Matt Masterson, one of the U.S. government’s top election experts, is leaving his post as of next week for a role in academia where he will continue to study the disinformation campaigns that have plagued the country, he told CyberScoop on Thursday. Masterson has been a senior adviser at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency since 2018. He led a team that reassured the public that the 2020 election was secure, despite President Donald Trump’s baseless assertions to the contrary. Masterson will join the Stanford Internet Observatory, a team of academics and tech experts led by former Facebook security chief Alex Stamos, which works on election security and social media challenges. Masterson said his last day at CISA will be Dec. 18. At Stanford, “We’re going to unpack what we’ve learned over the last few years [on election security],” Masterson said in an interview, including “what more needs to be done on a broader level.” Masterson said he wants to continue to tackle disinformation campaigns, which could extend to the rollout of the coronavirus vaccine. Experts fear that a large swath of Americans are distrustful of the efficacy of the vaccine, in part because of conspiracy theories that spread online. Masterson, a former election official in Ohio, was part of a team of CISA officials who rebuilt trust between election officials across the country and federal personnel after the 2016 election.
National: The U.S. government spent billions on a system for detecting hacks. The Russians outsmarted it. | Craig Timberg and Ellen Nakashima/The Washington Post
When Russian hackers first slipped their digital Trojan horses into federal government computer systems, probably sometime in the spring, they sat dormant for days, doing nothing but hiding. Then the malicious code sprang into action and began communicating with the outside world. At that moment — when the Russian malware began sending transmissions from federal servers to command-and-control computers operated by the hackers — an opportunity for detection arose, much as human spies behind enemy lines are particularly vulnerable when they radio home to report what they’ve found.Why then, when computer networks at the State Department and other federal agencies started signaling to Russian servers, did nobody in the U.S. government notice that something odd was afoot? Why then, when computer networks at the State Department and other federal agencies started signaling to Russian servers, did nobody in the U.S. government notice that something odd was afoot? The answer is part Russian skill, part federal government blind spot. The Russians, whose operation was discovered this month by a cybersecurity firm that they hacked, were good. After initiating the hacks by corrupting patches of widely used network monitoring software, the hackers hid well, wiped away their tracks and communicated through IP addresses in the United States rather than ones in, say, Moscow to minimize suspicions. The hackers also shrewdly used novel bits of malicious code that apparently evaded the U.S. government’s multibillion-dollar detection system, Einstein, which focuses on finding new uses of known malware and also detecting connections to parts of the Internet used in previous hacks. But Einstein, operated by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), was not equipped to find novel malware or Internet connections, despite a 2018 report from the Government Accountability Office suggesting that building such capability might be a wise investment. Some private cybersecurity firms do this type of “hunting” for suspicious communications — maybe an IP address to which a server has never before connected — but Einstein doesn’t.
Full Article: The U.S. government spent billions on a system for detecting hacks. The Russians outsmarted it. – The Washington Post