Cybersecurity and Cyberwarfare

Senate Armed Services Committee Chairman John McCain (R-AZ) said the panel will work to combat Russia's disinformation campaign that aims to undermine democratic governments and sow division and dissent throughout the United States. “We know that Putin’s Russia has not slowed its efforts to interfere in our elections and domestic affairs. The Senate Armed Services Committee will continue working to address this challenge, which is a threat to our national security,” Sen McCain said. Sen McCain said he is a victim of one of Russia's targeted ads, which planted a false narrative that he met with a leader from the Islamic State of Iraq and Syria (ISIS).

[Commentary] With Facebook handing over Russian propaganda ads from the US election to Congressional investigators, we must understand that this is part of a much broader assault. The threat of these digital attacks extends to all democracies, in the West and beyond. Furthermore, attacks on elections over the past year are asymmetric. Liberal democracies do not and often cannot respond in kind to cyberattacks on their own way of governance. Democracies with free and fair elections are vulnerable to attack, while in autocratic societies, it only matters who is counting the votes. Authoritarian regimes do just fine manipulating their own elections. In Russia, tweeting or sharing real news that’s embarrassing to the regime can land you in prison. Imagine then the response of the regime to fake news that’s damaging to the Kremlin. If democracies actively disseminated such fake news, it would only reduce us to Russia’s level and lead to greater repression there.

The response to these cybercrimes must be international and must be broad-based, ranging from regulating social media to guarding our electrical grid and electoral systems. Building a collective defense in this new code war is at least as great a challenge as staving off the territorial or regional threats of the Cold War, when NATO was established in order to respond to threats in Europe.

[Toomas Hendrik Ilves served as president of Estonia from 2006-2016. He is a distinguished visiting fellow at the Hoover Institution.]

Apparently, hackers working for the Russian government stole details of how the US penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer. The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab.

The theft, which hasn’t been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the US. The incident occurred in 2015 but wasn’t discovered until spring of 2016, apparently.The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the US.

Russia has opened a new battlefront with North Atlantic Treaty Organization (NATO), according to Western military officials, by exploiting a point of vulnerability for almost all allied soldiers: their personal smartphones. Troops, officers and government officials of NATO member countries said Russia has carried out a campaign to compromise soldiers’ smartphones.

The aim, they say, is to gain operational information, gauge troop strength and intimidate soldiers. Russian officials deny that Moscow stages such attacks. US and other Western officials said they have no doubt Russia is behind the campaign. They said its nature suggests state-level coordination, and added that the equipment used, such as sophisticated drones equipped with surveillance electronics, is beyond the reach of most civilians.

All 3 billion Yahoo accounts were affected by a 2013 data breach — three times as many as the company first reported. In December, Yahoo disclosed that hackers stole information that could be connected to more than 1 billion accounts, an incident that was then believed to be the most users affected in a single breach. The company updated that tally Oct 3, saying on its website that outside forensic experts analyzed “recently obtained additional information” that shows “all accounts that existed at the time of the August 2013 theft were likely affected.” The stolen data could include names, email addresses, phone numbers, dates of birth, passwords that have been scrambled, or “hashed,” and encrypted or unencrypted security questions or answers, the company said.

Early in his administration, President Donald Trump signed a directive outlining a strategy of pressure against North Korea that involved actions across a broad spectrum of government agencies and led to the use of military cyber-capabilities, according to US officials.

As part of the campaign, US Cyber Command targeted hackers in North Korea’s military spy agency, the Reconnaissance General Bureau, by barraging their computer servers with traffic that choked off Internet access. The effects were temporary and not destructive, officials said. Nonetheless, some North Korean hackers griped that lack of access to the Internet was interfering with their work. A senior administration official said, “What I can tell you is that North Korea has itself been guilty of cyberattacks, and we are going to take appropriate measures to defend our networks and systems.”

An analysis of more than 70,000 Mac computers being used in businesses and organizations has revealed a firmware vulnerability that could be exploited by a determined, well-resourced attacker such as a foreign government. Thousands of computers, if not more, are potentially in danger. While Apple devices were the focus of the study released Sept 29 by the firm Duo Security, experts at the company said that Windows-based machines are even more likely to be at risk, because of the range of manufacturers involved in building those types of PCs.

The flaw outlined by Duo Security researchers Rich Smith and Pepijn Bruienne concerns Apple's Extensible Firmware Interface, or EFI, which helps computers boot up and run the main operating systefam. Because all subsequent hardware and software operations are dependent on the EFI, allowing hijackers to gain control of it could prove disastrous.

The recent Equifax Inc data breach prompted Sens at a Sept 26 hearing to question whether the Federal Trade Commission has the proper authority to effectively enforce data security standards. How to better define the Federal Trade Commission’s authority to oversee corporate data security is a long-standing issue, and U.S. credit bureau Equifax’s breach compromising the personal data of 143 million consumers has, at least for the moment, further raised interest in the subject.

The Senate Commerce Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security heard testimony on proposals to improve the FTC’s handling of consumer protection issues, including its role in overseeing data security efforts. Subcommittee Chairman Jerry Moran (R-KS) said that there will be a full committee hearing on the Equifax data breach in “mid-October.” Subcommittee Ranking Member Richard Blumenthal (D-CT) said that he will soon introduce legislation to allow the FTC to investigate any data breaches, exercise oversight, and issue penalties.

Earlier this summer we outlined some of our work to combat bots and networks of manipulation on Twitter. Since then, we have received a number of questions about how malicious bots and misinformation networks on Twitter may have been used in the context of the 2016 U.S. Presidential elections. Sept 28, Twitter Vice President for Public Policy Colin Crowell met with staff from Senate Select Committee on Intelligence and House Permanent Select Committee on Intelligence to discuss these issues.

Of the roughly 450 accounts that Facebook recently shared as a part of their review, we concluded that 22 had corresponding accounts on Twitter. All of those identified accounts had already been or immediately were suspended from Twitter for breaking our rules, most for violating our prohibitions against spam. In addition, from those accounts we found an additional 179 related or linked accounts, and took action on the ones we found in violation of our rules. Neither the original accounts shared by Facebook, nor the additional related accounts we identified, were registered as advertisers on Twitter. However, we continue to investigate these issues, and will take action on anything that violates our Terms of Service.

[Commentary] Actual policy actions to protect our vote from outside interference have been next to nil. That needs to change now.

First, and most obviously, our cybersecurity must be strengthened. We need greater education on how to prevent cyberattacks; more coordination between layers for cybersecurity at the individual, group and government levels; and new government regulation mandating upgrades in cybersecurity for everyone and everything involved in the electoral process. Second, information about Russian state propaganda — not censorship of these content providers — must be provided to the American people. Third, foreign purchase of advertisements aimed at influencing elections must be prohibited. Fourth, Americans who colluded with Russian (or any foreign) actors to influence the outcome of our elections must be punished.

[Michael McFaul is director of the Freeman Spogli Institute for International Studies and a Hoover fellow at Stanford University. He was previously special assistant to President Obama at the National Security Council from 2009-2012 and former U.S. ambassador to Russia from 2012-2014]