Computer Security

Subterms

    Latest story

    138 Shares33 Views

    How to Claim Your Part of a $5.6 Million Ring Settlement

    by

    The Federal Trade Commission is sending payments to customers who had certain Ring home security cameras and accounts during a particular time period, the agency said.The Federal Trade Commission said this week that some people who had bought certain home security cameras made by Ring, which is owned by Amazon, would be eligible for refunds for their purchase. The payments, totaling more than $5.6 million, are part of a settlement between Ring and the F.T.C. over claims that the company failed to protect customer accounts.Here’s what to know.What is the lawsuit about?The F.T.C. sued Ring last May, accusing the company of giving employees and contractors access to customers’ private video footage. The agency said in its complaint that Ring had used the videos to train computer algorithms without first getting customers’ consent. Ring also failed to have proper protections, which made customer accounts, videos and cameras more vulnerable to hacking, the F.T.C. said.The F.T.C. and Ring reached a settlement that month. As part of the agreement, Ring paid a settlement that would be used for customer refunds, deleted all private videos that it shouldn’t have access to, and established a privacy and security program. The F.T.C. is now using the money Ring paid to send 117,044 PayPal payments to affected customers.Ring did not immediately respond to a request for comment. But in a statement after the settlement, Ring said that it addressed issues about its security and privacy practices “well before” the F.T.C.’s lawsuit, and that the agency “mischaracterizes our security practices and ignores the many protections we have in place for our customers.”How do I find out if I am eligible for the refund?If you had a Ring account and certain types of Ring devices, such as the indoor camera models Stick Up Cam and Indoor Cam, before Feb. 1, 2018, you are eligible for a refund, according to a court order.The defendant — in this case, Ring — is typically required to provide a list of customers, their contact information and how much they paid. The F.T.C. will use the information to send payments.Eligible customers should have already received an email from the F.T.C.How much will I receive?Your payment depends on the type of Ring device you owned and the time you had your account.I got a PayPal payment from the F.T.C. How do I know if it is real?If you are eligible for a refund, you should have received an email from the agency (from the address subscribe@subscribe.ftc.gov) before Tuesday. Since payments were issued on Tuesday, you should have received another email from PayPal about the refund. You have to redeem the payment by May 22, or it will be returned to the F.T.C.If you would like the F.T.C. to send you a check instead, or have any other questions about the payment, you can speak with the refund administrator, Rust Consulting, by calling 1-833-637-4884. You can also email your request to info@ring.com. More

    More stories

    • 125 Shares55 Views

      in Elections

      How Scam Calls and Messages Took Over Our Everyday Lives

      by

      Digital life is cluttered with bogus text messages, spam calls and phishing attempts. You can try to block, encrypt and unsubscribe your way out of it, but you may not succeed. Welcome to Scam World Toma Vagner Welcome to Scam World You open your eyes and grope for your phone. You check your inbox and […] More

    • 138 Shares119 Views

      in Elections

      AT&T Passcodes for Millions Are Reset After Leak of Customer Records

      by

      Nearly eight million customers and 65.4 million former account holders were affected by the data breach, the company said.The telecommunications giant AT&T announced on Saturday that it had reset the passcodes of 7.6 million customers after it determined that compromised customer data was “released on the dark web.”“Our internal teams are working with external cybersecurity experts to analyze the situation,” AT&T said. “To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history.”The company said that “information varied by customer and account,” but that it may have included a person’s full name, email address, mailing address, phone number, Social Security number, date of birth, AT&T account number and passcode.In addition to those 7.6 million customers, 65.4 million former account holders were also affected.The company said it would be “reaching out to individuals with compromised sensitive personal information separately and offering complimentary identity theft and credit monitoring services.”AT&T said it reset the passcodes for those affected and directed customers to a site with details about how to reset them. It also said that it was starting a “robust investigation supported by internal and external cybersecurity experts.”A company representative did not address specific questions about how the breach happened or why it went unnoticed for so long.TechCrunch, which first reported on the passcode reset, said it informed AT&T on Monday that “the leaked data contained encrypted passcodes that could be used to access AT&T customer accounts.”TechCrunch said it delayed publishing its article until the company “could begin resetting customer account passcodes.”In its report, TechCrunch said that “this is the first time that AT&T has acknowledged that the leaked data belongs to its customers, some three years after a hacker claimed the theft of 73 million AT&T customer records.”AT&T had previously denied a breach of its systems but how the leak happened was unclear, TechCrunch reported.AT&T said that it did not know whether the leaked data “originated from AT&T or one of its vendors” and that it “does not have evidence of unauthorized access to its systems resulting in theft of the data set.”The episode comes after AT&T customers experienced a widespread outage last month that temporarily cut off connections for users across the United States for several hours. The Feb. 22 outage affected customer in cities including Atlanta, Los Angeles and New York.At its peak, there were around 70,000 reports of disrupted service for the wireless carrier, according to Downdetector.com, which tracks user reports of telecommunication and internet disruptions.A few days later, AT&T offered customers affected by the outage a $5 credit in an effort to “make it right.” More

    • 138 Shares129 Views

      in Elections

      Michigan Poll Worker Charged With Breach; Officials Say Primary Was Sound

      by

      A Michigan poll worker in the Aug. 2 primary has been charged with tampering with an election computer at a voting precinct, a breach that those in charge of elections said highlighted the insider threats to the system’s integrity that have proliferated since the 2020 election.While state and local officials emphasized that the breach had no influence on the outcome of the primary election, they said that the equipment involved would no longer be used.The episode happened after the polls closed in Gaines Township, south of Grand Rapids, where a person saw a Republican-affiliated election worker insert a personal USB drive into a special computer known as an electronic poll book, the Kent County Clerk’s office said on Wednesday.Chris Becker, the county prosecutor, identified the poll worker as James Donald Holkeboer.The computer stores voter registration data, including confidential, personally identifying information about all voters in the precinct, but is not connected to any of the tabulation equipment or to the internet, according to Lisa Posthumus Lyons, the county clerk.The case extended a pattern of internal actors’ facing accusations of meddling with election equipment in Michigan, a battleground state where former President Donald J. Trump has falsely asserted that there was widespread voter fraud in 2020. Last month, Dana Nessel, Michigan’s attorney general and a Democrat, requested that a special prosecutor be appointed to continue an investigation into previous breaches and pursue potential criminal charges.The State of the 2022 Midterm ElectionsWith the primaries over, both parties are shifting their focus to the general election on Nov. 8.Sensing a Shift: As November approaches, there are a few signs that the political winds may have begun to blow in a different direction — one that might help Republicans over the final stretch.Focusing on Crime: Across the country, Republicans are attacking Democrats as soft on crime to rally midterm voters. Pennsylvania’s Senate contest offers an especially pointed example of this strategy.Arizona Senate Race: Blake Masters, a Republican, appears to be struggling to win over independent voters, who make up about a third of the state’s electorate.Pennsylvania Governor’s Race: Doug Mastriano, the Trump-backed G.O.P. nominee, is being heavily outspent and trails badly in polling. National Republicans are showing little desire to help him.In Kent County, officials did not discuss what had motivated the tampering.“This incident is extremely egregious and incredibly alarming,” Ms. Lyons said in a statement on Wednesday. “Not only is it a violation of Michigan law, but it is a violation of public trust and of the oath all election workers are required to take.”Ms. Lyons, a Republican, said the clerk’s office would conduct a postelection audit of the precinct, complete with a tally of paper ballots to reaffirm the results and reassure voters. The results had been certified on Aug. 12 and the state board of canvassers accepted them on Aug. 19, according to Robert J. Macomber, the chief deputy clerk for Kent County.Mr. Holkeboer, 68, was charged with falsifying returns or records, and using a computer to commit a crime, Mr. Becker, the prosecutor, said in a statement on Wednesday. Both charges are felonies, and they carry a maximum combined penalty of nine years in prison.Mr. Holkeboer could not be immediately reached for comment on Thursday, and it was not clear whether he had a lawyer. He was issued a summons and remained free as of Thursday morning, according to Lori Latham, a spokeswoman for the county.An arraignment date was also not available on Thursday morning for Mr. Holkeboer, who appeared to be a first-time poll worker during the primary, Mr. Macomber said.Poll workers are responsible for checking in voters, looking them up in the electronic poll book, issuing ballots and helping with crowd flow, Mr. Macomber said in an email on Thursday. About six poll workers are assigned to each precinct for the primary and general elections, and their political affiliations are typically split, said Mr. Macomber, who identified Mr. Holkeboer as a Republican.Angela Benander, a spokeswoman for the Michigan Department of State, which oversees elections, said in an email on Thursday that the agency had learned of the breach from the county.“While our elections remain secure and safe, we take seriously all violations of election law and will continue to work with the relevant authorities to assure there are consequences for those who break the law,” Ms. Benander said. “The breached equipment in this case has been decommissioned and will not be in use for the general election in November. Michigan voters can be confident that their votes will be counted accurately and securely.” More

    • 138 Shares199 Views

      in Elections

      2020 Election Denier Will Run for Top Elections Position in Colorado

      by

      Tina Peters, the Mesa County clerk, has been stripped of her county election oversight but is seeking to oversee her state’s elections as secretary of state.A Republican county clerk in Colorado who was stripped of her responsibility of overseeing county elections is joining a growing movement of people throughout the country who spread false claims about fraud in the 2020 presidential election and want to oversee the next one.Tina Peters, the Mesa County clerk, who is facing accusations that she breached the security of voting machines, announced on Monday that she would run to be the top elections official in Colorado.At least three Republican challengers are already running to unseat the current Colorado secretary of state, Jena Griswold, a Democrat.Colorado is a purple state that President Biden won with 55 percent of the vote in 2020. The state’s primary is on June 28, and Colorado is one of 27 states whose top elections official will be on the ballot this year.In 2020, when former President Donald J. Trump and his allies sought to undo the results of the election, they focused their pressure campaign on these relatively little-known officeholders.“I am the wall between your vote and nationalized elections,” Ms. Peters said during an appearance Monday on a podcast hosted by Stephen K. Bannon, the embattled former top aide to Mr. Trump. “They are coming after me because I am standing in their way — of truth, transparency and elections held closest to the people.”Ms. Griswold, who is also the head of the Democratic Association of Secretaries of State, said in a statement on Monday that Ms. Peters was “unfit to be secretary of state and a danger to Colorado elections,” citing Ms. Peters’s attempts to discredit the results of the 2020 presidential election.Ms. Peters did not immediately respond to telephone and email messages on Monday seeking comment.Elected in 2018, Ms. Peters took office as clerk and recorder of Mesa County, in far western Colorado, in 2019. By late 2021 a Mesa County Court judge had upheld Ms. Griswold’s removing Ms. Peters from overseeing elections in the county and replacing her with an appointee.In May of last year, Ms. Peters and two other people entered a secure area of a warehouse in Mesa County where crucial election information was stored. They copied hard drives and election-management software from voting machines, the authorities said.In early August, the conservative website Gateway Pundit posted passwords for the county’s election machines. In October Ms. Peters spoke at a gathering in South Dakota of people determined to show that the 2020 election had been stolen from Mr. Trump.The gathering also featured a large screen that, at one point, showed the software from the election machines in Mesa County.Ms. Griswold said her office had concluded that the passwords leaked out when Ms. Peters enlisted a staff member to accompany her to surreptitiously record a routine voting-machine maintenance procedure. State and county officials announced last month that a grand jury was looking into allegations of tampering with Mesa County election equipment and “official misconduct.”More recently, Ms. Peters was briefly detained by the police when she obstructed efforts by officials with the local district attorney to serve a search warrant for her iPad. Ms. Peters may have used the iPad to record a court proceeding related to one of her deputies, according to Stephanie Reecy, a spokeswoman for the county.In video of the Feb. 8 encounter, taken by a bystander and posted on Twitter, Ms. Peters can be heard repeatedly saying, “Let go of me,” as officers seek to detain her. “It hurts. Let go of me,” she says, before bending her leg and raising her foot toward the officer standing behind her.An officer responds, “Do not kick,” according to body camera video posted by KJCT News 8, a local station. “Do you understand?”Ms. Peters was charged with obstructing a peace officer and obstructing government operations, according to the Mesa County Sheriff’s Office. She turned herself in to the authorities on Thursday, posted $500 bond and was released, according to county officials.“I still have the bruises on my arm where they manhandled me,” Ms. Peters told Mr. Bannon on Monday. Later she said: “I just want to say I love the people. That’s why I’m doing this.”Mr. Bannon said Ms. Peters had been targeted because of her fight against “this globalist apparatus.”“Thank you,” Ms. Peters told the host. “I’ll work hard for you guys.” More

    • 113 Shares99 Views

      in Elections

      How G.O.P. Election Reviews Created a New Security Threat

      by

      As Republicans continue to challenge the 2020 results, voting equipment is being compromised when partisan insiders and unvetted operatives gain access.Late one night in May, after surveillance cameras had inexplicably been turned off, three people entered the secure area of a warehouse in Mesa County, Colo., where crucial election equipment was stored. They copied hard drives and election-management software from voting machines, the authorities said, and then fled.The identity of one of the people dismayed state election officials: It was Tina Peters, the Republican county clerk responsible for overseeing Mesa County’s elections.How the incident came to public light was stranger still. Last month in South Dakota, Ms. Peters spoke at a disinformation-drenched gathering of people determined to show that the 2020 election had been stolen from Donald J. Trump. And another of the presenters, a leading proponent of QAnon conspiracy theories, projected a portion of the Colorado software — a tool meant to be restricted to election officials only — onto a big screen for all the attendees to see.The security of American elections has been the focus of enormous concern and scrutiny for several years, first over possible interference or mischief-making by foreign adversaries like Russia or Iran, and later, as Mr. Trump stoked baseless fears of fraud in last year’s election, over possible domestic attempts to tamper with the democratic process.But as Republican state and county officials and their allies mount a relentless effort to discredit the result of the 2020 contest, the torrent of election falsehoods has led to unusual episodes like the one in Mesa County, as well as to a wave of G.O.P.-driven reviews of the vote count conducted by uncredentialed and partisan companies or people. Roughly half a dozen reviews are underway or completed, and more are being proposed.These reviews — carried out under the banner of making elections more secure, and misleadingly labeled audits to lend an air of official sanction — have given rise to their own new set of threats to the integrity of the voting machines, software and other equipment that make up the nation’s election infrastructure.Election officials and security experts say the reviews have created problems ranging from the expensive inconvenience of replacing equipment or software whose security has been compromised to what they describe as a graver risk: that previously unknown technical vulnerabilities could be discovered by partisan malefactors and exploited in future elections.In Arizona, election officials have moved to replace voting machines in the state’s largest county, Maricopa, after conservative political operatives and other unaccredited people gained extensive access to them as they conducted a widely criticized review of the 2020 results. In Pennsylvania, the secretary of state decertified voting equipment in rural Fulton County after officials there allowed a private company to participate in a similar review.And in Antrim County, Mich., a right-wing lawyer publicized a video showing a technical consultant with the same vote tabulator the county had used — alarming county officials who said that the consultant should not have had access to the device or its software.Tina Peters, the clerk of Mesa County, Colo., during a news conference in June 2020.Mckenzie Lange/The Grand Junction Daily Sentinel, via Associated PressWhen such machines fall into the wrong hands — those of unaccredited people lacking proper supervision — the chain of custody is broken, making it impossible for election officials to guarantee that the machines have not been tampered with, for example by having malware installed. The only solution, frequently, is to reprogram or replace them. At least three secretaries of state, in Arizona, Pennsylvania and Colorado, have had to decertify voting machines this year.Far from urging panic, experts caution that it would be extremely difficult if not impossible to meddle with voting results on a nationwide scale because of the decentralized nature of American elections.But experts say that the chain of custody for election machines exists for good reason.Already this year, three federal agencies — the Justice Department, the Cybersecurity and Infrastructure Security Agency and the Election Assistance Commission — have issued updated guidance on how to handle election machines and preserve the chain of custody.“There are some serious security risks,” said J. Alex Halderman, a professor of computer science and engineering at the University of Michigan who studies election security. “Especially given the constellation of actors who are receiving such access.”Republicans say they are simply looking for the answers their constituents are demanding about the 2020 election.“This has always been about election integrity,” Karen Fann, the Republican leader of the Arizona Senate, which authorized that state’s election review, said in an interview posted on the state party’s website last month. “Nothing else. Absolutely nothing else. This is about making sure that our votes are counted.”Security experts say that election hardware and software should be subjected to transparency and rigorous testing, but only by credentialed professionals. Yet nearly all of the partisan reviews have flouted such protocols and focused on the 2020 results rather than hunting for security flaws.In Arizona, the firm chosen by the Republican-led Legislature, Cyber Ninjas, had no previous experience auditing elections, and its chief executive has promoted conspiracy theories claiming that rigged voting machines cost Mr. Trump the state. The company also used Republican partisans to help conduct its review in Maricopa County, including one former lawmaker who was at the Jan. 6 protest in Washington that preceded the Capitol riot..css-1xzcza9{list-style-type:disc;padding-inline-start:1em;}.css-3btd0c{font-family:nyt-franklin,helvetica,arial,sans-serif;font-size:1rem;line-height:1.375rem;color:#333;margin-bottom:0.78125rem;}@media (min-width:740px){.css-3btd0c{font-size:1.0625rem;line-height:1.5rem;margin-bottom:0.9375rem;}}.css-3btd0c strong{font-weight:600;}.css-3btd0c em{font-style:italic;}.css-w739ur{margin:0 auto 5px;font-family:nyt-franklin,helvetica,arial,sans-serif;font-weight:700;font-size:1.125rem;line-height:1.3125rem;color:#121212;}#NYT_BELOW_MAIN_CONTENT_REGION .css-w739ur{font-family:nyt-cheltenham,georgia,’times new roman’,times,serif;font-weight:700;font-size:1.375rem;line-height:1.625rem;}@media (min-width:740px){#NYT_BELOW_MAIN_CONTENT_REGION .css-w739ur{font-size:1.6875rem;line-height:1.875rem;}}@media (min-width:740px){.css-w739ur{font-size:1.25rem;line-height:1.4375rem;}}.css-1dg6kl4{margin-top:5px;margin-bottom:15px;}#masthead-bar-one{display:none;}#masthead-bar-one{display:none;}.css-12vbvwq{background-color:white;border:1px solid #e2e2e2;width:calc(100% – 40px);max-width:600px;margin:1.5rem auto 1.9rem;padding:15px;box-sizing:border-box;}@media (min-width:740px){.css-12vbvwq{padding:20px;width:100%;}}.css-12vbvwq:focus{outline:1px solid #e2e2e2;}#NYT_BELOW_MAIN_CONTENT_REGION .css-12vbvwq{border:none;padding:10px 0 0;border-top:2px solid #121212;}.css-12vbvwq[data-truncated] .css-rdoyk0{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);transform:rotate(0deg);}.css-12vbvwq[data-truncated] .css-eb027h{max-height:300px;overflow:hidden;-webkit-transition:none;transition:none;}.css-12vbvwq[data-truncated] .css-5gimkt:after{content:’See more’;}.css-12vbvwq[data-truncated] .css-6mllg9{opacity:1;}.css-1rh1sk1{margin:0 auto;overflow:hidden;}.css-1rh1sk1 strong{font-weight:700;}.css-1rh1sk1 em{font-style:italic;}.css-1rh1sk1 a{color:#326891;-webkit-text-decoration:underline;text-decoration:underline;text-underline-offset:1px;-webkit-text-decoration-thickness:1px;text-decoration-thickness:1px;-webkit-text-decoration-color:#ccd9e3;text-decoration-color:#ccd9e3;}.css-1rh1sk1 a:visited{color:#333;-webkit-text-decoration-color:#ccc;text-decoration-color:#ccc;}.css-1rh1sk1 a:hover{-webkit-text-decoration:none;text-decoration:none;}In Wisconsin, the Republican Assembly speaker, Robin Vos, is pushing for a review of the 2020 results to be led by a former State Supreme Court justice who claimed in November that the election had been stolen. And in Pennsylvania, the Republican leader of the State Senate has announced hearings that he likened to a “forensic investigation” of the election, saying it could include issuing subpoenas to seize voting machines and ballots.Christopher Krebs, the former head of the federal Cybersecurity and Infrastructure Security Agency, said such reviews could easily compromise voting machines. “The main concern is having someone unqualified come in and introduce risk, introduce something or some malware into a system,” he said. “You have someone that accesses these things, has no idea what to do, and once you’ve reached that point, it’s incredibly difficult to kind of roll back the certification of the machine.”Decertifying machines effectively means replacing them, often in a hurry and at great cost. Philadelphia’s elections board rejected an earlier G.O.P. request for access to the city’s election machines, saying it would cost more than $35 million to buy new ones.In Arizona, Secretary of State Katie Hobbs, a Democrat, told Maricopa County in May that her office would decertify 385 machines and nine vote tabulators that had been handed over for the G.O.P.-led election review.“The issue with the equipment is that the chain of custody was lost,” Ms. Hobbs said in an interview. “The chain of custody ensures that only authorized people have access to it, so that that vulnerability can’t be exploited.”Pulling compromised machines out of service and replacing them is not a foolproof solution, however.The equipment could have as-yet-undiscovered security weaknesses, Mr. Halderman said. “And this is what really keeps me up at night,” he said. “That the knowledge that comes from direct access to it could be misused to attack the same equipment wherever else it’s used.”A polling place in Philadelphia in November. Subpoenas could be issued to seize voting machines and ballots as part of a Republican-led investigation into Pennsylvania’s results in the 2020 election.Kriston Jae Bethel for The New York TimesAs an example of his concerns, Mr. Halderman pointed to Antrim County in northern Michigan, where, months after a court-ordered forensic audit in the county, a lawyer involved with the case who has frequently shared election conspiracy theories still appeared to have access to a Dominion Voting Systems ballot-scanning device and its software.The lawyer, Michael DePerno, posted a video from a conservative news site featuring a technical consultant who went to elaborate and highly implausible lengths to try to show that votes in the county — which Mr. Trump carried by a wide margin — could have been switched. (County officials said this could not have happened.)The device and its software are only supposed to be in the possession of accredited officials or local governments. “I was shocked when I saw they had a tabulator in their video,” said Sheryl Guy, the county clerk, who is a Republican.Neither Mr. DePerno nor Dominion Voting Systems responded to requests for comment.Easily the most bizarre breakdown of election security so far this year was the incident in Mesa County, Colo.The first sign of suspicious activity surfaced in early August, when a conservative news site, Gateway Pundit, posted passwords for the county’s election machines, the result of a separate breach in the county from the same month.A week later, the machines’ software showed up on large monitors at the South Dakota election symposium, organized by the conspiracy theorist Mike Lindell.Jena Griswold, the Colorado secretary of state, said her office had concluded that the passwords leaked out when Ms. Peters, the Mesa County clerk, enlisted a staff member to accompany her to and surreptitiously record a routine voting-machine maintenance procedure. Gateway Pundit published the passwords a week before the gathering in South Dakota.Ms. Griswold’s office is investigating and has said that Ms. Peters will not be allowed to oversee elections in November.Ms. Peters, who has called the investigation politically motivated, did not respond to repeated requests for comment. In an online interview with Mr. Lindell, the chief executive of MyPillow, she admitted to copying the hard drives and software but insisted she had simply backed them up because of some perceived but unspecified threat to the data. She also cited unfounded conspiracy theories about Dominion equipment.“I was concerned that vital statistics and information was being deleted from the system or could be deleted from the system, and I wanted to preserve that,” she said.But she flatly denied leaking the passwords or software. “I did not post, did not authorize anyone to post, any election data or software or passwords online,” she said.Even so, the secretary of state’s office said that Colorado counties had never been advised to make copies of their election machines’ hard drives.“It is a serious security breach,” Ms. Griswold said in an interview. “This is election officials, trusted to safeguard democracy, turning into an internal security breach.”The local district attorney has opened a separate inquiry into the episode and is being assisted by the F.B.I. and the Colorado attorney general’s office. Ms. Griswold, a Democrat, said she had also alerted the Cybersecurity and Infrastructure Security Agency.But Ms. Griswold said she worried that with so many Republican leaders “leaning into the big lie,” the risks of what she called an “insider security issue” were growing.“I think it’s incredibly time-sensitive that elections are set up to guard both from external and internal threats,” she said. More

    • 113 Shares149 Views

      in Elections

      The D.N.C. Didn’t Get Hacked in 2020. Here’s Why.

      by

      A devastating email breach of the D.N.C. roiled Democrats in the final months of 2016. An unassuming security official made it his mission to prevent a recurrence.As the country learns more about a broad Russian hijacking of American federal agencies and private companies and now another Russian hack, which was revealed on Thursday, it can look to the Democratic National Committee for a more positive development in the effort to prevent cyberattacks: Unlike four years ago, the committee did not get hacked in 2020.It’s worth remembering the D.N.C.’s outsized role in Russia’s interference in the 2016 election, when a spearphishing email roiled the Democratic Party in the final months of the campaign.That March, Russian hackers broke into the personal email account of John Podesta, Hillary Clinton’s campaign chairman, unlocking a decade’s worth of emails, before dribbling them out to the public with glee. The D.N.C. chairwoman, Representative Debbie Wasserman Schultz of Florida, resigned after emails appeared to show her favoring Mrs. Clinton over Senator Bernie Sanders of Vermont.A simultaneous Russian hack of the D.N.C.’s sister organization, the Democratic Congressional Campaign Committee, tainted congressional candidates with accusations of scandal in a dozen other races.By the time Donald J. Trump was in the White House in January 2017, “The D.N.C.’s house was ablaze,” Sam Cornale, the committee’s executive director, said in an interview this week.That month, Bob Lord, an unassuming, bespectacled chief security officer at Yahoo, was still mopping up the largest Russian hacks in history: a 2013 breach of more than three billion Yahoo accounts and a second breach in 2014 of 500 million Yahoo accounts. Mr. Lord, who discovered the breaches when he took over the job, helped the Federal Bureau of Investigation identify the assailants. A courtroom sketch of Karim Baratov, one of the hackers in the Yahoo case, still hangs on his wall.Mr. Lord left the team Yahoo affectionately calls “The Paranoids,” took a six-figure pay cut and headed to Washington in January 2017 to become the D.N.C.’s first chief information security officer.The way he saw it, the D.N.C.’s 2016 breach wasn’t so much a cybersecurity issue as it was a problem of workflow and corporate culture.Mr. Podesta’s aide, for instance, had asked a staff member to vet whether the infamous Russian spearphishing email was safe, and the aide responded that the email was “legitimate.” It was a typo; he later said he had meant to write “illegitimate.” By the time anyone realized what was happening, Mr. Podesta’s risotto recipes, and excerpts from Mrs. Clinton’s Wall Street speeches, were being dissected online by the news media and conspiracy theorists.“After that, few would even pick up a flier, let alone a hose to help in 2017,” Mr. Cornale said. “Bob showed up with five fire trucks while putting on his suspenders, and ran in to the house.”.css-1xzcza9{list-style-type:disc;padding-inline-start:1em;}.css-3btd0c{font-family:nyt-franklin,helvetica,arial,sans-serif;font-size:1rem;line-height:1.375rem;color:#333;margin-bottom:0.78125rem;}@media (min-width:740px){.css-3btd0c{font-size:1.0625rem;line-height:1.5rem;margin-bottom:0.9375rem;}}.css-3btd0c strong{font-weight:600;}.css-3btd0c em{font-style:italic;}.css-w739ur{margin:0 auto 5px;font-family:nyt-franklin,helvetica,arial,sans-serif;font-weight:700;font-size:1.125rem;line-height:1.3125rem;color:#121212;}#NYT_BELOW_MAIN_CONTENT_REGION .css-w739ur{font-family:nyt-cheltenham,georgia,’times new roman’,times,serif;font-weight:700;font-size:1.375rem;line-height:1.625rem;}@media (min-width:740px){#NYT_BELOW_MAIN_CONTENT_REGION .css-w739ur{font-size:1.6875rem;line-height:1.875rem;}}@media (min-width:740px){.css-w739ur{font-size:1.25rem;line-height:1.4375rem;}}.css-1dg6kl4{margin-top:5px;margin-bottom:15px;}#masthead-bar-one{display:none;}#masthead-bar-one{display:none;}.css-12vbvwq{background-color:white;border:1px solid #e2e2e2;width:calc(100% – 40px);max-width:600px;margin:1.5rem auto 1.9rem;padding:15px;box-sizing:border-box;}@media (min-width:740px){.css-12vbvwq{padding:20px;width:100%;}}.css-12vbvwq:focus{outline:1px solid #e2e2e2;}#NYT_BELOW_MAIN_CONTENT_REGION .css-12vbvwq{border:none;padding:10px 0 0;border-top:2px solid #121212;}.css-12vbvwq[data-truncated] .css-rdoyk0{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);transform:rotate(0deg);}.css-12vbvwq[data-truncated] .css-eb027h{max-height:300px;overflow:hidden;-webkit-transition:none;transition:none;}.css-12vbvwq[data-truncated] .css-5gimkt:after{content:’See more’;}.css-12vbvwq[data-truncated] .css-6mllg9{opacity:1;}.css-1rh1sk1{margin:0 auto;overflow:hidden;}.css-1rh1sk1 strong{font-weight:700;}.css-1rh1sk1 em{font-style:italic;}.css-1rh1sk1 a{color:#326891;-webkit-text-decoration:underline;text-decoration:underline;text-underline-offset:1px;-webkit-text-decoration-thickness:1px;text-decoration-thickness:1px;-webkit-text-decoration-color:#ccd9e3;text-decoration-color:#ccd9e3;}.css-1rh1sk1 a:visited{color:#333;-webkit-text-decoration-color:#ccc;text-decoration-color:#ccc;}.css-1rh1sk1 a:hover{-webkit-text-decoration:none;text-decoration:none;}Mr. Lord told his staff on Friday that he was leaving, clearing the way for the D.N.C. to get a replacement to get ahead of whatever adversaries may have planned for the midterms.Over the past four years, Mr. Lord has been a persistent and pervasive presence, speaking at every all-hands meeting, reminding employees that staving off the next cyber threat would come down to individual accountability: not reusing passwords, turning on two-factor authentication, running software updates. He urged them to use Signal, an encrypted messaging app, to lock down their Venmo accounts; he also advised them to avoid clicking on suspicious links.A “Bobmoji”— a digital caricature of Mr. Lord — hangs above the men’s urinal and adorns the walls of the women’s restroom, reminding staff members of the checklist.Mr. Lord has had significantly smaller security budgets than he did at Yahoo, or that of any government agency and technology companies that Russia breached over the past year. And so he became something of a digital Marie Kondo — the Japanese tidying expert — decluttering the D.N.C.’s networks, excising old software and canceling extraneous vendor contracts, then took those extra discretionary funds and put them towards cybersecurity. But he knew cybersecurity technologies can go only so far. “If adding security technologies could fix our cybersecurity problems, we would have fixed things 25 years ago,” he said in an interview.His real legacy, D.N.C. staff members said, is that he single-handedly changed a culture.“To survive in Bob’s role, you have to drive people a little crazy,” Nellwyn Thomas, chief technology officer at the D.N.C., said.When the committee sent out an innocuous email asking staff members to enter their T-shirt size and address for some free swag, not a single employee complied, employees said.Mr. Lord had proudly turned them paranoid. More

    • 113 Shares179 Views

      in Elections

      Florida Finds Election Fraud in High School Homecoming Votes

      by

      A student and her mother were arrested after the authorities found more than 100 votes suspiciously cast from a single school login.MIAMI — The report about vote tampering reached the Florida Department of Law Enforcement in early November: Someone had gained access to electronic accounts without authorization. At least 117 votes had been suspiciously cast — in J.M. Tate High School’s election for homecoming court.It was a case reminiscent of the 1999 dark comedy film “Election.”Department agents arrested Laura Carroll, 50, and her daughter, Emily Grover, 17, on Monday and charged them with conspiracy to use Ms. Carroll’s school district login to help Ms. Grover get elected homecoming queen.Laura Rose Carroll was arrested on Monday in Escambia County, Fla.The Escambia County Department of CorrectionsA five-month investigation found that the login for Ms. Carroll, an assistant principal at Bellview Elementary School near Pensacola, was used to gain access to the internal accounts of 372 Tate High students since August. The accounts include personal information such as students’ grades, medical history and disciplinary records.Students use the same accounts with an application to cast votes for homecoming.Ms. Grover often spoke about obtaining students’ information using her mother’s login, eight students and one teacher said in witness statements.“She looks up all of our group of friends’ grades and makes comments about how she can find our test scores all of the time,” one of the witnesses said, according to the arrest affidavits.Escambia County School District employees are supposed to change their password to log in to the internal system every 45 days.One witness told the agents that Ms. Grover had said she knew using her mother’s login would result in a “ping” that showed that Ms. Carroll had logged on at Tate High. Agents interviewed Ms. Carroll in November and knocked on her door last month to talk further, but she referred them to her lawyer, according to her arrest affidavit.Ms. Grover was expelled, according to police records, a decision that the family contested, but the expulsion was upheld. Ms. Carroll was suspended from her job, Tim Smith, the superintendent of the Escambia public schools, said in an email. He declined to comment further.Ms. Carroll was taken into custody on Monday and released on $8,500 bail. Ms. Grover was sent to juvenile detention for an evaluation, according to the Department of Law Enforcement.Through her lawyer, Ms. Carroll declined to comment. “She’d love to give out her side of the story, but it would probably be after we resolve the case,” the lawyer, Randall J. Etheridge, said.The school district’s elections contractor contacted school administrators in October after flagging more than 100 votes that were cast in a short period of time, all from the same unique IP address. The student council coordinator also heard reports that Ms. Grover had boasted about using her mother’s login to get into students’ accounts during the election, according to witness statements.Investigators later determined through IP addresses that 124 votes had been cast from Ms. Carroll’s phone, and 122 from Ms. Carroll’s and Ms. Grover’s residence.On Oct. 30, Ms. Grover was elected homecoming queen.Jack Begg contributed research. More