The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: My Pillow cyber symposium is yet another font of election fraud lies

with Aaron Schaffer

MyPillow CEO Mike Lindell yesterday kicked off a “cyber symposium” that promised digital proof of his outlandish claims the 2020 election was hacked. 

But by the end of the first day, all he’d provided was a smattering of data that amounted to nothing, according to experts in attendance. 

Lindell's performance was yet another example of how, nearly nine months later, baseless efforts to dispute Joe Biden’s 2020 presidential election victory are still coming in hot and heavy — but with no evidence to back them up. 

This is a big fat nothing and a distraction,” Harri Hursti, a longtime election security expert who attended the conference to fact check any technical evidence, told me. Hursti is among the most prominent critics of voting machine security but has slammed election-fraud claims by Donald Trump and his supporters for lacking any hard evidence. 

They have fed us with garbage just to control the narrative,” he told me by text message.  

Lindell began the day claiming the conference itself was the victim of hacking. Throughout the lengthy day, he alleged bombshell evidence would soon arrive that never materialized.

The live feed of the event was also stuffed with calls for donations and live advertisements for Lindell’s company

His general claim ― which was presented without evidence ― is that Chinese government hackers changed thousands of votes in every state by accessing them over the Internet. That’s something for which election security experts have found zero evidence and they say would be effectively impossible. 

The flop of a conference reflects a recent theme in which Trump supporters have blasted the public with baseless claims of election fraud, promising big reveals that never materialize. Partisan audits in Arizona and elsewhere have followed a similar path. As did countless lawsuits filed by the former president. 

Robert Graham, another cybersecurity expert, attended the conference and live-tweeted fact checks. 

The running theme was a promise of digital evidence that was never provided to experts in attendance. 

At one point, Lindell criticized Graham’s Twitter thread from the event stage but never gave him a chance to respond. 

The conference is among many examples of how the election’s legitimacy is still being litigated ― often to the detriment of public faith in democratic processes. 

Also yesterday, Dominion Voting Systems filed lawsuits against Newsmax and One America News, claiming defamation, Elahe Izadi reported.

Dominion was at the center of baseless accusations propagated by Trump, Lindell and others claiming election fraud. The company's action is the latest in a series of defamation lawsuits from Dominion and another voting company, Smartmatic, that have also targeted Fox News.  

“The defendants in today’s filings recklessly disregarded the truth when they spread lies in November and continue to do so today,” Dominion CEO John Poulos said in a statement. “This barrage of lies by the defendants and others have caused — and continue to cause — severe damage to our company, customers, and employees. We have no choice but to seek to hold those responsible to account.”

Wisconsin Gov. Tony Evers (D) also shot back at efforts to launch a partisan audit of the election outcome in some counties. 

He urged county officials to refuse to comply with Republican legislative efforts to subpoena voting machines in those counties, the Milwaukee Journal Sentinel reported

“The answer would be hell no,” he said. 

Auditors contracted by Arizona’s Republican legislature seized voting machines from Maricopa County for a similarly partisan effort. 

The probe was roundly opposed by the Maricopa County Board of Supervisors, which is also majority Republican. Board Chair Jack Sellers has called it an “adventure in never-never land.”

The Arizona audit was riddled with cybersecurity failures. Doug Logan, the CEO of the firm running the audit, Cyber Ninjas, previously spread election fabrications claiming Trump’s victory. 

The vote-counting phase of that audit ended last month, but there’s been no final report yet. Logan and Republican state Senate President Karen Fann are discussing options to expand it. 

The keys

The Senate’s roughly $1 trillion infrastructure bill is packed with cyber provisions. 

Senators said the bill includes: 

  • $21 million in funding for the newly established office of National Cyber Director Chris Inglis.
  • $1 billion in funding over four years to boost state, local and tribal cybersecurity.
  • $100 million for the Department of Homeland Security to use over five years for helping groups responding to hacks.

Here are more details from Maggie Miller at The Hill

State and local officials praised the Senate for adopting cybersecurity measures as part of the overall package designed to boost the nation’s roads, bridges and Internet connections, StateScoop’s Benjamin Freed reports. More than a dozen Republicans voted with their Democratic colleagues to pass the nearly $1 trillion bill, Tony Romm reports

But the bill faces a tough road in the House, where Speaker Nancy Pelosi (D-Calif.) has said the chamber won’t vote on the package until it votes on the Democrats’ $3.5 trillion budget.

Homeland Security Secretary Alejandro Mayorkas also highlighted the bill’s cybersecurity funding.

The NSA’s internal watchdog opened an investigation into Fox News host Tucker Carlson’s allegation that the agency targeted him.

The review comes weeks after a National Security Agency review found that Carlson was not targeted in any investigations but that his name was de-anonymized after being mentioned by third parties the agency was surveilling, two people familiar with the matter told the Record’s Martin Matishak last month. NSA Inspector General Robert P. Storch will look into the NSA’s legal compliance and will check whether procedures to de-anonymize names in intercepts were followed, his office said

The move comes a month and a half after Carlson alleged on his show that the NSA was “​​monitoring our electronic communications and is planning to leak them in an attempt to take this show off the air.”

“This will clear the air,” former NSA general counsel Glenn Gerstell told the Associated Press. “I think it’s entirely appropriate for the inspector general to take a look at any allegations and, in this case, put them to rest.”

Facebook took down dozens of accounts linked to a Russia-based effort to sow doubt about coronavirus vaccines.

The accounts tried to persuade influencers on ​​Instagram, TikTok and YouTube that Pfizer’s coronavirus vaccine wasn’t safe, CyberScoop’s Tim Starks writes. But influencers caught on and exposed the operation earlier this year, Facebook said.

“Really, it was an influencer operation, rather than just an influence operation,” Facebook threat intelligence official Ben Nimmo said. “Ironically, that was the [Pfizer] operation’s undoing.”

A related campaign targeted the AstraZeneca vaccine, suggesting in memes and posts that it could turn vaccinated people into chimpanzees. That portion of the information operations failed to gain traction, according to Facebook.

Chat room

After hackers stole more than $600 million in cryptocurrency from PolyNetwork, the company posted a “Dear Hacker” letter that drew imitators on Twitter. Emma Best, the co-founder of transparency collective DDOSecrets, riffed on one of William Carlos Williams’s most famous poems:

The Record’s Catalin Cimpanu:

Global Cyberspace

Chinese court sentences Canadian Michael Spavor to 11 years in prison (Eva Dou)

Cyber insecurity

The NYPD had a secret fund for surveillance tools (Wired)

A 5G Shortcut Leaves Most Phones Exposed to Stingrays (Wired)

Securing the ballot

Bolsonaro Discredits Electronic Voting, Prompting Fears of a Power Grab (New York Times)

Secure log off