The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Michigan GOP has put two election-deniers on the November ballot

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! Congratulations to the black cat Jinx who's mayor of Hell for the day. 

Below: Ukraine's postal service was hacked after issuing a stamp mocking Russia, and Spain launched Pegasus spyware investigations.

Michigan Republicans' secretary of state nominee claimed 2020 election fraud

It’s official: A candidate who denies the legitimacy of the 2020 election will be on November’s ballot to be the top election official in a major battleground state. 

Kristina Karamo — a Michigan Republican who claimed without evidence that there was widespread voting fraud in 2020 — will be the party’s nominee for secretary of state, NPR’s Miles Parks reports. That position has extensive power to vet the cybersecurity of election machines, oversee audits and ensure elections are conducted in a trustworthy and transparent manner. 

The nomination underscores the immense and enduring power of former president Donald Trump’s false election claims more than a year after he was defeated. 

The stakes

Karamo is the first election-denying secretary of state candidate to advance to her state’s general election, but she’s one of more than a dozen such candidates nationwide. 

That’s prompted a surge of concern among election watchers. They fear those candidates, if victorious, could jeopardize election security through misguided decisions about equipment and audits and drive down the already faltering public faith in the electoral process.

Karamo, who has appeared at rallies linked with the extremist ideology QAnon, will face incumbent Democratic Secretary of State Jocelyn Benson in November. Benson faced widespread harassment for disputing false claims by Trump and his allies that the state’s vote was rigged. Biden beat Trump in the crucial battleground state by about three points. 

More from Miles on Twitter:

Karamo beat two other Republican candidates at the state’s party convention this weekend, earning 67 percent of the vote. 

One of those candidates speculated the party would regret picking a candidate so extreme.

  • “Every ad from April 24 through November is going to say 'QAnon Karamo is too crazy for us,’ ” state Rep. Beau LaFave, who ran against Karamo, said per Miles.

Election denial was a common theme at the Michigan party convention. 

  • Another election denier, Matt DePerno, won the Michigan GOP’s endorsement to run as their attorney general nominee.
  • DePerno unsuccessfully sued over Michigan’s election results. The suit alleged a broad conspiracy based on the results in Antrim County, where a quickly corrected human error briefly showed Biden leading Trump in the rural and conservative county.
  • Trump endorsed both Karamo and DePerno, saying he supports candidates who won’t let Michigan’s votes be “stolen” in 2024, the Associated Press reported.
  • “In a sign of how pervasive election falsehoods have become, the party used machines to tabulate votes but, in a change, also hand-counted the ballots in a compromise with activists,” per the AP.

Many other election deniers are seeking their state’s top elections job

Candidates who’ve expressed doubt about the 2020 results are seeking the top job in Georgia, Arizona, Nevada, Minnesota, Ohio, New Mexico, Colorado, Kansas, Nebraska, Alabama, Arkansas, California, Idaho and Massachusetts, according to an NPR tally.

Karamo’s victory also underscores a massive shift in the secretary of state’s role. The job was traditionally a largely administrative post that typically oversees state licensing and other bureaucratic issues in addition to elections. 

Historically, Republican and Democratic secretaries of state have broadly agreed on major election security issues. That could change after 2022 if some of the election denying candidates are victorious. 

  • The National Association of Secretaries of State voted unanimously in 2017 to oppose an Obama administration move to expand the federal government’s election security efforts — a move it viewed as a federal power grab.
  • But secretaries of both parties worked extensively with the Cybersecurity and Infrastructure Security Agency (CISA) throughout the Trump administration to heighten election security defenses and expand cyber best practices such as paper ballots and post-election audits.
  • Even after 2020, secretaries voted nearly unanimously to outline election audit best practices — a move that appeared aimed at a partisan audit in Maricopa County, Ariz., that violated most of those practices.

The keys

Ukrainian postal service hacked after anti-Russia stamp goes online

Ukrainians formed long lines outside a Kyiv post office on April 14 to buy stamps of a Ukrainian border guard displaying his middle finger to a Russian warship. (Video: Julie Yoon/The Washington Post)

The stamps show a Ukrainian soldier flipping off a battleship, an apparent reference to when a border guard on Snake Island told Russia’s Moskva battleship to “go f--- yourself.” The Moskva, the flagship of Russia’s Black Sea fleet, later sank after it was hit by two Ukrainian missiles, according to U.S. and Ukrainian officials.

Thousands of customers were still able to order the popular and cheeky stamps Friday, when Ukraine’s postal service was overwhelmed with fake Internet traffic, Gizmodo’s Shoshana Wodinsky reports. It’s not clear who was responsible for the attack, though the target suggests it was someone with a grudge against Kyiv.

Ukrainian neighbor and Moscow ally Belarus has also been a key hacking target, Liz Sly reports. Railway workers, defectors from the country’s security services and cybersecurity experts have all played a role in wreaking havoc on Russian supply lines. 

Belarus’s government is striking back, saying that damaging railway infrastructure is considered terrorism and can carry a lengthy prison sentence. They have even shot some alleged saboteurs, striking fear in others.

Spain launches investigations into Pegasus hacks

Spain’s ombudsman, who monitors public administration activity, and the country’s CNI intelligence service will separately investigate the revelation that dozens of officials, lawyers and activists from the autonomous Catalan region were targeted with NSO Group’s Pegasus spyware, Reuters reports. Spain’s government will also convene the parliament’s official secrets commission, where the country’s intelligence chief would have to appear.

Evidence suggests Spain's government was responsible for the hacks, but there's no smoking gun. 

  • The cyber research group Citizen Lab, which examined Catalan phones targeted with Pegasus, didn’t formally blame Spain's government for the hacking but said that circumstantial evidence “suggests a nexus with Spanish authorities.”
  • Spain’s Defense Ministry hasn’t said whether it uses Pegasus or other spyware, but a former NSO employee told the New Yorker that the company has an account in Spain. 
  • “The government of Spain always acts according to the law,” a Defense Ministry spokeswoman told the Associated Press last week.

Political pressure is coming to a head. Catalan leader Pere Aragonès has blamed the CNI for the hacks. He told Spain’s El Pais newspaper that he wanted answers in a matter of days, and that trust between Catalan officials and Spain’s government is “at a minimum.”

NSO told the AP it was being targeted in “inaccurate and unsubstantiated reports” and “false” allegations that “could not be related to NSO products for technological and contractual reasons.”

North Korean hackers are still laundering their $600 million haul

Pyongyang-aligned hackers are still laundering millions of dollars worth of cryptocurrency after the U.S. government sanctioned their digital wallet, Tory Newmyer and Jeremy B. Merrill report

  • The cat-and-mouse game with law enforcement shows how hackers are able to exploit faulty code, hide their tracks and take advantage of spotty international law enforcement coordination to hang onto their ill-gotten gains. 
  • It also trains a negative spotlight onto a cryptocurrency industry struggling to show that it is trustworthy to regulators, investors and customers.

Crypto accounts can often evade sanctions. “A review by The Washington Post of crypto accounts sanctioned by the Treasury Department over the last year-and-a-half found four wallets that remained free to transact months after being placed on the administration’s blacklist,” my colleagues write. The lapses were tied to two cryptocurrency issuers: Tether and Centre Consortium.

Tether said it “conducts constant market monitoring” to make sure there aren’t any sanction-violating irregularities. A Centre spokesman said it “just hadn’t caught those addresses,” and is “constantly reviewing what we’re doing to ensure we’re state of the art in our compliance.” 

Global cyberspace

Aid groups helping Ukraine face both cyber and physical threats (CNN)

European Wind-Energy Sector Hit in Wave of Hacks (Wall Street Journal)

Costa Rica's Alvarado says cyber​​attacks seek to destabilize country as government transitions (Reuters)

Cyber insecurity

Leaked chats show LAPSUS$ stole T-Mobile source code (KrebsOnSecurity)

Privacy patch

American phone-tracking firm demo’d surveillance powers by spying on CIA and NSA (The Intercept)

Securing the ballot

A top GOP prosecutor said Trump lost. Running for Senate, he has a new message. (Hannah Knowles)

Government scan

Hackers find 122 vulnerabilities — 27 deemed critical — during first round of DHS bug bounty program (CyberScoop)

Industry report

  • ​​Nine organizations have joined the Nonprofit Cyber coalition as members. The Canadian Cyber Threat Exchange, the Cyber Risk Institute, the Forge Institute, the Global Resilience Federation, the Institute for Security and Technology, the Open Cybersecurity Alliance, OpenSecurityTraining2 and SecureTheVillage have joined as active members. Nomad Futurist is joining Nonprofit Cyber as an affiliate member.


  • The R Street Institute holds an event on aspects of a U.S. privacy law today at noon.
  • CISA Executive Assistant Director for Infrastructure Security David Mussington, CISA Chief Information Officer Bob Costello and other cybersecurity officials speak at the AFCEA Tech Net Cyber 2022 conference from Tuesday through Thursday.
  • Clearview AI founder and chief executive Hoan Ton-That speaks at a Washington Post Live event Wednesday at 11 a.m.
  • CISA Executive Assistant Director for Cybersecurity Eric Goldstein speaks at the State-of-the-Field Conference on Cyber Risk to Financial Stability on Thursday at 9 a.m.
  • The Committee on House Administration holds a hearing on the effects of disinformation on communities of color Thursday at 10 a.m.
  • CISA Director Jen Easterly testifies before a House Appropriations Committee panel on Thursday at 1:30 p.m.

Secure log off

Thanks for reading. See you tomorrow.