Comey under fire over Russia/Clinton divide

With help from Eric Geller and Martin Matishak

DISSENT IN THE RANKS? — FBI Director James Comey didn’t want to publicly blame Russia for the spate of election season hacks, according to media reports. CNBC and The Huffington Post both reported late Monday that Comey disagreed with the decision of the Office of the Director of National Intelligence to accuse Moscow of orchestrating the digital intrusions that ensnared multiple U.S. political organizations and senior operatives in an attempt to destabilize the presidential election. Both outlets, citing different sources, said that Comey felt it was too close to Election Day for the government to make such a statement. MC could not immediately confirm the reports; an FBI spokeswoman did not respond to a request for comment, and an ODNI spokesman could not immediately comment on the apparent dissent.


The news came at a bad time for Comey, who is already under pressure from both sides of the aisle over his decision to notify Congress that the bureau was reviewing a batch of emails that could be relevant to its investigation of Democratic presidential nominee Hillary Clinton’s private email server. The Clinton campaign and leading Democrats were quick to attack Comey for publicly discussing the server investigation but not the Russian hacking. “It’s impossible to view this as anything less than a blatant double standard,” Robby Mook, Clinton’s campaign manager, told reporters on a conference call. “Director Comey owes the public an explanation for this inconsistency,” added Brian Fallon, the campaign’s press secretary. “It is not fair for him to stay silent about investigations into election-related hacks.” Elijah Cummings, the top Democrat on the House Oversight Committee, said the new reporting “raises serious questions about a very disturbing double standard.” Both Cummings and the Clinton campaign want Comey to reveal whether the FBI is investigating GOP nominee Donald Trump’s advisers for their ties to Russia.

If Comey was concerned about blaming Russia, his concern had merit — though not related to election timing — according to former cyber investigators at the Justice Department and the FBI. Publicly linking Russia to the cyberattacks could disrupt the process of gathering evidence for criminal indictments and jeopardize the intelligence community’s visibility into Russian cyber operations. “There is great intelligence value in collecting this information and it can sometimes outweigh the desire to go public,” Jenny Durkan, a former U.S. Attorney who chaired DOJ’s Cyber Advisory Committee, told MC in an email. “So I understand Comey’s hesitation if he was worried that attribution was not certain enough, that proof and/or the ability to track the hackers would be lost, or if it compromised an investigation. All of those are factors that need to be weighed.” A former senior official in the FBI’s Cyber Division agreed. When governments formally blame state-sponsored hackers, the “bad guys ditch their safe house, change their clothes and find a new car to keep robbing banks,” this person said in an email. “The time and energy to re-acquire their activities can sometimes be harder than acquiring them in [the] first place.”

HAPPY TUESDAY and welcome to Morning Cybersecurity! Star Wars, Halloween, Bernie Sanders, Koch brothers. Send your thoughts, feedback and especially tips to [email protected], and be sure to follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info is below.

EXPLORING THE RUSSIA/TRUMP CONNECTION — Slate on Monday published an intriguing tale about a group of computer scientists who discovered a mysterious Trump Organization server communicating with a Russian bank. But the story quickly got some cold water from other security experts and The New York Times. The Slate computer scientists uncovered the connection while searching for malware. “The irregular pattern of server lookups actually resembled the pattern of human conversation — conversations that began during office hours in New York and continued during office hours in Moscow,” according to the story. “It dawned on the researchers that this wasn’t an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank.” But the article contains denials of anything nefarious by the Trump campaign, at least up to a point, and is loaded with caveats: “What the scientists amassed wasn’t a smoking gun. It’s a suggestive body of evidence that doesn’t absolutely preclude alternative explanations.”

The Times story says federal investigators looked into the server connection: “But the FBI ultimately concluded that there could be an innocuous explanation, like a marketing email or spam, for the computer contacts.” It also reveals conclusions about other Russia-Trump links: “Law enforcement officials say that none of the investigations so far have found any link between Mr. Trump and the Russian government. And even the hacking into Democratic emails, FBI and intelligence officials now believe, was aimed at disrupting the presidential election rather than electing Mr. Trump.”

The Clinton campaign hailed the Slate story despite its caveats, but before the Times account. “This could be the most direct link yet between Donald Trump and Moscow,” said Jake Sullivan, senior policy adviser for the Clinton campaign. “It certainly seems the Trump Organization felt it had something to hide, given that it apparently took steps to conceal the link when it was discovered by journalists. … We can only assume that federal authorities will now explore this direct connection between Trump and Russia as part of their existing probe into Russia's meddling in our elections.” What’s more, there’s this piece from Mother Jones: “A Veteran Spy Has Given the FBI Information Alleging a Russian Operation to Cultivate Donald Trump.”

DAMAGE INC. — People are sticking by their preferred candidate, despite Friday’s bombshell FBI announcement that it was examining new emails potentially related to its Clinton private email server investigation, according to a POLITICO/Morning Consult poll. The presidential race is just as close now as it was before the news broke: Clinton at 42 percent, Trump at 39 percent, Gary Johnson at 7 percent and Jill Stein at 5 percent. It’s not for lack of awareness, since 97 percent said they have heard a lot or some about her server. It would be hard not to be aware. The story has dominated cable news and other media from the moment the news broke. Republicans are pounding away at Clinton over the revelation. And the Clinton camp and Democrats have been waging a constant, days-long campaign decrying the FBI disclosure.

BACK OUT OF THE SHADOWS — Shadow Brokers, which released NSA hacking tools in August, revealed a list of servers Monday that it claims were targeted by the spy agency. The list offers several potential insights, such as the fact that some of them apparently belong to foreign governments. As Motherboard noted, "the IP addresses may relate to servers the NSA has compromised and then used to deliver exploits, according to security researcher Mustafa Al-Bassam," with Al-Bassam pointing out that the NSA apparently launched attacks from compromised servers in Russia and China, demonstrating what makes it hard to identify the source of an attack. The release suggested possible motives for Shadow Brokers. And another security expert recommended that if your organization was identified in the dump, you should take action.

RULES OF THE ROAD NEEDED — The government should dispel the ambiguity around what “active defense” measures private companies can take against digital threats, according to a new report from George Washington University’s Center for Cyber and Homeland Security. “Businesses cannot simply firewall their way out of this problem and must instead have greater leeway to more proactively respond to cyber threats,” Frank Cilluffo, the center’s director, said in a statement accompanying the study. The examination recommends, among other things, that the government develop rules and guidelines for companies to follow for fending off intruders, and be ready to offer support if needed. Congress should also pass legislation to grease the skids and look into whether sanctions should be part of the solution to deter online attacks.

BEIJING CYBERSECURITY LAW MOVES FORWARD — China’s state-owned Xinhua news agency reported Monday that the country’s parliament is likely to pass a cybersecurity law next week that would further cement the government’s control of the internet. The proposed measure, which could be passed as soon as Nov. 7, has come under intense scrutiny from foreign firms and governments because it would give Beijing additional censorship powers and would require that companies store data locally and turn over encryption keys to the government, according to Reuters. The private sector is also reportedly concerned that the legislation could mean that they have to pass their intellectual property on to the government.

ENCRYPTION AS CIVIL RIGHTS ISSUE — In a TED Talk video released Monday, the American Civil Liberties Union’s principal technologist argued that default smartphone encryption isn’t just about cybersecurity. Chris Soghoian argued that while the Apple iPhone offers default encryption, less expensive competitors from Android do not, creating what he calls a divide between rich and poor. “There is now increasingly a gap between privacy and security for the rich who can afford devices that secure their data by default and the poor whose devices do very little to secure them by default,” he said. “If the only people who can protect themselves from the gaze of the government are the rich and powerful, it's not just a privacy or cybersecurity problem, it's a civil rights problem.” Observing that past civil rights leaders were subject to government surveillance, “future civil rights movements might be crushed before they ever reach their full potential,” he said.

WATCH OUT, IPHONE OWNERS — Scammers have figured out how to replace legitimate iOS apps with fake versions by exploiting a bug in the Apple App Store’s authentication system. Security firm Trend Micro disclosed the attack, a redux of a 2014 trick that was thought to have been patched, on Monday. “More than just creating fake versions, the vulnerabilities pose serious risks in that bad guys can target legitimate apps to distribute their malware,” the researchers wrote. “Scammers only need to create malicious content bearing the same Bundle ID as the genuine app’s, then ride on its popularity to entice users into installing their malware.” Apart from replacing entire apps with malicious doppelgangers, attackers could also fool real apps into pinging illegitimate servers.

TWEET OF THE DAY — Just when we were getting our hopes up …

RECENTLY ON PRO CYBERSECURITY — A White House official said states are ready to stave off would-be election hackers. … Top Energy and Commerce Committee Democrats want the panel to hold a hearing on this month’s major cyberattack on DNS provider Dyn. … The Federal Deposit Insurance Corporation rebutted lawmakers who were angry that the FDIC didn’t notify them about a breach, with the agency saying it followed proper protocol. … In the latest WikiLeaks release of purported emails hacked from Clinton campaign chairman John Podesta’s account, Chelsea Clinton said her technology was “ compromised” on a trip to China.

QUICK BYTES

— A hacker is set for sentencing today for attacking businesses and universities. Chicago Tribune.

— RAND’s Martin Libicki contemplates cyber war with Russia. TechCrunch.

— CyberScoop looks at HackForums.

— The Intercept profiled a couple foreign spy-type companies.

— Montreal police monitored the iPhone of a journalist to out his sources. Montreal Gazette.

— How Google is flagging some suspicious apps. TechCrunch.

— “Disclosing vulnerabilities to protect users.” Google.

— Some researchers say Wickr didn’t pay out rewards owed. Security Week.

That’s all for today. Other famous people dressed up too …

Stay in touch with the whole team: Cory Bennett ([email protected], @Cory_Bennett); Bryan Bender ([email protected], @BryanDBender); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks