Welcome to The Cybersecurity 202! It's teacher appreciation week. Student-teacher films tend to be on the saccharine side and not worth recommending. Some particularly dark exceptions include “Half Nelson,” and “The Prime of Miss Jean Brodie,” where the inspiring teacher turns out to be a Franco sympathizer.
Georgia's secretary of state is defending his seat against election deniers
The GOP race to run Georgia’s elections in 2024 is basically being fought on a single issue: President Biden’s 2020 victory in the state and baseless claims that it was illegitimate.
The issue dominated a primary debate Monday and things got ugly quickly.
The race is pitting incumbent Secretary of State Brad Raffensperger (R) — who’s repeatedly defended the legitimacy of Georgia’s 2020 election results — against three opponents who have, to varying degrees, embraced baseless and debunked conspiracy theories that the election was stolen that have been spread by former president Trump and his allies.
- Raffensperger’s top challenger Rep. Jody Hice called the state’s election security and administration “an absolute disaster” and charged that Raffensperger had “allowed this state to become the most insecure state, perhaps in the country, as it relates to election integrity.”
- Raffensperger accused Hice of spreading “total disinformation, misinformation [and] outright lying.” “That’s what destroys voter confidence. Every allegation, I checked out. I ran it down to the end of the line,” Raffensperger said.
- The other two candidates are Alpharetta Mayor David Belle Isle and former Treutlen County probate judge TJ Hudson.
The debate is a preview of the false stolen election claims that are likely to play in other battleground states where election deniers are seeking the GOP nomination for top election roles.
The seemingly endless fight over the 2020 election has supercharged the focus on those races, which previously received little attention outside of election wonks.
It’s also prompted widespread fear that, if elected, those candidates could undermine election integrity — either through misguided decisions about election equipment and audits or by refusing to certify elections based on unverified claims of fraud.
A case in point: Hice said he would not have certified the state’s 2020 election results — something the secretary of state is required to do under state law.
More from Georgia Public Broadcasting reporter Stephen Fowler:
Raffensperger: "Jody Hice has just not been honest for the last 18 months and he's been spreading misinformation, disinformation and that's what destroys voter confidence. Every allegation, I checked out, I ran it down to the end of the line because that's what engineers do." pic.twitter.com/pCyeVbCCwZ
— stephen fowler (@stphnfwlr) May 2, 2022
Michigan’s GOP has already chosen an election denier as its nominee to be secretary of state.
Candidates who’ve expressed doubt about the 2020 results are also seeking secretary of state posts in the battleground states of Arizona, Nevada, Ohio and Colorado — as well as in states that are more firmly in the Democratic or Republican columns including Minnesota, New Mexico, Kansas, Nebraska, Alabama, Arkansas, California, Idaho and Massachusetts, according to an NPR tally.
Trump is backing Hice and has lots of beef with Raffensperger.
- Raffensperger oversaw three counts of Georgia’s election results including a hand count of 5 million ballots — all of which affirmed Biden’s victory.
- He also ducked Trump’s urging to “find” enough votes to put him over the top in an hour-long phone call that was later leaked.
- If no candidate wins 50 percent of the vote during the May 24 primary, the top two — likely Raffensperger and Hice — will proceed to a runoff election in June.
There was one bright spot during the debate for some election security purists.
Belle Isle endorsed dropping the state’s voting machines — which produce a paper record of votes — in favor of hand-marked paper ballots, a move long sought by some election security advocates.
It’s the latest example of traditional election security advocates and those pushed by Trump’s conspiracy theories making common cause.
- Belle Isle, who has endorsed baseless claims about 2020 election fraud, called the move an “aggressive” way to win back the trust of Georgia voters.
- Traditional election security advocates say machines like those used in Georgia are less trustworthy and at greater hacking risk than hand-marked ballots but have generally steered clear of Trump-backed conspiracy theories. Their general argument is that adding more machines to the voting process increases hacking risk and that voting machine companies have not been scrupulous or transparent enough about security dangers.
- Georgia paid more than $100 million to adopt its Dominion-brand touch screen voting machines before the 2020 election. Dropping them in favor of hand-marked paper ballots would add to the price tag.
And yet: The intense focus on false election security claims based on shadowy conspiracy theories has overall made it far more difficult to shine light on genuine election security problems, most experts say.
Georgetown University professor Matt Blaze:
Unfortunately, election security lacks the simple narrative that many people (of all political stripes) promote. The system is certainly improving, but there’s still work to do.
— matt blaze (@mattblaze) April 29, 2022
Raffensperger’s big issues don’t make a lot of sense either. He has focused most of his candidacy on an effort to prevent undocumented immigrants from voting in Georgia — even though a state review found no evidence that any noncitizens voted in recent Georgia elections. Noncitizen voting is illegal in Georgia as it is in the vast majority of the country.
The keys
Spanish prime minister hacked with Pegasus, official says
The hacking of Spanish Prime Minister Pedro Sánchez with NSO Group spyware last year represents the first confirmed infection of a European and NATO leader, Politico Europe’s Vincent Manancourt reports.
It’s not clear who was responsible for hacking Sánchez or Defense Minister Margarita Robles, Reuters reports. NSO, which reportedly has an account in Spain, has said it only provides its spyware to government or law enforcement agencies. The hacking of Sanchez and Robles was “illegal and external,” and those behind the hacks didn’t “have judicial authorization from any official agency,” Spainish Minister for the Presidency Felix Bolanos said. It’s not clear whether those responsible are located within Spain or another country.
The revelation came two weeks after researchers said they had found at least 60 Pegasus-infected electronic devices used by officials, activists and journalists from Spain’s autonomous Catalonia region.
Catalan officials have called for Spain to investigate those hacks, but haven’t gotten probes they consider legitimate. Meanwhile, Spain’s government has already referred the Sánchez and Robles cases to the country’s justice ministry. Catalan President Pere Aragonès pointed to what he called a “double standard” in the different responses to the hacks, saying they “only hear silence and excuses,” but “today everything is done in a hurry.”
Grindr users’ location data has long been for sale
A mobile advertising firm has been selling data from the LGBTQ dating app since at least 2017. While Grindr says it no longer lets location data go to advertising companies, historical data about users of the app may still be available, the Wall Street Journal’s Byron Tau and Georgia Wells reports.
That's raising fears the data could be used for blackmail, extortion or outing people against their will. The data doesn’t have names attached to locations, but the identities of users can sometimes be deduced based on their behavior and location histories.
That appears to have happened in the past: Last year, the top administrator for the U.S. Conference of Catholic Bishops resigned after a Catholic newsletter said it had cellphone data showing that he used the app and went to gay bars. It could also have national security implications: Foreign governments could theoretically use the data to blackmail closeted government officials.
“Since early 2020, Grindr has shared less information with ad partners than any of the Big Tech platforms and most of our competitors,” Grindr spokesman Patrick Lenihan said. He added that the “activities that have been described would not be possible with Grindr’s current privacy practices, which we’ve had in place for two years.”
Russian forces reroute Internet service in Ukrainian city through Russian networks
Internet service in Kherson was disrupted Saturday. By Sunday, the city’s Internet was being rerouted through Russian networks, the Record’s Jonathan Greig reports.
The move seems aimed at boosting Russia’s control over a strategically important part of the country, my colleagues Adam Taylor and Sammy Westfall report. Kherson was the first major city to fall to Russian forces after the invasion.
Ukrainian officials previously said the outages were caused by “line breakages at fiber optic backbones and by a power outage with service operators’ equipment in these regions.”
Ukrainian officials said the move was paired with Russian propaganda. “Right after communication was disabled, the enemy media started to spread fake news saying that it was the Ukrainian government that ordered to shut the connection off,” Ukraine’s State Service of Special Communications and Information Protection said. “This is a lie because we have always stood for maximum access to any means of communication for all Ukrainians.”
Something similar happened in 2014, Kentik’s Doug Madory said:
This is essentially what happened following the annexation of Crimea in 2014.https://t.co/M1xQvmYeHg
— Doug Madory (@DougMadory) May 2, 2022
Chat room
CISA’s Cameron Dixon highlighted some successes from the agency’s management of the “.gov” domain. CISA took over managing the domain last year and has been urging state and local governments — many of which use “.com” addresses — to shift to it. Using the .gov domain makes it easier for CISA to share some security protections with governments and makes it harder to spoof those government’s emails.
That's nearly a 20% increase in the size of the zone in a year! The power of free is on display – but it's also evidence of what happens when a security-critical asset is treated like one and marketed properly.
— Cameron Dixon (@hmft_xyz) April 29, 2022
Our flag means government! Tell your placegov.com-using government to get in the Good Ship DotGov https://t.co/j7RPdvPuaP
— Cameron Dixon (@hmft_xyz) April 29, 2022
Global cyberspace
Government scan
Privacy patch
Cyber insecurity
Securing the ballot
Daybook
- Google and Microsoft executives testify at a Senate Armed Services Committee panel’s hearing on artificial intelligence applications in cyberoperations today at 2:30 p.m.
- CISA Director Jen Easterly, Rep. Jim Langevin (D-R.I.) and cybersecurity officials speak at the Hack the Capitol conference on Wednesday.
- Gen. Paul Nakasone, who leads U.S. Cyber Command and the National Security Agency; NSA cybersecurity director Rob Joyce; and deputy national security adviser Anne Neuberger speak on the first day of Vanderbilt University’s two-day Summit on Modern Conflict and Emerging Threats on Wednesday.
- Homeland Security Secretary Alejandro Mayorkas testifies before the Senate Homeland Security Committee on Wednesday at 2:30 p.m. after testifying before a Senate Appropriations Committee panel at 10 a.m.
Secure log off
Today’s first @washingtonpost TikTok features the Jack Sparrow run https://t.co/FRFEa0mzWT pic.twitter.com/i66FHQz7yc
— Washington Post TikTok Guy 🫠 (@davejorgenson) May 2, 2022
Thanks for reading. See you tomorrow.