda, Katy Stech Ferek at the Wall Street Journal reports.  Sen. Marco Rubio (R-Fla.) requested the review in October. The president recently threatened to ban TikTok over similar concerns.
TikTok is trying to allay concerns by opening up its computer code for U.S. regulators and privacy experts to probe for anything improper, Tony Romm reports.

All House members can view classified intelligence warnings about "disinformation" targeting the 2020 election. 

The House Intelligence Committee voted to share the classified information with the entire chamber after first pushing for an FBI briefing for all members, Jeremy Herb, Zachary Cohen and Manu Raju at CNN report. Committee Chairman Adam B. Schiff  (D-Calif.) has also pushed for the intelligence community to share more information about election threats with the American public. “We must not have another presidential election marred by foreign interference when there was more we could do to prevent it, deter it and expose it to the American people,” he said.
The classified information may involve a congressional investigation into presumptive Democratic presidential nominee Joe Biden’s family involvement in Ukraine led by Sen. Ron Johnson (R-Wis.). Biden's campaign slammed Johnson last week for not addressing concerns he was being used in a foreign disinformation campaign. Johnson has said the investigation is proper and Democrats' concerns are misguided.

Zuckerberg said China has "absolutely" stolen technology from U.S. companies. Apple’s Tim Cook punted. 

The Facebook CEO was the only tech executive testifying before a House antitrust panel to give an unequivocal answer when Rep. Greg Steube (R-Fla.) asked if the CEOs believe the Chinese government steals technology from U.S. companies,
“Congressman, I think it's well documented that the Chinese government steals technology from American companies,” Zuckerberg responded.
The answer was consistent with Facebook's strategy to position itself as a U.S. alternative to Chinese technology at the hearing. The U.S. Trade Representative’s office has estimated that U.S. firms lose at least $200 billion annually to Chinese hackers.
Apple's Tim Cook was more evasive. He simply said Apple had not experienced any theft from China. A large portion of Apple’s hardware is manufactured in China. Google's Sundar Pichai also said his company had not experienced any theft from China but later corrected the record to note a 2009 cyberattack by Chinese actors aimed at stealing intellectual property and spying on accounts of Chinese dissidents.
Amazon's Jeff Bezos said that he had read reports of the behavior but was not aware of any cases involving Amazon. (Bezos owns The Washington Post.)

Cyber in-security



Hackers manipulated real news sites to plant anti-NATO propaganda.

In addition to hacking into vulnerable news sites, the group used spoofed emails to pose as journalists or local officials, researchers at the cybersecurity firm FireEye report. FireEye doesn't directly say who is behind the propaganda effort, but it says the “Ghostwriter” campaign  is pushing narratives aligned with Russian interests and appears to be tied to a broader effort to sow anti-Western sentiment in Eastern Europe.
“These stories are designed to undermine the alliance’s forward-deployed troops, portraying them as thieves and anti-Semites who hit kids with their vehicles and have carried covid-19 into the country,” John Hultquist, senior director of analysis at FireEye's Mandiant threat intelligence division, said in a statement.
“The method of hacking media sites to push fabricated narratives is a powerful one, and we suspect that we will see more of it, possibly before the upcoming elections,” he said.
More cybersecurity news:

Chat room


Here's a fact check on Trump's latest mail voting attack from Business Insider's Grace Panetta:
CNN's Marshall Cohen:

Daybook


  • The Senate Commerce Subcommittee on Security will hold a hearing to examine the China challenge and how to build resiliency and competitiveness today at 10 a.m.
  • The Senate Armed Services Committee will hold a hearing on the findings and recommendations of the Cyberspace Solarium Commission on August 4 at 2:30 p.m.

Secure log off


Members of Congress have tech gaffes too:

Jul 23, 2020

Analysis | The Cybersecurity 202: Nearly one-fourth of Americans live in states making it harder to vote by mail


Joseph Marks


with Tonya Riley

Nearly one in four U.S. voters live in states that will make it difficult or impossible for them to vote by mail in November, despite the health dangers posed by in-person voting during the coronavirus pandemic.
A total of nine states comprising 54 million voters are maintaining tight restrictions on mail voting even as other states run by Republicans and Democrats alike have rushed to expand the practice. 
Those states will allow a handful of people to vote by mail if they’re ill, elderly or serving in the military out of state. But they won’t accept fear of the coronavirus as an adequate excuse to vote by mail, as Kate Rabinowitz and Brittany Renee Mayes report. They’ve held fast even as coronavirus infections have surged to more than 3 million Americans and deaths again begin to climb.
The broad lack of access to mail ballots is a prime example of how some states may make it exceptionally difficult for a slew of Americans to vote safely and securely during the pandemic. The gap is a rallying cry for Democrats who fear state rules — along with President Trump’s relentless attacks on mail voting — could force people to risk their health by voting in person or forego voting altogether.
It’s a stark example of how Americans’ ability to vote safely and securely during the pandemic can vary widely from state to state. It has also become a rallying cry for Democrats who fear those stringent rules — along with President Trump’s relentless attacks on mail voting — could force people to risk their health by voting in person or forego voting altogether.
They’re making a last-ditch effort to include up to $3.6 billion in election funding in the next coronavirus stimulus bill along with mandates that states ensure all their residents have the opportunity to vote by mail in November.
I would rather be putting ballots in a mailbox than people in the hospital,” Sen. Amy Klobuchar (D-Minn.), said during a Senate Rules Committee hearing on the topic. “That’s a choice we have for so many voters and that’s why you see overwhelming support for getting funding, and something I believe we can get done on a bipartisan basis.”

Most of the states still restricting mail voting lean Republican – but not all of them. 

Seven of the nine states traditionally vote Republican in presidential elections, but the list also includes left-leaning New York and Connecticut. Texas, a perennial red state that Democrats hope might flip blue this election, is also on the list.
The list also includes several states that allowed broad mail voting during primaries they held during the pandemic, including New York, Kentucky and West Virginia. The other states are Indiana, South Carolina, Louisiana and Mississippi.
There’s no uniform reasoning behind the states’ hesitancy to expand mail voting, though reasons likely include budget shortfalls, officials who are unfamiliar and uncomfortable with the process, and concerns about verifying the identity of people who vote by mail.

It’s probably also driven in some states by Trump's repeated broadsides against mail voting.

The president has claimed without evidence that the practice will lead to widespread fraud. He even has speculated he may not accept the election results because they’ll be “rigged” by mail voting, causing concern among Democrats and legal experts, as Elise Viebeck and Robert Costa report.
Trump has repeated those claims even as many Republican election officials have embraced mail voting as the most secure option during coronavirus. The baseless claims seem to have had an effect in primaries where Republicans have voted by mail at lower levels than Democrats in many states.
The consequences are potentially severe. In states where deadlines made voting by mail difficult during the primaries, there were frequently long lines at a reduced number of polling places. In Wisconsin, which held its primary during the early days of the virus with little preparation, lines stretched for blocks in Milwaukee and Green Bay. More than 70 people who went to polls that day later tested positive for the coronavirus.

Democrats’ argument is simple: Forcing people to vote in person during the pandemic is dangerous and tantamount to voter suppression. 

That danger outweighs Republicans’ concerns it’s inappropriate for the federal government to tell states how to run elections, they say.
“While we are happy with a lot of the work that's been going on in the states...there are still a lot of problems out there,” Klobuchar said. She’s a sponsor of the main Democratic measure to increase federal election funding, which would also mandate that states allow all voters to cast mail ballots and offer 15 days of early voting.
Klobuchar and other Democrats went toe-to-toe during a hearing yesterday with Tennessee Secretary of State Tre Hargett (R), whose state has traditionally opposed mail voting. Tennessee is currently required to let all its registered voters cast ballots by mail in November because of a state court ruling by a judge in Nashville. But state leaders are appealing that ruling at the state Supreme Court and may succeed in reversing it before November.
You’re saying someone can’t say I don’t want to stand in line for two hours with several hundred other people and [risk] my health? That’s not good enough in your state?...That’s pitiful,” Sen. Angus King (I-Maine) said.
Hargett said Tennessee’s legislature had considered expanding mail voting during the pandemic and decided firmly against it. “The policymakers of our great state of Tennessee have made that decision,” he said.
Sen. Patrick Leahy (D-Vt.) went a step further, accusing officials who aren’t allowing expanded mail voting of actively trying to suppress turnout.
“Doing everything you can to make people who may be vulnerable to covid appear in person doesn’t make it sound like you want people to show up and vote,” he said.

The keys



Hackers who compromised high-profile Twitter accounts spied on 36 users' private messages. 

That's in addition to taking over the accounts of 130 users to support a bitcoin scheme, including the accounts of Joe Biden, Barack Obama and Elon Musk, and stealing the direct messages of eight users. The users whose DMs were compromised included one elected official in the Netherlands, the company said in an update yesterday.
While hackers have compromised individual accounts in the past, including chief executive Jack Dorsey's, the recent hack represents one of the company's largest security breaches.  
The company pinned the attack on hackers who conned employees into giving up credentials that provided access to Twitter's internal systems. The FBI is investigating the attack, which it believes was financially motivated.

Biden's campaign is accusing Senate Republicans of amplifying foreign disinformation.

The accusations target a probe led by Senate Homeland Security Chairman Ron Johnson (R-Wis.) and Judiciary Chairman Charles E. Grassley (R-Iowa). The probe focuses on Biden’s son Hunter’s former role on the board of the Ukrainian energy company Burisma and whether it unduly influenced Obama administration policy. There is no evidence that is the case.
That investigation was also reportedly behind a claim by Democratic congressional leaders that Congress is being used as a tool to “launder and amplify” foreign disinformation about the election.
“Sen. Johnson should be working overtime to save American lives and jobs — but instead he's wasting taxpayer dollars on a blatantly dishonest attempt to help Donald Trump get reelected,” Biden deputy campaign manager Kate Bedingfield wrote in a memo obtained by NBC News.
The Biden campaign also slammed Johnson and the White House for refusing to address reports that pro-Russian foreigners have fed them materials for the Biden probe.

France may fully restrict Huawei from its 5G network by 2028.  

French authorities have told telecom operators that don’t have Huawei gear to steer clear of it and told those with such gear they’ll renew licenses for it only for three to eight years, Mathieu Rosemain and Gwénaëlle Barzic at Reuters report. That will result in the Chinese telecom being effectively banned from France when those licenses expire.
The de facto ban is another blow against Huawei in Europe. The United Kingdom banned Huawei from its 5G network build-out earlier this month. The United States has aggressively lobbied European allies to ban Huawei, which it says could be exploited for spying by Beijing. Huawei denies the allegations.
Chinese officials have threatened to retaliate against European telecom equipment companies if other countries in the region follow suit.

Chat room


ProPublica's Jessica Huseman went deep on problems plaguing the agency tasked with helping states maintain the integrity of U.S. elections.
Legal scholar Rick Hasen provided some more historical context:

Cyber-insecurity



The personal information of hundreds of thousands of Instacart customers is for sale on the dark web.

The data includes names, credit card information, addresses and transaction information from as recently as Tuesday, Jane Lytvynenko at BuzzFeed News reports. Two different sellers appeared to be offering information from 278,531 accounts, though it's unclear if some are repeat or fake accounts.
Instacart operates a grocery delivery service that has surged in popularity during the pandemic. The company denied it was breached.
But cybersecurity expert Nick Espinosa told BuzzFeed the data looked legitimate. Two customers whose data was for sale confirmed to BuzzFeed that the dark web information matched their recent purchases and credit card information.
More hacking news:

Industry report



Apple is enlisting cybersecurity researchers to help find bugs in its phones. 

The company will give the researchers modified iPhones that make it easier for them to probe the phones for flaws, Joseph Menn at Reuters reports. Apple first promised the initiative last year after years of complaints from security researchers that the company made it difficult for them to find and report security issues.
Apple sued cybersecurity start-up Corellium last year for copyright infringement for offering a virtual interface of the iPhone to help researchers look for bugs, further chilling its relationship with the research community. Researchers speculate that iPhones may appear to be more secure than Android devices only because it's tougher for researchers to examine them for flaws.
Apple executives haven’t said how many researchers will receive the initial batch of phones. The company will also make senior engineers available to researchers who find issues, another step toward greater transparency.

Daybook


  • The Senate Commerce Committee will hold a hearing on The PACT Act and Section 230 on Tuesday at 10 a.m.

Secure log off


The Post bringing you today's news…now to your microwave:

Latest Post Published