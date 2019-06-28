THE KEY

Democratic presidential hopefuls promised to punish Russia for its 2016 hacking and disinformation campaign during the second night of their first debate Thursday.

But their real target was President Trump, who has wavered on whether Russia was responsible for that hacking campaign -- which U.S. intelligence agencies say was aimed at helping his electoral chances and hurting Hillary Clinton. They worry that Trump has been unusually friendly with Russian President Vladimir Putin.

Sen. Kamala Harris (Calif.), who’s among the top five candidates in national polls, called Trump the greatest threat to U.S. national security because “he takes the word of the Russian president over the word of the American intelligence community when it comes to a threat to our democracy and our elections.”

Businessman Andrew Yang called Russia the United States’ “greatest geopolitical threat” because of its efforts to undermine the 2016 election – and he suggested President Trump wasn’t doing anything to hold Russia accountable.

“They’ve been laughing their a**es off about it for the last couple of years and we should focus on that before we start worrying about other threats,” he said.

And Rep. Eric Swalwell (Calif.) got off one of the better zingers of the night when he declared his first foreign policy action as president would be “breaking up with Russia and making up with NATO.”

Sen. Michael Bennet (Colo.) also listed Russia as the greatest U.S. national security threat “because of what they’ve done with our election.”

Trump, for his part, gave the candidates plenty of fodder, seeming to make light of Russian election interference during a meeting with Putin at the G-20 summit just a few hours after the debate.

Reporters asked Trump whether he would warn Putin not to interfere in future U.S. elections, to which Trump replied, “Yes, of course I will.” But, “as reporters were being ushered out and still shouting more questions, Trump told Putin with a grin, ‘Don’t meddle in the election,’” my colleagues David Nakamura, Seung Min Kim and Damian Paletta report.

The Russia talk comprised only a few moments of a two-hour debate that largely ignored hacking threats to U.S. elections, government agencies and other infrastructure. That’s a remarkable omission after the 2016 contest was roiled by Russian hackers probing state election systems, hacking into voter rolls and strategically leaking reams of damaging information from the Democratic National Committee and the Clinton campaign.

The candidates did not mention Special Counsel Robert S. Mueller III’s investigation into the Russian influence campaign, which also included running Internet troll armies to increase voter discontent. Nor did they mention Russian efforts to interfere in the 2020 election, which intelligence officials have said is highly likely.

The candidates also omitted an intensive effort to protect those elections against hacking – including a major election security bill that passed the House on Thursday and numerous election security bills in the Senate being blocked by Majority Leader Mitch McConnell (Ky.).

That’s despite the fact Harris, Bennet and Sens. Bernie Sanders (I-Vt.) and Kirsten Gillibrand (N.Y.) are co-sponsors of one of a major Democratic election security bill, which is led by Sen. Amy Klobuchar (Minn.) who was on Wednesday’s debate stage.

The candidates did talk about the U.S. technological battle with China, with South Bend, Ind., Mayor Pete Buttigieg charging that China is “using technology for the perfection of dictatorship” and “investing so they can soon be able to run circles around us in artificial intelligence."

But they almost entirely glossed over China’s digital theft of U.S. companies’ trade secrets and intellectual property, which has been a major point of contention in U.S.-China trade negotiations.

That raised the hackles of another presidential candidate Rep. Seth Moulton (Mass.).

Moulton has advocated surging investments in U.S. cybersecurity but didn’t qualify for this week’s debate..

And despite their tough words on Russia, many of the candidates weren’t forthcoming about how they’re securing their own campaigns against when I surveyed them earlier this month.

Sanders and Swalwell declined to answer any questions about their security practices while former Colorado Gov. John Hickenlooper and Yang did not respond to multiple emails about the survey. Yang, however, gave detailed answers in a Wall Street Journal survey.

Gillibrand said her campaign “is taking cybersecurity and other related threats seriously” but declined to discuss specifics.

Buttigieg was the only candidate in last night's face-off who said he’d implemented all of the cybersecurity protections I asked about – and which were recommended in a DNC checklist.

That list included hiring a full-time chief cybersecurity official, using passcodes for mobile devices, using complex passwords to access digital accounts plus another “factor” such as a fingerprint or SMS code, and using encrypted messaging apps like Signal rather than conventional texting.

Bennet and author Marianne Williamson told me they were implementing all those protections except having a full-time chief cybersecurity officer, saying those responsibilities were shared among several people.

Former Vice President Joe Biden said his campaign is “executing a comprehensive approach to defending, protecting and securing our digital ecosystem” including using “multi-factor authentication on all devices…training staff on cybersecurity best practices and [implementing] tools to ensure the campaign infrastructure remains secure.” The campaign declined to answer other questions.

Harris also said her campaign is mandating multi-factor authentication and encrypted messaging apps and that her staff “is being trained on threats and ways to avoid being a target,” but declined to answer other questions.

WhatsApp application is displayed in the App Store. (Photographer: Andrew Harrer/Bloomberg)

PINGED: The Trump administration is weighing asking Congress to “effectively outlaw” warrant-proof encryption systems that shield communications from everyone except the sender and the recipient, Politico’s Eric Geller reports. High-ranking officials from several agencies discussed the issue during a National Security Council meeting Wednesday, Eric reported. They didn’t decide to take any action, but they could set off a firestorm if they do.

End-to-end encryption has divided law enforcement officials, who say it allows terrorists and criminals to plan operations in total secrecy, from cyber pros and privacy advocates who say there’s no way to weaken encryption without making everyone’s communications more vulnerable to hacking. The issue came to a head when the FBI tried to force Apple to unlock the phone of San Bernardino shooter Syed Farook in 2015, but the FBI ultimately backed down. Lawmakers have shown little appetite for legislation weakening encryption, even producing a bipartisan report warning against it in 2016.

Speaker of the House Nancy Pelosi, D-Calif., holds an event before a House vote on the SAFE Act (AP Photo/J. Scott Applewhite)

PATCHED: It was a big day for cyber action on the Hill Thursday. The House passed the Securing America’s Federal Elections (SAFE) Act, which would require states to use paper ballots to try to prevent election interference. The bill would also authorize $600 million in funding to states beefing up their election security for the 2020 contest.

The bill has little chance of becoming law, though, because Mitch McConnell is blocking all election security-related legislation.

McConnell told New York Times reporter Nicholas Fandos the House bill was a “non-starter" in the Senate.

McConnell, in a brief conversation after his press conference, told me the election security bill the House will pass this afternoon is "a non-starter" in the Senate.



Democrats have been targeting McConnell, trying to shame him into taking up election security leg — Nicholas Fandos (@npfandos) June 27, 2019

Here's more from Reuters's Richard Cowan.

Over in the Senate, lawmakers passed a major defense bill chock full of cybersecurity provisions, including:

Mandating an assessment of Russian digital threats to the 2020 election

Requiring an intelligence community plan to decrease the backlog in new employees receiving security clearances.

Creating an intelligence community task force focused on preventing malicious technology from being snuck into government equipment.

Denying federal money to transit agencies that buy buses or rail cars from Chinese manufacturers because of digital spying concerns

Authorizing a study that would look at ways to run vital energy grid components with technology that’s completely divorced from the Internet and far tougher to hack

A Yandex-branded.Taxi car drive on a street in Moscow on July 13, 2017. (.AFP PHOTO / Vasily MAXIMOVVASILY MAXIMOV/AFP/Getty Images)

PWNED: Hackers working for Western intelligence agencies broke into Russian Internet search company Yandex to install spyware on user accounts in late 2018, Reuters’ Christopher Bing, Jack Stubbs, and Joseph Menn report. The late 2018 hack was an attempt to gain access to information that could help impersonate Yandex users to spy on their messages, their sources say.

The malicious software the hackers deployed is linked to an intelligence-sharing alliance between the United States, Britain, Canada, Australia, and New Zealand, but it’s not clear which of those nations was responsible for the hack, Reuters reported.

“The hack of Yandex’s research and development unit was intended for espionage purposes rather than to disrupt or steal intellectual property,” sources told Reuters. Russian cybersecurity company Kasperksky helped identify the attacker for Yandex.

None of the nations’ intelligence agencies would comment on whether they were involved. Yandex told Reuters that no data was compromised by the attack.

Senate's Russia reports to start publishing in July The committee has reviewed more than 300,000 pages of documents and conducted interviews with more than 200 witnesses. Politico

National Baltimore approves $10M in funding for cyber attack relief Baltimore City officials approved using $10 million in excess revenue to cover the ongoing cost of the cyber attacks that immobilized some of the city’s systems almost two months ago Associated Press

FDA Says Medtronic Insulin Pumps Pose Cybersecurity Risk The Food and Drug Administration warned that certain insulin pumps made by Medtronic have cybersecurity vulnerabilities and could be manipulated by hackers, causing danger to diabetes patients. Wall Street Journal

Facebook Did Not Address Hacking Attack on Popular Grief Support Page for Weeks, Moderators Say Page administrators of Grief the Unspoken say a hacker repeatedly posted disturbing images on the page, which has 500,000 followers. New York Times

Google Cloud absorbs Alphabet cybersecurity firm Chronicle Alphabet Inc announced on Thursday that its year-old cybersecurity company, Chro... Reuters

A zombie game with 50,000 Play Store downloads is pulling sensitive data from Gmail Researchers from the mobile security company Wandera have identified the app, called “Scary Granny ZOMBY Mod: The Horror Game 2019,” as a malicious program. CyberScoop

How a Big U.S. Chip Maker Gave China the ‘Keys to the Kingdom’ Advanced Micro Devices revived its fortunes when it decided to help Chinese partners develop computer-chip technology. The deal sparked a prolonged battle with Washington over national security. Wall Street Journal

Spotify needs to crack down on labels snatching user data Spotify has been caught allowing record labels to grab tons of unnecessary user data and permissions to even control their accounts. TechCrunch

Russia denies role in Israeli GPS jamming Aircraft have been forced to use alternative navigation systems to land at Tel Aviv's Ben Gurion airport. BBC News

Brazil leads in ransomware attacks The country ranks second after the United States on a list of the world's five most targeted markets ZDNet

Dutch Agency Warns of Cyber Spying Ahead of 5g Report The Dutch intelligence agency (AIVD) on Thursday warned of the escalating threat of state-backed cyber espionage, saying the Netherlands was particularly vulnerable as a hub for international business, telecoms and human rights groups. The New York Times

