The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Trump’s lies are the big fight in the Georgia GOP race to run elections

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Placeholder while article actions load

Welcome to The Cybersecurity 202! It's teacher appreciation week. Student-teacher films tend to be on the saccharine side and not worth recommending. Some particularly dark exceptions include “Half Nelson,” and “The Prime of Miss Jean Brodie,” where the inspiring teacher turns out to be a Franco sympathizer. 

Below: Spain's prime minister was a Pegasus hacking victim, and location data from the LGBT dating app Grindr has been on sale. 

Georgia's secretary of state is defending his seat against election deniers

The GOP race to run Georgia’s elections in 2024 is basically being fought on a single issue: President Biden’s 2020 victory in the state and baseless claims that it was illegitimate. 

The issue dominated a primary debate Monday and things got ugly quickly. 

The race is pitting incumbent Secretary of State Brad Raffensperger (R) — who’s repeatedly defended the legitimacy of Georgia’s 2020 election results — against three opponents who have, to varying degrees, embraced baseless and debunked conspiracy theories that the election was stolen that have been spread by former president Trump and his allies. 

  • Raffensperger’s top challenger Rep. Jody Hice called the state’s election security and administration “an absolute disaster” and charged that Raffensperger had “allowed this state to become the most insecure state, perhaps in the country, as it relates to election integrity.”
  • Raffensperger accused Hice of spreading “total disinformation, misinformation [and] outright lying.” “That’s what destroys voter confidence. Every allegation, I checked out. I ran it down to the end of the line,” Raffensperger said.
  • The other two candidates are Alpharetta Mayor David Belle Isle and former Treutlen County probate judge TJ Hudson.

The debate is a preview of the false stolen election claims that are likely to play in other battleground states where election deniers are seeking the GOP nomination for top election roles.

The seemingly endless fight over the 2020 election has supercharged the focus on those races, which previously received little attention outside of election wonks.

It’s also prompted widespread fear that, if elected, those candidates could undermine election integrity — either through misguided decisions about election equipment and audits or by refusing to certify elections based on unverified claims of fraud. 

A case in point: Hice said he would not have certified the state’s 2020 election results — something the secretary of state is required to do under state law. 

More from Georgia Public Broadcasting reporter Stephen Fowler:

Michigan’s GOP has already chosen an election denier as its nominee to be secretary of state. 

Candidates who’ve expressed doubt about the 2020 results are also seeking secretary of state posts in the battleground states of Arizona, Nevada, Ohio and Colorado — as well as in states that are more firmly in the Democratic or Republican columns including Minnesota, New Mexico, Kansas, Nebraska, Alabama, Arkansas, California, Idaho and Massachusetts, according to an NPR tally.

Trump is backing Hice and has lots of beef with Raffensperger.

  • Raffensperger oversaw three counts of Georgia’s election results including a hand count of 5 million ballots — all of which affirmed Biden’s victory. 
  • He also ducked Trump’s urging to “find” enough votes to put him over the top in an hour-long phone call that was later leaked. 
  • If no candidate wins 50 percent of the vote during the May 24 primary, the top two  — likely Raffensperger and Hice — will proceed to a runoff election in June. 

There was one bright spot during the debate for some election security purists

Belle Isle endorsed dropping the state’s voting machines — which produce a paper record of votes — in favor of hand-marked paper ballots, a move long sought by some election security advocates. 

It’s the latest example of traditional election security advocates and those pushed by Trump’s conspiracy theories making common cause

  • Belle Isle, who has endorsed baseless claims about 2020 election fraud, called the move an “aggressive” way to win back the trust of Georgia voters.
  • Traditional election security advocates say machines like those used in Georgia are less trustworthy and at greater hacking risk than hand-marked ballots but have generally steered clear of Trump-backed conspiracy theories. Their general argument is that adding more machines to the voting process increases hacking risk and that voting machine companies have not been scrupulous or transparent enough about security dangers. 
  • Georgia paid more than $100 million to adopt its Dominion-brand touch screen voting machines before the 2020 election. Dropping them in favor of hand-marked paper ballots would add to the price tag. 

And yet: The intense focus on false election security claims based on shadowy conspiracy theories has overall made it far more difficult to shine light on genuine election security problems, most experts say. 

Georgetown University professor Matt Blaze:

Raffensperger’s big issues don’t make a lot of sense either. He has focused most of his candidacy on an effort to prevent undocumented immigrants from voting in Georgia — even though a state review found no evidence that any noncitizens voted in recent Georgia elections. Noncitizen voting is illegal in Georgia as it is in the vast majority of the country. 

The keys

Spanish prime minister hacked with Pegasus, official says

The hacking of Spanish Prime Minister Pedro Sánchez with NSO Group spyware last year represents the first confirmed infection of a European and NATO leader, Politico Europe’s Vincent Manancourt reports

It’s not clear who was responsible for hacking Sánchez or Defense Minister Margarita Robles, Reuters reports. NSO, which reportedly has an account in Spain, has said it only provides its spyware to government or law enforcement agencies. The hacking of Sanchez and Robles was “illegal and external,” and those behind the hacks didn’t “have judicial authorization from any official agency,” Spainish Minister for the Presidency Felix Bolanos said. It’s not clear whether those responsible are located within Spain or another country.

The revelation came two weeks after researchers said they had found at least 60 Pegasus-infected electronic devices used by officials, activists and journalists from Spain’s autonomous Catalonia region. 

Catalan officials have called for Spain to investigate those hacks, but haven’t gotten probes they consider legitimate. Meanwhile, Spain’s government has already referred the Sánchez and Robles cases to the country’s justice ministry. Catalan President Pere Aragonès pointed to what he called a “double standard” in the different responses to the hacks, saying they “only hear silence and excuses,” but “today everything is done in a hurry.”

Grindr users’ location data has long been for sale

A mobile advertising firm has been selling data from the LGBTQ dating app since at least 2017. While Grindr says it no longer lets location data go to advertising companies, historical data about users of the app may still be available, the Wall Street Journal’s Byron Tau and Georgia Wells reports

That's raising fears the data could be used for blackmail, extortion or outing people against their will. The data doesn’t have names attached to locations, but the identities of users can sometimes be deduced based on their behavior and location histories. 

That appears to have happened in the past: Last year, the top administrator for the U.S. Conference of Catholic Bishops resigned after a Catholic newsletter said it had cellphone data showing that he used the app and went to gay bars. It could also have national security implications: Foreign governments could theoretically use the data to blackmail closeted government officials. 

“Since early 2020, Grindr has shared less information with ad partners than any of the Big Tech platforms and most of our competitors,” Grindr spokesman Patrick Lenihan said. He added that the “activities that have been described would not be possible with Grindr’s current privacy practices, which we’ve had in place for two years.”

Russian forces reroute Internet service in Ukrainian city through Russian networks

Internet service in Kherson was disrupted Saturday. By Sunday, the city’s Internet was being rerouted through Russian networks, the Record’s Jonathan Greig reports

The move seems aimed at boosting Russia’s control over a strategically important part of the country, my colleagues Adam Taylor and Sammy Westfall report. Kherson was the first major city to fall to Russian forces after the invasion.

Ukrainian officials previously said the outages were caused by “line breakages at fiber optic backbones and by a power outage with service operators’ equipment in these regions.” 

Ukrainian officials said the move was paired with Russian propaganda. “Right after communication was disabled, the enemy media started to spread fake news saying that it was the Ukrainian government that ordered to shut the connection off,” Ukraine’s State Service of Special Communications and Information Protection said. “This is a lie because we have always stood for maximum access to any means of communication for all Ukrainians.”

Something similar happened in 2014, Kentik’s Doug Madory said:

Chat room

CISA’s Cameron Dixon highlighted some successes from the agency’s management of the “.gov” domain. CISA took over managing the domain last year and has been urging state and local governments — many of which use “.com” addresses — to shift to it. Using the .gov domain makes it easier for CISA to share some security protections with governments and makes it harder to spoof those government’s emails. 

Global cyberspace

Israel keen to set up cyber 'Iron Dome' to curb rise in attacks (Reuters)

Estonia hosts NATO-led cyber war games, with one eye on Russia (NPR)

Government scan

SEC to Hire More Crypto Cops to Fight Digital Frauds (Wall Street Journal)

Privacy patch

Mental health apps have terrible privacy protections, report finds (The Verge)

Cyber insecurity

Crypto Hackers Stole More Than $370 Million In April Alone (Motherboard)

Twitter may have given user's private data to a ransomware hacker, who then ran a researcher offline (CyberScoop)

Health startup myNurse to shut down after data breach exposed health records (TechCrunch)

Securing the ballot

In Ohio, Trump endorses an election official who doesn't think 2020 was stolen (NPR)


  • Google and Microsoft executives testify at a Senate Armed Services Committee panel’s hearing on artificial intelligence applications in cyberoperations today at 2:30 p.m.
  • CISA Director Jen Easterly, Rep. Jim Langevin (D-R.I.) and cybersecurity officials speak at the Hack the Capitol conference on Wednesday.
  • Gen. Paul Nakasone, who leads U.S. Cyber Command and the National Security Agency; NSA cybersecurity director Rob Joyce; and deputy national security adviser Anne Neuberger speak on the first day of Vanderbilt University’s two-day Summit on Modern Conflict and Emerging Threats on Wednesday.
  • Homeland Security Secretary Alejandro Mayorkas testifies before the Senate Homeland Security Committee on Wednesday at 2:30 p.m. after testifying before a Senate Appropriations Committee panel at 10 a.m.

Secure log off

Thanks for reading. See you tomorrow.