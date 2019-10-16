Democratic presidential candidate former Texas Rep. Beto O'Rourke, left, Sen. Amy Klobuchar (D-Minn.) and former Housing Secretary Julian Castro, right, participate in a Democratic presidential primary debate hosted by CNN/New York Times at Otterbein University, Tuesday, Oct. 15, 2019, in Westerville, Ohio. (AP Photo/John Minchillo)

THE KEY

Democratic presidential candidates came out swinging on cybersecurity and Russia’s interference in the 2016 election during last night's debate, dramatically switching course after three previous face-offs where they largely ignored the topics.

Candidates savaged President Trump for not punching back after 2016, warned that Russian President Vladimir Putin will try to interfere again in 2020 and even endorsed U.S. intelligence agencies releasing their own hacked information to punish and embarass the Russian strongman.

The big difference: Russia’s electoral interference is gaining new relevance as House Democrats pursue impeachment for Trump seemingly inviting Ukraine to find dirt on former vice president Joe Biden and his family -- another case of a foreign power interfering in a U.S. election.

Democrat after Democrat took a shot at Trump for going easy on Russia.

Biden lambasted him for siding with Putin over U.S. intelligence agencies while Sen. Cory Booker (D-N.J.) slammed the president for “showing moral weakness” by “not calling [Russia] out for their efforts to interfere in this democracy.”

Former Texas Rep. Beto O’Rourke went a step further, warning that Russia is “invading this democracy right now as we speak, still at the invitation of this president.”

Billionaire Tom Steyer, a newcomer to the debate stage, called Trump “a disaster…when it’s come to Russia attacking our democracy.” Steyer and O'Rourke were the two Democrats on stage who endorsed leaking damaging information about Putin and freezing his bank accounts.

Sen. Elizabeth Warren (D-Mass.), who is leading in many polls, didn’t have a zinger about Russia, though she came out strong for impeaching Trump early in the debate, declaring “impeachment is the way that we establish that this man will not be permitted to break the law over and over without consequences.”

Andrew Yang marked an even bigger exception. He struck a sour note when he seemed to echo Trump by downplaying the importance of Russia hacking and releasing Democratic emails in 2016 and probing election infrastrastucture, comparing it to U.S. Cold War operations that undermined leaders in Iran and elsewhere.

“We have to let Russia know, ‘Look, we get it. We've tampered with other elections. You've tampered with our elections. And now it has to stop,” Yang said. “And, if it does not stop, we'll take this as an act of hostility against the American people.”

That’s far weaker than the position of the vast majority of Democratic and Republican lawmakers who say Russia’s actions in 2016 were hostile and have voted repeatedly to sanction Russia and even to block Trump from reversing those sanctions.

Sen. Amy Klobuchar (D-Minn.) had one of the most powerful moments of the night when she slapped back at Yang, declaring, “I don't see a moral equivalency between our country and Russia.”

I don’t see a moral equivalency between our country and Russia. Period. #DemDebate — Amy Klobuchar (@amyklobuchar) October 16, 2019

Klobuchar also balked at Yang downplaying the damage Russia did in 2016, which she said “wasn't meddling…This was actually invading our elections.”

She went on to attack Senate Majority Leader Mitch McConnell (R-Ky.) for blocking Democratic efforts to deliver more money for election security and to mandate protections including paper ballots and touted the Honest Ads Act, a bill she’s sponsoring with Sen. Lindsey Graham (R-S.C.), to force transparency in online political advertising.

“We can't wait to become president to get that done. We need to get it done now,” she said.

You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news. Not a regular subscriber?

PINGED, PATCHED, PWNED

Workers are seen at the damaged site of Saudi Aramco oil facility in Abqaiq, Saudi Arabia. REUTERS/Hamad l Mohammed/File Photo

PINGED: The United States carried out a retaliatory cyberattack against Iran for alleged September attacks on Saudi Arabia’s oil facilities, two U.S. officials told Reuters’s Idrees Ali and Phil Stewart.

The late September strike focused on Tehran’s ability to spread “propaganda,” the officials said with one official saying it affected physical hardware.

Iran’s Minister of Communications and Information Technology Mohammad Javad Azari-Jahromi denied the strike, saying “they must have dreamt it,” Fars news agency reported.

The strike is part of a Trump administration effort to increasingly strike back in cyberspace in order to deter other nations from hacking U.S. targets. U.S. Cyber Command has launched previous digital strikes aimed at Russia and Iran, the Post has reported.

Voting machines at P.S.140 in Manhattan on Nov. 6, 2018. (Andrew Kelly/Reuters)

PATCHED: Voting security groups are slamming the Election Assistance Commission for withholding about 55,000 comments urging a ban on wireless connections in U.S. voting machines from a committee tasked with helping rewrite voluntary federal security guidelines for those machines. The comments show strong public support for the ban, and withholding them interfered with the committee's decision making, the groups say.

“Our organizations engaged our members and the public to encourage the submission of public comments on the [Voluntary Voting System Guidelines]. We believe their voices should be heard,” the groups wrote to members of the advisory committee and EAC Commissioner Ben Hovland, who oversees the committee. “Prohibiting connectivity will provide both better security and better confidence in the election process.”

Allowing voting machines to connect to wirelss networks can increase the risk of foreign hacking, according to the groups, which include the National Election Defense Coalition, Public Citizen, FreedomWorks, the OSET Institute and Smart Elections.

Election officials all say voting machines should be segregated from the Internet during voting, but some jurisdictions use network connections to share unofficial results after voting has concluded.

EAC Spokeswoman Brenda Soder told me in an email the commission is “committed to a transparent and inclusive process” and a “robust conversations” about wireless technology and other cybersecurity concerns.

“This important conversation is both ongoing and informed by a broad spectrum of experts. As we move toward adopting [next-generation guidelines], we will continue to listen to their input,” she said.

A child holds an Apple iPhone 6S. (Kiichiro Sato/AP)

PWNED: Teens are outsmarting Apple's army of engineers to get around Screen Time, a built-in tool that gives parents control of how much time kids spend on their phones, my colleague Reed Albergotti reports.

Teens use a host of tricks to get around the feature: downloading software meant to exploit Apple security flaws, cracking their parents' passwords or manipulating bugs in the tool. For instance, teens get around restrictions on watching YouTube by watching it via iMessage. One mother found her 14-year-old son could make Screen Time stop working by repeatedly turning the phone on and off. Apple acknowledged in a customer service chat that her son had found a known bug, but didn't tell her whether it planned to fix it.

“These are not rocket science, backdoor, dark web sort of hacks,” says Chris McKenna, founder of the Internet safety group Protect Young Eyes. “It blows me away that Apple hasn’t thought through the fact that a persistent middle schoolboy or girl can bang around and find them.” Other experts alleged that Apple limits the functionality of other apps that might give parents an alternative way of controlling their children's device use.

Apple spokeswoman Michele Wyman told Reed in a statement that Apple is “committed to providing our users with powerful tools to manage their iOS devices and [is] always working to make them even better.” Wyman did not comment on specific bugs and workarounds or how quickly Apple fixes them.

PUBLIC KEY

— Cybersecurity news from the public sector:

Europe Russian indicted by Mueller held in Belarus, then released The suspect, Anna Bogcheva, worked for Russia’s “troll factory” suspected of 2016 election interference. Will Englund

Huawei Extends Hot Streak in the Face of U.S. Blacklisting Huawei’s revenue rose 24% during the first nine months of the year, despite a U.S. export blacklisting against the world’s largest maker of telecommunication equipment. Wall Street Journal

Budgetary, Technical Hurdles Continue Hampering 2020 Election Security Prep A Congressional field hearing in Illinois highlighted how far states and local jurisdictions have come since 2016, and how far they have to go. Nextgov

PRIVATE KEY

Fiber-optic cables. (Jason Alden/Bloomberg News)

Hackers have used malicious software to scam nearly half a million email accounts into sending more than 27 million emails that try to extort victims with phony sexual blackmail claims, researchers at the cybersecurity firm Check Point say. The new malware can allow hackers to send tens of millions of spam emails, increasing the chances of finding victims who will pay out.

The malware has been around for over a decade, but it’s only recently that scammers have adopted it for sextortion schemes, researchers say. The scammers are including victims' passwords that were leaked online in their emails to add authenticity to the scam, researchers say. The report will be live here later this morning.

— More cybersecurity news from the private sector:



Facebook Sweetens Deal for Hackers to Catch Security Bugs The company is turbocharging its bug bounty to try to stop the next data leak before it happens. Wired

Malware That Spits Cash Out of ATMs Has Spread Across the World A joint investigation between Motherboard and the German broadcaster Bayerischer Rundfunk (BR) has uncovered new details about a spate of so-called “jackpotting” attacks. Vice

THE NEW WILD WEST

— Cybersecurity news from abroad:

Australian government introduces new telco regulations to fight phone scams Two-factor authentication is now required when porting numbers from one provider to another. ZDNet

ZERO DAYBOOK

— Today: