Russia competing in disinfo decathlon

Jun 03, 2024

With help from John Sakellariadis

Driving the day

— Russian-linked attackers are spreading disinformation to undermine the Summer Olympics in Paris, and it may be just the opening ceremony of a larger attack.

HAPPY MONDAY and welcome to MORNING CYBERSECURITY! The best thing about being a Chelsea fan is watching Real Madrid win yet another Champions League and no one in America bats an eye. I know that has to sting, maybe.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find me on X at @JGedeon1 or email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below.

JOIN US ON 6/12 FOR A TALK ON THE AIRLINE INDUSTRY: As air travel soars again, policymakers and airlines are grappling with a series of contemporary challenges to the industry's future. Join POLITICO on June 12 for a topical and timely conversation with government leaders and aviation stakeholders about the state of the airline industry. From what passengers want to what airlines need amid the high demand for air traffic, workers and technology solutions. What can Washington do to ensure passengers and providers are equipped to fly right? REGISTER HERE.

Industry Intel

OLYMPICS IN THE CROSSHAIRS — Since it won’t be able to compete for any real medals, Russia is going for gold in spreading disinformation ahead of the Paris Summer Olympics.

Microsoft is warning in a new report out today that Russia is a year deep into a campaign to interfere in the Games, including through AI-fueled disinfo — and it’s only going to get worse as the ceremony kicks off on July 26.

— The tactics: The disinfo deluge dates back to June 2023, and Russian groups like Storm-1679 and Doppelganger are wielding AI-generated text, audio and visuals to pursue two main goals:

Tarnishing the International Olympic Committee's image through videos titled "Olympics Has Fallen," by using AI-generated audio of Tom Cruise’s voice to imitate popular films.
Stoking security fears to deter attendance with fake warnings about violence from purported European media outlets and mocked-up graffiti threats.

— Some other examples: In at least one case, Storm-1679 posted fake images of graffiti in Paris threatening violence against Israelis who attended the events in connection to their government’s military campaign in Gaza.

The state-linked Doppelganger on the other hand has been creating fake French news sites that post articles critical of the French government’s handling of the Paris Olympics, and stoking further fears of violence, researchers say.

— Tip of the iceberg: While these activities are concerning, they are likely just the beginning.

Microsoft researchers expect the information operations linked to Russia to “intensify” ahead of the opening ceremony, through more bots, fake accounts and potentially even through staged provocations around event venues.

— Side note: The security behemoth isn’t the only one warning of big cyber threats at the Olympics. Just ahead of the weekend, the Canadian Centre for Cyber Security posted a bulletin warning that hacktivists will “likely target” major international sporting events, and anti-government protests in France regarding the changes to minimum pension age may be a key focus point during the Games.

And remember, France approved widespread AI surveillance for all gatherings over 300 people. While officials say it’s meant to be a security upgrade and that the algorithmic video systems will steer clear of facial recognition, there will be an exponential threat risk that comes from cloud-connected devices required to monitor a major event like the Olympics.

— Practicing for years: This is far from the first time Russia and other nations have interfered in various Olympic events. Microsoft noted in the report that this is a “decades-long” strategy by Russia; disinformation is not the only tactic.

During the opening ceremony of the 2018 Winter Olympics in Pyeongchang, South Korea, Russian hackers pretending to be based in North Korea disrupted portions of the event, including taking down telecasts and drones.

While the Microsoft report does not warn of cyberattacks, the 2018 operation was reportedly planned for months in advance, and officials in France are preparing to face the threats, should they come. Let the games begin.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

On the Hill

WYDEN CALLS RECALL ‘SPYWARE’ — Sen. Ron Wyden (D-Ore.) is accusing Microsoft of prioritizing new AI features over security with its recently unveiled "Recall" program, warning it would be a "foreign spy's dream" if enabled on government computers.

"It's clear that Microsoft did not learn the right lesson from the DHS Cyber Safety Review Board's scathing report," Wyden tells MC, referring to their damning April report. "Not even a month after the company pledged to put security first, it is already incorporating spyware into Windows, turned on by default, to enable new AI features."

— Under the hood: Recall, which will take screenshots of users' screens every five seconds to aid its AI capabilities and will be launched with the Copilot + PC on June 18, prompted warnings from security experts that the treasure trove of sensitive data could set cybersecurity back "a decade" if compromised by hackers.

The time-machine-like memory aid will allow users to search for anything that’s ever appeared on their screen for up to three months prior — like a phrase in an article they read, a meme that they shared or, yes, even financial data or unblurred passwords.

— Not going anywhere: The criticism piles onto Microsoft just weeks after CEO Satya Nadella vowed to beef up security following a scathing report that called out the company's "inadequate" security practices.

Still, Microsoft defended the product, with enterprise and operational security Vice President David Weston saying the company "built this feature with security in mind and have multiple layers of security in Windows to prevent compromise."

Weston added that Microsoft leverages encryption and access controls "to protect sensitive data against attack."

— Wyden sees it differently: “It's like pointing a surveillance camera at government workers' desks and hoping the footage never leaks,” he said.

Vulnerabilities

SPREAD THE LOVE — A new cyber simulation is spotlighting the potential risks of federal agencies becoming overly reliant on a single IT vendor.

In the exercise, a fictional agency that had standardized its tech stack around one dominant supplier proved easier for mock nation-state hackers to compromise compared to an agency with a diversified vendor footprint, according to a report out today from the Center for Cybersecurity Policy and Law.

The findings highlight possible problems with "monoculture" or "concentration risk" — industry terms for when organizations become heavily dependent on one company's products and services across their networks.

— Simulation details: In the scenario, attackers first breached the core identity system tying together the technology from the mock vendor "OmniCorp." That access allowed them to more freely move across the systems of the agency using OmniCorp's suite, where they were able to steal data, plant malware and cause other damage with relative ease.

But at the agency with a diverse IT environment, researchers say the adversary team had to work much harder, to penetrate the agency's defenses and their destructive impacts were more limited. That agency was also able to deal with the threat more rapidly by swapping out OmniCorp's identity solution for an alternative.

— The big fix: Among the CCPL’s key recommendations:

NIST should coordinate with industry to better define IT concentration risk and how to measure it, with the aim of incorporating risk management practices into the Cybersecurity Framework and other guidance.
OMB and the Office of the National Cyber Director should direct CISA, the Pentagon and others to assess the prevalence of IT monoculture government-wide by auditing agencies' tech environments and procurement processes.
Congress should ramp up oversight over federal IT concentration risk through investigations and potential legislation if the executive branch response is lacking.

Tweet of the Weekend

Everything I send to OneDrive is lost in the cloud abyss never to be found down again.

Quick Bytes

OPPO PARTY DRAMA — Germany's opposition party Christian Democratic Union faced a major cyberattack, forcing them to take parts of their computer systems offline while authorities investigate. POLITICO Europe’s Alessandro Ford has the story.

DRESSED DOWN — A hacker broke into stalkerware company pcTattletale's servers, stole data, and defaced their website. That means pcTattletale has become the 20th stalkerware company since 2017 that is known to have hacked or leaked customer and victims’ data online, according to TechCrunch’s Lorenzo Franceschi-Bicchierai.

“The Ticketmaster data breach may be just the beginning” (WIRED)

Chat soon.

Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).

JOIN US ON 6/13 FOR A TALK ON THE FUTURE OF HEALTH CARE: As Congress and the White House work to strengthen health care affordability and access, innovative technologies and treatments are increasingly important for patient health and lower costs. What barriers are appearing as new tech emerges? Is the Medicare payment process keeping up with new technologies and procedures? Join us on June 13 as POLITICO convenes a panel of lawmakers, officials and experts to discuss what policy solutions could expand access to innovative therapies and tech. REGISTER HERE.