Welcome to The Cybersecurity 202! After watching a bunch of spooky movies and shows for Halloween, I needed some comedy to cleanse the palate. I can heartily recommend "Everything Everywhere All at Once," which somehow exceeded my high expectations, as well as "Weird: The Al Yankovic Story," which got a laugh every few seconds or so. Below: NSO is reportedly in bad financial straits, and a Greek newspaper says nearly three dozen people were targeted with spyware. First: | The government says it won't flag election disinformation on Twitter and other social platforms | Elon Musk has made massive layoffs at Twitter . (Jonathan Newton/The Washington Post) | | The Cybersecurity and Infrastructure Security Agency says it's taking a hands-off approach when it comes to false claims about the election process on Twitter. CISA spokesperson Michael Feldman told me the agency isn't flagging any election-related disinformation to Twitter or any social media platform. His comments come after an Intercept report last week detailed communications between the government and tech companies, prompting criticism from conservatives and raising concerns among some civil rights advocates. Instead, Feldman said, state and local officials can flag potential disinformation about their elections to the Center for Internet Security (CIS), a nonprofit which may then pass it on to social media platforms "who, as always, make their own decisions according to their own policies," he wrote in an email. With one day to go until the midterm elections, concerns about election disinformation on social media have proliferated, exacerbated by Elon Musk's purchase of Twitter and subsequent widespread staff layoffs. This election will be the first nationwide test of the democratic process after the 2020 election in which former president Donald Trump falsely claimed — and convinced many of his supporters — that it was stolen from him. Yet even before Musk's takeover, Twitter and other social media platforms were already leaving false election claims alone, as my colleagues Naomi Nix, Jeremy Merrill and Hayden Godfrey reported. And the Election Integrity Partnership found in a report over the weekend that many of 2020's top "voter fraud influencers" remained active on social media, with some further expanding their reach across platforms. | Musk laid off an estimated half the company on Friday, with teams devoted to content moderation taking part of the hit. "The layoffs included a number of people who were scheduled to be on call this weekend and early next week to monitor for signs of foreign disinformation, spam and other problematic content around the election, one former employee told The Washington Post," as my colleagues Drew Harwell, Cat Zakrzewski and Isaac Stanley-Becker reported. | - What's more: "A representative from one of the national party committees said they are seeing hours-long delays in responses from their contacts at Twitter, raising fears of the toll workplace chaos and sudden terminations is taking on the platform's ability to quickly react to developments."
- It also looks like the cuts erased another team that works on disinformation, the curation team.
| Those layoffs could potentially affect cybersecurity, as I wrote last week. Yoel Roth, head of Twitter's safety and integrity team, said "core content moderation capabilities remain in place." | Yet Musk pleased some cyber experts by backing away from implementing a plan to overhaul how Twitter verifies users before the midterms over concerns about how it might abet election misinformation, the New York Times's Ryan Mac, Kate Conger and Mike Isaac reported. That system would allow anyone who pays $8 a month to get the blue check mark now given to verified identities, along with other benefits. Experts have said this could sow election chaos if foreign adversaries and election deniers use abandoned profiles to impersonate real people, some worry. Musk still plans to go forward with it after Election Day. The planned delay doesn't solve all the election-related issues, as my colleague Cat pointed out: | There's also evidence of efforts at Twitter to continue countering election disinformation, as NPR's Shannon Bond reported. For example, it has been running a graphic which proclaims that "it takes time to count all the votes," presumably attempting to preempt claims of a stolen election. | Musk tweeted this last night: | | | | As in previous elections dating back to 2018, CISA will host Election Day "war rooms" where government officials and others gather to discuss threats. Geoff Hale, the director of CISA's election initiative, downplayed the effects of new Twitter leadership to Politico's Eric Geller: | But Derrick Johnson, CEO of the NAACP, said his group is pressuring advertisers to leave Twitter over concerns it won't do enough to counter misinformation: | President Biden said this: "But now, what are we all worried about?" he asked at a Friday fundraiser. "Elon Musk goes out and buys an outfit that sends and spews lies all across the world." | Twitter is hardly alone in dealing with election misinformation and disinformation. A handful of cybersecurity firms have in recent days outlined an influence campaign criticizing Democrats on platforms like Gab, Parler and Gettr with apparent connections to Russia's Internet Research Agency. Online false election information also has been circulating in Spanish-speaking communities, CNN's Donie O'Sullivan and Geneva Sands reported. All of this could make for an eventful final stretch before Election Day — and after. | | | The keys | | NSO raises prices amid financial issues | The U.S. government blacklisted NSO last year. (Sebastian Scheiner/AP) | | The company has raised prices by around 20 percent and cut staff as it attempts "to stem a cash bleed that was expected to run into the tens of millions of dollars this year," Bloomberg News's Eliza Ronalds-Hannon and Davide Scigliuzzo write. The U.S. government blacklisted NSO Group last year, with the Biden administration determining that the company's Pegasus spyware had been used to "maliciously target" activists, journalists and government officials. | - "The new measures are buying NSO some breathing room after it breached certain terms on its debt agreements," Ronalds-Hannon and Scigliuzzo write, citing people with knowledge of the matter.
| Executives expect NSO to generate between $150 million and $170 million in revenue, which is down from an earlier estimate of $200 million and much less than the $250 million it made in 2018, the outlet reported. "In a plan shared with debt holders, management said it expects to break even this year and to generate enough cash to continue to pay interest and principal amortization on obligations next year," Ronalds-Hannon and Scigliuzzo write. | Greek newspaper reports that 33 people were targeted with spyware | It's the latest development in a months-long spyware saga. (Thanassis Stavrakis/AP) | | Greek newspaper Documento said that members of the Greek government and their families were targeted with Predator spyware, along with opposition politicians, journalists and business executives, Politico Europe's Nektaria Stamouli reports. Details about the attempted hacks remain murky, with most of the targets telling Documento that they didn't know that they were targeted or not commenting to the outlet. Successful hacks would have required the targets to click on malicious links. "Greece's eavesdropping scandal started to unfold in the summer when [opposition politician Nikos] Androulakis discovered an attempted Predator wiretap on his phone. In August, the government of Greek Prime Minister Kyriakos Mitsotakis acknowledged Androulakis had been under state surveillance (though not with Predator) — a move he called legal but wrong," Stamouli writes. "Since then, the saga has morphed into an espionage thriller that has involved spyware being planted on the phones of an ever-expanding network of politicians and journalists. Athens denies having ever used or purchased the illegal spyware." Government spokesman Giannis Oikonomou said in a statement that the report was "overwhelming in narratives while the evidence is absent," though authorities need to thoroughly investigate it, Stamouli reports. | Chinese zero-day use increases after new vulnerability rules, Microsoft says | Microsoft said that the zero-day use likely represents a "major step in the use of zero-day exploits as a state priority." (Tingshu Wang/Reuters) | | Microsoft said in a report that China's rules requiring companies to disclose zero days — previously unknown software vulnerabilities — to authorities before software vendors are linked to increased zero-day use from Chinese hackers, the Record's Jonathan Greig reports. The rules, which went into effect last September, worried some cybersecurity experts. "This new regulation might enable elements in the Chinese government to stockpile reported vulnerabilities toward weaponizing them," Microsoft wrote in the report. "The increased use of zero days over the last year from China-based actors likely reflects the first full year of China's vulnerability disclosure requirements for the Chinese security community and a major step in the use of zero-day exploits as a state priority." | | | Global cyberspace | | By The Bureau of Investigative Journalism ● Read more » | | | | | Cyber insecurity | | | | Privacy patch | | | | Securing the ballot | | | | Government scan | | | | Daybook | | - Cybersecurity leaders from the government and private sector speak at Cyversity's annual conference in Orlando today and Tuesday.
- Former CISA Director Chris Krebs speaks at a Washington Post Live event today at 1 p.m.
- The Center for Strategic and International Studies hosts an event on government access to data through data brokers today at 3 p.m.
- The American Enterprise Institute hosts an event on security standards for connected devices on Tuesday at 2 p.m.
| | | Secure log off | | Thanks for reading. See you tomorrow. | | |
No comments:
Post a Comment