Politics The Cybersecurity 202: Trump campaign site hack shows risks of even low-grade election interference

14:15  28 october  2020
14:15  28 october  2020 Source:   washingtonpost.com

USA TODAY/Suffolk Poll: Joe Biden leading Donald Trump by 7 points in pivotal Pennsylvania

  USA TODAY/Suffolk Poll: Joe Biden leading Donald Trump by 7 points in pivotal Pennsylvania A majority of likely Pennsylvania voters also said they do not support adding justices to the Supreme Court. "You start creating more justices to get the opinions you want," he said. "It's almost like 'well I gotta win and I'm just gonna create new facts.' " But Laws said that she supports adding justices to the Supreme Court, adding that it shouldn't be called court packing. "I believe it should be called court evening," Laws said. She said that she believes that the "minority shouldn't be ruling the majority," adding that the "the majority of the country is pro choice.

Sign up for The Cybersecurity 202 newsletter. Trump muddied the waters even more during a news conference with Zelensky yesterday by saying that But the fact that Trump is still suggesting there's some sort of frame job in election interference has officials and cybersecurity experts just as irate.

The Trump campaign 's website suffered a brief, apparent hack on Tuesday evening , though the campaign said no important data was exposed. “Earlier this evening , the Trump campaign website was defaced and we are working with law enforcement authorities to investigate the source of the

with Tonya Riley

A brief but colorful breach of President Trump’s campaign website is underscoring how even unsophisticated efforts at election interference can rattle voters and undermine the democratic process.

Officials and experts were eager to put the breach into context in the final week of the election – during which millions of Americans are expected to flock to the websites of candidates and state and local election offices for last-minute information before casting their ballots.

Chris Krebs, head of the Department of Homeland Security’s election security division, sought to tamp down concern and called it an effort to “distract, sensationalize, and confuse” and to “undermine your confidence in our voting process.”

Officials stress security of election systems after U.S. reveals new Iranian and Russian operations

  Officials stress security of election systems after U.S. reveals new Iranian and Russian operations Federal and state officials said they have fortified election systems since 2016, when Russian hackers scanned election-related websites and software across the country for vulnerabilities. U.S. officials and cybersecurity experts said the activity did not appear to include penetration of voting systems or access to voter registration databases, or the hacking of equipment that could be tampered with to alter election results.

President Trump 's campaign website briefly showed a message from someone claiming to have compromised devices belonging to Mr. Trump The message was posted for less than half an hour before the campaign 's website was restored, but the apparent hack comes as federal officials are

show ad. Trump 's campaign website is briefly 'seized' by hackers who claim to have evidence that 'proves his criminal involvement with foreign actors to manipulate the election ' - but spokesman says 'there was no exposure to sensitive data'. A message reading, 'this site was seized' appeared briefly

The hackers managed to deface the site’s “About” page for several minutes, replacing it with a screed that claimed in broken English and without evidence to have compromising information about the president and his family culled from multiple hacked devices.

“[T]he world has had enough of the fake-news spreaded daily by president donald j trump,” read the message, which also included FBI and Justice Department seals. “[I]t is time to allow the world to know truth.”

Donald Trump wearing a suit and tie: President Trump speaks during a campaign event. (Jonathan Ernst/Reuters) © Jonathan Ernst/Reuters President Trump speaks during a campaign event. (Jonathan Ernst/Reuters)

To be clear, there’s no evidence that the hackers gained access to any private campaign data or that they’re affiliated with a foreign intelligence service capable of mounting a sophisticated election interference operation.

Donald Trump made many promises in 2016 and early in his term. Which has he kept and what is he still working on?

  Donald Trump made many promises in 2016 and early in his term. Which has he kept and what is he still working on? Trump has kept a number of pledges, including tax cuts and conservative judges. But not on others such as bringing back coal and replacing Obamacare."Unlike so many who came before me, I keep my promises," Trump said during his State of the Union speech this year.

The Army for Trump site invites supporters to “enlist” in a number of campaign activities including The report also warned that the E.U. is at higher risk of distributed denial of service attacks than it More cybersecurity news: Trump administration revokes the visa of a Ukrainian political fixer tied to

The Trump campaign ’s website was briefly hacked late Tuesday, with the culprits posting a typo-riddled message on the site threatening to release “evidence” of the president’s “criminal involvement” in a supposed scheme to sway next week’s election . The hackers , whose identity was not

Indeed, the fact that they were booted so quickly from the site is a strike against their technical capabilities.

Trump Communications Director Tim Murtaugh said on Twitter that law enforcement authorities are investigating the breach. He said there’s no chance hackers stole sensitive data because none is stored on the site.

The message also closed by soliciting cryptocurrency from people interested in seeing the alleged incriminating information about the president — a sign that the hackers had financial motives, rather than political ones in mind.

“I don’t think this is something people should lose any sleep over,” John Hultquist, senior director of intelligence analysis at the cybersecurity firm FireEye, told me. “It still has to be reviewed, but the most likely scenario is this is a scam to make money.”

More from Hultquist:

Yet a sitting president’s campaign site being so easily compromised is sure to give some Americans heartburn.

That’s especially true during an election in which U.S. adversaries have already launched a series of operations aimed at influencing voters and provoking mistrust in the electoral system. Most prominently, the FBI and intelligence agencies alerted last week about an alleged Iranian scheme to send threatening emails to Democratic voters posing as a far right group that supports Trump.

Fighter jets fire flares, escort plane from airspace near Trump event in Arizona

  Fighter jets fire flares, escort plane from airspace near Trump event in Arizona U.S. fighter jets escorted a plane flying in restricted airspace near President Donald Trump's rally in Bullhead City, Arizona.The North American Aerospace Defense Command tweeted that it sent two F-16s to investigate "a general aviation aircraft that was not in communication" with air-traffic controllers as it neared Bullhead City.

But even cybersecurity experts say it's worth making this compromise on cybersecurity to protect public health during the rapidly worsening crisis. Hackers , preparing for an influx of digital visits, could compromise doctors’ computers to snoop on and record medical consultations.

President Trump 's top intelligence and national security officials are forging ahead with plans to disrupt any Russian interference ahead of the 2018 midterms. “ Trump will keep waffling on Russia’s role in the 2016 election . If Russia interferes again, the national security agencies will have no problem

Election officials have sounded alarms about the dangers of campaign and government-run election sites being hijacked by hackers who deface them or hold them hostage for ransom payments. A ransomware attack briefly disabled a Georgia county election database earlier this month.

And this defacement also comes after a widespread Twitter breach compromised accounts for numerous prominent people including Democratic nominee Joe Biden. That breach also appeared to be aimed at scamming people into paying cryptocurrency — creating the amazing situation in which the digital presence of both parties' presidential nominees has been at least briefly hijacked by scammers during the campaign's final months.

CNN’s Donie O’Sullivan:

The breach also raises questions about how scrupulously the Trump campaign is managing its cybersecurity.

While it's not clear how hackers accessed the site, it's possible it was by stealing the account access of a campaign staffer or conning the staffer into giving up passwords or other secret information.

Top GOP official says cyber attackers stole $2.3 million from Republican Party of Wisconsin

  Top GOP official says cyber attackers stole $2.3 million from Republican Party of Wisconsin Chairman Andrew Hitt said the party discovered the attack Oct. 22 and by Friday realized $2.3 million was taken.Party Chairman Andrew Hitt said the loss was attributed to a phishing attack that has been reported to the FBI.

“ Security experts, elections experts and the media…should make every effort to be specific and fact-based so as not to further contribute to disinformation Big picture: Experts on both sides stressed that Americans should not be so fearful of election interference that they don’t participate in the process.

DONALD TRUMP 'S official campaign website has reportedly been hacked , with the intruders Donald Trump news: Hackers changed the about page to a strange cryptocurrency scam (Image Donald Trump news: Tim Murtaugh has since said the site is back to normal and no data has been

The Trump campaign didn’t respond to my questions last night about cybersecurity precautions its staff takes. A spokeswoman for the campaign previously declined to answer the same questions, saying the campaign “takes cybersecurity seriously,” but doesn’t discuss specifics about its operations.

The Biden campaign previously said it follows best practices, including requiring staff to use multi-factor authentication and complete cybersecurity training.

The breach also carried some bitter irony for Trump, who earlier this month claimed that “nobody gets hacked.”

“To get hacked, you need somebody with 197 IQ and he needs about 15 percent of your password,” Trump claimed at a rally in Arizona, mocking a C-SPAN host for falsely claiming his account was hacked.

In fact, this isn’t Trump’s first brush with hacking. His 2016 campaign site was defaced in February 2017, soon after his inauguration. Later that year, hackers stole credit card information from guests at 14 properties owned by Trump’s real estate business, including hotels in Washington, D.C., and New York City.

The keys

Facebook took down a network of accounts promoting Iranian disinformation about the U.S. election.

Facebook said it took down three small coordinated networks trying to spread misleading information on its social media sites. © Lionel Bonaventure/AFP/Getty Images Facebook said it took down three small coordinated networks trying to spread misleading information on its social media sites.

One of the accounts sought to amplify an alleged scheme in which Iranians posing as the Proud Boys, a far-right group, sent emails to Democratic voters threatening them if they didn't vote for Trump, Dustin Volz and Jeff Horwitz at the Wall Street Journal report. The Office of the Director of National Intelligence attributed the emails to Iran and said that Russia could also use voter data to attempt to create the appearance of election interference.

Survey: Nearly 2 out of 3 voters will cast their ballots early in-person or by mail, not on Election Day

  Survey: Nearly 2 out of 3 voters will cast their ballots early in-person or by mail, not on Election Day The survey showed a significant partisan divide, too. Those supporting Biden are more likely to say they plan to vote by mail than those who support Trump.When combining those who are voting by mail (42%) and those who voting early in-person (26%), nearly 2 in 3 voters will be casting their ballot ahead of Election Day, according to a survey from the Democracy Fund + UCLA Nationscape Project.

Foreign actors are exaggerating their influence over the election, Facebook says. “It’s important that we all stay vigilant, but also see these campaigns for what they are — small and ineffective, Nathaniel Gleicher, Facebook’s head of cybersecurity policy, said in a news release. “Overstating the importance of these campaigns is exactly what these malicious actors want, and we should not take the bait.”

Gleicher specifically warned about phony claims about compromised election infrastructure.

Acting homeland security secretary Chad Wolf told CBS news the agency is on high alert ahead of the election. This is a prime opportunity for any adversaries, whether it be Russia or Iran or it’s a cyber actor,” he said.

A DHS watchdog dinged CISA’s preparations for violence at polling places. CISA says the report was poorly timed.

a group of people on a sidewalk: Voters wait to cast their ballots Tuesday in Washington. (Astrid Riecken for The Washington Post) © Astrid Riecken/for The Washington Post Voters wait to cast their ballots Tuesday in Washington. (Astrid Riecken for The Washington Post)

The Cybersecurity and Infrastructure Security Agency effectively beefed up defenses against digital election threats, but not physical threats or violence that could disrupt Election Day, the report says, Raphael Satter and Christopher Bing at Reuters report.

The warning comes as civil rights groups and election officials worry about the risk of polling place violence and unrest.

Both CISA Director Chris Krebs and the National Association of State Election Directors criticized the report for casting doubt on security just a week before the election.

How to watch election night 2020: the definitive hour-by-hour guide

  How to watch election night 2020: the definitive hour-by-hour guide Election Day is nearly here, and in a matter of hours we’ll find out whether this is the end of the campaign — or just the beginning of a protracted fight over who won. At 7 p.m. (Eastern Standard Time, which applies to all times mentioned here), we’ll start to see returns from Florida, Ohio, North Carolina and Georgia. Trump won all four of these states in 2016 and needs to win them again in 2020. The good news for viewers is that we should see relatively quick results in these key states, all of which are allowed to start processing (i.e., opening envelopes, validating signatures or even counting) their early votes and mail ballots before Election Day.

I am confident that the work we have done to protect the 2020 election means your vote is secure and you should vote with confidence, Krebs said in a message to voters.

Amy Cohen, executive director of the National Association of State Election Directors, said the report “does not fully demonstrate how far the relationship between the election community and CISA has come.”

The government's top intelligence officer will brief representatives from Florida about election threats on Friday.

Rep. John Ratcliffe wearing a suit and tie: Director of National Intelligence John Ratcliffe. (Leah Millis/Reuters) © Leah Millis/Reuters Director of National Intelligence John Ratcliffe. (Leah Millis/Reuters)

The Office of the Director of National Intelligence will meet with Reps. Stephanie Murphy (D-Fla.) and Michael Waltz (R-Fla.) about a recent email campaign to intimidate voters, which U.S. intelligence has attributed to Iran.

Murphys office confirmed the meeting.

The emails, which spoofed the far-right Proud Boys, reached hundreds of Democratic voters in Florida.

The Miami Herald initially reported that ODNI had denied the request, citing a “lack of bandwidth. Waltz and the intelligence office disputed that characterization.

Chat room

Election pros criticized Supreme Court Justice Brett M. Kavanaugh for making misleading statements about when to expect official election results in a ruling that blocked accepting mail ballots in Wisconsin that arrive after Election Day. Here is R Street Senior Fellow Paul Rosenzweig:

Justice Elena Kagans dissent made a similar point:

Vermont Secretary of State Jim Condos (D) said Kavanaugh incorrectly said his state had not made changes to its election processes:

More cybersecurity news:

Spy agency ducks questions about 'back doors' in tech products (Reuters)

The lowly DDoS attack is still a viable threat for undermining elections - CyberScoop (CyberScoop)

Former California police captain pleads guilty in eBay cyberstalking case (Reuters)


  • The Senate Commerce Committee will hold a hearing today to examine Section 230 immunity at 10 a.m.
  • The USC Election Cybersecurity Initiative will host a final workshop on the lessons from the workshops it has hosted in 50 states leading up to the election on Wednesday at 1:30 p.m.
  • The Cybersecurity Coalition and the Cyber Threat Alliance will host CyberNextDC on Nov. 17-18, starting at 11 a.m.

Secure log off

A reminder of a simpler time.

Police, experts monitoring extremist groups to see if poll watchers try to disrupt voting .
The states with the highest risk for election-related violence by armed extremist groups are Michigan, Pennsylvania, Wisconsin, Georgia and Oregon.President Donald Trump, who has falsely claimed voter fraud is widespread, has called for an army of poll watchers to ensure the election is fair. Right-wing extremist groups have signaled they plan to heed the call. Left-wing groups have vowed to confront people they believe are engaged in voter suppression.

usr: 8
This is interesting!