Risky Business - Wide World of Cyber: 2024 election interference, the media and Iran's hack and leak
Episode Date: August 19, 2024In this conversation Risky Business host Patrick Gray speaks with SentinelOne’s Chris Krebs and Alex Stamos about what sort of cyber enabled interference we can expect... in the 2024 US presidential race. Alex was the CISO at Facebook during the 2016 election, and Chris Krebs was responsible for US election security as the director of CISA in 2020. Watch the video version of this episode on Youtube.
Transcript
Discussion (0)
Hey everyone and welcome to another episode of Wide World of Cyber.
Wide World of Cyber is the podcast we do here at Risky Business,
which is sponsored by and produced in conjunction with SentinelOne,
the security platform perhaps best known for its EDR products.
I'm joined by Alex Stamos, who is SentinelOne's chief security
officer, and also Chris Krebs, who is the, I believe, the director of policy and intelligence
for SentinelOne. And yeah, we're going to have a chat today about all things election interference.
Alex, of course, was the CISO at Facebook back when Russia was very active on Facebook,
trying to interfere in
the 2016 election and you know Chris in his previous career was the first
director of CISA and indeed was fired by tweet by the then President Donald Trump
after the 2020 election for having the the gumption the temerity to say that
the election was well-run and. So both of these gentlemen here have experience
around the themes of election interference.
And yeah, the reason we're talking about this today
is because it looks like Iran or, you know,
hackers working for the Iranian government
have stolen a bunch of documents from the Trump campaign
and leaked them to journalists.
And so far, and that's why we're talking about this so far it looks like that effort to interfere in the
the current election that's that we're heading into in the United States those
attempts to interfere have kind of fallen flat you know in 2016 when this
happened the news cycle was gummed up with non-stop stories about the intricate internal processes of the DNC.
And, you know, it really did sort of change the shape of the campaign.
Whereas at the moment, it seems like people have, you know, it's been two days and people have already kind of moved on from it.
Alex, let's start with you. we got talking before we started recording and you think it's a little bit too early to say that
this hack and leak operation is ineffective it's it's don't declare its death prematurely seems to
be what you're saying yeah i i don't think we know that it's not going to be effective it's
certainly the texture of this operation looks very different so far because the media has been treating it differently.
I think the way the media has acted so far has been appropriate.
Right now, things are very different because the media has not yet reported on what's been leaked to them.
They're acting in a much more responsible manner.
But it is very early. It is only August. Our election is the beginning of November.
And so it is quite possible that if the leakers, whoever they are, are not able to get a
bite in the media, that they will end up going direct to consumer, so to speak, and to start
pushing this data out. And then they will let the bloggers and the social media and other interested
parties go run with the stories without that intermediary of Politico and the Washington Post
and the other outlets that they sent the information to. So you think we shouldn't rule out the idea that we might see a repeat
of the sort of 2016 Guccifer 2.0 scenario
where they start standing up some personas
to leak this stuff.
I mean, I'm just not sure, right?
Or finding a WikiLeaks like,
I mean, I'm not sure what the left WikiLeaks is,
but it is possible they find kind of a,
you know, a left-wing version of WikiLeaks or they find some
kind of useful idiot in the left-wing version of Julian Assange who is willing to publish this
stuff and to cover the, you know, cover the tracks. You know, because of the heavy attribution,
though, towards the Iranian actors, it would be would be difficult I think for somebody to pass
it off as their own work in the same way Assange did Chris where are you at on this right I mean I
take what Alex is saying that the media is acting more responsibly but I also feel that perhaps
among just the general population there are some antibodies there because we've been through this. We've seen it.
Like, you know, I even feel it in myself when I'm on like X, for example, Twitter, and I see
a post from a politician or a think tanker about the AUKUS, you know, pact between Australia and
England and America. And I start seeing very critical sort of replies come in that just have that uncanny valley feel.
And I know I'm like, this is a Chinese bot, right?
Like we barely even bother reporting on this anymore because it's just such a part of the landscape.
Whereas in 2016, it was news.
So to what degree do you feel like these sorts of activities have lost their sting now that they're expected, now that they don't have novelty?
Well, I mean, it's almost like they're mainstream now.
And as Alex pointed out, the Russians kind of created this concept or this playbook of
going after election systems, hack and leak operations against campaigns and political
officials, and then the broader disinformation operations efforts, whatever, that were detailed in the intelligence
community assessment of 2017. That's it, the three prongs. This is the Russification of Iranian
information operations. That's what I've called it. And so it's a little, you know, you feel like
you've seen it before. They're doing those things. Look, the Microsoft report from last Friday
talked about how a county-level official account was at least targeted, perhaps compromised.
You have the hack part.
The leak part, I want to come back to this, is still kind of up in the air.
But then there is a broader disinformation campaign targeting society on divisive issues.
So, yeah.
I mean, it's just like, so who's next? Is China going to do
this? The Venezuelans? The Cubans? Who's next up in the queue? And then kind of scratching their
head, where's Russia going to play in this? We know that they're doing a bunch of stuff on the
disinfo side. Doppelganger keeps popping up. But what are they going to do from technical
on-network activities? Yeah, I mean, that's a really good question. But what are they going to do from technical on network activities?
Yeah. I mean, that's a really good question, but I think where we've all landed, maybe with slightly different opinions, but the general place we've landed is that this is normal now.
Yeah.
This is the new normal where we're going to have foreign adversaries trying to muddy the waters,
trying to steer coverage off the rails, media coverage off the rails, trying to undermine confidence in the election process.
And indeed, that's the thing that I think worries me more than things like hack and leak is like election day stuff where they're really trying to make it look like the election is being interfered with and provide a bit of a window for unscrupulous people
to sort of make claims about election security. But think about that for a second, right? That's
a good thing. You already mentioned antibodies. This is almost an immune system response
to some sort of infection in the system where we're a little bit, you know, we're not as taken
by it. Whether it's the media is not as taken by it or us as the, uh, the, the viewers, consumers of the information aren't as
taken by it's not as novel anymore. And now you're kind of like, oh, okay, this is what somebody's
doing. I'm not as fired up about it. Uh, so I think it's, it's healthy. Um, I think this was
kind of inevitable, but, but at the same time, we, we perhaps jump to some immediate conclusions and to the point of
where we keep saying hack and leak, there was a hack, there was a leak. There's not affirmative
information, at least that I'm aware of, that connects the two. This Robert individual that
shopped information in the New York Times, Washington Post, and Politico is not actually
claiming to be Iranian. He's not claiming to have gotten this information. As far as I can tell, Microsoft doesn't have the insight to tell. I suspect the FBI has papered up
AOL trying to get information on Robert's account when it was created. Was it taken over? What are
the IP addresses and geographies associated with it? So more to come on that front. But again,
I think we're kind of in a bit of a healthy spot on this news.
And to your point, it's kind of almost out of the cycle, but it's early.
It's only August.
But I mean, it's been a crazy cycle, right?
Because we've even had someone take a shot at Donald Trump, and that was only a couple of weeks ago, and people barely remember.
So I think it's also that just like the coverage on this the, you know, the coverage on this thing, this campaign is just right.
It's running at the speed of light.
We've had Biden dropping out and Harris coming in and, you know, it's just been, it's just
been crazy.
Right.
So I think that's probably, um, you know, would undermine the ability of someone to
really steer the coverage here.
Yeah.
It's out of the cycle because we don't have the actual content.
Right.
So it is the meta discussion that all we know is that a handful of people
got their accounts taken over, right? News at 11, people had their accounts taken over. What we
don't have yet is the actual content yet. And I think that's where the political press will
sink their teeth in. It is interesting to me because the timing here is interesting because
it's only August, right?
It is quite early.
The term we have here in America is October surprise.
That October is when something crazy always happens, either just organically or more likely one of the campaigns.
If the campaigns is sitting on opposition research, they dump it in October because it is harder for the other side to try to refute, shape, overcome it.
And so it is surprising to me that Robert, whether Iranian or not,
sitting on these documents would move this quickly.
And then if they wanted the story out, what is stopping them?
It is now sitting in the inboxes of these three institutions.
Why have they not dumped it out either to the next tier of you know left-wing
blogs right it's not that hard that you just go of like i could just i could tell you right now
five super democratic outlets that would definitely publish it that hate donald trump that have no
journalistic standards that would absolutely write it up or just put it on just put it on
that's that's exactly the point like don't even overcomplicate it by saying you need to launder it through some sort of third or fourth party. If you remember, after the 2020 election,
Iranians set up the Enemy of the People website, which doxed a bunch of people, including me,
addresses, emails, phone numbers, and said, hey, these people should be killed for what they've done to steal the election from Trump. And that was
Iranians. They just threw up a URL website and then dumped a bunch of stuff on it.
Why wouldn't they do that if it's that important to get
out there, that useful to them? So there's a lot of this that still doesn't
add up, that there's still time to play. And the way I've been talking
about it is
um you know it's like an iceberg right we're seeing the part that's above the water and
there's a whole lot of other stuff above the below the water and that's yet to come uh but i do have
at least a degree of confidence that the fbi and others will provide updates as things move along
you will certainly see indictments and those I bet will
happen fast. Those will come out, sanctions and indictments will come out fast. Certainly on the
sanctions side, you'll probably see those in a month or two. Well, I mean, I think the reason
that they don't just do that is the reason you want to leak to an organization like Wikileaks or
through an established masthead is you get to piggyback
on their reputation and credibility. You know, it's one thing to publish stuff on some random
brand new domain. It's another thing to see, you know, headlines in the Wall Street Journal
talking about the material that you've leaked to the media. But, you know, something we keep
coming back to in this instance, they haven't taken the bait. Now, that's a good thing. But, you know, something we keep coming back to, in this instance, they haven't taken the bait.
Now, that's a good thing.
But, you know, I mean, I chat with journalists.
I've worked as a, you know, I've written for newspapers and whatnot when I was a lot younger.
I've spent a bit of time in newsrooms.
And I can imagine, though, that it would be a different story if there was something genuinely newsworthy in the leaks, right?
So that's the thing that I think about.
I don't think that the media is going to pass on hack and leak material just on principle always.
If there's genuinely newsworthy stuff, say, you know,
some politician is hacked and there's some, you know,
stuff that looks like, you know, a list of felonies in their mail spool,
that's going to get reported on. I mean, you know, what should our expectations be
on the way media reports from leaked documents? Should they never report on leaked documents
just because they're hacked? Or do you think that this is just one more factor they need to
consider in weighing up whether or not to cover something?
Because that's something that I struggle with.
Yeah, two quick points.
And sorry, Alex, for jumping in front of you here.
But the first is that I think your model of riding on the legitimacy of the masthead is historically true.
I'm not sure if that carries as much today. I think the media ecosystem has just changed so much in the last four or five years, particularly with citizen journalism and all that. I mean, there are plenty of folks all over the spectrum that would take this and run with it that are not beholden to journalistic ethics and standards.
Yeah, I mean, sub stack just immediately le Yeah, sure. Right. So the second point is, and I know we don't like gossiping on this podcast, but I'm going to do it.
You know, I've talked to some of the journalists that have seen this stuff and they're not particularly impressed.
Right.
They've seen it.
They don't think it's fancy, but they've also many of them have made the point. something in here that was newsworthy and noteworthy particularly if it was salacious
they could go verify it another way and not have to actually cite back to the leaked documents they
could go get alternative sourcing uh to to write on so i'm you know i don't think i was asked this
question on uh i can't well the other, we'll just say that on TV.
And they're like, hey, what do you make of this that it's not particularly interesting?
I was like, I don't think it matters, right?
It doesn't matter if it's interesting or not.
The fact is we have, once again, foreign adversaries targeting our elections, trying to get in the middle of it and create chaos, havoc, and target the minds of Americans.
That's kind of my takeaway on whether it's interesting or not. Yeah. So two of my Stanford colleagues,
Janine Zakaria and Andy Grotto wrote a whole paper on this of like, what should you be thinking of
if you're an editor of a newspaper and you're sent leaked information? And I think they had
some good thoughts here. I mean, I don't agree with all of it, but the key thing, one of the
key things is to authenticate, right?
We have to remember when the GRU tried this
against Emmanuel Macron, they had real documents,
but nothing there was salacious enough to really cause news.
So they inserted a bunch of fake ones.
And their thought was because there's real documents in there,
they could sneak some stuff in that was truly scandalous,
but was fake.
And the French press did not buy it.
The French press went and authenticated
and found out that stuff was not real
and ended up not running with it.
And so I do think that is one of the things
that did not happen in 2016.
Now, nothing that Politico, for example, published
was actually fake.
The Russians didn't have to insert anything in there,
but they didn't know that at the time.
They just ran with it, right?
Like, if WikiLeaks gave it to us, if Guccifer gave it to us, we're going with it. So, you know,
I think that is an important part of what you have to do as the press. And I do think, you know,
you're right about the newsworthiness. Now, apparently one of the things in there is the,
you know, the several hundred pages of vetting material on J.D. Vance that was put together by
the Trump campaign. That's probably pretty newsworthy.
I mean, there's almost certainly
something newsworthy in there.
And so that is a,
what they're going to do with that
is an interesting question.
I would not be shocked to see a story come out of it
where they're not gonna publish the whole thing,
which of course is gonna have
all kinds of private information
that is neither newsworthy nor appropriate to publish.
But I would not be shocked to see
the Washington Post or Politico follow up a story
that starts with that document
and that they back up with other interviewing people
from Yale or from his past
just because using that as like a tip.
And that will be an interesting ethical conundrum for them.
But I think that would be the kind of thing
that you might see that is the middle ground here that will happen over the next couple of weeks.
Now, we've spoken about the media's role in all of this. We've spoken about the fact that the
general population is showing signs of being less vulnerable to this. But, you know, this is a
cybersecurity podcast, right? And your time at Facebook, you spoke a lot about the need for
platform security teams to think about platform safety as well and be more resistant to these sorts of things.
You know, what's the status of the major platforms?
You know, since 2016, it seems like most of them are doing a better job at combating these types of influence operations.
What's your take on the general sort of, you know, status of all of that at the moment, Alex?
Okay, so that's a great question because a lot of work was done and then some of it was undone.
A lot of it was undone based upon the complaints of the political party that's now being attacked.
So there's two parts here.
There's the hack and the leak.
So on the hack side, things are much better.
You know, in 2016, in the run-up to the election,
politicians' accounts were not treated that much differently than anybody else's accounts.
They had a couple of MFA options.
The MFA options were not great.
You know, we did not have, for example,
widespread use of FIDO.
MFA was mostly SMS at the time.
You know, the use of it was very low.
And for the most part, companies were not going
and working directly with political campaigns
to get those options used.
It was just up to every individual to do that.
That's one of the things that changed after 2016.
For example, at Facebook, we created dedicated teams
immediately afterwards,
starting with the French and German elections,
and then for the 2018 US elections and 2020 US elections,
something that Chris and I actually worked directly
with each other on,
was making sure that not just the official people,
but then the unofficial people and their unofficial accounts
who were related to these campaigns
were getting secured with the most secure things possible.
And then that there was direct monitoring
that you were trying to create rosters of people
who were related to campaigns
who were being monitored and protected. And I know the same kind of work was happening at Google and
Microsoft. So that's a big push that happened to try to prevent this kind of thing from happening
in the first place. In the run up to 2020, then there was a lot of debate about the leak side of
what is the responsibility for a platform for hacked information. And this came to a head with the
Hunter Biden laptop story in the run-up to the 2020 election, which was the big October surprise
for 2020, which as everybody knows now, turns out not to have been a hack and leak, that actually
Hunter Biden really did leave his laptop at a repair center, and the guy looked
through the laptop and then gave it to Rudy Giuliani.
Whatever you think about the ethics or the legality of that, the repair owner, it was
not a foreign intelligence operation.
But at the moment that that story was posted, the platforms did not know whether or not
it was a foreign intelligence operation. And so they reacted in a variety of different ways, including for a while
labeling some of those stories and such per their policies, because at the time they had policies
that said, if something involved hacked information, we reserve the right to do certain
things like to label it or to downrank it or to block it. Twitter completely blocked it.
Facebook never blocked the story,
but it did label it,
which can also, I think in some cases,
basically downrank it, right?
So you would not end up seeing that story
unless you were specifically subscribed to those feeds.
This became a humongous scandal in the United States.
And effectively, we have been listening to years and years
of Republican House Chairman,
especially calling that censorship,
that this was a vast conspiracy
to censor information about this.
And as a result, the policies around leaked information
have effectively been completely dismantled
at every major platform.
So now there is no policy around leaked information.
If these documents that were posted
by the Iranians on Facebook,
I expect that unless they had specific personal information,
because those policies still exist.
So if they had like, here's JD Vance's address,
or here are pictures of his children,
or something else that could lead to direct threats
against somebody's life.
Short of that, those documents would allow to be kept up because any protections that
were put in place after 2016 were dismantled after the complaints about the Hunter Biden
laptop story.
That is effectively where we are at now, where now the platform focus is really just on the
technical side.
Unfortunately, election security has become a really just on the technical side. Unfortunately,
election security has become a partisan issue in the United States. And this is the result of that.
Chris and I have been talking about this for years. This is not a partisan issue. Yes,
the Russians used it in a partisan way in 2016. But what they demonstrated, anybody else can do.
And this is the exact outcome of that, of China, Iran have very different geopolitical strategic goals and have very different people that they might want to support in a U.S. election.
And that has made the
United States weaker in 2024. And the person who's going to suffer is going to be Donald Trump,
funny enough. Well, indeed, there's a few people I know who track this stuff pretty closely,
have suggested that, in fact, the reason Trump has been targeted, you know, it's less about trying to influence the election towards one direction or another and more just that Iran really does not like Donald Trump because of the Qasem Soleimani drone strike.
And they're just going to make his life as hard as possible.
So which I actually buy.
I do buy that theory, but it is interesting
what you say. Well, that's a theory that people said about Hillary and Putin, right? That in 2016,
Putin didn't actually believe that he could change the outcome of the election. That, you know,
he also believed that Hillary was going to win, that the SVR is no better than Nate Silver at
predicting elections. And so, but Putin hated Hillary Clinton because he believed that she was behind the
attempts to have Putin thrown out of power. And so it was all about making her life hell and then
weakening her as the eventual president. So that, that is, that would actually, that would be a
funny consistency between 2016 and 2024, that this is more about personal animus than about actually
thinking you can, you can change the outcome of the election. Yeah. I mean, not being myopic here, we have to realize that they can have multiple strategic
objectives at any given time. So yeah, sure. Maybe they want to go after Trump to damage
Trump due to the Soleimani strike. But at the same time, they get a lot of benefit out of just
creating chaos and havoc here in the political discourse and just generally undermining confidence
in public institutions. The other thing that,
that is kind of going back to that iceberg analogy I was making was, you know, we continually talk
about Iran and Trump campaign. Google just yesterday, Wednesday, the 14th of August confirmed
that hackers went after three Biden accounts, didn't confirm whether they were successful. So that is the former Biden campaign. So it is entirely likely that these actors were in
the Trump campaign, were probably also going after the Biden campaign. And I also wouldn't
be surprised if there were Russian and Chinese actors targeting and trying to get into the Trump campaign.
And there are multiple reasons for that.
Remember, like a leak is the terminus of a set of activities.
There's a lot of other stuff and benefit they can get out of it.
I mean, the Russians and Chinese probably want to be inside the Trump campaign as much
as they do the Harris campaign because they want to understand the policy positions so
they can start formulating their own geopolitical responses. They want to know personnel decisions. They want
to know who's going to be Secretary of State, National Security Advisor, so they can look at,
hey, what compromise do we have? And we can start moving operations against these guys or whomever.
Well, it's interesting what you say, because we did have an event here in Australia a few years
ago where it looked like the Chinese were all over
the Australian political party organisations.
So we're a two-party system here as well.
And, you know, the party HQs got owned
and it looked like that was less about hack and leak
and much more about intelligence gathering
about what's the likely position of, you know,
both of these parties, one of whom will win, you know,
the next election. What are their
positions on things like the South China Sea, on this, on that? So we have seen that. And it is
interesting too, what you said earlier, Alex, about party officials and politicians' accounts
not being treated differently to anything else. I mean, that's an issue globally where, you know, we've got our equivalent of the
NSA, the ASD here, who put a lot of effort into securing the technology used by elected
representatives, but nothing really to protect the, you know, political candidates, right? I
believe that's changed somewhat over the last few years. I just want to go back briefly and touch
on this issue that you
mentioned, the, you know, the Hunter Biden stuff being sort of suppressed by Twitter. Personally,
I thought that was a, like, I thought that was a silly thing to do because it would obviously lead
to claims of censorship, which is exactly what happened. I feel like, oddly enough, the current
sort of community notes approach on platforms like Twitter is probably a better way to go with that. The reason I want to raise that though is because the pushback on that was
so extreme that it caused sort of a breakdown in information sharing between US government
agencies and the platforms when it came to things like threat intelligence around bot accounts, right?
Things that platforms don't really want to have running on their platforms,
and yet they've sort of been forced to stop cooperating with the US government
when the US government comes along and says,
hey, here's a list of accounts that we know are being operated by,
like a Russian troll farm being operated out of an African country.
This seems extremely not great.
Chris, I wanted to get your thoughts on that, because obviously, you know, you worked for
CISA and would have been involved in spinning up some of that data sharing. Like, has that all
been crushed at this point, or does some of it remain? And how important do you think that is
in terms of building resilience to these sorts of information operations?
I think the real crux of the election security partnerships in the U.S. are frankly between the federal government and the election officials, those that administer elections at the state and local level.
It's a federated, decentralized approach.
And so what CISA spends the vast majority of the time, what we spend, what I spent the vast majority of my time doing was working with secretaries of state and county election officials that's what jen easterly
is doing right now and that's when jen easterly gets out there and talks about jen being the new
the the current director not the new because it's been several years but the current director of
sisa she talks about those relationships and sharing on what the latest ttps of iranian
russian chinese actors are going after state and local government networks,
ransomware, stuff like that. The part about CISA sharing with social media platforms was a minuscule, very, very minor part of the operation that I think Alex and I probably in retrospect
could look back and say, not really sure how impactful or meaningful it was. It was good to
have those relationships so you could break glass if you saw something incoming, which we did see incomings. I, again, would point you back to 2020 and the Iranians pretending to be the proud boys and then posting a video about hacking into state and local. Yeah, I'm glad you mentioned that because I was going to bring that up, which is this isn't the first time that the Iranians have had a crack, although it looks like this time it
might be a bit more ambitious. But to your bigger point, due to some of the litigation here in the
United States, those relationships, the constant contact between government and social media and
other private sector technology provider partners was frozen. It stopped.
It was six plus months, and Meta, in their quarterly threat reports,
admitted to such.
Now, with the recent procedural posture of the Murphy v. Missouri case,
they're back at it.
But I don't think it's going to be the same.
Could you give us all a little bit of background on that case? Cause you just mentioned it.
I can't say I'm familiar and I'm sure a bunch of people watching this wouldn't know it either.
Is it too personal, Alex?
It's a little personal.
Yeah.
So there was a case called Missouri v Biden, uh, in which the attorney general of Missouri,
uh, sued the Biden administration saying, uh, that the Biden administration was censoring
conservatives.
And because of the way,
there was a restraining order issued by a judge.
So the way the federal courts work in the US,
sometimes you can try to shop for judges
and they shopped for a judge.
They were able to file this case
in a place that didn't really make any sense
that was not Missouri.
You would think it would have to be in Missouri,
didn't have to be.
They found the judge they wanted,
that judge filed a restraining order.
That judge was then, that restraining order
was significantly reduced by the Fifth Circuit
Court of Appeals, and then when it made it
to the Supreme Court because the way
our appellate system works, it was turned into
a case called Murphy versus Missouri,
and the Supreme Court threw
effectively the whole thing out because of really bad factual issues of the case they brought,
because they were not able to show that the Biden administration was actually censoring people.
And so the whole thing was thrown out. So that was the case that stopped the FBI from sharing
any kind of cyber threat information with the platforms.
And they have restarted.
The other thing that's happened
is the Department of Justice Inspector General,
because of this case,
looked into the FBI's internal rules and said,
hey, you guys need to have public rules about,
the good thing that came out of this case
is the Inspector General said
that the FBI needs to publish their rules
for how they interact with social media.
And so that is something the FBI will be publishing.
So there was a good outcome from this bad case
that was factually incorrect
and had a bunch of both bad law
and was just a lie in a bunch of different places.
And so the FBI will be publishing that.
And the FBI, my understanding is back to sharing information.
And so that is good.
But unfortunately, like I said,
this should not be a partisan issue, right?
China's at it, Iran's at it, like Chris was saying.
And it's also not that technically sophisticated, right?
Spear phishing people like this,
especially if they don't have MFA on
or if they only have simple MFA,
it's not that hard.
So the list of adversaries that can do this, North Korea, easy for them.
You could talk about financially motivated actors, almost, you know, the Venezuelans, the, you know, the countries, the list of countries that could get active at this level
is extremely long, including a bunch of paramilitary groups and terrorist groups.
And so I think, I hope that the outcome here is that we have a reset on the partisan issue
and that Republicans decide, oh, okay,
we're gonna stop calling this a partisan issue.
We're gonna stop saying that this was all make-believe
in 2016, and we're gonna once again agree
that cybersecurity is not a partisan issue.
We're gonna work together with our Democratic colleagues, and Republicans get serious about
securing their own accounts and securing their campaigns. The other thing you brought up,
Patrick, that's totally true. There's a real challenge here is around the world, not just
in the US, but these campaigns are something that get put together for like a year and then torn
down. And so a lot of the people are not using official campaign infrastructure. They're not
using official campaign laptops. They're using their own personal laptop and their own personal Gmail account.
And so you have this real challenge of really sensitive information is sitting in what might
be a very insecure Gmail account or outlook.com account or AOL account or Yahoo account, depending
on the age of the person.
So like, that's the other challenge here.
Indeed, it looks like in this case, I think it was the Republican operative, Roger Stone,
his email address was used as a way
to send phishing emails to others.
And yeah, I mean, it's going to be porous.
I guess though, just to wrap this up,
I guess what we're saying here is that so far so good
when it comes to this current presumed Iranian hack and leak,
you know, so far so good, but it's, you know,
there's hope. I guess I'd describe you as cautiously optimistic um but fundamentally like it's it's too early to say
whether or not you know the american society media and institutions are sort of as resistant as they
need to be against this sort of stuff but there is a sign of hope i mean is that a fair summary of where you're you both are i think so i think tactically a you know i'm not
gonna say a dud yet but tactically not a huge success i i do have broader concerns about the
strategic impacts of continued operations like this and undermining trust in just the broader
information environment and alex and i've both been talking about that for quite some time.
But going back to your last point, the thing that kind of had the gut punch here was, you know,
spear phishing email to a senior campaign official that clicked through to then Iranian-controlled infrastructure.
Like, where are we?
We've been talking about this stuff for almost a decade, and you still don't have meaningful MFA in place that can prevent
these sorts of, whether it was a, you know, account takeover or whatever.
I just, I like, what are we doing here?
This is a great example of cybersecurity.
Once again, being a cost center, very likely being considered a cost center because that
dollar that you're spending on MFA would otherwise be an ad in a swing state. So we've got to continue
to break through on this balance. And I don't know if it's federal dollars being dedicated
to presidential campaigns to offset potential campaign spending, but we've got to figure this
out because it's going to continue to happen as long as people just care about spending money
on ads and things like that.
Alex, some final thoughts.
Yeah, I think we're just going to have to wait and see what happens.
I think my biggest concern continues to be on election day, foreign adversaries attacking
infrastructure in a way that it will not change the outcome of the vote, right?
All the sweetened states that matter are on paper ballots.
We will know who won the election, but the potential to cause chaos is still there.
And we have domestic actors in the United States who will utilize that chaos for their own
personal political goals. And that it considers to be my biggest concern. And so the Chinese love
chaos. The Iranians love chaos. The Russians love chaos. That is one thing, unfortunately,
our adversaries do not agree on who they want to be president, but they do agree on democracy is
bad, right? They would love to see America stumble and fall and for the rest of the world to see
America stumble and fall. And so I would hate to see that those three countries work together
on making our election chaotic and then to see American political actors take advantage of the
chaos created by those adversaries for their own political goals.
All right.
Well, I think that's a good place to leave it.
Great to see you both.
Thank you very much for joining me to have this discussion.
A little bit outside our normal wheelhouse of more technically focused cybersecurity discussions,
but yeah, fascinating stuff from two people who've been touched by these issues in pretty significant ways.
Alex Damos, Chris Krebs, thanks so much for joining me.
Thanks, Pat.
Thanks, Pat.