National: Russia Is Attacking the U.S. System From Within | The Atlantic

A new court filing submitted on Wednesday by Special Counsel Robert Mueller revealed that a Russian troll farm currently locked in a legal battle over its alleged interference in the 2016 election appeared to wage yet another disinformation campaign late last year—this time targeting Mueller himself. According to the filing, the special counsel’s office turned over 1 million pages of evidence to lawyers for Concord Management and Consulting as part of the discovery process. The firm is accused of funding the troll farm, known as the Internet Research Agency. But someone connected to Concord allegedly manipulated the documents and leaked them to reporters, hoping the documents would make people think that Mueller’s evidence against the troll farm and its owners was flimsy. The tactic didn’t seem to convince anyone, but it appeared to mark yet another example of Russia exploiting the U.S. justice system to undercut its rivals abroad.

National: Republicans Rewrote Voting Laws for 8 Years. Now Democrats Say It’s Their Turn. | The New York Times

In the years after Republicans swept state and congressional elections in 2010, legislatures in 25 states — all but a handful of them dominated by the party — enacted laws that made it harder to register and vote, from imposing ID requirements and curbing voter registration drives to rolling back early voting periods. In November, Democrats reclaimed some of the ground they lost eight years ago. And now the rules for casting a ballot are moving fast in the opposite direction. The signal example is in New York, where Democrats this month enacted a series of measures expanding access to the ballot box, just two months after taking full control of both the State House and Senate. But that state is far from the only one: Legislatures in New Jersey and Virginia are set to consider even more expansive packages. Delaware, New Hampshire, Minnesota and New Mexico are also set to take up voting rights measures. All those proposals, in legislatures under Democratic control or on the cusp of it, have plausible prospects of becoming law. But Democrats are pushing legislation to expand access to the ballot even in some states like South Carolina and Texas where Republicans control makes approval unlikely.

National: Russian DNC Hackers Launch Fresh Wave of Cyberattacks on U.S. | Daily Beast

Russia’s military intelligence directorate, the GRU, has been caught in a new round of computer intrusion attempts, this time aimed at the Center for Strategic and International Studies, a prominent Washington, D.C. think tank heavy with ex-government officials. The new efforts by the Kremlin hackers who notoriously breached the DNC and Hillary Clinton campaign to support Donald Trump suggests that indictments, international sanctions, a botched assassination and an unprecedented global spotlight have done little to deter Vladimir Putin from continuing to target the West with his hacker army, even as American intelligence agencies warn that Russia is gearing up to interfere in the 2020 election. “We’ve about exhausted our ability to achieve some kind of deterrent model that works,” said Robert Johnston, the security expert who investigated the 2016 DNC breach, and now heads the financial cybersecurity firm Adlumin. “You have indictments. You have Cyber Command releasing Russian malware. We ran psyops inside of Russia saying, ‘We know what you’re up to, stop it.’ Sanctions and diplomatic measures. The combination of all those isn’t enough to make it come to a complete halt.”

National: Purported hackers stole U.S. evidence to discredit Mueller probe: filing | Reuters

U.S. Special Counsel Robert Mueller’s office said on Wednesday that self-proclaimed hackers in Russia stole evidence in an attempt to tarnish its investigation of a firm charged with funding a Russian propaganda campaign to interfere in the 2016 U.S. election. Prosecutors said in a court filing in Washington that a Twitter handle called @HackingRedstone came online last Oct. 22 to brag it had hacked some of the evidence in the case. “We’ve got access to the Special Counsel Mueller’s probe database as we hacked Russian server with info from the Russian troll case,” the court document quoted the Twitter post as saying. In February 2018, Mueller indicted 13 Russians and three Russian companies with allegations of tampering in 2016 to support then-Republican candidate Donald Trump. In all, 34 people have pleaded guilty, been indicted or otherwise swept up in the broader inquiry.

National: What was the cybersecurity impact of the shutdown? | FCW

For 35 days, former high-ranking feds and Congress publicly warned about the potential negative ramifications of the partial shutdown on federal cybersecurity initiatives. Now with a short-term spending deal in place, many on Capitol Hill are shifting focus towards sifting through the wreckage to determine just how much damage was actually done. House Homeland Security Committee chairman Bennie Thompson (D-Miss.) said earlier this month that DHS and Congress “will be dealing with the consequences of [the shutdown] for months — or even years — to come.” At the Jan. 29 State of the Net conference in Washington D.C., Moira Bergin, subcommittee director for the House Homeland subcommittee on Cybersecurity and Infrastructure Protection listed a number of cybersecurity initiatives at DHS — from pipeline security to botnets to election security and activities at the new National Risk Management Center — that simply stopped during the shutdown.

National: McConnell says bill that would make Election Day a federal holiday is a ‘power grab’ by Democrats | The Washington Post

Senate Majority Leader Mitch McConnell said Wednesday that a Democratic bill that would make Election Day a federal holiday is a “power grab,” sparking a fierce backlash online. McConnell was speaking about H.R. 1, legislation that Democrats have made a centerpiece of their agenda since retaking the House earlier this month. In remarks on the Senate floor, McConnell (R-Ky.) said Democrats “want taxpayers on the hook for generous new benefits for federal bureaucrats and government employees,” including making Election Day a “new paid holiday for government workers.” “So this is the Democrats’ plan to ‘restore democracy,’” McConnell said, describing the legislation as “a political power grab that’s smelling more and more like what it is.”

National: Judiciary Hearing on Democrats’ Election Bill Turns Into Partisan Brawl | The New York Times

House Democrats faced sustained partisan fire on Tuesday over their ambitious elections overhaul bill, a top priority for the new Democratic leaders who must answer charges that their efforts to counter partisan gerrymandering and ease access to the polls strain the constitutional reach of Congress. The House Judiciary Committee’s inaugural hearing of the 116th Congress was dedicated to the voting and ethics rules overhaul, known as the For the People Act, which Democratic representatives have trumpeted as their signature legislative priority. But its reception underscored the challenges the bill will face in a divided Capitol. The bill would turn the drawing of congressional boundaries over to nonpartisan commissions, promote more transparency in campaign contributions and expand the public financing system for House and presidential candidates. “The broader issue is what kind of country America is and should be,” said Representative Jerrold Nadler of New York, the chairman of the committee.

National: The government’s cyber workers are back in action. First task: Checking for hacks | The Washington Post

Thousands of federal cyber workers are returning to their posts after more than a month on furlough today. And they have a big to-do list. The first priority: Looking for evidence of any major hacks that wormed through government defenses the past 35 days while agencies were working with a skeleton crew of security pros. It will take them days or weeks to pore through security logs to assess how much damage the shutdown did to the security of government computer networks and the sensitive data they hold. The attacks did not abate because the government was closed: One cyber manager who worked without pay during the shutdown described an uptick in attacks on his agency — including phishing emails containing malware, attempts to reset employee passwords and attempts to trick users into downloading malicious software cloaked as a legitimate update. Also on the docket: Figuring out how to adjust the multimillion-dollar contracts to upgrade and secure federal IT systems that have spent more than a month on ice.

National: Intelligence heads warn of more aggressive election meddling in 2020 | Politico

Foreign adversaries are likely already planning to interfere in the 2020 U.S. election, the nation’s top intelligence official warned on Tuesday. In a worldwide threat assessment to the Senate Intelligence Committee, Director of National Intelligence Dan Coats wrote that competitors such as Russia, China and Iran “probably already are looking to the 2020 U.S. elections as an opportunity to advance their interests.” In his statement, he predicted that these countries “will use online influence operations to try to weaken democratic institutions, undermine U.S. alliances and partnerships and shape policy outcomes in the United States and elsewhere.” Furthermore, he said, they’ll “refine their capabilities and add new tactics as they learn from each other’s experiences, suggesting the threat landscape could look very different in 2020 and future elections.”

National: Election Security Advocates Battle the National Association of Secretaries of State over Opposition to Strengthening Voting Systems | Politico

Indiana’s top election official is refusing to release her communications with the National Association of Secretaries of State, limiting the public’s understanding of both her role and the role of NASS in squashing federal legislation to upgrade voting systems, Eric reports. Indiana Secretary of State Connie Lawson is fighting a public records request that could shed light on both the NASS stance in election security debates and the influence that the small community of voting technology vendors has over the organization.

National: Roger Stone was in close contact with Trump campaign about WikiLeaks, indictment shows | The Washington Post

Roger Stone, a GOP political operative and longtime friend and adviser to President Trump, was in frequent contact with members of Trump’s campaign about WikiLeaks’ efforts to release materials damaging to Democrats before the 2016 election, according to an indictment filed against him Friday. Stone was arrested Friday morning on seven counts of obstruction, lying to Congress and witness tampering related to special counsel Robert S. Mueller III’s investigation into Russian interference in the election. A major focus of the probe has been whether Stone coordinated with WikiLeaks or its founder, Julian Assange, as the group published thousands of Democratic emails that prosecutors say were hacked by Russian operatives.

National: After a Messy Election, a Push to Make Voting Easier | Stateline

In the nearly three months since elections dogged by accusations of voter suppression, state lawmakers across the country have either filed or pre-filed at least 230 bills that would expand access to the ballot for millions of Americans. Bipartisan efforts aim to bring automatic voter registration, vote-by-mail, or the restoration of voting rights for ex-felons to more than 30 states. Bills to increase voter access have outpaced election integrity bills, such as those that would require voter ID or proof of citizenship and would limit early voting, across the country this year, according to a count by New York University School of Law’s Brennan Center for Justice. State lawmakers had introduced just 24 such bills.

National: How the U.S. Government Shutdown Harms Security | Krebs on Security

The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely to have serious repercussions for federal law enforcement agencies for years to come. One federal agent with more than 20 years on the job told KrebsOnSecurity the shutdown “is crushing our ability to take the fight to cyber criminals.” “The talent drain after this is finally resolved will cost us five years,” said the source, who asked to remain anonymous because he was not authorized to speak to the news media. “Literally everyone I know who is able to retire or can find work in the private sector is actively looking, and the smart private companies are aware and actively recruiting. As a nation, we are much less safe from a cyber security posture than we were a month ago.”

National: Unintended consequence: Federal cybersecurity workforce a potential casualty of the shutdown | The Hill

The partial shutdown of the US government may well end up damaging cybersecurity but perhaps not in the way most commonly thought. The most common and understandable concern is that the country’s current ability to respond to an emergency in the cyber domain is hampered. This line of thinking rests on the belief that the United States is not operating at full strength and, therefore, its present capacity to cope with an urgency is diminished. Admittedly, the challenge with multiple players down is not to be underestimated: It is far from ideal to take and defend the field with an incomplete roster. Moreover, bad actors may be plotting how to seize advantage during this self-inflicted window of vulnerability. Frankly, it is hard enough to ensure cybersecurity on a good day, when all hands are on deck. Having said that, there is some cause for confidence, despite prevailing circumstances. For example, from the standpoint of the Department of Homeland Security, over 80 percent of its flagship component responsible for cyber incidents — namely, the National Cybersecurity and Communications Integration Center, known as NCCIC — remains staffed. This should stand us in reasonably good (if imperfect) stead, should a crisis arise. For instance, US authorities engaged fully during the spate of DNS (domain name system) hijackings reported recently.

National: The Messy Truth About Infiltrating Computer Supply Chains | The Intercept

In October, Bloomberg Businessweek published an alarming story: Operatives working for China’s People’s Liberation Army had secretly implanted microchips into motherboards made in China and sold by U.S.-based Supermicro. This allegedly gave Chinese spies clandestine access to servers belonging to over 30 American companies, including Apple, Amazon, and various government suppliers, in an operation known as a “supply chain attack,” in which malicious hardware or software is inserted into products before they are shipped to surveillance targets. Bloomberg’s report, based on 17 anonymous sources, including “six current and former senior national security officials,” began to crumble soon after publication as key parties issued swift and unequivocal denials. Apple said that “there is no truth” to the claim that it discovered malicious chips in its servers. Amazon said the Bloomberg report had “so many inaccuracies … as it relates to Amazon that they’re hard to count.” Supermicro stated it never heard from customers about any malicious chips or found any, including in an audit it hired another company to conduct. Spokespeople for the Department of Homeland Security and the U.K.’s National Cyber Security Centre said they saw no reason to doubt the companies’ denials. Two named sources in the story have publicly stated that they’re skeptical of its conclusions.

National: America’s Election Security: How Vulnerable Are We Now? | Tom’s Guide

“Does new voting technology enable voting fraud, or does it prevent voting fraud?” rhetorically asked Blaze. “Yes.” He explained that the American election process has computers and software at every stage of the process, including voter registration and verification, the designing and distribution of ballots, the actual voting itself, and the tallying of votes and the communication of results. Machines at almost every step have been shown to be vulnerable to hacking, yet we can’t just go back to dropping envelopes in ballot boxes. “U.S. elections are the most complex in the world,” Blaze said. “You’re gonna need computers somewhere.” Fortunately, he said, policymakers and the general public are now aware of how vulnerable electronic voting systems are to tampering, and many states have taken at least initial steps to make them more secure. “Voting security is by far the hardest problem I have ever encountered,” said Blaze, who was recently a professor of computer and information services at the University of Pennsylvania but now holds the McDevitt Chair of Computer Science and Law at Georgetown University.

National: US intelligence warns of ‘ever more diverse’ threats | Associated Press

Russia’s efforts to expand its influence and China’s modernizing military are among the “ever more diverse” threats facing the U.S., according to a major intelligence report released Tuesday. The National Intelligence Strategy report, issued every four years, also singles out such potential threats as North Korea’s pursuit of nuclear weapons, the growing cyber capabilities of U.S. adversaries and global political instability. The report, which sets out the priorities for the various agencies that make up the U.S. intelligence community, notes that the United States “faces an increasingly complex and uncertain world in which threats are becoming ever more diverse and interconnected.” Director of National Intelligence Dan Coats said in a letter accompanying the report that the U.S. agencies must adapt to respond to what he calls a “turbulent and complex” environment.

National: How Voting-Machine Lobbyists Undermine the Democratic Process | The New Yorker

In the past decade, Election Systems & Software (E.S. & S.), the largest manufacturer of voting machines in the country, has routinely wined and dined a select group of state-election brass, which the company called an “advisory board,” offering them airfare on trips to places like Las Vegas and New York, upscale-hotel accommodations, and tickets to live events. Among the recipients of this largesse, according to an investigation by McClatchy published last year, was David Dove, the chief of staff to Georgia’s then secretary of state, Brian Kemp. Kemp, the new governor of Georgia, made news in the midterm elections for his efforts to keep people of color from voting and for overseeing his own election. In March of 2017, when Dove attended an E.S. & S. junket in Las Vegas, Kemp’s office was in the market to replace the state’s entire inventory of voting machines. “It’s highly inappropriate for any election official to be accepting anything of value from a primary contractor,” Virginia Canter, the chief ethics officer at Citizens for Responsibility and Ethics in Washington, told McClatchy. “It shocks the conscience.” (Kathy Rogers, E.S. & S.’s senior vice-president for governmental affairs, told McClatchy that there was nothing untoward about the advisory board, which she said has been “immensely valuable in providing customer feedback.”)

National: DNC targeted by Russian hackers beyond 2018 midterms, it claims | Naked Security

The Democratic National Committee (DNC) has filed a civil complaint accusing Russia of trying to hack its computers as recently as November 2018. In its court filing, the DNC argues that not only did the campaign and several Trump operatives collude with Russia to steal electronic information, but that Russia was still attempting to hack DNC systems in the run up to last year’s midterm elections. The filing describes an alleged Russian cyberattack campaign that began in July 2015 and which stole information after a hack in April 2016, when the Russians allegedly placed proprietary malware known as X-Agent on the DNC network. It claims that they monitored the malware in real time and collected data including key logs and screenshots. Using malware called X-Tunnel, the hackers exfiltrated several gigabytes of DNC data over the following days to a computer located in Illinois leased by agents of Russia’s GRU military unit, it says. Russian operatives then placed a version of X-Agent on a DNC server in June that year and hacked DNC virtual machines hosted on Amazon Web Services (AWS) in September to steal voter data, the filing also alleges.

National: America avoided election hacking in 2018. But are we ready for 2020? | ABC

Director of National Intelligence Dan Coats had cautioned that “the warning lights are blinking red again,” and experts warned that voting systems, in particular, could be at risk. Russia had likely targeted them in all 50 states in 2016 and had gained access to voter-registration files in Illinois and Arizona. But despite myriad concerns about vulnerabilities—from voting machines to tabulation systems to phishing attacks on campaigns—election hacking, by and large, did not factor in the 2018 elections. A recent report from Coats’ office to the White House confirmed as much: U.S. intelligence officials had no evidence that voting systems had been compromised, although social-media disinformation aimed at American voters had continued apace. “The Russians didn’t need to do much in 2018. They enjoy all the turmoil in the U.S. and probably take credit for 2016 outcomes,” said James Lewis, senior vice president and director of the Technology Policy Program at the Center for Strategic and International Studies. “Midterms are confusing and the Russians probably couldn’t figure out the pressure points to swing voters. If they have new tricks, they are saving them for 2020.”

National: Moscow Skyscraper Talks Continued Through ‘the Day I Won,’ Trump Is Said to Acknowledge | The New York Times

President Trump was involved in discussions to build a skyscraper in Moscow throughout the entire 2016 presidential campaign, his personal lawyer said on Sunday, a longer and more significant role for Mr. Trump than he had previously acknowledged. The comments by his lawyer Rudolph W. Giuliani indicated that Mr. Trump’s efforts to complete a business deal in Russia waned only after Americans cast ballots in the presidential election. The new timetable means that Mr. Trump was seeking a deal at the time he was calling for an end to economic sanctions against Russia imposed by the Obama administration. He was seeking a deal when he gave interviews questioning the legitimacy of NATO, a favorite talking point of President Vladimir V. Putin of Russia. And he was seeking a deal when, in July 2016, he called on Russia to release hacked Democratic emails that Mr. Putin’s government was rumored at the time to have stolen. The Trump Tower Moscow discussions were “going on from the day I announced to the day I won,” Mr. Giuliani quoted Mr. Trump as saying during an interview with The New York Times. It was one of a flurry of interviews Mr. Giuliani did on Sunday amid fallout from a disputed report by BuzzFeed News that President Trump had personally directed his former lawyer and fixer, Michael D. Cohen, to lie to Congress about the negotiations over the skyscraper.

National: Four cybersecurity priorities for Congress to confront active threats | The Hill

The 116th Congress may have difficulty finding common ground on most issues. But there is at least one area that presents the opportunity for bipartisan action: cybersecurity. Cyber threats do not discriminate based on party affiliation. There are four key issues within cybersecurity where this Congress has the potential to make progress with impactful legislation that would make all Americans — and our democracy — more secure. The Department of Homeland Security has made considerable progress on election security over the past 18 months. But, with 10,000 local jurisdictions responsible not just for administering elections but now for protecting our democracy against nation-state threat actors, more must be done. The answer does not lie in funding alone. Paper ballots paired with risk-limiting audits are critical; and Congress should take a hard look at the vendors who play an outsized role in our democracy. We also must share expertise and training across jurisdictions and ensure that jurisdictions are prepared to recover in the face of a cyberattack. The election security provisions in the House Democrats’ first bill are an excellent start and should not fall way to partisan rancor.

National: The shutdown is breaking government websites, one by one | The Washington Post

As the government shutdown drags on, a rising number of federal websites are falling into disrepair — making it harder for Americans to access online services and needlessly undermining their faith in the Internet’s security, experts warn. In the past week, the number of outdated Web security certificates held by U.S. government agencies has exploded from about 80 to more than 130, according to Netcraft, an Internet security firm based in Britain. Various online pages run by the White House, the Federal Aviation Administration, the National Archives and the Department of Agriculture appear to be affected by the latest round of expirations, Netcraft said.

National: Facebook finds and kills another 512 Kremlin-linked fake accounts | TechCrunch

Two years on from the U.S. presidential election, Facebook continues to have a major problem with Russian disinformation being megaphoned via its social tools. In a blog post today the company reveals another tranche of Kremlin-linked fake activity — saying it’s removed a total of 471 Facebook pages and accounts, as well as 41 Instagram accounts, which were being used to spread propaganda in regions where Putin’s regime has sharp geopolitical interests. In its latest reveal of “coordinated inauthentic behavior” — aka the euphemism Facebook uses for disinformation campaigns that rely on its tools to generate a veneer of authenticity and plausibility in order to pump out masses of sharable political propaganda — the company says it identified two operations, both originating in Russia, and both using similar tactics without any apparent direct links between the two networks.

National: Giuliani now says he has ‘no knowledge’ of Trump campaign colluding with Russia | The Hill

President Trump’s attorney, Rudy Giuliani, on Thursday sought to clarify widely publicized comments he made about possible collusion between President Trump’s campaign and Russia, saying that he had “no knowledge” of it taking place. “There was no collusion by President Trump in any way, shape or form,” Giuliani said in a statement to The New York Times. “Likewise, I have no knowledge of any collusion by any of the thousands of people who worked on the campaign.” He also argued that “the only knowledge I have in this regard is the collusion of the [Hillary] Clinton campaign with Russia, which has so far been ignored.”

National: State GOP Lawmakers Eye Changes to Ballot Measures – Passed and Future | Governing

Ballot measures have become a popular way to enact new policies — from minimum wage hikes and legalized marijuana to abortion restrictions and ethics reforms. But voter-approved measures are meeting more pushback. Republican legislators in several states are fighting ballot measures on two fronts: As was the case following the 2016 election, they are trying to overturn provisions of some laws that voters just passed in November. They are also seeking legislative changes that would make it harder for ballot measures to pass in the future. “Lawmakers are undermining the will of their constituents by unraveling these voter-approved changes and attacking the ballot measure process,” says Chris Melody Fields Figueredo, executive director of the Ballot Initiative Strategy Center, which promotes progressive ballot measures.

National: Democrats seek FEC assurance on campaign finance oversight during shutdown | Politico

The partial government shutdown, the longest in U.S. history, is affecting the Federal Election Commission’s ability to enforce campaign finance laws and investigate possible infractions, Democrats on the Senate Rules Committee wrote to the FEC on Wednesday. Ninety percent of the agency’s 300 employees have been furloughed, forcing it to skip its first scheduled meeting of the year, according to the letter, which was first reported by The Washington Post.

National: Court Blocks Trump Administration From Asking About Citizenship in Census | The New York Times

A federal judge blocked the Commerce Department from adding a question on American citizenship to the 2020 census, handing a legal victory on Tuesday to critics who accused the Trump administration of trying to turn the census into a tool to advance Republican political fortunes. The ruling marks the opening round in a legal battle with potentially profound ramifications for federal policy and for politics at all levels, one that seems certain to reach the Supreme Court before the printing of census forms begins this summer. The upcoming census count will determine which states gain or lose seats in the House of Representatives when redistricting begins in 2021. When the Trump administration announced last year it was adding a citizenship question to the census, opponents argued the results would undercount noncitizens and legal immigrants — who tend to live in places that vote Democratic — and shift political power to Republican areas.

National: Is This the Year for a Redistricting Revolution? | The Atlantic

Barack Obama and Arnold Schwarzenegger agree: Neither thinks Donald Trump has any business being anywhere near the White House, but the main political issue they’re going to focus on for the next two years is redistricting reform. The clock is ticking. The 2020 census, and the nationwide 2021 redistricting right after, are around the corner. Deadlines for ballot initiatives and legislation are already on the horizon for some states to change their procedures before then. Meanwhile, the Supreme Court could soon take up a case that would gut most of the efforts at redistricting reform that have, over the past 10 years, changed how states draw the maps that determine who runs where for Congress and their own legislatures.

National: The Shutdown Is Doing Lasting Damage to National Security | The Atlantic

As the longest government shutdown in American history drags on, it’s not just hurting the morale of America’s federal workforce and the broader American economy. It’s hurting our national security. Some of the damage is already plainly apparent—but in four crucial ways, its harms will persist long after the government reopens. We’re beginning to see indicators of short-term national- and homeland-security vulnerabilities. Airports are short on screeners; thousands of FBI agents, analysts, and staff are on furlough; and our government’s newest cybersecurity unit had barely launched before half of its staff was furloughed. Each of these lapses may cause specific problems: Dangerous weapons may slip through security, endangering the flying public; investigative leads may suffer from inattention, causing investigations of federal crimes to be delayed or go unfinished; and recent efforts to improve federal cybersecurity may be stopped before they ever really started. Moreover, given the importance this administration purports to place on immigration enforcement and border security, the irony of the Department of Homeland Security’s border agents and immigration officials not being compensated to perform their important work is hard to miss.