Mueller charges cast long shadow over today’s Trump-Putin summit

With help from Tim Starks and Mike Farrell

INDICTMENTS CAST SHADOW ON TRUMP’S BIG DAY — President Donald Trump will sit down with Russian President Vladimir Putin today as 12 of Putin’s intelligence officers adjust to the new reality of possible arrest if they ever leave Russia again (the U.S. has been known to arrest vacationing hackers). Special counsel Robert Mueller’s indictment late last week of those 12 Russian government hackers accused of breaching Democratic campaign targets during the 2016 election offered a vivid timeline of the Kremlin’s cyber operation and shined a spotlight on remaining vulnerabilities in state election systems. And even as Trump prepares to sit down with Putin for a breathlessly anticipated one-on-one meeting in Helsinki, the question on the minds of many political, legal and cyber experts is: What will Mueller do next?


Are charges against Americans looming? The indictment discusses communications between the Russian hackers — operating under their “Guccifer 2.0” persona — and Trump confidante Roger Stone, who was in close touch with senior Trump campaign officials. And while Stone said the indictment “provides no evidence of collaboration or collusion,” some close observers of the Mueller probe — and the FBI hacking investigation that preceded the special counsel’s appointment — suspect that Mueller is preparing to charge Americans with conspiring in the hack-and-leak operation. Last week’s indictment offered a tantalizing detail that could be a preview of future charges: It said an unnamed candidate in a congressional race requested and received stolen documents about their opponent from the Russians.

Other questions remain unanswered beyond that candidate’s identity. For one thing, it’s unclear how involved senior Russian officials (and Putin himself) were in the day-to-day operations of the hacking campaign. In addition, the indictment did not say whether the Russian hackers communicated with any Americans in leasing command-and-control servers on U.S. soil — conversations that could implicate those Americans, depending on their nature. It also remains unclear how many state election systems the Russians actually breached. And there is a discrepancy about the number of Illinois voters whose information the Russians accessed in the only publicly disclosed successful state hack. Illinois said the figure was less than 90,000, but the indictment says 500,000. The state suggested that different accounting metrics might be to blame.

Trump dismissed the indictment as a reflection of activity that happened under his predecessor’s watching, tweeting, “Why didn’t Obama do something about it? Because he thought Crooked Hillary Clinton would win, that’s why.” He also revived a conservative conspiracy theory about the investigation being invalid because the FBI never directly examined the DNC’s server. And he baselessly claimed in a CBS interview that the Russians targeted Republicans as extensively as Democrats but failed to breach the RNC because “we had much better defenses.” Meanwhile, House Foreign Affairs Committee Democrats urged Trump to cancel his meeting with Putin, while top Senate Democrats said he should “demand” that Putin extradite the 12 indicted hackers. When talking to CBS, Trump said he might ask about extradition. “Well I might. I hadn't thought of that. But I certainly, I'll be asking about it,” he said.

HAPPY MONDAY and welcome to Morning Cybersecurity! What do you think about that “Unfriended: Dark Web” trailer? I’d say it makes the dark web look really, really scary. Send your thoughts, feedback and especially tips to [email protected], and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

JUST RELEASED: View the latest POLITICO/AARP poll to better understand Arizona voters over 50, a voting bloc poised to shape the midterm election outcome. Get up to speed on priority issues for Hispanic voters age 50+, who will help determine whether Arizona turns blue or stays red.

TOP FBI CYBER OFFICIAL DEPARTS — The co-leader of the FBI’s foreign influence task force left the bureau in June over career advancement frustrations and was replaced with someone who lacks cybersecurity experience, according to a former FBI official. Jeffrey Tricoli, a section chief in the FBI’s Cyber Division who oversaw efforts to counter Russian election meddling and similar activities, wanted a promotion to Special Agent in Charge and command of one of the FBI’s 56 field offices, said the former FBI official, who spoke on the condition of anonymity. But bureau management refused, this person said. “They told him he had ‘too much cyber experience,’” the former official told MC, “and not enough [experience] in criminal, terrorism, and counterintelligence” matters. “So he said f— you and resigned.” According to the former official, the FBI replaced Tricoli as co-head of the foreign influence task force with Reid Davis, a former supervisor in the South Carolina Field Office. Davis, this person said, “knows absolutely nothing about cyber.”

The FBI did not respond to a request for comment about the circumstances of Tricoli’s departure — which was first reported over the weekend by The Wall Street Journal — or Davis’ fluency in cyber issues. A second former FBI official, who specialized in cyber matters, said Tricoli’s move to the private sector — he is now an executive at Charles Schwab — was “a loss for the FBI and the country” and “a symptom of a broader problem at the FBI.” “Despite a lot of talk, the Bureau has not taken the bold steps needed to attract and retain top cyber talent,” said this second former official. “Antiquated career and promotion paths are a big part of that problem. Being well rounded has its benefits but cyber experts want to work cyber. Such choices can hurt FBI careers.” The first former official agreed, saying, “The old salty dogs of the FBI still believe terrorism is the only way to promote … and they have old processes that do not take into consideration the fast changing times.”

Little is known about the foreign influence task force that Tricoli oversaw. FBI Director Christopher Wray announced its formation late last year. At a conference in January, Tricoli said one of its goals would be to more proactively share evidence of foreign meddling with social media companies and the public. The second former FBI official said the bureau was “struggling to fully integrate counterintelligence and cyber” and that the task force’s lack of evident progress reflected this. “The Bureau has not done enough to bring cyber expertise, tactics, and tradecraft into the counterintelligence fight. Hopefully whoever is running the [task force] recognizes that and does whatever they can to leverage those capabilities from within. A great CEO doesn’t need to know how to build the widget but they better hire folks who do.”

FIRST IN MC — While 74 percent of federal agencies have implemented a key email security measure ordered by DHS, less than half have taken a crucial step that would stop email spoofing. Last year DHS directed agencies to start installing and enabling Domain-based Message Authentication, Reporting and Conformance (DMARC), which prevents email spoofing by verifying that messages from federal agencies are genuine. With less than 90 days left to enact the policy, 47 percent of domains are at the highest policy level of “reject,” according to the Global Cyber Alliance, which tracks DMARC implementation. But half of federal government email domains have only deployed DMARC at its least secure setting, while others have not deployed DMARC at all.

“DHS has shown tremendous leadership in requiring the deployment of advanced email and web security tools that will protect consumers, government workers and our nation’s critical infrastructure,” Philip Reitinger, GCA’s president and CEO, said in a statement. “Even with difficulties, agencies should at least have implemented DMARC at its most simple level. It takes little time, does not risk disruption of service, and provides insight on operations and threats.”

DENIED — The federal appeals court in Washington late last week denied Russian cyber firm Kaspersky Lab’s attempt to freeze government procurement rules that would put its products on an acquisition blacklist. The court said in a unanimous ruling that Kaspersky had failed to satisfy “the stringent requirements for an injunction pending appeal.” After losing a district court case over the constitutionality of two separate bans on its products, Kaspersky appealed the ruling and almost immediately sought expedited consideration of its challenge. The appeals court in Washington agreed to expedite the proceedings, but after Kaspersky followed up with an injunction request, the court drew the line. Oral arguments in the case are scheduled for Sept. 14.

STRANGE BEDFELLOWS — Civil liberties activists and cybersecurity researchers offered rare praise to the Justice Department late last week in comments filed with the Library of Congress’ Copyright Office regarding security research exemptions to technology copyright law. DOJ’s Computer Crime and Intellectual Property Section, or CCIPS, recently backed researchers’ requests for broad exemptions to the Digital Millennium Copyright Act, saying the 1998 law shouldn’t prevent them from tinkering with things like cars and voting machines to find vulnerabilities. “We acknowledge, agree with, and appreciate CCIPS’ description of the important role that independent security researchers play in serving the critical public interest of cybersecurity,” wrote Blake Reid, a lawyer for University of Michigan computer science professor J. Alex Halderman, and Ferras Vinh and Joseph Lorenzo Hall of the Center for Democracy and Technology.

The DMCA currently exempts from criminal punishment certain testing activities that require researchers to bypass devices’ technological protections. But many experts think the exemption is too narrow. In their new comments, Vinh and the CDT experts outlined their concurrence with CCIPS’ criticism of key provisions in the DMCA that limit good-faith security research. “The resonance of those of us that support streamlining and simplifying the existing security research exemption and the CCIPS filing is a red-letter day for those that find flaws in good faith to make us all safer,” Hall told MC in an email. “Ideally, we would like to see the exemption be as simple as ‘good faith security research on software and software-controlled devices,’ but we're likely not [there] yet.”

MORE THAN CYBER BULLYING — A bipartisan pair of senators last week urged the Justice Department to investigate cyber harassment of U.S. military families by Russian intelligence services. The letter to Attorney General Jeff Sessions from Sens. Ron Wyden and Cory Gardner was in response to a report that a group calling itself the “Cyber Caliphate” had launched an intimidation campaign against several U.S. military spouses in 2015. “If substantiated, the claims about APT28 posing as the Cyber Caliphate could be the first public evidence that influence operations have specifically targeted American military families,” the senators wrote. “This story would be cause for concern if it ended there but many cyber security researchers now say the Cyber Caliphate is merely a front for APT28, the infamous group of hackers who serve the interests of Russian President Vladimir Putin.” The duo asked Sessions to identify the culprits and work with Congress to better protect families from online cyberattacks.

BULLISH — Over the weekend, DHS Secretary Kirstjen Nielsen touted election security progress before an audience of local election administrators. “We learned a lot of valuable lessons in 2016, and I’m glad to report that we are miles from where we were then,” she said at a conference of the National Association of Secretaries of State. “Miles towards increased security and resilience.” That progress includes all 50 states and more than 800 local jurisdictions signing up for the Election Infrastructure Information Sharing and Analysis Center to exchange threat data, Nielsen said.

IT TAKES A VILLAGE — DEF CON is adding three new “villages” to this year’s conference from Aug. 9 to 12, including an artificial intelligence village. DEF CON bills the village as “A place where experts in AI and security come together to learn and discuss the use and misuse of artificial intelligence in computer security.” Perhaps more subversive for an offensive-minded hacker conference, DEF CON will have a Blue Team Village, where experts in defensive techniques can gather. The third new village is an Ethics Village.

What role will Hispanic voters over 50 play in Arizona this fall? Read POLITICO Magazine’s new series “The Deciders” which focuses on this powerful voting bloc that could be the determining factor in turning Arizona blue.

TWEET OF THE DAY — This just shows the lengths they’re willing to go to hide the conspiracy!

QUICK BYTES

— How Guccifer 2.0 spread hacked documents and what that says about the depth and determination of Russia to disrupt the 2016 election. The New York Times

— What happens when a Russian oligarch buys a state’s voter registration platform? This happens. CBS News

— It’s back in business for telecom giant ZTE. So much for those national security concerns about surveillance. POLITICO

— Is the utility industry finally on it when it comes to cybersecurity? Or is it simply using techniques many other industries have deployed for years? Cyberscoop

— Director of national intelligence Dan Coats: “Today, the digital infrastructure that serves this country is literally under attack.” The New York Times

— What does Lawfare make of the Muller indictments? A lot. And it expects this is the sign that much more is coming. “This indictment represents a tightening of the ring in the story of criminal prosecution for the 2016 election hacking.” Lawfare

— If you can’t remember the password for your phone, it may not matter if police have a warrant to search it. But in Florida, it could mean jail time. Fox News

— Did the Russians hack him, too? AP

That’s all for today.

Stay in touch with the whole team: Mike Farrell ([email protected], @mikebfarrell); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks