We have updated our Privacy Policy and Terms of Use for Eurasia Group and its affiliates, including GZERO Media, to clarify the types of data we collect, how we collect it, how we use data and with whom we share data. By using our website you consent to our Terms and Conditions and Privacy Policy, including the transfer of your personal data to the United States from your country of residence, and our use of cookies described in our Cookie Policy.
{{ subpage.title }}
Are US elections Safe? Chris Krebs is optimistic
The debate around the US banning TikTok is a proxy for a larger question: How safe are democracies from high-tech threats, especially from places like China and Russia?
There are genuine concerns about the integrity of elections. What are the threats out there and what can be done about it? No one understands this issue better than Chris Krebs. Krebs is best known as the former director of the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
In a high-profile showdown, Donald Trump fired Krebs in November 2020, after CISA publicly affirmed that the election was among the “most secure in history” and that the allegations of election corruption were flat-out wrong. Since then, Krebs has become the chief public policy officer at SentinelOne and cochairs the Aspen Institute’s U.S. Cybersecurity Working Group, and he remains at the forefront of the cyber threat world.
GZERO Publisher Evan Solomon spoke to him this week about what we should expect in this volatile election year.
Solomon: How would you compare the cyber threat landscape now to the election four years ago? Have the rapid advances in AI made a material difference?
Chris Krebs: The general threat environment related to elections tracks against the broader cyber threat environment. The difference here is that beyond just pure technical attacks on election systems, election infrastructure, and on campaigns themselves, we have a parallel threat of information operations, and influence operations —what we more broadly call disinformation.
This has picked up almost exponentially since 2016, when the Russians, as detailed in the Intelligence Community Assessment of January 2017, showed that you can get into the middle of domestic elections and pour kerosene on that conversation. That means it jumps into the real world, potentially even culminating in political violence like we saw on Jan. 6.
We saw the Iranians follow the lead in 2020. The intelligence community released another report in December that talked about how the Chinese attempted to influence the 2022 elections. We've seen the Russians are active too through a group we track called Doppelganger, specifically targeting the debate around the border and immigration in the US.
Solomon: When you say Doppelganger is “active,” what exactly does that mean in real terms?
Krebs: They use synthetic personas or take over existing personas that have some element of credibility and jump into the online discourse. They also use Pink Slime websites, which is basically fake media, and then get picked up through social media and move over to traditional media. They are taking existing divides and amplifying the discontent.
Solomon: Does it have a material impact on, say, election results?
Krebs: I was at an event back in 2019, and a former governor came up to me as we were talking about prepping for the 2020 election and said: “Hey, everything you just talked about sounds like opposition research, typical electioneering, and hijinks.”
And you know what? That's not totally wrong. But there is a difference.
Rather than just being normal domestic politics, now we have a foreign security service that's inserting itself in driving discourse domestically. And that's where there are tools that the intelligence services here in the US as well as our allies in the West have the ability to go in and disrupt.
They can get onto foreign networks and say, “Hey, I know that account right there. I am able to determine that the account which is pushing this narrative is controlled by the Russian security services, and we can do something with that.”
But here is the key: Once you have a social media influencer here in the US that picks up that narrative and runs with it, well, now, it's effectively fair game. It's part of the conversation, First Amendment protected.
Solomon: Let's move to the other side. What do you do about it without violating the privacy and free speech civil liberties of citizens?
Krebs: This is really the political question of the day. In fact, just last week there was a Supreme Court hearing on Murthy v. Missouri that gets to this question of government and platforms working together. (Editor’s note: The case hinges on whether the government’s efforts to combat misinformation online around elections and COVID constitute a form of censorship). Based on my read, the Supreme Court was largely being dismissive of Missouri and Louisiana's arguments in that case. But we'll see what happens.
I think the bigger issue is that there is this broader conflict, particularly with China, and it is a hot cyber war. Cyber war from their military doctrine has a technical leg and there's a psychological leg. And as we see it, there are a number of different approaches.
For example, India has outlawed and banned hundreds of Chinese origin apps, including WeChat and TikTok and a few others. The US has been much more discreet in combating Chinese technology. The recent actions by the US Congress and the House of Representatives are much more focused on getting the foreign control piece out of the conversation and requiring divestitures.
Solomon: Chris, what’s the biggest cyber threat to the elections?
Krebs: Based on my conversations with law enforcement and the national security community, the number one request that they're getting from election officials isn't on the cyber side. It isn't on the disinformation side. It's on physical threats to election workers. We're talking about doxing, we're talking about swatting, we're talking about people physically intimidating at the polls and at offices. And this is resulting in election officials resigning and quitting and not showing up.
How do we protect those real American heroes who are making sure that we get to follow through on our civic duty of voting and elections? If those election workers aren't there, it's going to be a lot harder for you and me to get out there and vote.
Solomon: What is your biggest concern about AI technology galloping ahead of regulations?
Krebs: Here in the United States, I'm not too worried about regulation getting in front of AI. When you look at the recent AI executive order out of the Biden administration, it's about transparency and even the threshold they set for compute power and operations is about four times higher than the most advanced publicly available generative AI. And even if you cross that threshold, the most you have to do is tell the government that you're building or training that model and show safety and red teaming results, which hardly seems onerous to me.
The Europeans are taking a different approach, more of a regulate first, ask questions later, which I think is going to limit some of their ability to truly be at the bleeding edge of AI.
But I'll tell you this: We are using AI and cybersecurity to a much greater effect and impact than the bad guys right now. The best they can do right now is use it for social engineering, for writing better phishing emails, for some research, and for functionality. We are not seeing credible reports of AI being used to write new innovative malware. But in the meantime, we are giving tools that are AI powered to the threat hunters that have really advanced capabilities to go find bad stuff, to improve configurations, and ultimately take the security operations piece and supercharge it.
FILE PHOTO: German flag patches on Bundeswehr uniforms
Germany investigates hack of Ukraine weapons aid discussion
German Chancellor Olaf Scholz ordered an inquiry Saturday after a hacked conversation about German military aid to Ukraine was published on Russian state-run media. In a 38-minute exchange on the WebEx platform, German Air Force officers discussed using Taurus missiles against targets in Crimea, including the Kerch Bridge to Russia – despite a recent Bundestag vote against supplying the weapons to Kiev.
Moscow is using the leak to portray Berlin as an aggressor. In a Telegram post, former Russian President Dmitry Medvedev, now deputy head of the Security Council, wrote, “Our age-old rivals – the Germans – have again turned into our sworn enemies.”
The military implications
The incident has been labeled a “catastrophe” for German intelligence due to its use of an insecure communications platform, and it has reignited debate about arming Ukraine with long-range weapons. Kiev has received SCALP and Storm Shadow missiles with a range of 250 kilometers, but the Taurus’ 500-kilometer range would allow deep strikes into Russian territory, prompting fears of escalation and retaliation.
Ukraine has been requesting the Taurus since May 2023, and President Volodymyr Zelensky recently told the Munich Security Conference that long-range weapons were urgently needed for his country to win the war. While Scholz had already indicated that Taurus was off the table, German officials say this latest incident was likely intended to cement that decision, to Kiev’s dismay.Russian flag displayed on a laptop screen and Guy Fawkes mask.
Hard Numbers: Anti-Russia hacktivism, Taliban schoolgirls, Polish diplomatic evictions, Egyptian currency drop
2,500: Hackers affiliated with Anonymous claim to have infiltrated 2,500 Russian and Belarusian sites, including government and media services. Trouble is, Putin likely views these hacktivists as agents of the West and critics warn that IT hits on critical infrastructure could, in turn, lead to Russian escalation.
13: Girls aged 13 and over had been planning to return to school on Wednesday for the first time since the Taliban took control of Afghanistan last summer. But right when the new academic year was about to start, officials announced that girls’ secondary schools would remain closed until further notice.
45: Poland is sending 45 “spies pretending to be diplomats” back home to Russia, according to the Polish interior minister. The move involves about half of Russia’s embassy staff in Warsaw and reflects just how tense things have become between the two countries since the invasion of Ukraine.
14: The value of Egypt’s currency fell 14% on Wednesday after its central bank raised the main interest rate. The bank pointed to instability caused by Russia’s invasion of Ukraine and the need to curb inflation. Prices are soaring — this week Cairo fixed the price of unsubsidized bread — but the rate hike may also signal Egypt’s desire to secure more funding soon from the IMF.
Join us live from the 2022 Munich Security Conference
Friday, February 18 at 11 am ET / 5 pm CET: Watch GZERO Media and Microsoft's live conversation from the 2022 Munich Security Conference.
As crises converge, our speakers will discuss emerging risks at the intersection of technology, policy and security: NATO's role and tools to defend democracy, the US role in global alliances, the rise of cyber threats and the need for cyber norms and stronger defenses.
Participants:
- David E. Sanger, White House and national security correspondent, The New York Times (moderator)
- Ian Bremmer, President and Founder, Eurasia Group and GZERO Media
- Benedikt Franke, Chief Executive Officer, Munich Security Conference
- Mircea Geoană, Deputy Secretary General, NATO
- Kersti Kaljulaid, former President of Estonia
- Anne-Marie Slaughter, CEO, New America
- Brad Smith, President and Vice Chair, Microsoft
Event link: gzeromedia.com/globalstage
This event is being held in collaboration with the Munich Security Conference.
Live from MSC 2022: Securing Cyberspace | Friday, February 18, 2022, 11 am ET / 5 pm CET
Sign up to get email alerts about this and other GZERO events.
Is a Huawei ban possible in Brazil? Poly Network cryptocurrency heist
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
The US warned Brazil about China's Huawei equipment in its 5G telecoms network. Would it be possible to ban Huawei in Brazil?
Now in theory, yes, but in practice, that will be very difficult. If not Huawei, the Brazilian mobile network infrastructure is largely sourced from China, and China is the country's most important trade partner overall. But as always, much depends on political leadership. President Bolsonaro, after all, did go along with President Trump in opposing Huawei while he was facing pushback for that decision at home. So the lesson to learn is that it is easier to prevent risky 5G telecoms equipment to come into the country than to cure when it's already there.
$600 million was stolen in what is being called the largest hack in decentralized finance history. What does this reveal about the security of digital assets?
Now, the answer is kind of in the question. The security is not hacker proof, at least not when it comes to the token swapping platform, Poly Network. But even if around half of the stolen assets have now been returned, the theft is still the largest robbery of its kind, and the hacker stole funds in 12 different cryptocurrencies.
Will there be a decisive US response to Russian cyber attacks?
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
After an attempted hack of a Republican National Committee contractor, is cybersecurity at a breaking point between the US and Russia?
Well, that breaking point has been a long time coming. There was the attempt to manipulate the 2016 elections and now we see a series of ransomware attacks that are escalating. So the question is, what the US can do to decisively change the calculation on the Russian side? Making clear that there will be sanctions and other consequences that hurt should be a start. But it will only be credible if these promises are followed through and enforced.
Why is China launching cybersecurity probes into US listed Chinese tech companies?
Well, there has been an intensification of regulatory measures vis-a-vis tech companies in China itself. So, steps against Didi fit the arm-wrestling pattern between companies and state agencies. Only now, US and international investors have also been caught up. And of course, it brings back memories of the Trump administration, which launched its own probes into Chinese tech firms. So the question is, who stands to lose most from a tit for tat type back and forth?
- Beyond SolarWinds: Securing Cyberspace | Global Stage ›
- SolarWinds hack a wake-up call to the tech sector - GZERO Media ›
- Russia's cyber attack: an act of espionage or war? - GZERO Media ›
- Hackers shut down US pipeline - GZERO Media ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- US & allies unite against China's cyberattacks - GZERO Media ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- Russian hackers target US tech companies with little accountability - GZERO Media ›
- Russian hackers target US tech companies with little accountability - GZERO Media ›
- Watching Russia: cyber threats & disinformation - GZERO Media ›
Biden likely to push Putin on cybersecurity in Geneva meeting
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
When President Biden and President Putin meet, will cybersecurity will be a key issue that they discuss?
Now, I'm sure that there will be many thorny issues on the table. But after American fingers pointed to Russia and hold it responsible for the SolarWinds hack, it's likely. Criminals in Russia were also not hindered when they held the Colonial Pipeline Company ransom through a ransomware attack. And really, when journalists and opposition leaders cannot speak a single critical word without being caught, how come cybercriminals can act with impunity in Russia? So the need for prevention and accountability really is significant. And I hope the President Biden can push and persuade Putin to change the confrontational and aggressive course that he is on.
Hackers shut down US pipeline
Ian Bremmer's Quick Take:
Hi, everybody. Ian Bremmer here. Happy Monday to you. A Quick Take. I wanted to talk about this unprecedented hack that has shut down a major pipeline in the United States. The Colonial Pipeline carries well over 2 million barrels a day. It's about half of the East Coast supply of gas and jet fuel. In other words, really not something you want to have suspended. And when I think about the impact of cyberattacks in the world, I mean, we've been warning that this is going to be a bigger challenge going forward, we're now really starting to see the implications of it.
In this case, it's a dual attack. It was an attack both against data in the firm that has been stolen that the organization, the criminal syndicate that has perpetrated the attack has said that they will make it public and delete all of the data from the system of the pipeline company if the ransom is not paid by the deadline that they have provided. And then of course, they also physically shut down the pipeline as well. It's an enormous problem. It's probably unprecedented in the scale of impact in the United States, though, we're seeing more of this kind of thing around the world.
So, let's take a step back. What does it mean? How much should we be worried and what can we do when we think about cyber? Well, when I think about the world of cyber over the course of the past 10 years, there are some aspects of it, the great power competition that has worried me less, because even though it's all about offense, the United States, the Chinese, the Russians by far the most capable in terms of offensive cyber capabilities than in other countries, like Israel and Iran with less but significant capabilities. But those governments, large governments do understand that if they are to engage in the kind of escalatory attacks, that could cause real damage to the country that they're going after, then the gloves come off and suddenly this can turn into a real national security danger. It could create a kinetic war that spirals out of control. And so, they don't do it. And so there has been a level of cyber deterrence between major countries all around the world.
You've seen these unprecedented attacks in the last months, for example, the SolarWinds attack that we believe came from Russia and other massive attacks coming from China. But in each of these cases, no critical infrastructure was destroyed or even damaged to the best of our knowledge. No, instead it was espionage. It was surveillance. It was monitoring. By the way, the Americans do the same thing to all of those countries, whether they have offensive cyber capabilities themselves or not. So that's a bit like the nuclear balance. It's all offense. It's not defense, but there are constraints on what countries do, because if you set off one nuke, other nuclear countries are quite likely to retaliate in kind. So it does create a level of stability, even though it is a more dangerous destructive environment in the world. You'd rather not have them than have them. Okay, that's the good side.
The bad side is that you sometimes have governments that engage in acts on cyber that go bigger and larger than had initially been presumed. So for example, when the Russians engaged in the NotPetya attack against Ukraine, which was a piece of malware that was reverse engineered out of the US, out of the National Security Agency developed in the US a few years before, it did hit Ukraine, it absolutely caused major economic damage and political stability damage to the country, but it also escaped. And so in relatively short order, you had Western corporations with operations primarily all over the world, very little in Ukraine. In some cases, just a couple of computers in Ukraine causing billions of dollars of damage because the malware spread. And the Russian government, I find it highly unlikely that they intended for that attack to spread. And the question was, did they either not know or not care? I suspect it's more the former than the latter, because if it got really big, this could have caused an enormous blow back for Russia. But that means that intrinsically when you're engaging in cyberattacks with new forms of weapons that have the ability to spread autonomously, there's greater danger around the nature of attack. That's one point.
Secondly, it's a lot harder to contain cyber offensive capabilities to a small number of countries. Obvious example, I mentioned among countries that have strong cyber capabilities, Iran. Now, we're working in the United States, the Biden Administration is working very hard right now to try to get the United States back into the JCPOA, the Iranian nuclear deal the Trump Administration unilaterally withdrew from. And if that happens, we will continue to successfully prevent the Iranian government from developing nuclear weapons capability with verifiable inspections on the ground. That's important, it's significant, but there has been no ability to limit the nature and development of Iran's offensive cyber capabilities, which they use against Israel, against Saudi Arabia, against the United States. And there's very little capacity to deter a government that is much more unstable itself, that has willingness. And it's the reason we don't want Iran to have nukes is because we think that that potentially could lead to much more conflict in the region. That's unacceptably dangerous to let's say Israel or to the Saudis, other American allies on the ground, but they have those cyber capabilities. And that's clearly a danger. I mean the Operation Shamoon, which the Iranians did, which looks like it was a reverse engineer of the Stuxnet attack that the Americans, the Israelis engaged in against Iranian centrifuges, basically was within a couple of hours of taking all of Saudi Aramco's energy production offline, and that could have precipitated a war.
So you're much closer to trip wires to red lines, even among governments, because of that when you talk about cyber. And then you have what we just saw, what we're experiencing now with the shutdown of the colonial pipeline, and this is a criminal syndicate. Non-state actors, whether they be gangs or the aforementioned 300-pound guy on a bed in New Jersey, or whether it's a terrorist organization, the ability of institutions and people that are much less easily determinable either because of the ideology or because you don't know who they are engaging in strikes that are really dangerous, that is becoming unprecedented in today's environment. And that's what we just saw. The cybercriminal gang called DarkSide is ostensively behind the attack on the Colonial Pipeline.
And this is a cybercriminal gang, right? It is a group of individuals. It is not known who they are. They have anonymity, they're quite sophisticated. And they engage in these strikes against multinational corporations, some small, some big, to enrich themselves essentially. And this organization, DarkSide, has said that they won't attack hospitals, for example. That's their form of ethics. Other such organizations have no such compunction. You've seen a number of hospitals shut down. For example, one of the things I was worried about is what would have happened if there had been a massive cyberattack by a criminal gang against American hospitals at the time when they were getting overwhelmed by the pandemic. This is an absolute, real danger and something that the technology exists to do. And the people that could engage in those attacks have that technology in their hands, right now. And so the only thing stopping them is the sense of ethics that these criminals actually have. That's a serious problem.
Now in the case of DarkSide, and a lot of these criminals are operating in areas where Western rule of law cannot reach them, the presumption with DarkSide is they are in the former Soviet space. And the reason I presume that is because those that are studying DarkSide's attack so far have seen no attacks against Russian and former Soviet countries. Companies that obviously would be just as exposed, in many cases more so than those outside of the former Soviet union. No attacks against Russia, Ukraine, against Kazakhstan, countries like that. So you would expect that the people that are engaged in DarkSide are either from one or many of the former Soviet states. A lot harder to hit them directly when rule of law doesn't reach that far and when the governments themselves are showing absolutely no interest.
In fact, in the case of Russia, many of the cyberattacks the Russian government engages in are essentially outsourced to these criminal gangs that make money both in terms of the national security efforts that they make at behest of the Russian government, but also then sideline, moonlight, have their side gig engaging in criminal activities, outside the former Soviet space.
The likelihood that this significantly worsens US and Western relations with Russia leads to more sanctions. If so, because the Russian government and others are refusing to take action. That's also a real problem. And one that isn't likely to get resolved anytime soon. So serious challenges as a consequence of this. It showed up very high on our top risks for 2021. This is part of the reason for it. And I suspect we're going to spend a lot more time on it going forward.
So, not the cheeriest topic for a Monday kicking off your week, but hopefully something we get resolved at least in this attacks case, in relatively short order. Be safe, everybody. Avoid fewer people and I'll talk to you soon.
- Why the US was unprepared for the 2020 cyber breach - GZERO ... ›
- Impact of Microsoft hack deepens; why cyber attacks target ... ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- Russia's cyber attack: an act of espionage or war? - GZERO Media ›
- DarkSide hack reveals risk of ransomware cyberattacks - GZERO Media ›
- Will there be a decisive US response to Russian cyber attacks? - GZERO Media ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- Russian hackers target US tech companies with little accountability - GZERO Media ›
- Russian hackers target US tech companies with little accountability - GZERO Media ›
- How Russian cyberwarfare could impact Ukraine & NATO response - GZERO Media ›
- How Russian cyberwarfare could impact Ukraine & NATO response - GZERO Media ›