Beijing’s disinfo pinprick

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Sep 03, 2024 View in browser
 
POLITICO's Weekly Cybersecurity newsletter logo

By John Sakellariadis

With help from Maggie Miller

Driving the Day

A small, China-linked influence operation is targeting U.S. voters with divisive posts on social media ahead of November, according to new research out this morning.

HAPPY TUESDAY, and welcome to MORNING CYBERSECURITY! Raygun, the Australian breakdancer who went viral at the Paris Olympics, is single-handedly renewing my love for Charades.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find Joseph on X at @JGedeon1 or email him at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

Today's Agenda

Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger, National Cyber Director Harry Coker, Ambassador at Large for Cyberspace and Digital Policy Nate Fick, and other top cyber officials headline Day 1 of the Annual Billington CyberSecurity Summit. Programming begins at 1:45 p.m.

Election Security

SMALL BUT FEARSOME — One of China’s most prolific teams of online influence peddlers is at it again, unspooling a small flurry of divisive social media posts against U.S. voters ahead of the election this fall, a new report out today from social media analytics firm Graphika finds.

— Spam nation: The operation, which Graphika attributes to a group known as “Spamouflage,” involves the use of more than a dozen fake accounts on X and one on TikTok to pose as U.S. citizens and others frustrated with American policies, my colleague Maggie writes in.

The accounts are spreading negative content against both Republican and Democratic candidates for office, including former President Donald Trump and Vice President Kamala Harris. They also put out divisive posts on issues like the war in the Gaza Strip, racial inequality and homelessness.

— AI, so hot: Graphika researchers believe at least some of the content spread by the accounts was created by artificial intelligence-enabled technologies.

“Spamouflage was the first state-linked influence operation that we saw leveraging AI-generated content at scale in its operations. That was late 2022, and now it’s something we encounter like every other week,” Graphika Chief Intelligence Officer Jack Stubbs told Maggie. “Probably of all the influence operations we’re tracking, Spamouflage has been one of the most enthusiastic in its embrace of generative AI.”

— Needle in a haystack: While most of the accounts and posts did not get much engagement, the pro-Trump TikTok account did. One of its posts mocking President Joe Biden received around 1.5 million views.

Despite this engagement, Stubbs said Spamouflage was typically focused on “high volume, low impact” campaigns.

“There will be moments where the operation will have these kinds of incidents of what we call ‘breakout,’” Stubbs said. “Those really are the exception to the rule…we like to say that Spamouflage is like throwing spaghetti at the wall hoping that some of it sticks.”

— Beijing wades in: The report shows that China, which the U.S. intelligence community has said does not yet appear willing to back one presidential candidate over the other, could still seek to influence down-ballot voters this fall.

Spamouflage has been active for a number of years, since at least 2019, and has previously been called out by a number of organizations, including OpenAI, which removed a Spamouflage-linked campaign earlier this year. Meta has also taken steps to root the group out of its platforms.

Election Security

PIECING IT TOGETHER — The federal government is still struggling to help states protect frontline election workers from harassment and intimidation, even as threats have escalated since the 2020 vote, a key election official claims.

Amy Cohen, the executive director of the non-partisan National Association of State Election Directors, testified before Congress two years ago about the rising challenges facing state and county election workers.

“We’ve not seen fundamental change at the federal level from anything I said in my testimony two years ago,” Cohen said during a Labor Day interview with MC.

— The bad news: At the time, Cohen offered tough criticism of the Justice Department’s then-brand new Task Force for Threats Against Election Officials and Congress’ poor record when it comes to ponying up security funding for the states.

Cohen isn’t seeing much improvement from the task force, which the DOJ stood up in 2021 to help state officials report and investigate rising threats against them. And while Congress has doled out some new money through more flexible grant programs, like the Help America Vote Act, she said the funding remains limited, leaving state and local election offices to “make really difficult decisions” about how to invest in security.

— The good news: State law enforcement agencies are stepping up to provide more support than ever before. “That has been the sort of marked improvement that we've seen over the last several years,” she said.

— Hunkering down: Despite her concerns, Cohen acknowledged that, with Election Day so near, the federal government should focus on the things it can address rapidly.

“Now is the time to make sure that election offices are able to leverage the things that the federal government already has,” she said, citing federal security checklists and volunteer services as two such examples.

Cybercrime

SWATTED — The Secret Service has a lot more on its plate in the 21st century than just gun-toting assassins and brass-knuckle criminals.

The agency best known for hurling bodies in front of the president spearheaded last Wednesday’s landmark charges against two individuals who phoned in a flurry of fake 911 calls against high-profile U.S. officials. And while Secret Service Assistant Director of Investigations Brian Lambert told your MC host the agency isn’t planning on making so-called “swatting” attacks a priority, he said it is evolving to protect those under its remit.

“There's a specific reason we were so involved in this investigation, and it really is our protective mission,” said Lambert.

— The backdrop: Nemanja Radovanovic and Thomasz Szabo, Serbian and Romanian nationals respectively, called in bomb threats and other false emergencies at the residences of a who’s who of U.S. political elite, including an unspecified former president, members of Congress, agency officials and federal judges.

Their crime spree also overlaps with a previously reported swatting attack against CISA Director Jen Easterly. (CISA declined to comment on the case.)

— Fast and furious: Soon after those calls came in, the Secret Service obtained call records for the perpetrators from Google, eventually tracking them down for a pair of one-on-one’s in Europe, according to a signed affidavit from the Secret Service.

That’s a remarkable display of the agency’s speed in identifying the perpetrators, and its international reach, Lambert argued. “When we got an indication that we needed to go over there, you could not find a better group of foreign counterparts,” he said.

— Name and shame?: Asked what message the agency hoped to send with the case, Lambert said the Secret Service’s main priority was “running every lead to ground” to ensure protectees were not in any further physical danger.

But he also acknowledged the case could have knock-on effects on swatting writ large, given how prolific Szabo and Radovanovic were. Szabo is now in custody, CNN has reported and a separate U.S. law enforcement officer confirmed to MC.

“It did feel to me like it [swatting attacks] dropped off considerably” after this case, Lambert said.

Critical Infrastructure

FLIGHT TROUBLE  — A vendor that helps TSA vet known airline employees at airports appears to have suffered a ransomware incident earlier this year, according to Joe Sandbox, a public malware analysis engine.

Screenshots of FlyCASS’s website retrievable on Joe Sandbox — a common tool in the security community — display scrambled data and a ransom message dated to February. FlyCASS is a company that helps participating airlines register pre-vetted employees into a database that TSA gate agents use at special airport security checkpoints.

FlyCASS did not reply to a request for comment about the apparent ransomware incident.

— Why it matters: The finding, surfaced by a security user on X, comes immediately after a pair of white hat researchers found a rudimentary bug in the FlyCASS web interface, which they fear could have let terrorists manipulate the database and skirt airport security checkpoints.

While that bug has now been fixed, researchers Sam Curry and Ian Carroll remain concerned TSA leans too heavily on an insecure partner in FlyCASS — a concern that this recent incident has only amplified.

“When a white hat [security researcher] demonstrates a system is vulnerable, it’s one thing,” Curry said in an interview with MC. “But when people can own these systems — and they are — it’s further evidence that this needs to get looked into a little bit.”

— Smoke no fire? TSA has countered that it has other defenses in place to vet airline personnel and does not rely exclusively on the database. It did not reply to an additional request for comment in light of the possible ransomware incident.

Tweet of the Day

Google security expert Heather Adkins with some nice food for thought in this thread:

Source: X

X

Quick Bytes

MANO A MUSK — The Brazilian Supreme Court Panel upheld an order blocking social network X in the country, the New York Times’ Jack Nicas reports.

CYBER BRIGADES — Cybersecurity pros are taking inspiration from Benjamin Franklin as they launch new efforts to shore up U.S. critical infrastructure, CyberScoop’s Christian Vasquez reports.

POKING THE PANDA — Unknown hackers are targeting Chinese citizens and organizations as part of a “highly coordinated” espionage operation, The Record’s Jonathan Greig reports.

Chat soon.

Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).

 

Follow us on Twitter

Heidi Vogt @HeidiVogt

Maggie Miller @magmill95

John Sakellariadis @johnnysaks130

Joseph Gedeon @JGedeon1

 

Follow us

Follow us on Facebook Follow us on Twitter Follow us on Instagram Listen on Apple Podcast
 

To change your alert settings, please log in at https://login.politico.com/?redirect=https%3A%2F%2Fwww.politico.com/settings

This email was sent to salenamartine360.news1@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Unsubscribe | Privacy Policy | Terms of Service

Post a Comment

Previous Post Next Post