The Department of Homeland Security hasn’t seen signs that China seeks to interfere in the midterm elections by targeting election infrastructure, Homeland Security Secretary Kirstjen Nielsen said Tuesday — a statement that appears to be at odds with remarks President Trump made about Beijing last week.
“We currently have no indication that a foreign adversary intends to disrupt our election infrastructure,” Nielsen told me at a cybersecurity summit hosted by The Washington Post.
Nielsen did not endorse Trump’s alarming claim at the United Nations that China “has been attempting to interfere in our upcoming 2018 election.” Without offering evidence, Trump said China does not “want me or us to win because I am the first president to ever challenge China on trade" -- an especially striking comment considering the president has repeatedly equivocated on his support for the intelligence community's assessment that Russia interfered in the 2016 election to help him win.
Nielsen drew a distinction between interference in election infrastructure – which would include voting machines and registration databases – and other Chinese influence operations that could influence public opinion. She said that China is more focused on a “holistic” influence effort that may not be directly aimed at disrupting the elections.
“It’s part of a more holistic approach to influence the American public in favor of China,” she said.
Still, Nielsen did not foreclose the possibility that China could change their tactics and move to target election infrastructure in the future. “We know they have the capability and we know they have the will. So, we’re constantly on alert.”
With less than five weeks to go before the midterm elections, Nielsen says the country is far better prepared to defend against threats to U.S. election systems than it was two years ago. The department is sharing more threat information with state and local election officials than ever. It has rolled out a network of cyber-intrusion sensors covering areas where 90 percent of voters will cast ballots. DHS teams have spent months out in the field scanning state networks for vulnerabilities.
“We have made tremendous strides,” Nielsen told me Tuesday. “We’re truly throwing anything and everything that we have at it.”
But the department still faces obstacles as the midterms loom and intelligence officials warn of continuing efforts by Russia to disrupt U.S. politics. Nielsen lamented that Congress still hasn't passed a bill that would allow DHS to take the lead in the government’s civilian cybersecurity efforts. And although the department hasn’t detected interference efforts on the scale seen in 2016, the threat is always there.
“We would all be foolish if, say today, that we don’t see any indication to pretend or assume that we won’t see one tomorrow,” she said.
Here are a few other highlights from my conversation with Nielsen:
1. Email-based attacks are on the rise. In recent months, tech companies have reported that Russian operatives and potentially other foreign adversaries have targeted political campaigns, think tanks and even congressional offices with spearphishing attacks. These are the email-based attacks in which attackers pose as a trusted source in an email to gain access to private information. Nielsen said the department, too, has observed “more and more sophisticated spearphishing attacks,” though she wouldn’t offer details about who the victims were. “Not election officials, just general campaign officials, some of the campaigns,” she told me. The attackers, she said, “use traditional stagecraft to find out everything about you — what your dog’s name is, what you like, what your parents are, who your parents are — so that when they send that spearphishing email, it does in fact look like it’s from somebody that you know, about something you recently talked about, so that you’re more likely to click on it.”
Russian hackers used spearphishing techniques in 2016 to infiltrate Democratic organizations and the Hillary Clinton campaign, tricking an assistant to campaign manager John Podesta into opening a malicious email disguised as a security notice from Google. They also sent 100 spearphishing emails to election administrators in Florida. Nielsen said DHS hasn’t “seen any major compromises yet. But again, it’s that preparatory work that should raise everybody’s shields and make you more prepared to look for the next shoe to drop.”
2. States need more election security money. Nielsen said states need “consistent funding” to upgrade their election infrastructure, echoing a chorus of state and local election officials who say the $380 million Congress sent them earlier this year wasn’t nearly enough to make the necessary improvements. Lawmakers on Capitol Hill have voted against multiple bills that would have given states another infusion. But Nielsen encouraged state officials to keep the pressure on. “States need to be budgeting it, they need to be thinking through. And if they need federal assistance, they need to be making clear what the specific ask is,” she said. “If the states need more money, they should absolutely go to Congress and ask for money.”
3. DHS will move faster to alert state officials about intrusions in their networks. It took DHS nearly a year to inform state officials that Russian hackers had scanned — and in a couple cases infiltrated — their systems in the run-up to the 2016 election. I asked Nielsen whether they’ll have to wait that long if it happens again. “Absolutely not,” she said. Communication between DHS, state officials and the intelligence community has improved vastly in the past two years, she said. Incident response teams will be “pre-deployed” to support states, and the department will run a “situational awareness room” out of its Washington offices on Election Day. “The sharing is quicker, faster and more tailored,” she said. “We have everybody on speed dial.”
CORRECTION: This story has been updated to more clearly reflect Nielsen's comments about Chinese interference. Nielsen drew a distinction between interference in election infrastructure and broader influence operations.
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: An anonymous group calling itself Intrusion Truth has been tracking and exposing Chinese hacking campaigns in minute detail, but who actually is behind the effort remains unclear, the Wall Street Journal's Robert McMillan reported Tuesday. “Security researchers say they don’t know who is behind Intrusion Truth,” according to the Journal. “The group’s method of anonymously dumping information and targeting a foreign intelligence agency is something new, they say, and exposing alleged illegal activity could up the pressure on Chinese companies cooperating with state-sponsored hacking efforts.”
Intrusion Truth has gone to great lengths to investigate Chinese hackers and has published documents to support its findings. “Intrusion Truth named individual alleged culprits — unusual in the world of nation-state hacking research — posted photographs, dug up alleged hackers’ places of work and even revealed Uber receipts that appeared to link the individuals to particular addresses in China,” McMillan wrote. “That is the kind of expert sleuthing few people would have the language skills, tools and research abilities to pull off, said Thomas Rid, a professor at Johns Hopkins University. ‘It’s somebody who is professional,’ he said, ‘somebody who knows what they’re doing.’ ”
PATCHED: “Twitter has announced more changes to its rules to try to make it harder for people to use its platform to spread politically charged disinformation and thereby erode democratic processes,” TechCrunch's Natasha Lomas reported Tuesday. “In an update on its ‘elections integrity work’ yesterday, the company flagged several new changes to the Twitter Rules which it said are intended to provide ‘clearer guidance’ on behaviors it’s cracking down on.”
For instance, the company announced that it will adjust the way it handles hacked material on its platform. “Twitter notes that its rules already prohibit the distribution of hacked material which contains ‘private information or trade secrets, or could put people in harm’s way’ — but says it’s now expanding ‘the criteria for when we will take action on accounts which claim responsibility for a hack, which includes threats and public incentives to hack specific people and accounts,’” Lomas wrote. “So it seems, generally, to be broadening its policy to cover a wider support ecosystem around election hackers — or hacking more generally.”
Additionally, Twitter said it removed about 50 accounts in August that were “misrepresenting themselves as members of various state Republican parties.” However, as the Wall Street Journal's Dustin Volz reported, the company “didn’t identify which fraudulent accounts it had scrubbed from its network, or say who it believed had created them.”
PWNED: A project to use tech and data to modernize a portion of Toronto is raising privacy concerns. “A unit of Google’s parent company Alphabet is proposing to turn a rundown part of Toronto’s waterfront into what may be the most wired community in history — to ‘fundamentally refine what urban life can be,’” the Associated Press's Rob Gillies reported Tuesday. “Sidewalk Labs has partnered with a government agency known as Waterfront Toronto with plans to erect mid-rise apartments, offices, shops and a school on a 12-acre (4.9-hectare) site — a first step toward what it hopes will eventually be a 800-acre (325-hectare) development.” Nevertheless, the project remains at an “embryonic stage,” according to the AP.
But some in Toronto wonder how the data resulting from the urban development would be handled. “Bianca Wylie, an advocate of open government, said it remains deeply troubling that Sidewalk Labs still hasn’t said who will own data produced by the project or how it will be monetized,” Gillies wrote. “Google is here to make money, she said, and Canadians should benefit from any data or products developed from it.” Dan Doctoroff, chief executive of Sidewalk Labs, said the project aims to “improve the quality of life of people” by putting data to work, the AP reported. “Doctoroff said the company isn’t looking to monetize people’s personal information in the way that Google does now with search information,” Gillies wrote. “He said the plan is to invent so-far-undefined products and services that Sidewalk Labs can market elsewhere.”
— “Former secretary of state Hillary Clinton drew a comparison Tuesday between the Sept. 11, 2001, terrorist attacks and Russian efforts to influence the 2016 election, saying that in both cases, a foreign power had attacked the United States, but that in the latter, the president had ‘done nothing,’” The Post's Felicia Sonmez reported. “Clinton, the 2016 Democratic presidential nominee, also said she thinks Russian interference and other factors ‘certainly altered the outcome’ in several parts of the country during the last campaign.”
— The Department of Homeland Security, the Treasury Department and the FBI have identified malware that North Korean government hackers use to steal money as part of an ATM cash-out scheme, according to a notice issued Tuesday by DHS. There is no indication so far that hackers have employed the scheme in the United States, but they have used it against banks in Africa and Asia since at least 2016. In one instance this year, North Korean hackers managed to allow cash withdrawals from ATMs in 23 countries simultaneously, according to the announcement. They enabled withdrawals from ATMs in more than 30 countries in another incident in 2017. Citing a “trusted partner’s estimation,” the notice said that North Korean government hackers have stolen tens of millions of dollars.
The U.S. government refers to North Korean government hacking campaigns as “HIDDEN COBRA” and calls this particular scheme “FASTCash.” “FASTCash schemes remotely compromise payment switch application servers within banks to facilitate fraudulent transactions,” according to the notice. “The U.S. Government assesses that HIDDEN COBRA actors will continue to use FASTCash tactics to target retail payment systems vulnerable to remote exploitation.”
— “A California appeals court rejected a defense contractor’s argument that his conviction on child pornography charges was unconstitutional because the government conducted an overly broad search under a warrant issued to obtain evidence of foreign spying,” The Post's Ellen Nakashima reported. “Keith Gartenlaub, who had been a senior computer systems manager at Boeing in Long Beach, Calif., was convicted in December 2015 of one count of possession of child porn. He was sentenced to 41 months in prison. On Monday he was moved to a halfway house. Gartenlaub came to federal agents’ attention as they investigated an alleged leak of information to Chinese agents about Boeing’s C-17 military transport plane.” Ellen reports that no hacking or spying charges were brought against the man.
— More cybersecurity news from the public sector:
— Apple chief executive Tim Cook said he sees “privacy as one of the most important issues of the 21st century.” In an interview with VICE News Tonight on HBO released Tuesday, Cook said “some level of government regulation is important” to address privacy concerns. He also said he “absolutely” considers that Apple users in China have a right to privacy. “Encryption for us is the same in every country in the world,” Cook told VICE News's Elle Reeve. “We don't design encryption for the U.S. and do it differently everywhere else. It's the same. And so to send a message in China, it's encrypted, I can't produce the content. I can't produce it in the United States either. If you lock your phone in China, I can't open it.”
— More cybersecurity news from the private sector:
- Georgia Tech Cybersecurity Summit in Atlanta tomorrow.
David Petraeus: “A message has to be sent to Russia” on election interference.
U.S. ambassador to NATO: U.S. might have to “take out” Russian missiles that violate treaty.
Notable women who have won a Nobel Prize: