Cyber Ninjas, the company behind a shoddy and partisan audit of election results in Maricopa County, Ariz., is in free fall.
The audit, which former president Donald Trump said would uphold his baseless claims of election fraud, has instead resulted in the auditing firm going out of business, the possible bankruptcy of its chief executive and a public fight with the GOP lawmakers who hired it.
The fallout comes four months after the audit, which was riddled with cyber and procedural flaws, ended by confirming President Biden’s narrow victory in the state.
It’s a bizarre but predictable epilogue to the most prominent effort to discredit Biden’s election victory and could be a disincentive to lawmakers considering similar partisan audits in other states and the organizations that might conduct them.
The rundown
- Cyber Ninjas CEO Doug Logan revealed the firm is shutting down and laying off all its workers, John Wagner reports. The news came the same day a judge ordered the company to pay $50,000 per day in fines until it complies with public records requests to release data from the audit to media and oversight groups.
- Logan has said the records requests are too broad and that he lacks the staff to comply with them. “When the rulings of the court are no longer ambiguous, and are within our capabilities to execute; it will happen,” he said, per the Associated Press.
- Logan is also feuding with Arizona Senate President Karen Fann (R), his top legislative backer who embraced Trump’s baseless claims that his election loss was illegitimate. Logan is accusing Fann of improperly withholding $100,000 in payments to his company and demanding the Senate pay his legal fees in the public records disputes, according to text messages obtained by the Associated Press.
“I’m not naive enough to think for a second that the Senate has my back,” Logan wrote in one message.
He claimed the GOP-controlled state Senate, which ordered the audit, “has no intention of honoring what was committed to” and had made a choice to “try what can legally be gotten away with rather than what is ethical or right.”
Logan, who embraced Trump-backed conspiracy theories and had no previous election auditing experience, may bear a personal cost for his firm’s work.
- Judge John Hannah of the Maricopa County Superior Court has threatened to hold Logan personally responsible for the $50,000-per-day fines facing his company.
- In a text to Fann, Logan said he was unable to sell his company because of “too much negativity around the name.” He said he plans to sell its assets and file for bankruptcy.
Logan is planning to start a new company with some Cyber Ninjas employees, he told the Associated Press, but he denied the move was an effort to escape Cyber Ninjas’ legal problems.
Shuttering the firm won’t end the fines, Judge Hannah warned. “The court is not going to accept the assertion that Cyber Ninjas is an empty shell and that no one is responsible for seeing that it complies,” he said.
Logan filed the paperwork to start a new company called Akolytos last year shortly before Fann announced Cyber Ninjas would conduct the audit, independent cybersecurity reporter Kim Zetter reports. It’s not clear, however, if that’s the firm Logan’s planning for his next venture.
Elsewhere
Trump and his allies have pushed for Maricopa-style reviews of the 2020 election in a slew of states, including ones that Trump won handily. Outside of Arizona, however, state officials have stopped short of such comprehensive reviews.
Arizona and other battleground states already require post-election audits, which turned up no evidence to support Trump allies’ hacking and fraud claims.
- In Wisconsin, a review led by former state Supreme Court Justice Michael Gableman is ongoing, but hasn’t resulted in any machinery being spoiled or large legal fights. Gableman is working with a budget of a mere $676,000 compared with the millions spent in Arizona.
- The first phase of a Trump-backed election review in four large Texas counties also found no evidence of fraud.
The keys
A ransomware attack last month is still hampering Maryland’s health department
Health workers are still having trouble accessing files, using computers and getting important data a month after the attack, an employee union official told Steve Thompson, Ovetta Wiggins and Erin Cox. The hack has harmed the state’s coronavirus response and a litany of routine matters, like “caring for people in state mental hospitals, licensing health-care workers and providing Medicaid benefits to some recipients,” they write.
Employees have received little information about the recovery and are prepared for their systems to be impaired for a long time.
“No one has received communication as to when things will be restored, and people are preparing to operate this way for several months,” said Patrick Moran, president of the employee union AFSCME Maryland Council 3. “None of our members have been told anything.”
A top Polish politician acknowledged the country bought spyware from NSO Group
Researchers found traces of NSO Group’s Pegasus spyware on devices belonging to three critics of Poland’s conservative government, including Krzysztof Brejza, who ran the opposition’s 2019 election campaign. Jaroslaw Kaczynski, who leads Poland’s ruling Law and Justice party, claimed that the software was bought to combat crime in the country, not to spy on critics, the Associated Press’s Vanessa Gera reports.
“There is nothing here, no fact, except the hysteria of the opposition. There is no Pegasus case, no surveillance,” Kaczynski said.
The hacking revelations represent Poland’s “biggest and deepest crisis of democracy after 1989,” when the country transitioned from communism to democracy amid the fall of the Soviet Union, said Donald Tusk, the leader of Poland’s largest opposition party. He has called for a parliamentary commission to look into the allegations. Such a commission is unlikely because Law and Justice has a majority of legislative seats.
The Biden administration is also ramping up pressure on NSO. The State Department and National Counterintelligence and Security Center (NCSC) warned of the dangers of “commercial surveillance tools” in a public alert. The alert didn’t name NSO, but a U.S. government official linked the announcement by the center to NSO Group, saying that software made by the company and others pose "a serious counterintelligence and security risk.” The NCSC is a division of the Office of the Director of National Intelligence.
A popular office phone may be vulnerable to Chinese hacking
Sen. Chris Van Hollen (D-Md.) asked Commerce Secretary Gina Raimondo if the Biden administration is aware of potential security risks in phones made by Chinese phone maker Yealink, Defense One’s Patrick Tucker reports. Yealink phones are “widely installed across the United States, including in government agencies,” Tucker writes.
The letter cites a report from a Virginia security consulting firm that found potential software vulnerabilities in Yealink phones and noticed that the phones communicated with a China-based server three times a day. The company, Chain Security, found that Yealink’s service agreement requires its users to agree to Chinese laws. Other terms permit the monitoring of users when required by China’s “national interest.”
A Commerce Department official told Van Hollen the government “take[s] these matters seriously.”
The report comes amid a U.S. push to restrict Chinese technology that could pose hacking concern. The government previously imposed severe restrictions on Huawei and other large Chinese tech companies.
Encryption wars
Regulators could use a new Signal cryptocurrency payment feature to restrict encryption
The encrypted chat app recently began allowing users to make privacy-focused cryptocurrency payments. That could pose an opportunity for criminals to send money outside the view of law enforcement, Platformer’s Casey Newton reports. It could also get the attention of regulators, who fear such payments spreading widely.
The move comes in the context of a years-long push by law enforcement to restrict the sort of encryption used by Signal, which shields messages from everyone except the sender and recipient — including police with a warrant.
“There’s nothing sinister about putting payments into a messaging app, and Signal is not alone in adding crypto payments to messaging: the company formerly known as Facebook has undertaken a multiyear effort to create a new currency and integrate it with WhatsApp and Messenger,” Newton writes. “What sets Signal’s effort apart is the combination of end-to-end encryption in messaging and a cryptocurrency with privacy features designed to make any transactions anonymous.” Signal did not respond to a request for comment from Newton.
Chat room
Meanwhile, Rob Joyce, the National Security Agency’s director of cybersecurity, defended the use of Signal and other fully encrypted chat services in response to a tweet by cyber pro Tarah M. Wheeler:
Government scan
Cyber insecurity
Global cyberspace
Daybook
- The House Oversight and Reform Committee holds a hearing on proposed changes to the Federal Information Security Modernization Act on Tuesday at 10 a.m.
- Damian Collins, who chairs the U.K. Parliament’s Joint Committee on the Draft Online Safety Bill, discusses disinformation at a Washington Post Live event with former Rep. Will Hurd, a Republican who represented Texas, on Tuesday at 11 a.m.
- The Senate Intelligence Committee holds a hearing on President Biden’s nomination of Kenneth Wainstein to be the Department of Homeland Security’s Undersecretary for Intelligence and Analysis on Wednesday at 2 p.m.
- Rep. Yvette D. Clarke (D-N.Y.), Rep. John Katko (R-N.Y.), the Department of Homeland Security’s Undersecretary for Policy Robert Silvers, and FBI Assistant Director Bryan Vorndran discuss 2022’s cybersecurity priorities at a Silverado Policy Accelerator event on Thursday at 9 a.m.
- Silverado Policy Accelerator chairman and co-founder Dmitri Alperovitch, U.S. Secret Service Assistant Director Jeremy Sheridan and FBI Deputy Assistant Director Tonya Ugoretz discuss cybersecurity threats at a Washington Post Live event on Thursday at 11 a.m.
Secure log off
“I ain’t getting mad, Joker. I been mad all my natural life.” Thanks for reading. See you tomorrow.