Cyberattacks, influence campaigns rear their heads in the midterms

Welcome to Cybersecurity 202! Nice to be back, although I will miss the sloths, sea bass and other flora and fauna I left behind on vacation in Costa Rica.

Below: An industry group is suing over US government sanctions against crypto-mixers, and Georgia election officials reportedly wanted to copy election equipment data. Or not:

Hackers and attempted voter manipulation still exist in mid-2022

Cyber ​​Command Commander Gen. Paul Nakasone He said Tuesday that his agency does not see significant indications of new online campaigns against the US election.

However, hackers and attempts at voter manipulation - which have marred the US election since the 2016 cycle - remain alive and well.

Two industry reports highlight these traditional security threats to elections:

  • Wednesday, the Internet company trellis It identified phishing emails that multiplied in the run-up to the primaries in Arizona and Pennsylvania, as hackers sought to lure election workers to click on links that might steal their passwords or gain access to their systems.
  • This morning, fellow Internet company Recorded future Predict malign influence campaigns from now until election day. It has identified some indications of Russian and Chinese efforts to influence or confuse voters so far.

Reports are closely following in the wake of Distributed Denial of Service (DDoS) attacks against several US state websites last week with the goal of disrupting or disrupting them offline as traffic flows. The pro-Russian hacking group, Killnet, took credit for the attacks. The Kentucky Election Board website was an obvious victim.

Nakasone, Director of the Cybersecurity and Infrastructure Security Agency Jane Easterly Martin Maticek said they are watching closely for signs of new election-oriented online campaigns and dealing with disinformation, Martin Maticek told The Record.

Trellix doesn’t know for sure who is behind the phishing messages they’ve highlighted, but the targets appear to be deliberate rather than users falling into a scattered campaign, Patrick FlynnThe head of the company’s advanced software group told me.

“I don’t have enough information to tell you, ‘Yes, positively, it’s a nation-state or a criminal,’ but It’s that time of year where the reasonable impression we have is that they’re focused on a network that’s trying to create some level of disruption in the process.Flynn said.

The company detected a spike in malicious activity in Arizona and Pennsylvania from the end of 2021 through the first two quarters of 2022 before the primaries. For example, in Pennsylvania, the number of detections increased from 1,168 in the fourth quarter of 2021, to 4,460 in the first quarter of 2022, to 7,555 by the end of the second quarter. Pennsylvania held its primary on May 17.

  • In one type of phishing email, the hacker pretends to be an IT administrator asking for an expired password to entice the victim to give it to them.

“An attacker can access electoral process documents, voter records, contact lists, administrative tools, and a variety of other documents and forms” using the password, According to Trilix. “An attacker may send voters incorrect information about the electoral process to mislead them to invalidate their votes or create confusion in the run-up to Election Day undermining their confidence in the process.”

  • In another type of phishing email, a hacker uses a chain of stolen or fraudulent email messages to make it look like the message is coming from a contractor that distributes and compiles absentee ballot applications.

Some attempts to influence the elections

In its report, Recorded Future’s Insikt Group found that despite Russia’s preoccupation with the war in Ukraine, the Russian organization that attempted to influence the 2016 election appears to have re-emerged in the mid-term of 2022. In 2017, US intelligence agencies described the Internet Research Agency as a “troll farm”.

“We are almost certain that well-known networks associated with the Russian Internet Research Agency (IRA, Lakhta Internet Research, LIR) are engaging in a subtle, malign influence on a subset of the US population,” concluded Recorded Future, identifying this subgroup as conservative voters.

Meanwhile, China holds a grudge against the United States after the House Speaker Nancy Pelosi The cyber company (D-California) visited Taiwan, said the company. It spotted a campaign in September of “state-sponsored influencers” who were posting anti-American messages on social media. The company said that differs from China’s past role and is less active in influence campaigns during US elections.

According to Recorded Future, “State-sponsored influencers in China are almost certain to conduct malign influence operations targeting American voters with divisive political topics in an effort to further divide American voters on major political issues in the US midterm elections.” “China will likely view electoral interference and voter influence ahead of the US midterm elections as an appropriate response to perceived US interference in Taiwan.”

Iran and domestic US extremist groups are also among those likely to carry out influence operations between now and Election Day, The company said.

Recorded Future said that each group has its own goals:

  • Russia, As it has done in the past, you want to undermine confidence in American institutions.
  • China, Besides her anger over Pelosi’s visit, she wants to discredit candidates who criticize China and position herself as a better world leader than the United States.
  • Iran Seeking a favorable outcome of the nuclear negotiations.
  • local extremist groups Want to cast doubt on the US electoral processes.

And there is collaboration between some of these groups, according to the company.

“Most of the content we’ve seen comes from abroad,” Craig Tyrone, director of the global issues team at Insikt Group, told me via email. However, “a symbiotic relationship exists in which foreign actors parrot domestic American extremist narratives and puppet to advance their own goals to weaken the democratic process in the United States, while domestic extremist groups also absorb anti-American and anti-democratic narratives generated by foreign networks of influence.”

Industry group sues government over penalties for Tornado Cash blender

The lawsuit brought by the Cowen Center argues that the US Treasury’s Office of Foreign Assets Control (OFAC) did not have the authority to sanction Tornado Cash, and that the sanctions violate Americans’ privacy and First Amendment rights, The Wall Street JournalMingqi Sun reports. The lawsuit comes about a month after Coinbase announced that it was funding a lawsuit to force the US government to repeal the penalties.

When the Treasury announced the August sanctions against Tornado Cash, it said the platform had laundered more than $7 billion in digital assets. Cybercriminals such as North Korean hackers have also used the platform to process the money they stole.

“A Treasury spokeswoman declined to comment,” Sun wrote. “However, OFAC clarified in September that sanctions against Tornado Cash do not prevent U.S. individuals or companies from interacting with open source code itself, as long as it does not involve a prohibited transaction with the Tornado Cash platform.”

Report says pro-Trump election officials in Georgia wanted to copy data from election machines

Two Spalding County Council members wanted a third-party company to copy county election equipment, but the Georgia Secretary of State’s office Brad Ravensburger (r) Intervene and warn them that the plan is illegal, rolling rockJustin Galloway reports. The bipartisan Georgia State Board of Elections also says it is investigating officials and their plan, Galway reports.

He said, “My head is spinning.” Mike Hesinger, a representative of the office of Raffensperger, in Rolling Stone. “I cannot see any justification, legal or otherwise, for anyone to enter a third party and gain access to electoral equipment. It appears that they tried to commit a crime.”

election officials, Ben Johnson And the Roy McClain, did not respond to Rolling Stone’s request for comment. In emails, they defended the effort, saying it was necessary due to election-related lawsuits and a security issue with election equipment. The Ravensberger office rejected these reasons.

Google and other companies are building tools to help Iranian protesters

Google’s elite Jigsaw unit has built a VPN tool called Outline, which has grown in popularity in Iran as protesters try to access the internet without government restrictions, Joseph Min And the Yasmine Abu Talib Report. US officials are trying to get tech companies to offer services - especially communication tools - as the Iranian government continues to crack down on protests, which began in September after the death of a 22-year-old woman in the custody of the country’s “Islamic morality police,” leading to her detention for showing too much Poetry.

“The VPN, called Outline, is available on its own as an app or download from the web and in versions distributed by third parties such as nthLink, a company that receives funding from the US government,” they wrote. “nthLink says the number of monthly users in Iran for Outline increased tenfold in two months, to 2.4 million unique devices in September.” Outline is a free VPN tool that allows users to hide their online tracks better than most of the paid versions.

Jigsaw is powered by Jasmine Green, who fled Iran with her parents when she was three years old. Google founderi see page “He used to say all Google products should be like a toothbrush, with everyone using them at least twice a day,” Green said in her first lengthy interview since she was promoted to lead Jigsaw in July. “We changed the metaphor to an air bag. People don’t need it often, but when they need it, they absolutely need it to work.”

Former NSO CEO and former Austrian chancellor founded a startup company (Globes)

The White House’s New National Security Strategy Highlights Electronic Details (The Register)

Why CISA Won’t Make “Public” Comments on Upcoming Performance Goals (NextGov)

Cochise County supervisors ignore legal advice, still want to count votes manually (Votebeat)

  • Deputy National Security Adviser Anne Neubergerre come back. John Katko (RN.Y.) and Global Risk and Compliance Manager at Google Cloud Janet Manfra Discuss cybersecurity at a Washington Post Live event today at 9am
  • The Atlantic Council is hosting an event on a new transatlantic data privacy framework on Monday at 10 a.m.
  • Emily Goldmana strategist for U.S. Cyber ​​Command, discusses cyber strategy at a Heritage Foundation event Monday noon.
  • The Carnegie Endowment for International Peace is holding an event on Russian information warfare Monday at 2 p.m.
  • CISA Manager Jane EasterlyDirector of NSA Cyber ​​Security Rob Joyce The chief security officer of Ukraine Victor flower He spoke at the mWISE Conference in the Mandiant, which begins Tuesday.

Thanks for reading. see you tomorrow.