Welcome to Codebook, the most fascinating cybersecurity newsletter in the most fascinating timeline.
Today's Smart Brevity: 1,723 words, 6.5-minute read
Illustration: Aïda Amer/Axios
Last week, Senate Majority Leader Mitch McConnell offered his support for a $250 million election security fund. By experts' estimates, that's only around 10% of what states will need between now and 2024 in order to protect elections from security threats.
The big picture: The County Commissioners Association of Pennsylvania says it will cost $125 million to replace unsecure voting machines in its state alone, meaning half the new funds could be spent on one small aspect of election security in just one state.
Driving the news: McConnell added his name last week to a bipartisan $250 million amendment to a pending appropriations bill, an abrupt change from his earlier thwarting of election cybersecurity bills.
The bare minimum cost of securing the U.S. election system is $2.153 billion over the next 5 years, according to an estimate by the Brennan Center at NYU Law School. Lawrence Norden, director of the Electoral Reform Program at Brennan, told Axios it will likely cost a similar amount every 5 years after that.
By the numbers: By the Brennan estimates, it will cost:
This isn't just a voting machine issue: The public debate about election security often gets falsely reduced to swapping out machines without paper ballots for machines with them.
Many of those costs repeat: "The equipment ages out. Voting machines have to be replaced every 10 years," Norden said.
The federal government doesn't have to bear the full cost of cybersecurity. In fact, most states would prefer some degree of autonomy in how they run elections.
The politics: A GOP aide stressed to Axios that with the $250 million, the total amount of election security funding allotted to the states since 2018 exceeded $600 million.
The bottom line: $250 million is a down payment on security, not the full bill.
There are other concerning issues at play in the Ukraine memo released by the White House Wednesday. But don't overlook the part where President Trump appears to subscribe to an easily debunked conspiracy theory that he doesn't quite remember.
What they're saying: "I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike... I guess you have one of your wealthy people... The server, they say Ukraine has it," reads Trump's comments to the Ukrainian president (ellipses from the original document).
CrowdStrike is the American company hired by the Democratic National Committee to investigate and expunge the hackers responsible for the 2016 breach. The firm is at the center of a number of right-wing conspiracy theories because it was the first to publicly release evidence that Russia perpetrated the digital trespass.
President Trump has expressed distrust in the firm by name since at least 2017, when he told AP he "heard it’s owned by a very rich Ukrainian."
Whatever "they say," Ukraine does not have the DNC server that Trump frequently claims — incorrectly — the FBI forgot to investigate.
It is standard practice for an incident response group like CrowdStrike to handle the initial investigation into who hacked a system while booting hackers from the system.
Why it matters: For a president to keep repeating that something so easily explained was amiss in the Russia investigation is profoundly concerning.
Tortoiseshell, an espionage group first discovered by Symantec earlier this month, used a fake veterans' job site to implant malware on former service members and other job seekers, Cisco's Talos Labs reports.
The big picture: Symantec first noticed the group in attacks on Saudi IT providers.
Look out, it's LookBack (Proofpoint): Employees at 17 U.S. utilities were targeted by a phishing campaign containing the LookBack malware, according to Proofpoint.
Bumbling social media scheme hit Hong Kong protesters (Axios): Researchers at Graphika uncovered an amateurish social media campaign targeting the Hong Kong protests that spanned across hundreds of accounts on several mainstream Western platforms.
Facebook election team tours Washington: Facebook's election security team will finish 3 days of meetings with policy staff, political parties, national security officials and candidates Thursday, according to a person familiar with the meetings.
Russian hacker pleads to data theft (DOJ): Andrei Tyurin pleaded guilty in New York to stealing data of more than 100 million victims from financial institutions.
Fancy Bear's ace hackers are back and fancier than ever (ESET): Fancy Bear, one of the Russian hacker groups believed to have hacked the Democratic National Committee in 2016, debuted new tools in a recent round of breaches.
Soccer leaker charged as hacker (New York Times): Rui Pinto, whose leaked documents on European soccer stars led to the reopening of a sexual assault charge against a prominent player in the U.S., was charged with nearly 150 counts of hacking in Portugal.
North Korea is hacking ATMs (Kaspersky): The famed Lazarus Group, often involved in Pyongyang's attempts to steal capital that sanctions now make it impossible to otherwise obtain, is using new malware to rob ATMs, notes Kaspersky.