November 04, 2020
Hello, and welcome to this edition of Codebook. This week, we’re thinking about all the hardworking federal, state and local officials who have devoted untold hours over the last months to make our elections safe, transparent and secure.
Today's newsletter is 1,316 words, a 5-minute read.
1 big thing: Disinformation is a bell that can’t be unrung
Although the winner of the 2020 presidential contest is still unknown, one thing is clear: disinformation is becoming an endemic feature of U.S. politics.
Why it matters: Every nation is an "imagined community," political scientist Benedict Anderson said, bonded together by shared understandings, values and historical narratives. Disinformation cleaves those commonalities, making a country more dysfunctional, more divided and altogether weaker.
What's happening: In 2016, a defining story was how a foreign government, after correctly identifying long-running fractures in American society, perpetrated a covert action campaign using cyber espionage and other forms of malign online activity to heighten those political tensions. It worked spectacularly.
- This year, foreign campaigns have been quieter, seemingly limited to instances like crude pre-election shenanigans from Iran and Russia. Instead, the story of this election entails powerful U.S. actors, including the sitting president and some of his closest confidants, unleashing a torrent of domestic disinformation.
The state of play: President Trump and his allies spent the period before and after the election ramping up the sharing of false claims and misleading media.
- Overnight following the election, Trump tweeted, "We are up BIG, but they are trying to STEAL the Election. We will never let them do it. Votes cannot be cast after the Polls are closed!"
- There is no evidence — none — of attempted large-scale election fraud. This is just the latest version of Trump’s claim that "the only way we're going to lose this election is if the election is rigged," one that he continued to gesture at in further tweets Wednesday morning.
- Trump’s former acting director of National Intelligence posted a tweet Monday with photos of Joe Biden wearing a face mask outdoors and going maskless on an airplane, suggesting he only follows coronavirus safety protocols for show. In fact, the airplane photo was taken pre-pandemic, in 2019. The misleading tweet was shared more than 27,000 times.
- A senior adviser to the president falsely claimed that only ballots counted on Election Day itself should be considered valid — and that if the president appears ahead on election night, he is the rightful winner.
Between the lines: It matters that these messages have come from the White House and figures like a former top intelligence official. This brand of disinformation is far more pernicious than anything Russia's FSB or GRU could have dreamed up, because people in positions of authority and those in their orbit enjoy built-in credibility within American institutions and society.
- Foreign actors will likely soon move to amplify and seize on these American-made narratives. Already, U.S. officials worry that Russia and Iran are likely waiting until the immediate post-election period to execute their more fully realized online disinformation campaigns.
- Officials believe those will focus on discrediting the election results, no matter the winner.
The big picture: The last four years have seen a dramatic acceleration and escalation of the U.S.'s digital Balkanization, with many Americans living in entirely parallel information environments that share fewer and fewer first principles and basic truths. In the era of COVID-19, this has had tragic and deadly consequences.
The bottom line: America’s adversaries have surely already identified these new schisms as prime targets for future meddling opportunities. But their work has been made immensely easier by the devolving domestic environment itself. American politicians have rung this particular bell too many times, and it simply can’t be unrung.
2. Mueller team considered charging WikiLeaks over DNC hack
Investigators considered charging WikiLeaks, Roger Stone and Julian Assange with “computer-intrusion conspiracy” before ultimately rejecting the option, according to newly unredacted pages from the Mueller Report obtained by the Electronic Privacy Information Center and BuzzFeed.
The big picture: Robert Mueller’s decision to delimit the investigation of President Trump, together with Attorney General Bill Barr’s preemptive downplaying of the contents of the Mueller Report, may have created the impression that investigators found less evidence of wrongdoing than they actually did.
Details: Prosecutors considered the idea that “these actors were liable as late joiners in an already existing conspiracy,” per the newly declassified passages.
- They compare WikiLeaks to a fence that traffics in stolen goods, “liable for ensuring a market for and maximizing the value of the stolen materials.”
Yes, but: Prosecutors ultimately rejected this potential avenue because they “did not have admissible evidence that was probably sufficient to obtain and sustain a Section 1030 conspiracy conviction of WikiLeaks, Assange, or Stone.”
- Moreover, while prosecutors did have evidence of “communications between the GRU officers and WikiLeaks-affiliated actors,” these “occurred via encrypted chats,” so Mueller's investigators did not have access to the content of the messages, says the report.
Meanwhile: Mueller's investigators also worried over the potential First Amendment ramifications of prosecuting WikiLeaks, given that journalists routinely publish information derived from hacked materials.
- The First Amendment protects parties that publish even illegally intercepted communications that are in the public interest, says the report — meaning WikiLeaks’ defense that it was acting as a media organization while publishing the hacked emails could create serious potential constitutional challenges.
Context: In 2019, U.S. officials charged Assange with computer hacking crimes in connection with his interactions with Chelsea Manning, claiming that in 2010 Assange helped Manning crack a password to a classified U.S. government network.
- Assange was also later charged with Espionage Act violations, charges that have raised other First Amendment concerns.
3. Ransomware attacks hit U.S. hospitals
A tsunami of ransomware attacks has hit U.S. hospitals in Vermont, New York, Oregon and likely other states, with U.S. officials warning that there is “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers” across the country, according to a recent CISA, FBI and HHS bulletin.
Why it matters: The decision by cyber criminals to launch a large-scale campaign attacking hospitals represents a shocking escalation by these groups, and it shows how unbound by moral considerations they are when selecting their targets.
Details: “As many as 20 medical facilities” have already been affected by these attacks, according to NBC News.
- The ransomware attacks are believed to have been perpetrated by the Russian-speaking group of cyber criminals that operates the “TrickBot” botnet, the world’s largest. A botnet is a group of hijacked computers that have been repurposed for malicious ends.
The big picture: These ransomware attacks, which encrypt victims’ data unless they pay a fee to get it back, are occurring as medical facilities across the country are being overwhelmed with new hospitalizations because of the COVID-19 pandemic.
- Some affected hospitals have lost access to their digital records, slowing down basic administrative tasks and creating backlogs. In an Oregon hospital, surgeries and some cancer treatments have been delayed because of the attacks.
The bottom line: Ransomware-wielding cyber criminals represent "the most significant cyber threat that we’ve experienced in the US to date," Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, told Wired.
4. Cyber Command: An intel agency in military clothing?
Although they have often been described in military terms, offensive cyber operations are best understood as an evolution in intelligence activities, argues a new article in the Journal of Intelligence and National Security.
Why it matters: Military and intelligence operations function under the authority of different statutes. U.S. Cyber Command’s authority to run offensive cyber operations may rest on shaky foundations if they’re truly intelligence — and not military — activities.
What they’re saying: “Whether state-based or non-state, motivated by political interest or economic gain, most cyber actors are preoccupied with collecting and protecting secrets, at least to facilitate tactical intrusion if not to obfuscate attribution. In short, cyber operations look a lot like intelligence operations,” writes Jon Lindsay, a professor at the University of Toronto.
- But with Cyber Command, we “find ourselves in a surreal situation in which the very organization that is pioneering intelligence operations at an unprecedented scale refuses to describe itself as an intelligence organization,” writes Lindsay.
Between the lines: Treating cyber operations like military actions may also ultimately make them less effective and potentially even counterproductive, argues Lindsay. The military’s emphasis on swift action and scale could result in “overzealous” cyber operations, he writes, that could, among other concerns:
- Heighten cross-national tensions.
- Politicize national security organizations.
- Compromise legitimate intelligence objectives.
5. Odds and ends
- The U.S. launched cyber actions against Iran to foil its ability to possibly meddle in the 2020 election. (Washington Post)
- Foreign-backed online electoral interference clearly violates international law, say more than 100 prominent scholars. (Oxford University)
- Cyber criminals stole patient data from a Finnish psychotherapy practice, then threatened to release the information unless the victims paid. (CyberScoop)
- America’s election infrastructure is much more secure in 2020 than in 2016, says a former senior NSA official. (Barron’s)
- An Iranian cyber spying group has been targeting state election websites for voter data. (CISA/FBI)
- Is China bad at online influence operations? (ChinaTalk)