At first glance, the techniques Russian military intelligence agents used to penetrate Democratic organizations during the 2016 elections may seem less potent now that they've been revealed.
But experts say they're as big a threat now as they were two years ago. Russian agents are likely to continue using the same simple techniques such as spearphishing — posing as a trusted source in an email to gain access to private information — that allowed them to infiltrate computer systems as part of the Kremlin's election interference campaign. And unfortunately, these kinds of tactics that rely on people’s gullibility mean that more politicians, campaign workers or other government officials will likely fall into the same kinds of traps.
That’s what worries state election officials. “It’s shockingly easy to compose a spearphishing email that is targeted, that is seemingly genuine, that is loaded with the kinds of personal details that would lure someone into clicking onto an attachment that they shouldn’t,” Minnesota Secretary of State Steve Simon, a Democrat, told me. “All it takes is one lax employee, or one overly trusting employee.”
Friday's indictment from special counsel Robert S. Mueller III spells out in striking new detail how Russian intelligence officers tricked campaign workers and other Democratic Party employees into revealing their log-in credentials by sending them malicious links from fraudulent email addresses that closely resembled real accounts. This allowed Russian agents to dupe their way into Democratic computer networks, install malware and sneak off with troves of sensitive documents. They turned the same tactics against state election administrators.
As the indictment made clear, even a single click can have devastating consequences. Exposing such tricks is no doubt valuable, but election officials understand it's hard to completely insulate yourself from a clever adversary. “There’s a danger any time you’re relying on individuals to recognize something as spearphishing, particularly as it has become more sophisticated,” said Colorado Secretary of State Wayne Williams, a Republican. “Oftentimes [attackers] have done their homework so it’s from a contact you know, it references things that are going on in your community, or in an individual’s life if you’re a public figure.”
President Trump did little to dissuade Moscow from trying the same things again in his summit yesterday with Russian President Vladimir Putin. In Monday's news conference in Helsinki, Trump refused to support the U.S. intelligence community's conclusions that Russia interfered in the presidential election and was targeting the November midterms, suggesting instead that he accepted Putin's denials. The president's extraordinary remarks raised concerns that Moscow would see a green light to continue its efforts.
The indictment “was a significant stick — a deterrent that they put out there. But then what Trump said today was a big carrot to do something like this again,” said Thomas Rid, a strategic studies professor at Johns Hopkins University who helped identify Guccifer 2.0, an online identity created as part of the Russian hacking operation.
“Why escalate when you can trick your victim with a very simple tool?” Rid told me. “As long as people make simple mistakes, even the most sophisticated adversary will use very simple methods.”
Though the technique is simple, the actors went great lengths to personalize the emails they used to target victims. In one instance, one of the hackers sent an email to Hillary Clinton’s campaign chairman John Podesta designed to look like a security notification from Google, according to Mueller’s indictment. Instructions in the email told the user to change his password by clicking on a link. An assistant to Podesta complied, allowing the hackers to access his login credentials.
Members of the Russian military agency known as the GRU used the same method to target hundreds of people affiliated with the Clinton campaign, the Democratic National Committee and the Democratic Congressional Campaign Committee, according to the indictment. They also posed as a voting equipment vendor and sent 100 spearphishing emails containing malware to election administrators in Florida counties.
Now, state officials say they’re doing what they can to safeguard against these types of threats. Protecting against spearphishing and other attacks “is at the very top of the list in terms of our own security measures,” Simon said. His office recently rolled out two-factor authentication — requiring both a password and second layer of security, such as a security code — for election workers in all 87 counties in the state. “But this whole challenge is constant,” he said. “There’s an understanding that this is still a threat.”
Colorado, too, has adopted two-factor authentication and has conducted training on how to spot malicious attacks. “It’s a race without a finish line. You have to continue to improve your defenses,” Williams said.
It's not a cutting-edge security plan, but the effort to improve basic cyberhygiene seems to be an improvement from where political parties were two years ago. In a widely circulated Twitter thread, cybersecurity expert and famed hacker Peiter Zatko, also known by his hacker name Mudge, described how Democrats in 2016 sought his advice on how to boost network security. He said he offered to help deploy two-factor authentication and other “basic hygiene” protocols at no cost, but was rebuffed. “It was turned down,” he wrote Friday. “But I tried.”
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: Standing beside Putin in Helsinki on Monday, Trump declined to endorse the U.S. intelligence community's assessment that Russia interfered in the past presidential election and ultimately sought to help him win. “Trump went on to condemn the expansive federal investigation of Russian interference as 'a disaster for our country' and 'a total witch hunt,' arguing that the probe, along with 'foolish' American policies, had severely impaired relations between the two countries,” The Washington Post's Philip Rucker, Anton Troianovski and Seung Min Kim reported.
When asked whether he believed U.S. intelligence agencies or Putin, Trump immediately went on a tangent about supposedly missing DNC computer servers before casting doubt on his top spy chiefs. “They said they think it's Russia,” Trump said. “I have President Putin — he just said it's not Russia. I will say this, I don't see any reason why it would be.” He also said he has “great confidence” in U.S. intelligence officials but added that Putin “was extremely strong and powerful in his denial today.” After the news conference, Trump reiterated in a tweet that he has “GREAT confidence in MY intelligence people.”
As I said today and many times before, “I have GREAT confidence in MY intelligence people.” However, I also recognize that in order to build a brighter future, we cannot exclusively focus on the past – as the world’s two largest nuclear powers, we must get along! #HELSINKI2018— Donald J. Trump (@realDonaldTrump) July 16, 2018
“At one point, Putin seemed to be mocking the United States — offering to help American investigators pursue their theories about Russian culpability, while imposing a condition that he knew the United States could never abide,” The Post's Greg Miller and Shane Harris wrote. “Putin said members of Mueller’s team could travel to Moscow and be permitted to witness Russian authorities question the defendants named in the latest U.S. indictment.” Trump called Putin's suggestion “an incredible offer."
The Post's Dan Balz wrote that Monday's events will warrant “a special entry” in the history of Trump's tenure in the White House. “In reality, he did more than turn his back on the evidence of Russian attacks on the U.S. electoral process,” Balz wrote. “He all but rejected it. In an attempt to say both sides have their views of what happened during the last presidential election, he proffered that his own view is that he can’t bring himself to accept that the Russians did it.”
PATCHED: Following Trump's remarks, Director of National Intelligence Daniel Coats defended U.S. intelligence agencies' conclusions on Russian efforts to sow discord in the American political process during the 2016 election. “The role of the Intelligence Community is to provide the best information and fact-based assessments possible for the President and policymakers,” Coats said in a statement. “We have been clear in our assessments of Russian meddling in the 2016 election and their ongoing, pervasive efforts to undermine our democracy, and we will continue to provide unvarnished and objective intelligence in support of our national security.”
While the president has disparaged intelligence officials who served in the Obama administration, he picked Coats for the job, my colleague Felicia Sonmez reminds us. “Trump has frequently dismissed critiques of his administration as the work of 'deep state' operatives within the intelligence and foreign policy bureaucracy,” Sonmez wrote. “Yet Coats, a former senator from Indiana, is Trump’s own nominee: He was tapped by the president last year to serve as director of national intelligence.”
Several former intelligence officials lambasted Trump for not saying he believed U.S. intelligence officials over the Russian president. Former CIA director John Brennan said on Twitter that Trump's comments were “nothing short of treasonous.” Former FBI director James B. Comey tweeted that Trump “stood on foreign soil next to a murderous lying thug and refused to back his own country.” Michael Morell, a former deputy director of the CIA, tweeted that Trump's “refusal today to stand with the men and women of the Intelligence Community with regard to Putin’s interference in the 2016 election was disgraceful.”
PWNED: On Capitol Hill, congressional Republicans voiced support for the intelligence community. “Pushback against Trump’s remarks by members of his own party began as a few outraged statements, mostly from retiring lawmakers,” The Post's Sonmez and Mike DeBonis report. “But by late afternoon, those speaking out in defense of the intelligence community included House Speaker Paul D. Ryan (R-Wis.) and Senate Majority Leader Mitch McConnell (R-Ky.).” McConnell told reporters that “the Russians are not our friends” and added that he supports the intelligence agencies' conclusions on Russian interference.
Sen. John McCain (R-Ariz.) stood out in his criticism of the president. McCain said in a statement that Trump's appearance before the news media in Helsinki alongside Putin “was one of the most disgraceful performances by an American president in memory.” McCain added that Trump “made a conscious choice to defend a tyrant against the fair questions of a free press, and to grant Putin an uncontested platform to spew propaganda and lies to the world.”
Democratic leaders in Congress, meanwhile, wondered aloud whether Russian authorities have compromising information on Trump in light of his comments in Finland, The Post's John Wagner reports. “'Trump’s weakness in front of Putin was embarrassing, and proves that the Russians have something on the president, personally, financially or politically,' House Minority Leader Nancy Pelosi (D-Calif.) said in a statement,” according to Wagner.
Senate Minority Leader Charles E. Schumer (D-N.Y.) also raised a similar point in remarks to reporters. “His behavior is so inexplicable and so against the interests of the United States, so against what all of his advisers would tell him, that Americans are scratching their heads and saying: 'If that's not the explanation, that Putin has something on it, what is it? What the heck could it be?'” Schumer said.
When a reporter asked Putin whether the Russian government holds “any compromising material” on Trump or his family at the Helsinki news conference, the Russian president rejected the issue as “nonsense.”
— “A Russian woman with ties to a senior Russian government official was charged in Washington on Monday with conspiracy to act as an agent of the Russian Federation, including by building ties to the leadership of the National Rifle Association and other conservative political organizations,” The Post's Helderman, Tom Jackman and Devlin Barrett reported. “Maria Butina, 29, who recently received a graduate degree from American University, was arrested Sunday in the District and made her first appearance in U.S. District Court before Magistrate Judge Deborah A. Robinson, where she was ordered held without bond.” FBI Special Agent Kevin Helson said in an affidavit released by the Justice Department that the investigation included searches of a laptop and iPhone belonging to Butina.
— More about the meeting between Trump and Putin and other cybersecurity news from the public sector:
— Here are more reactions from Republican lawmakers to Trump's comments in Helsinki:
From Sen. Jeff Flake (R-Ariz.):
I never thought I would see the day when our American President would stand on the stage with the Russian President and place blame on the United States for Russian aggression. This is shameful.— Jeff Flake (@JeffFlake) July 16, 2018
From Sen. Susan Collins (R-Maine):
The Russians were relentless in their efforts to meddle in the 2016 elections, and their efforts are ongoing. (1/3) pic.twitter.com/AMOVi2PrSe— Sen. Susan Collins (@SenatorCollins) July 16, 2018
From Sen. James Lankford (R-Okla.):
I trust the assessments of Dan Coats, Gina Haspel & their teams more than I trust a former KGB agent, Vladimir Putin. U.S. Presidents should meet w/ foreign leaders. But we must unequivocally denounce Russia’s election interference attempts & human rights abuses around the world.— Sen. James Lankford (@SenatorLankford) July 16, 2018
From Sen. Lindsey O. Graham (R-S.C.):
Finally, if it were me, I’d check the soccer ball for listening devices and never allow it in the White House.— Lindsey Graham (@LindseyGrahamSC) July 16, 2018
From Rep. Will Hurd (R-Tex.), a former CIA agent:
I've seen Russian intelligence manipulate many people over my professional career and I never would have thought that the US President would become one of the ones getting played by old KGB hands.— Rep. Will Hurd (@HurdOnTheHill) July 16, 2018
— And from Democratic lawmakers:
From Sen. Amy Klobuchar (D-Minn.)
The President was asked specifically if he believes his intelligence officers or Putin. He refused to side with the Americans who have dedicated their lives to serving our country. Instead he chose to side with the man who attacked our democracy.— Amy Klobuchar (@amyklobuchar) July 16, 2018
From Sen. Tammy Baldwin (D-Wis.):
Putin directed an attack on our American democracy & Russia interfered with our elections— Sen. Tammy Baldwin (@SenatorBaldwin) July 16, 2018
President Trump needs to stop treating Putin like a friend and start holding him accountable
Instead of standing with Putin, the President should stand up for America and our democracy
From Sen. Martin Heinrich (D-N.M.):
To my Republican colleagues, now is the time to choose country over party or forever be remembered as complicit.— Martin Heinrich (@MartinHeinrich) July 16, 2018
From Sen. Jeff Merkley (D-Ore.):
A year ago Trump wanted Russia to “help” with our cyber security. Now he wants our ace investigators to be guided by Russian intelligence officers.— Senator Jeff Merkley (@SenJeffMerkley) July 16, 2018
B.) Befuddled; or
C.) Manchurian? https://t.co/tIorcapJN6
From Sen. Michael F. Bennet (D-Colo.):
By taking Putin at his word—when it directly contradicts the U.S. intelligence community’s assessment & investigations of Russia’s interference in 2016 election—@POTUS not only failed to protect our democracy, but also emboldened Russia & adversaries at the expense of our allies.— Michael Bennet (@SenBennetCO) July 16, 2018
- House Judiciary Committee hearing on how Facebook, Google and Twitter filter content.
- DFRWS USA 2018 conference in Providence, R.I., through tomorrow.
- The opening of CyberGym NYC will include several discussions on cybersecurity in New York tomorrow.
- The American Enterprise Institute hosts Rep. Michael McCaul (R-Tex.), chairman of the House Homeland Security Committee, for a discussion about U.S. competition with China, Russia, North Korea and Iran tomorrow.
- House Intelligence Committee hearing on “China’s threat to American government and private sector research and innovation leadership” on July 19.
- The Heritage Foundation hosts a speech by Sen. Marco Rubio (R-Fla.) and a panel discussion on deepfakes on July 19.
- The Brookings Institution hosts Sophie in 't Veld, a member of the European Parliament from the Netherlands, for an event on human rights and data on July 19.
- The Cyber 202 Live event featuring several guests including Christopher C. Krebs, undersecretary of the Department of Homeland Security's National Protection and Programs Directorate, on July 20.
- Hackers on Planet Earth conference in New York on July 20 through July 22.
Divers tell of fears, elation in Thai cave rescue:
Celebrities share their epic sports fails ahead of MLB All-Star Softball Game:
The hosts of late-night shows give their takes on the meeting between Trump and Putin: