Axios Codebook

Threats to 2022 election security will extend beyond today's vote as officials prepare for an onslaught of disinformation targeting the credibility of ballot counts and potential recounts throughout the week.

Why it matters: Election deniers are likely to spread lies about the security of ballot counts, voting machines and absentee voting in the days it will take officials to certify the results of several close races.

• When successful, these campaigns end up weakening trust in the official results and can incite violence or lead to politically motivated election "audits" months later.

Details: The challenges to election results are expected to come in a variety of forms this week.

• Voting rights groups participating in the Election Protection coalition told reporters last week they're standing up hotlines and sending in on-the-ground help at voting centers to debunk lies about how votes are cast to preempt false narratives targeting the voting process.
• Disinformation about the security of voting equipment is already spreading, Pam Smith, president of Verified Voting, told reporters. And a report from cybersecurity firm Recorded Future released Monday anticipates an uptick in voting-machine-related disinformation in the days after Election Day.
• Foreign actors could continue ongoing election-related disinformation campaigns as the votes are counted to further spur distrust in official results.

The big picture: Candidates and elected officials have come to anticipate challenges to election results in recent years. Officials have issued a series of warnings and attempted to "pre-bunk" the lies in the last few weeks.

Reality check: "It is overwhelmingly safe for American voters to vote — whether you voted in advance, through early or absentee voting, or vote tomorrow," said Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA) in the Trump administration, during a Washington Post event Monday.

• "Do not let these people deter you from getting out there and voting," he added.
• A senior CISA official told reporters earlier today that the agency also continues to see "no specific or credible threat to disrupt election infrastructure."

Between the lines: Failing to rein in election lies before they spread can have deadly consequences — as seen during the Jan. 6 insurrection.

• Hundreds of election deniers are on the ballot today, creating an opportunity for newly elected government officials to further peddle these lies this week.

Yes, but: The ability to limit the spread of election lies also sits with social media platforms that operate using their own rules for moderating disinformation.

• While Facebook and YouTube continue to operate their election moderation teams as usual, recent upheaval in Twitter's ownership could make it ripe for election disinformation this week.

Be smart: State and local election officials are the best source of information on election administration and results as officials count ballots.

• CISA will also be debunking election lies on its Rumor Control site.
• And members of the Election Protection coalition are operating a series of hotlines to help answer questions about the voting process.

U.S. efforts to crack down on ransomware and mandate companies report cyber incidents could end up being a "credit positive" next year, according to Moody's 2023 cyber outlook shared first with Axios.

Why it matters: A rise in cyberattacks in recent years has caused headaches for businesses as they face high price tags to recover from attacks — and potentially see their creditworthiness hurt following an incident.

The big picture: Credit raters and analysts have started factoring histories of cyberattacks into decisions about whether a company will be able to repay its debts, per the Wall Street Journal.

• If a company handles a cyberattack poorly, it risks facing a lower credit rating, signaling that it might not be able to make necessary payments.

Details: U.S. actions to sanction ransomware actors, target the servers those ransomware operators work on and enact new cyber incident reporting laws could reverse this trend and create a credit-positive environment in 2023, analysts at Moody's tell Axios.

• Ransomware efforts have started to dissuade attackers from targeting U.S. companies, and incident reporting laws will "help raise a baseline set of information about the scope of cyberattacks," the report notes.

Between the lines: For ransomware, the U.S. is benefiting, while organizations in Europe and South America will take a hit as ransomware gangs home in on them.

• "This shift will be credit positive for U.S. issuers experiencing a relative reprieve from attacks but negative for issuers in regions with an uptick in ransomware incidents," the report notes.

Yes, but: Moody's outlook could change depending on how exactly new laws and regulations are implemented.

• Various government agencies — including both the Cybersecurity and Infrastructure Security Agency and the Securities and Exchange Commission — are working on proposals to set up their own reporting requirements. But, as they stand right now, each one has different deadlines and requirements for the incident reports.
• Whether these efforts can be harmonized will play a huge role in whether cyberattacks hurt a business's creditworthiness in the future, says Gerry Granovsky, senior vice president of Moody's cyber risk group.

The bottom line: Creditors are hopeful that government attention to cyberattacks could help offset some of the financial turmoil these incidents have caused businesses.

Federal authorities seized more than $3.36 billion worth of bitcoin as part of an investigation into fraud involving the Silk Road dark web marketplace, Axios' Brady Dale and I report.

Why it matters: The Department of Justice's announcement on Monday signals the feds' growing capability for — and interest in — recovering cryptocurrency payments tied to cybercrime.

Driving the news: The DOJ said it seized approximately 50,676 bitcoin last November, which was then valued at more than $3.36 billion. At the time, it was the largest cryptocurrency seizure in DOJ history, but the amount is now worth roughly $1.05 billion.

• The department also announced that James Zhong pleaded guilty earlier this year to committing wire fraud in September 2012 after unlawfully accessing 50,000 bitcoin from Silk Road.

Flashback: It's the second multibillion-dollar recovery the U.S. government has announced this year, following its find of ill-gotten gains from a 2016 hack on the exchange Bitfinex.

Details: Zhong was able to manipulate Silk Road's payment system by triggering more than 140 transactions "in rapid succession" and successfully tricking it into releasing about 50,000 bitcoin, according to an affidavit filed Monday.

• IRS agents discovered the bitcoin in an underground floor safe and on a "single-board computer that was submerged under blankets in a popcorn tin stored in a bathroom closet" at Zhong's home in Gainesville, Georgia.

The intrigue: The IRS seized about $7 billion in cryptocurrency in 2022, an agency official said earlier this month. That's double the total from last year.

• The U.S. government has been eyeing crypto seizures in cybercrime cases to target criminals' financial motivations.
• Officials are using the strategy to fight ransomware as well, the most prominent example being when the DOJ recovered half of Colonial Pipeline's crypto payment to the DarkSide ransomware gang.

What's next: Zhong's one count of wire fraud carries a maximum sentence of 20 years, and he is scheduled to be sentenced on Feb. 22.

@ D.C.

🗳 Yevgeny Prigozhin, a Russian businessman and close ally to Vladimir Putin, admitted to interfering in the U.S. elections. (The Guardian)

🌐 A popular internet infrastructure company relied on by internet browsers Chrome, Safari, Firefox and others has connections to contractors for U.S. intelligence agencies and law enforcement. (Washington Post)

📸 European regulators are struggling to enforce privacy laws in cases involving biometric data collection. (Wired)

@ Industry

📲 End-to-end encrypted chat service Signal has launched a Stories feature. (TechCrunch)

🏥 The International Committee of the Red Cross wants to create a digital symbol that cautions hackers against hacking hospitals whenever they gain access to their networks. (Wall Street Journal)

@ Hackers and hacks

🇷🇺 A pro-Kremlin hacktivist group targeted Eastern European government websites over the weekend, but their attacks failed to keep those sites offline for long. (The Record)

👾 A relatively new ransomware gang is claiming responsibility for last month's attack on Australian health insurer Medibank and threatening to leak stolen data. (BleepingComputer)

As more people join social media site Mastodon this week, I've really been enjoying watching people uncover new bugs and weird features.

• For one, maybe don't mention anyone in the DMs on Mastodon for now ... or you'll accidentally pull them into a conversation. 🙃