with Tonya Riley
A bipartisan Senate report on Russia's 2016 hacking operations may be the last major catalyst for lawmakers to make meaningful election security changes before the 2020 contest.
The heavily redacted Senate Intelligence Committee report unanimously endorses the intelligence community’s conclusion that Russian President Vladimir Putin was instrumental in directing a wide-ranging hacking and influence effort aimed in part at helping elect President Trump. It’s a bipartisan congressional rebuke of “President Trump’s oft-stated doubts about Russia’s role in the 2016 race,” as my colleague Ellen Nakashima reports.
But it came out the same day Congress passed a $484 billion stimulus bill aimed at aimed at shoring up small businesses during the coronavirus pandemic — which didn’t include any money to make elections more secure during the crisis. And it’s far from clear whether more money will come through in time to help.
It's the latest disappointment for election security advocates who say far too little has been done since 2016.
They worry about both Russian hacking and the public health risks that polling sites could face during the pandemic. The disparity reflects an almost-four-year routine in which lawmakers’ alarm about election security has outpaced their financial commitment to it.
“States are being forced to make massive adjustments to the way they conduct elections… in light of the covid pandemic,” Lawrence Norden, director of the Brennan Center’s Election Reform Program, told me. “That will cost money [and] there is time, but not much. State and local governments really need to see that money in the next coronavirus package.”
Lawmakers pounced on the report to warn Russia is already working to upend November’s contest.
But there was no call for specific reforms or federal help in the comments from the Republican leader. “Russia’s aggressive interference efforts should be considered ‘the new normal,’ ” said Sen. Richard Burr (R-N.C.), the committee’s chairman. “That warning has been borne out by the events of the last three years, as Russia and its imitators increasingly use information warfare to sow societal chaos and discord. With the 2020 presidential election approaching, it’s more important than ever that we remain vigilant against the threat of interference from hostile foreign actors.”
The committee’s vice chair, Sen. Mark Warner (D-Va.), warned “there is certainly no reason to doubt that the Russians’ success in 2016 is leading them to try again in 2020, and we must not be caught unprepared.”
But election security efforts so far are nowhere near where advocates say they should be.
The Brennan Center has estimated it would cost about $2 billion to fully secure U.S. election systems against Russian hacking and another $2 billion to establish universal voting by mail and make other changes to make voting safe during the pandemic.
So far, though, Congress has devoted just about $1 billion to election overhaul since 2016. That includes $400 million passed in Congress’s first coronavirus stimulus bill in March, after Democrats unsuccessfully pushed for $4 billion and for universal access to voting by mail and expanded early voting.
And lawmakers haven't mandated that any of the money be used for specific changes supported by experts, such as mail voting during the pandemic so voters don't have to visit unsafe polling sites and paper records for ballots so they can verify their votes weren't changed.
All eyes are on the next stimulus bill.
Senate Minority Leader Charles Schumer (D-N.Y.) pledged yesterday that election reforms will be among Democrats’ top priorities in any future coronavirus stimulus bill, along with financial support for state, local and tribal governments and hazard pay for medical workers.
“We must make sure that our elections this fall are conducted fairly, that states have enough money to run them properly, and that every American can exercise his or her constitutional franchise safely and confidently,” Schumer said.
But Senate Majority Leader Mitch McConnell (R-Ky.) is pushing back against the idea of any additional stimulus during the pandemic, telling my colleagues Erica Werner and Seung Min Kim that he wants to “push the pause button” on additional spending legislation, at least until lawmakers return to the Capitol in person, which is scheduled for May 4.
Meanwhile, the time window for state and local officials to make substantial and meaningful reforms to elections is rapidly closing.
Other Democrats also used the report to tout stricter rules on states in exchange for funding.
They’ve long favored this move, but have been stymied by McConnell, who opposes any new rules for state election officials. He says they would violate states rights and could serve Democrats' electoral priorities.
Here’s Sen. Kamala Harris (D-Calif.), a sponsor of several election security bills:
The facts are indisputable. My colleagues and I on the Senate Intelligence Committee agree that Russia interfered in the 2016 presidential election and did so to help Donald Trump.— Kamala Harris (@SenKamalaHarris) April 21, 2020
We must do everything in our power to protect our elections—now. https://t.co/1yPX0tsheP
And Sen. Cory Booker (D-N.J.):
Russia meddled in the 2016 election and is doing it again. We must be prepared this time. The Senate must pass legislation like the Election Security Act that will protect our election infrastructure from foreign interference. https://t.co/7AzJlZf62e— Sen. Cory Booker (@SenBooker) April 21, 2020
Sen. Chris Van Hollen (D-Md.) blamed McConnell for blocking reforms.
Russia interfered in our 2016 elections to help Trump win, a conclusion reached by intel officials and the Republican-led Senate Intel Committee. Will my GOP colleagues convince McConnell to act to protect our future elections now? He’s been blocking the DETER Act for years. https://t.co/xKZWe9BolI— Senator Chris Van Hollen (@ChrisVanHollen) April 21, 2020
Sen. Ron Wyden (D-Ore.) also bemoaned the failure to mandate paper ballots and other election security measures in an appendix to the Senate report. He called it “a threat to democracy” and warned it impedes the government’s ability to determine whether election systems were hacked or not.
“The actions of our adversaries challenge our intelligence capabilities,” he wrote. “In this case, in which audits are inadequate, state and local election officials lack the expertise and resources to identify sophisticated cyberattacks, and [the Department of Homeland Security] lacks comprehensive, nation-wide information, the harm is partly self-inflicted.”
NOTE TO READERS ON OUR NEW LOOK: We debuted a redesign of The Cybersecurity 202 this week, aimed at making this tipsheet cleaner, sharper and easier to read. Please let us know what you think here. Thanks for being a Cybersecurity 202 reader, and tell your friends to sign up here.
Nearly 25,000 emails from global health groups responding to the pandemic have been leaked online.
The email addresses and passwords allegedly belonging to National Institutes of Health, the World Health Organization, the Gates Foundation and other groups on the front lines of the coronavirus response are already being used in a harassment campaign by far right groups including Neo-Nazis and white supremacists, my colleagues Souad Mekhennet and Craig Timberg report.
“The distribution of these alleged email credentials were just another part of a months-long initiative across the far right to weaponize the covid-19 pandemic,” Rita Katz, executive director of SITE Intelligence Group, which monitors online extremism and first spotted the leak, told my colleagues.
SITE could not confirm whether the emails were legitimate but Australian cybersecurity expert Robert Potter said he verified that the WHO email addresses and passwords were real. The NIH, Centers for Disease Control and Prevention, WHO and World Bank did not immediately reply to requests for comment Tuesday evening. The Gates Foundation said it was monitoring the situation but had no indication of a data breach.
The emails appear to be compiled from earlier leaks, rather than newly stolen by hackers, per the New York Times's Nicole Perlroth:
The credentials spread from 4chan to Pastebin to Twitter to far-right channels on Telegram, and were blasted to my colleagues and I at the NYT and apparently other outlets. Harassment and 'going viral' is the goal. Please let's not give these more attention than they're due. 2/3— Nicole Perlroth (@nicoleperlroth) April 22, 2020
China, Iran and Russia are bombarding the United States with coronavirus disinformation.
The phony messages include that the coronavirus is an American bioweapon, that American sanctions are killing Iranians and that the U.S. economy is faltering under the economic weight of the disease, the State Department warns in a report obtained by Betsy Woodruff Swan at Politico.
The three powers are pushing similar messages, which is quite rare, the report notes. The coronavirus accelerated the alignment, which centers on painting China as a global leader at the United States’ expense. China has even allowed some Russian propaganda into its tightly controlled online information system, the head of the department's Global Engagement Center, Lea Gabrielle, told Betsy.
The Chinese Embassy and Russian Embassy denied responsibility for any disinformation; the Iranian Embassy denied involvement and instead claimed the United States was behind the disinformation.
Senators call on government to defend hospitals from hackers.
The senators want the Department of Homeland Security and U.S. Cyber Command to consider issuing a joint statement warning of serious consequences for hackers that damage hospitals during the pandemic. It could be modeled on a March warning the agencies issued about hacker efforts to undermine U.S. elections, they say.
“[O]ur country’s healthcare, public health, and research sectors are facing an unprecedented and perilous campaign of sophisticated hacking operations from state and criminal actors amid the coronavirus pandemic,” the senators wrote in a letter to DHS’s top cybersecurity official Christopher Krebs and Cyber Command chief Paul Nakasone.
Those threats are coming from China, Iran, Russia and North Korea, they say. The group, which included, Sens. Richard Blumenthal (D-Conn.) Tom Cotton (R-Ark.), Mark Warner (D-Va.), David Perdue (R-Ga.), and Edward J. Markey (D-Mass.) also called on the agencies to:
- Increase reporting on threats faced by the health care, public health and research sectors
- Coordinate with the Department of Health and Human Services, Federal Trade Commission and FBI to investigate cyberattacks and disinformation
- Provide direct resources to health-care providers and the National Guard Bureau
Volunteer cybersecurity pros identified more than 2,000 vulnerabilities in health-care institutions in 80 countries.
The group known as the Cyber Threat Intelligence League was launched to combat coronavirus-related hacking in March.
The league has also helped take down 2,833 criminal domains, including 17 designed to impersonate government organizations, the United Nations, and the World Health Organization, according to its report.
The group, which has grown to more than 1,400 volunteers across 76 countries, won praise from Krebs:
.@CTIleague brings together more than 1,000 net defenders from around the world to stop malicious cyber activity related to the #CoronavirusOutbreak. They just released their Inaugural Report: https://t.co/nH4NepfxFo— Chris Krebs (@CISAKrebs) April 21, 2020
The Small Business Administration told 8,000 small-business owners their personal information may have been exposed.
The computer bug has been fixed and there's no evidence data was misused, the SBA told CNBC.
Coronavirus fraud continues to climb, the Federal Trade Commission reports.
FTC has received 22,853 reports related to #COVID19, and people reported losing $17.53M to fraud. Latest data now available (posted weekdays). Please note that we are now releasing fraud data by age, contact method and payment method: https://t.co/6uLszZGuz3 #coronavirus pic.twitter.com/j8bCpuA60d— FTC (@FTC) April 21, 2020
And there's this from the FBI:
Securing the ballot
Sixty-seven percent of Americans support implementing vote-by-mail measures during the pandemic.
That's according to a new NBC News-Wall Street Journal poll. Other findings include:
- About 58% of voters favor changing election laws permanently to allow voting by mail.
- 39% oppose a permanent change
- But one-quarter of that 39 percent says mail-in voting should be allowed this November because of the coronavirus.
U.K. officials are standing by their decision on Huawei.
The United Kingdom's move to allow the Chinese telecommunications company to help build its next-generation 5G networks was pilloried by U.S. officials. But it's "a firm decision and is not being reopened,” Simon McDonald, permanent undersecretary at the foreign ministry said yesterday, according to Reuters. The current policy caps Huawei involvement at 35 percent of the nation’s 5G infrastructure. U.S. officials say Huawei poses a Chinese spying risk, which the company rejects.
But nine telecommunications carriers are still pushing back. They sent a letter on Friday expressing support for an inquiry into 5G security by Parliament's defense committee. The companies, including Airspan and Mavenir, say they can offer a safer alternative to Huawei using 5G software technology.
In other international security news:
Marc Rotenberg has departed from his role as executive director of the Electronic Privacy Information Center.
General Counsel Alan Butler will serve as interim executive director, the organization announced yesterday.
The board is still looking into the issue:
The board didn't give a reason for Rotenberg's departure, but over the weekend, board chair Anita Allen assured EPIC's advisory board in an email that the board had been looking into this issue since March 12. https://t.co/Qjj4TF8Mbh— issie lapowsky (@issielapowsky) April 21, 2020
- The R Street Institute will host a discussion on "EARN IT Act and Its Broader Implications for Encryption and Cybersecurity" on April 28 at 2 pm.
Have an event you want our readers to know about? Email firstname.lastname@example.org.
Secure log off
Sen. Warner managed to generate controversy yesterday. But it wasn't about Russia.
From MSNBC's Nick Ramsay:
You can watch the whole video on Instagram. But some viewers may find it disturbing. My colleague Laura Michalski:
Even Warner's communications director was trying to stay out of it.
Guys obviously the tuna video was not my idea— rachel cohen (@rcohen) April 22, 2020
Now please stop texting me about mayo-gate