A frontal assault on claims by President Trump and Republicans that Ukraine interfered in the 2016 presidential election was welcome news to security researchers.  

Fiona Hill, a former member of Trump's National Security Council, insisted in yesterday's impeachment hearing that such allegations not only undermine U.S. intelligence agencies' universal conclusion that Russia was responsible but play right into the hands of Russian President Vladimir Putin.

“Some of you on this committee appear to believe that Russia and its security services did not conduct a campaign against our country and that perhaps, somehow, for some reason, Ukraine did,” Hill said. “This is a fictional narrative that is being perpetrated and propagated by the Russian security services themselves.” 

This was a memorable clapback after a week of careful testimony by diplomats and a slew of conspiracy theories elevated by Republicans on the committee. 

“It’s going to be incredibly difficult to prepare for 2020, or to deter activity in 2020, if we’re not clear about what happened in 2016,” John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye, told me.

“[Russian interference] was agreed to by just about every intelligence agency and cybersecurity company out there. Any alternative story that hasn’t been vetted by serious organizations just muddies the waters.”

Hill also suggested that lawmakers' statements might make it easier for the Kremlin to strike again. “Right now, Russia's security services and their proxies have geared up to repeat their interference in the 2020 election. We are running out of time to stop them,” she said. “In the course of this investigation, I would ask that you please not promote politically derivative falsehoods that so clearly advance Russian interests.”

In fact, as my colleague Philip Bump points out, "we don’t need to take Hill’s word for it that Russia embraces the Ukraine-did-it-too narrative being deployed by Trump’s allies. [Putin] spoke at an event in Moscow on Wednesday and addressed the idea directly." 

“Thank God,” Putin said, “no one is accusing us of interfering in the U.S. elections anymore. Now they’re accusing Ukraine.” 

Hill's language was designed to send a message to politicians about the damage they were doing to the country. “These fictions are harmful, even if they're deployed for purely domestic political purposes,” she said. “President Putin and the Russian security services operate like a super PAC. They deploy millions of dollars to weaponize our own political opposition research and false narratives. When we are consumed by partisan rancor, we cannot combat these external forces as they seek to divide us against each other, degrade our institutions and destroy the faith of the American people in our democracy.”

Her comments drew cheers from Democratic lawmakers.

From House Majority Leader Steny Hoyer (D-Md.): 

From 2020 candidate Sen. Kamala Harris (D-Calif.): 

Republicans shot back, however, saying Hill was misstating their arguments because they haven’t explicitly denied Russia interfered in 2016. 

“My Democratic colleagues attempting to manipulate media coverage with untruthful statements about our efforts to combat Russian interference reeks of political desperation. Not one Republican on the Committee has denied Russia tried to meddle in the 2016 election,” Rep. Elise Stefanik (R-N.Y.) tweeted.

The top Republican on the commitee, Devin Nunes (R-Calif.), who suggested specifically this week that Ukraine acted inappropriately in the 2016 election, said Republicans were only arguing that perhaps another country did, too. (As my colleague Aaron Blake points out, "Trump, it bears noting, has suggested it was really only Ukraine.") 

Addressing Hill's criticisms, Nunes said, "it is entirely possible for two separate nations to engage in election meddling at the same time. And Republicans believe we should take meddling seriously by all foreign countries, regardless of which campaign is the target.” 

"Later in the hearing, though, Hill offered an extensive response to that idea, arguing Ukraine’s actions were simply not at all comparable to what Russia did, given Russia’s was an extensive, top-down effort that included a misinformation campaign," Blake writes. "And indeed, she said Ukraine’s actions weren’t terribly dissimilar from officials in other countries who assumed Hillary Clinton would win the election and that they could criticize Trump." 


PINGED: China hawks in the Senate are demanding the administration suspend a new program granting licenses for U.S. firms to sell less-risky components to the Chinese telecom firm Huawei until Congress gets a briefing on the national security implications, my colleague Jeanne Whalen reports

The letter from a bipartisan group of 15 senators also asks for a warning before the Commerce Department issues any additional licenses. And they criticize the administration for continuing to delay a blanket ban on sales to Huawei over Chinese spying concerns. 

“National security experts widely agree that Chinese companies cooperate heavily with the Chinese Communist Party, and the Chinese government is thought to exercise considerable influence over Huawei, in particular,” the letter led by Sens. Charles E. Schumer (D-N.Y.) and Tom Cotton (R-Ark.) states. 

The licenses “will allow Huawei to fully resume its engagement with certain U.S. firms without an adequate assessment of the risks to national security,” they write.

The Commerce Department has said the licenses it approved this week were for “limited and specific activities which do not pose a significant risk to the national security or foreign policy interests of the United States.” Huawei has consistently denied aiding Chinese government spying.

PATCHED: Vietnam, Saudi Arabia and Qatar are just a few of the nations emerging as major players in a cyberthreat space once dominated by Russia, China, Iran and North Korea, a new report from the Aspen Institute's cyber and technology program finds. China, Russia, North Korea and Iran traditionally get the most attention for offensive cyber operations, but other nations are starting to catch up.

Saudi Arabia, the United Arab Emirates and Qatar have also managed to increase their offensive hacking capabilities by employing private firms such as U.S.-based CyberPoint, the Israeli NSO Group, and other hackers for hire to compete for regional power and silence dissidents. The NSO Group recently came under fire for hacking into the WhatsApp accounts of human rights activists and journalists. Vietnam, meanwhile, has started to copy China's playbook by using state-sponsored hackers typically to target corporate competitors in the region. Romania, by contrast, has served as a safe haven for hackers. Brazilian hacking remains uniquely driven by internal motives, including profit-seeking by domestic crime groups and “hacktivists” trying to expose government corruption.

PWNED: Mayor Pete Buttigieg's presidential campaign has an unusual strategy to get ahead of the possibility bad actors could manipulate audio and video of him: nonstop surveillance. 

“We keep the mayor in front of a camera basically all his waking hours,” the campaign's chief security officer Mick Baccio told an audience at the Cyberwarcon outside Washington yesterday. “So if there is that doctored video we have the original to combat it.”

Manipulated video content has been a concern for politicians since a video of House Speaker Nancy Pelosi (D-Calif.), slowed down to make her appear drunk, went viral this summer. Even after the video was debunked, it continued to spread on Facebook and other platforms. The viral nature of the manipulated video is one reason that keeping a video record may not be enough to combat the problem, Foreign Policy Research Institute research fellow Clint Watts says.

“The people that tend to believe these things are so wrapped up in political bias, you could show them the real video later and they still might not believe it,” he says.

Having real content archived or easily accessible on social media does allow the campaign to react more quickly to combat the disinformation, Watts says. “It does give them a counter weapon … but it’s not a silver bullet either,” he says.

Watts says that Buttigieg and other candidates should push for a partnership between the government and social media companies to create a verification process designating the time, date and origin of digital content to help users discern which content is authentic.


Even outside the impeachment hearings, it has been hard for the cybersecurity world to avoid the ongoing attention to a debunked conspiracy theory that the Democratic National Committee faked a 2016 hack by Russia and hid a server full of emails somewhere in Ukraine. 

Bloomberg News's William Turton detailed how the conspiracy theory followed CrowdStrike, which has been accused of helping with the hidden server, into a security conference:

And you know it's been a long week when the Onion is joking about servers:


— Cybersecurity news from the public sector:

The U.S. Army is undertaking a security assessment of China-owned social media platform TikTok after a Democratic lawmaker raised national security concerns over the app’s handling of user data, Army Secretary Ryan McCarthy said on Thursday.
The Department of Homeland Security’s (DHS) cybersecurity agency announced Thursday it would partner with election officials and private sector groups to develop an election auditing tool that can be used to help ensure the accuracy of votes in 2020.
The Hill
Sens. Elizabeth Warren and Ron Wyden have called for an investigation of Amazon, which hosted a cloud server used by the banking giant.
ACLU said it was "fundamental" that suspects have the right to "to avoid self-incrimination."


— Cybersecurity news from the private sector:

A Lenovo product got paid promotion on social media, in a move that roiled the cybersecurity world.
T-Mobile says hackers didn't access passwords, SSNs, or financial information.
U.S. President Donald Trump said on Thursday he had asked Apple Inc Chief Executive Officer Tim Cook to look into helping develop telecommunications infrastructure for 5G wireless networks in the United States.


​​​​​​ — Coming up:

  • The Senate Committee on Foreign Relations will examine the future of United State policy towards Russia at 9:45 a.m. on December 3.