Jan 3, 2019

Axios Codebook

Axios

Welcome to the first Codebook of the new year. Axios haxios is baxios.

Questions? Comments? Tips? Reply to this email.

1 big thing: First House bill to tackle election security

Nancy Pelosi. Photo: Tom Williams/CQ Roll Call

H.R. 1, the gargantuan first bill the new House Democratic majority will unveil Friday, is an anti-corruption grab bag that most prominently tackles campaign finance, sexual harassment and voting rights. But election cybersecurity will quietly play a major role in the bill, too.

The big picture: This bill will likely clear the House and then die in the Senate. "These are things [Senate] Majority Leader McConnell has spent his entire career fighting," noted a source familiar with the final content of the bill. Beyond the Senate, President Trump is unlikely to welcome a provision requiring presidential candidates to release tax returns.

But H.R. 1 is more than just a flag in the sand. Everyone who blocks the Democrats' crackdowns on government misconduct will have to explain why they are opposed to:

  • Forcing super PACs to report donors.
  • Barring Congress from using taxpayer funds to pay sexual harassment settlements.
  • Reinstating the Voting Rights Act.
  • Other largely bipartisan-supported provisions many voters see as good government.

Enter cybersecurity. Details aren't final, but those who have worked on the bill say its election cybersecurity efforts will borrow heavily from the 2018 Secure Elections Act proposed by Rep. Bennie Thompson (D-Miss.). That bill:

  • Authorized $1.7 billion in grants for states to purchase more secure election equipment. Those numbers could easily change: H.R. 1 is described as matching the goals but not the specifics of the earlier legislation.
  • Would dole out those funds for training, security testing, maintenance and shoring up the security of all aspects of election infrastructure, from voting machines to IT systems.
  • Requires the White House to create and formalize an election cybersecurity strategy.
  • Requires that vendors be owned by U.S. citizens or residents and that they disclose where components of their systems are manufactured.

The new funding would augment $380 million allocated last year for election cybersecurity.

  • A report by Verified Voting and the Brennan Center noted that $380 million would have been barely enough to pay for more secure upgrades in the handful of states where voting machines didn't provide paper receipts, had the money all been spent on that need — which it wasn't.
  • In practice, state election officials by and large agree with that sentiment.

H.R. 1 also contains the Honest Ads Act, a Senate bill that would require political ads online to disclose who paid for them. That kind of regulation already exists for other kinds of media.

  • While Russia famously purchased Facebook ads in rubles during the 2016 election, most of its disinformation work was conducted through puppet social media accounts.

What's next: A source knowledgable about H.R. 1 deliberations said that Democrats would ultimately be comfortable breaking out those parts of the bill that could pass the Senate into standalone legislation — and the cybersecurity provisions would be among the most likely to achieve Senate support.

2. Welcome back! Things got weird

While Codebook was in its winter hibernation, more than a few big news stories slipped through the cracks. Here's a brief rundown.

Tribune newspapers were hit hard by ransomware, affecting publication of several papers.

  • Specifically, they were hit by the Ryuk ransomware, a variant of ransomware used by North Korea to compensate for financial losses from crippling sanctions.
  • That could mean just about anything. If North Korea is behind the attack, which Tribune believes but has not been confirmed, it may mean North Korea continued targeting large firms hoping for massive ransomware paydays.
  • It could also mean that North Korea was using ransomware as a smokescreen for another attack.
  • Or it could mean that someone is using North Korean ransomware for their own purposes.

Michigan passed cyberbullying legislation.

  • While you shouldn't be cyberbullying people to begin with, you especially shouldn't do it in Michigan after March. That's when a law with penalties up to 20 years of imprisonment takes effect.
  • It will be interesting to see how this holds up in practice. Some presidential tweets might be considered "misleading" statements designed to "intimidate, frighten, or harass."

North Dakota announced it will consider centralizing its cybersecurity operations.

  • Today, the returning North Dakota legislature will consider centralizing cybersecurity operations protecting local governments and universities, rather than having each handle cybersecurity themselves.
3. Hackers release 9/11 insurance docs from several sources

Hacker group The Dark Overlord released a sampling of documents to demonstrate it had stolen a cache of files related to 9/11.

The documents, claim the hackers, come from the insurance firms Hiscox Syndicates and Lloyd's of London, real estate company Silverstein Properties, and various federal agencies. There may be as many as 18,000 documents.

The big picture: It's very possible that all of the documents come from one or a few third-party sources. CyberScoop reports Hiscox industries believes its documents were stolen from a breached law firm and that Lloyd's believes its documents were not stolen from internal systems.

The samples include Powerpoint presentations and other documents from Lloyd's and Hiscox employees surrounding 9/11 business from 2003.

The Dark Overlord ran afoul of several sites' terms of service for posting hacked files as they performed the 9/11 document dump, kicking the group off of Twitter and other sites.

  • Eventually, the group placed documents on a blockchain-based files-haring site, making it hard, if not impossible, to delete the information.

The group is best known for ransoming "Game of Thrones" and "Orange is the New Black" content in attempts to extort HBO and Netflix, respectively.

4. Hacked data posted on nearly 1,000 North Korean defectors

Officials from South and North Korea stand in front of a road sign in Kaesong, North Korea. Photo: Korea Pool/Getty Images

Reuters reports that 997 North Korean defectors to South Korea had data posted online after a breach at a South Korean resettlement agency.

The big picture: Hackers targeted the Hana center, one of 25 organizations run by the South Korean Unification Ministry to help relocate North Korean refugees. The ministry is notifying victims.

The ministry did not blame North Korea for the attack and an investigation into the hack is ongoing.

  • North Korea has frequently lobbed cyberattacks against the South in the past, and defectors have often disappeared from the South to turn up in the North, although recent efforts to mend fences between the countries would make this a particularly risky time for the Kim Jong-un regime to sanction this kind of attack.
  • North Korean state media denied the country was involved in the attack.
5. Odds and ends
Axios

Codebook returns to its Tuesday/Thursday schedule next week, just in time for Pat Benatar's birthday.