Russia’s digital campaign to influence the 2016 presidential race in favor of President Trump put election security in the national spotlight, resulted in congressional investigations and prompted lawmakers on Capitol Hill to set aside federal funding for states to strengthen their election systems. By contrast, Russia's apparent attempts to use similar tactics of spreading propaganda and disinformation on social media platforms to corrode the legitimacy of the U.S. judicial system have drawn much less scrutiny from policymakers.
The band of experts, doing research for the Center for Strategic and International Studies, is tracking how Russian operatives tend to exploit sensitive issues such as immigration and race in posts designed to drum up backlash to the justice system.
Suzanne Spaulding, a former undersecretary at the Department of Homeland Security in the Obama administration who oversaw cybersecurity and critical infrastructure protection, and Harvey Rishikof, a visiting professor of law at Temple University Beasley School of Law, are also part of the think tank’s “Defending Democratic Institutions” project. Spaulding, now a senior adviser to CSIS, says she plans to brief lawmakers on the research this month.
The threat to the justice system, Spaulding warns, could spread beyond influence campaigns and into actual hacking. She worries Russian operatives could launch ransomware or distributed denial-of-service attacks against courts’ computer systems, leak or alter court documents and steal judges’ email communications.
“The notion of a nation-state targeting them for the purpose of really making them look bad I think is not something that has been on their radar screen,” Spaulding said of her conversations with judges before adding that “they immediately understand” once they get briefed that such potential cyberattacks could damage public confidence in the courts.
For the research, Spaulding is gathering open-source material on Russia’s influence campaigns. She has in part relied on Hamilton 68, an online tool from the Alliance for Securing Democracy at the German Marshall Fund of the United States, which monitors Twitter accounts that spread Russian propaganda.
In an article published on Lawfare in September, Spaulding and Rishikof gave an example of the kind of fake posts they're seeing. They wrote that in the summer of 2016, Russian operatives sought to inflame tensions in the case of a sexual assault investigation in Twin Falls, Idaho. Using a deceitful Facebook account, Russians helped further spread “rumors that a young girl had been raped at knifepoint by Syrian refugees” and “accused government officials, including the prosecutor and judge in the case, of conspiring to protect the immigrant community by covering-up the true nature of the crime,” Spaulding and Rishikof wrote. Russian operatives used Facebook to organize a protest in Twin Falls titled “Citizens before refugees,” the Daily Beast reported.
The Twin Falls case illustrated Russia’s attempts at “sowing discord and painting the justice system as an agent of politicians,” Spaulding and Rishikof wrote.
In their quest to push disinformation, Russian trolls don’t advocate for one position over another but instead promote opposite arguments on the same subject, according to Rishikof. “They take both sides because the goal is to whip up controversy and discredit institutions,” he said.
Spaulding said she has found signs that Russian trolls have also targeted special counsel Robert S. Mueller III’s investigation into Russia’s election interference and the trial of Jose Ines Garcia Zarate, an undocumented Mexican immigrant, in the death of Kate Steinle in San Francisco.
Some of the disinformation efforts aren’t so subtle. In their essay published on Lawfare, Spaulding and Rishikof said Russian media outlets RT and Sputnik also “routinely produce content that alleges corruption, partisanship, and fundamental unfairness of the justice system.”
As Spaulding told me: “We have issues that we need to continue to address in this country, but that does not mean that we sit back and let an adversary exploit those issues for the purpose of weakening us. Russia’s goal is not to make us better.”
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: The hack against the National Republican Congressional Committee during the 2018 election cycle shows that the “threat” from cyberattacks and information operations by U.S. adversaries are “not a Republican or Democratic problem,” Sen. Mark R. Warner (D-Va.), the Senate Intelligence Committee’s vice chairman, said in a tweet. “Politicians who’ve insisted on viewing this threat through a narrow partisan lens over the past two years have put us at a massive disadvantage,” Warner said. “It's time to wake up.”
Rep. Bennie Thompson (Miss.), the House Homeland Security Committee's ranking Democrat, faulted Republicans. “In their age-old routine of choosing party over country, Republicans swept the issue aside,” Thompson said in a statement. “Now news of this hack – which was not released for months – makes it clear Republicans ignored election security at their own peril.”
Citing a person familiar with the case, The Washington Post's Ellen Nakashima and Shane Harris wrote that “the intruder was ‘sophisticated, based on their tactics and methods,’ and the intrusion ‘was clearly designed to hide the tracks of who it was,’ this person said,” but it is not known whether a foreign government carried out the cyberattack.
PATCHED: “The head of Canada’s spy agency said state-sponsored economic espionage and cyber threats now pose a potentially greater challenge to the country than terrorism, warning that foreign actors are already targeting the domestic technology and telecommunications sectors,” the Wall Street Journal's Paul Vieira reported. “David Vigneault, director of the Canadian Security Intelligence Service, or CSIS, said foreign interference and espionage are ‘the greatest threat’ to the country’s prosperity and national interest. He also warned of the possibility of foreign interference in the country’s national election next fall.”
Vigneault did not name any countries that are engaging in espionage in Canada, but as Vieira wrote, he “said sectors where CSIS has observed increased activity by state-sponsored actors include artificial intelligence, quantum technology, 5G mobile networks and biopharmaceuticals.” Additionally, Reuters reported that “Vigneault said the scale, speed, range and impact of foreign interference had grown as a result of the internet, social media platforms and the availability of cheaper and more accessible cyber tools.”
PWNED: An encryption bill in Australia is getting closer to passage in the country's Parliament. “Australia is set to give its police and intelligence agencies the power to access encrypted messages on platforms such as WhatsApp, becoming the latest country to face down privacy concerns in the name of public safety,” Bloomberg News's Jason Scott reported. “Amid protests from companies such as Facebook Inc. and Google, the government and main opposition struck a deal on Tuesday that should see the legislation passed by parliament this week. Under the proposed powers, technology companies could be forced to help decrypt communications on popular messaging apps, or even build new functionality to help police access data.”
The Guardian's Paul Karp wrote that “the government has agreed to limit the powers to investigation of ‘serious offences’ and add new safeguards to agencies’ ability to demand tech companies build backdoors into their products.” Moreover, Karp reported that the legislation “will contain a definition of ‘systemic weakness’ – which companies cannot be asked to create – and stipulates that disputes about what constitutes such an impermissible back door will be determined by a former judge and a person with technical expertise.”
— “The Transportation Security Administration unveiled a cybersecurity roadmap that it says will not only line it up with current administration cybersecurity efforts, but also expand its collaboration with private commercial critical infrastructure partners,” FCW's Mark Rockwell reported.
— “The Homeland Security Department is kicking off a new research initiative exploring ways blockchain can help prevent fraud, counterfeiting and forgery,” Nextgov's Jack Corrigan wrote. “The agency’s Science and Technology Directorate on Tuesday announced the Preventing Forgery and Counterfeiting of Certificates and Licenses program, which aims to strengthen the digital documentation process using blockchain and other distributed ledger technologies. The initiative is housed under the Silicon Valley Innovation Program, the department’s in-house startup accelerator.”
— More cybersecurity news from the public sector:
— “A senior Apple Inc security expert left for a much lower-paying job at the American Civil Liberties Union this week, the latest sign of increasing activity on policy issues by Silicon Valley privacy specialists and other engineers,” Reuters's Joseph Menn reported. “Jon Callas, who led a team of hackers breaking into pre-release Apple products to test their security, started Monday in a two-year role as technology fellow at the ACLU. Prior to his latest stint at Apple, Callas designed an encryption system to protect data on Macs and co-founded communications companies Silent Circle, Blackphone and PGP Corp.”
— More cybersecurity news from the private sector:
— "In the wake of a colossal data breach that compromised sensitive personal information, including some passport numbers, of hundreds of millions of guests, Marriott International has agreed to pay for passport replacements if the company finds that customers have been victims of fraud,” The Washington Post's Taylor Telford reported.
— More news about security incidents:
— “Ukrainian authorities say they’ve thwarted a huge cyberattack and are blaming Russia for the alleged digital assault as tensions between the two countries have flared,” the Associated Press reported. “The Security Service of Ukraine said in a statement that hackers used malicious accounting documents to target the information technology systems of the country’s judiciary.”
— More cybersecurity news from abroad:
- House Judiciary Committee hearing on “oversight of the Department of Homeland Security” tomorrow.
- Microsoft President Brad Smith participates in a discussion on facial recognition at the Brookings Institution tomorrow.
- 2018 Cloud Security Alliance Congress on Dec. 11 through Dec. 12. in ChampionsGate, Fla.
How President Trump twists government data to suit the political moment:
What you need to know about the possible government shutdown:
Sen. Grassley's Twitter advice for President Trump: