THE KEY

An alleged Russian influence campaign to undermine this week's British elections shows how tough it will be to keep foreign influence out of the 2020 U.S. contest.

Russian-backed accounts on Reddit actively worked to boost the trove of documents appearing to detail key U.S.-U.K. trade negotiations that have been gaining traction over the internet for months, the social sharing site revealed Saturday. It’s not clear whether the documents were leaked or hacked, but Britain’s opposition Labour Party, has been using the seemingly genuine documents to slam the ruling conservative party for considering giving U.S. companies far more influence over Britain's popular state-run National Health Service as part of a post-Brexit trade deal. 

It's yet another example of Russia's powerful digital army allegedly seeking to influence the outcome of a Western election -- and it offers a stark reminder of how influence operations can be highly effective even before they’re identified. This dramatically undermines government and industry efforts to blunt their power or hold off their spread. 

The British elections are on Thursday. “Reddit did what they were supposed to do here [by investigating and exposing the Russian activity], but it didn’t change the outcome,” Clint Watts, a distinguished research fellow at the Foreign Policy Research Institute who tracks Russian influence operations, told me. “Even if we do everything we’re supposed to do, they can still achieve their objectives.”

The case also offers a warning to 2020 Democratic presidential candidates, who have have all pledged not to campaign using hacked materials, about how tough it could be to honor that pledge — especially if the dirt appears to be genuine rather than doctored and is already being widely discussed by media. 

“Even if a political party or a candidate shows reticence in using stolen information, if it gets widely disseminated through the media it’s going to be enormously challenging to stay on the sidelines,” Simon Rosenberg, a top Democratic strategist who has advocated for politicians to forswear using hacked information, told me. 

In the U.K case, there’s no indication Labour politicians or their leader Jeremy Corbyn knew the documents might be part of a Russian influence campaign when they first touted them to journalists in late November — but they’ve refused to say how they got ahold of the documents or to grapple with Russia’s role. 

Corbyn called those concerns “nonsense” over the weekend, and a Labour representative said releasing the documents was “clearly in the public interest.” Britain's National Cyber Security Centre, part its GCHQ intelligence agency, is looking into the alleged Russia campaign, officials have said. 

There are signs the U.S. political system will be highly vulnerable if and when another Russian influence operation hits. 

President Trump’s Republican allies have continued to claim without evidence that Ukraine made a concerted effort to interfere in the 2016 election — despite warnings from national security officials that those claims are being pushed by the Kremlin to muddy the waters on Russia’s own 2016 interference operations. 

Most recently, Sen. Ted Cruz (R-Tex.) argued that Ukraine “blatantly interfered in our election” on NBC’s Meet the Press on Sunday. 

And the president himself — who’s facing impeachment for allegedly urging Ukraine to interfere in the 2020 contest — has wavered on whether Russia was actually responsible for 2016 election interference and said he might welcome dirt provided by a foreign nation on a political opponent. 

And some Democratic presidential hopefuls have left the door open to campaigning with material that was originally hacked by an adversary but has been vetted by the media. 

“If something has been reported in the mainstream press and verified, we reserve the right to reference it,” a spokeswoman for author Marianne Williamson, who remains in the race but hasn’t won enough support to appear in recent debates, told The Post in April. 

All told, politicians are not exactly serving as a deterrent right now to would-be adversaries, experts say. “The manipulation efforts by Russia have worked, and one should presume they’ll increase in volume and intensity in the coming years, but there’s been very little reflection in the U.S. about any of this and we really haven’t come far from where we were in 2016,” Rosenberg told me. “It’s a reality of the Moscow rules era of politics we’re living in that the old rules don’t apply anymore.” 

PINGED, PATCHED, PWNED

PINGED: Trump is denying a report that he left sensitive conversations vulnerable to foreign surveillance by using a personal cellphone, tweeting on Friday that he hasn't had a personal cell phone "for years.” His rebuttal comes after a CNN report Friday evening cited multiple officials saying the president still routinely uses his personal device. 

The Post also reported last week that Trump continues to use his personal device despite warnings from security officials and has given the number to foreign leaders.

Phone records released by the House Intelligence Committee also suggest Trump may have used unencrypted phone lines to discuss a White House pressure campaign on Ukraine, which makes it highly likely Russian intelligence agencies were listening in on the calls that are at the center of a House impeachment effort.

PATCHED: The nation's top energy regulator should move to aggressively block possible spying and sabotage dangers posed by solar components from the Chinese company Huawei, a bipartisan group of senators wrote in a letter Friday. 

The concern centers on Huawei's solar inverters, which manage and convert solar energy into electricity. The U.S. government has taken numerous actions to bar Huawei from the nation's telecommunications infrastructure, citing national security concerns, but has paid less attention to the company's solar energy business. 

“Huawei-produced inverters connected to the U.S. energy grid could leave it vulnerable to foreign surveillance and interference, and could potentially give Beijing access to meddle with portions of America’s electricity supply,” a group of 10 senators including China hawks Marco Rubio (R-Fla.), Mark R. Warner (D-Va.) and Tom Cotton (R-Ark.) wrote to Federal Energy Regulatory Commission (FERC) Chairman Neil Chatterjee.

PWNED: A Saudi dissident claims that Twitter is trying to stall a lawsuit he brought against the company for failing to alert him that one of its employees hacked into his account, Peter Blumberg at Bloomberg News reports. The Justice Department indicted that same Twitter employee last month for allegedly hacking the accounts of the activist Omar Abdulaziz and about 6,000 other users.

The employee passed Abdulaziz’s information to Saudi operatives, who used it to target him, according to the lawsuit.

Abdulaziz is also suing the consulting firm McKinsey for allegedly preparing a report that identified him to Saudi Arabia’s royal family as a top activist protesting human rights abuses.

Twitter and McKinsey told the court they need to delay the evidence-gathering process until they have a chance to argue the case should be dismissed. Abdulaziz’s attorneys, however, say that would take several months and that the court should expedite the process.

The Twitter hack was just one incident in a series of “targeted harassment,” Abdulaziz says. His phone was also allegedly hacked using spyware from the Israeli firm NSO Group.

PUBLIC KEY

— Cybersecurity news from the public sector:

National Security
The report is expected to conclude that bias did not taint bureau leaders running the probe but detail other problems.
Matt Zapotosky and Devlin Barrett
Two top government officials with broad cybersecurity and election-integrity portfolios have said they are stepping down, a loss of expertise in a critical area less than a year before the 2020 presidential election.
The Wall Street Journal
Department of Homeland Security officials have selected Bryan S. Ware, a tech-savvy entrepreneur and holder of multiple patents, to be the department’s most senior official focused exclusively on cybersecurity, according to multiple people familiar with the matter
A partisan clash is unfolding over an effort to upgrade voting systems in Pennsylvania, after Republicans accused the Democratic governor of rushing the deployment of new voting machines, some of which malfunctioned in November. Democrats called the claims inaccurate.
Wall Street Journal
Rep. Pramila Jayapal (D-Wash.) on Friday pressed Google executives for answers on how the company is collecting and protecting sensitive consumer health data as part of a special project with a health care group.
The Hill

PRIVATE KEY

— Cybersecurity news from the private sector:

Hacks linked to Ocean Lotus (APT32), a group believed to operate with orders from the Vietnamese government.
ZDNet
Cybersecurity insiders claim NDAs are being used by big businesses to flaunt data laws. Lawyers defending victims of the BA breach call for changes.
Business Insider

THE NEW WILD WEST

— Cybersecurity news from abroad:

Russia’s foreign ministry said on Friday that new U.S. sanctions against Russian individuals and firms over alleged cyber crimes were a “propaganda attack” and Moscow would respond to them, though it did not say how.
The directive is the first publicly-known instruction with specific targets given to Chinese buyers to switch to domestic technology vendors, and echoes efforts by Washington to curb the use of Chinese technology in the US and its allies.
Australian Financial Review

ZERO DAYBOOK

— Coming up:

  • The Senate Judiciary Committee will host a hearing, “Encryption and Lawful Access: Evaluating Benefits and Risks to Public Safety and Privacy,” on Tuesday at 10 a.m.
  • Dartmouth College and Durham University will host a forum on A.I., machine learning and the future cybersecurity landscape for organizations and governments at Carnegie Institution of Washington on Wednesday from 10 a.m. to 5 p.m.