Cyberattacks and Hackers

Subterms

    Latest story

    138 Shares169 Views

    U.K. to Accuse China of Cyberattacks Targeting Voter Data and Lawmakers

    by

    The British government believes China has overseen two separate hacking campaigns, including one that yielded information from 40 million voters.The British government is expected to publicly link China to cyberattacks that compromised the voting records of tens of millions of people, another notable hardening of Britain’s stance toward China since its leaders heralded a “golden era” in British-Chinese relations nearly a decade ago.The deputy prime minister, Oliver Dowden, will make a statement about the matter in Parliament on Monday afternoon, and is expected to announce sanctions against state-affiliated individuals and entities implicated in the attacks.The government disclosed the attack on the Electoral Commission last year but did not identify those behind it. It is believed to have begun in 2021 and lasted several months, with the personal details of 40 million voters being hacked.The Electoral Commission, which oversees elections in the United Kingdom, said that the names and addresses of anyone registered to vote in Britain and Northern Ireland between 2014 and 2022 had been accessed, as well as those of overseas voters.The commission previously said that the data contained in the electoral registers was limited and noted that much of it was already in the public domain. However, it added that it was possible the data “could be combined with other data in the public domain, such as that which individuals choose to share themselves, to infer patterns of behavior or to identify and profile individuals.”In addition to the infiltration of the Electoral Commission, Mr. Dowden is expected to confirm that the Chinese targeted several members of Parliament with a record of hawkish statements about China. They include Iain Duncan-Smith, a former leader of the Conservative Party; Tim Loughton, a former Conservative education minister; and Stewart McDonald, a member of the Scottish National Party.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    More stories

    • 138 Shares99 Views

      in Elections

      U.S. Hits Back at Iran With Sanctions, Criminal Charges and Airstrikes

      by

      In the hours before the United States carried out strikes against Iran-backed militants on Friday, Washington hit Tehran with more familiar weapons: sanctions and criminal charges.The Biden administration imposed sanctions on officers and officials of the Islamic Revolutionary Guards Corps, Iran’s premier military force, for threatening the integrity of water utilities and for helping manufacture Iranian drones. And it unsealed charges against nine people for selling oil to finance the militant groups Hamas and Hezbollah.The timing seemed designed to pressure the Revolutionary Guards and its most elite unit, the Quds Force, at a moment of extraordinary tension in the Middle East. Although the sanctions have been brewing for some time and the charges were filed earlier under seal, the region has been in turmoil for months.The actions are part of a coordinated governmentwide effort to disrupt Iran’s efforts to use illicit oil sales to fund terrorism, and to push back on the country’s increasingly capable offensive cyberoperations. In the 15 years since the United States mounted a major cyberattack on Iran’s nuclear facilities, the country has trained a generation of hackers and struck back at Israel, Saudi Arabia and the United States, among others. Two American officials said the United States conducted cyberoperations against Iranian targets on Friday but declined to provide details.The effects of sanctions and indictments are hard to measure. Few Iranian officers or officials keep assets in Western banks or travel to the United States, meaning the sanctions may have little practical effect. While the indictments and sanctions have a psychological element, demonstrating to Iranians and their business associates around the world that Western intelligence agencies are often tracking their movements and their transactions, actual arrests and trials are infrequent.“The reason that we bring these cases is, we know that the money Iran obtains from the illicit sale of oil is used to fund its malign activities around the world,” Matthew G. Olsen, who heads the national security division of the Justice Department, said on Friday. “The threats posed by Iran and the destabilizing effects of its actions have only come into sharper relief since the attacks of Oct. 7,” the day of the Hamas attack on Israel that killed roughly 1,200 people.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 138 Shares169 Views

      in Elections

      Your Thursday Briefing: Biden Vows Not to ‘Waver’ After NATO Summit

      by

      Also, Chinese hackers hit the State Department, ocean temperatures rise and Milan Kundera dies.President Volodymyr Zelensky and President Biden met yesterday.Doug Mills/The New York Times‘We will not waver,’ Biden says after the NATO summitPresident Biden concluded the meeting of NATO allies by comparing the battle to expel Russia from Ukraine with the Cold War struggle for freedom in Europe. “We will not waver,” he promised in a speech.Biden seemed to be preparing Americans and the allies for a confrontation that could go on for years. He cast the war, which has been going on for almost a year and a half, as a test of wills with President Vladimir Putin of Russia, who is intent on fighting. Biden insisted that NATO’s unity would hold.“Putin still wrongly believes he can outlast Ukraine,” Biden said, describing the Russian leader as a man who made a huge strategic mistake in invading a neighboring country. “After all this time, Putin still doubts our staying power. He is making a bad bet.”Ukraine: The alliance has formed a new council intended to give Ukraine an equal voice on issues related to its security alongside member states. China: Beijing criticized a NATO statement that accused it of a military expansion that threatens the West, saying that the alliance was still stuck in a Cold War mentality.Uncertainty in Russia’s top ranks: Gen. Sergei Surovikin, once a Wagner ally, hasn’t been seen publicly since the mutiny last month. A top lawmaker said he was “taking a rest.”Another top commander was killed in an airstrike in Ukraine. And a third former commander was gunned down while out on a jog.Microsoft said the hack was discovered last month.Gonzalo Fuentes/ReutersChinese hackers targeted the U.S. State DepartmentChinese hackers targeted specific State Department email accounts in the weeks before Secretary of State Antony Blinken traveled to China last month, U.S. officials said.The hack, which went undetected for a month, comes at a time of heightened diplomatic tensions between the countries. “The Biden administration is trying to reset relations with Beijing,” Julian Barnes, who covers national security for The Times, told me. “The U.S. does not want that dialogue to end. So there is an interest in downplaying this.”No classified email or cloud systems were said to have been breached, and the hack did not initially appear to be directly related to Blinken’s trip. Still, the attack was sophisticated.The hackers targeted specific accounts, instead of carrying out a broad-brush intrusion, which Chinese hackers are suspected of having done before. U.S. officials did not identify which accounts were targeted. The breach revealed a significant security gap in Microsoft’s cloud, where the U.S. government has been transferring data from internal servers.“We’ve had all these promises that the cloud is not only going to be just as secure, but that it will be more secure,” Julian said. “But here’s an example where basic security was breached and the information was stolen. That has opened us up to a new avenue of attack: Here is the first big cloud attack on the U.S. government email.”Tech: The Biden administration thinks it can slow China’s economic growth and its A.I. industry by cutting it off from semiconductor chips. The plan could handicap China for a generation, but if it backfires it could hasten the very future the U.S. wants to avoid.Elena ShaoAn ocean heat wave threatens marine lifeThe water surrounding Florida is much hotter than most swimming pools in the U.S. are right now. This could pose a severe risk to coral and marine life in the Gulf of Mexico and the Atlantic. But the real worry is that it’s only July: Corals usually experience the most heat stress in August and September.The maritime heat wave has pushed water temperatures into the 90s Fahrenheit, or above 32 Celsius. Surface temperatures in these waters are the hottest on record; some beachgoers in Florida even compared the ocean to bath water.The science: When the sea gets too hot, corals bleach, expelling the algae they eat. If waters don’t cool quickly enough, or if bleaching events happen in close succession, the corals die. That can lead to ripple effects across the ecosystem.THE LATEST NEWSAround the WorldPresident Mahmoud Abbas’s visit was widely reported as his first to Jenin in more than a decade.Nasser Nasser/Associated PressPresident Mahmoud Abbas of the Palestinian Authority visited Jenin, the West Bank city targeted by Israeli raids last week, in a show of authority.U.S. inflation cooled in June, offering good news for consumers and the Federal Reserve.Black women in Latin America are more likely to die during pregnancy or childbirth because of systemic medical racism and sexism, a U.N. report said.“Succession” got the most nominations for the Emmy Awards.Other Big StoriesA former Mozambican official accused in the $2 billion “tuna” scandal, a scheme that defrauded U.S. investors, was extradited to New York.The BBC staff member suspended on allegations of sexual misconduct was identified by his wife as Huw Edwards, an anchor on the network’s flagship nightly news program.International demand for drugs has unleashed a wave of violence in Ecuador that is unlike anything in the country’s recent history.Snow fell in Johannesburg for the first time in more than a decade.A Morning ReadBhuchung Sonam’s publishing ventures have printed dozens of books.Poras Chaudhary for The New York TimesBuchung Sonam fled Tibet in the 1980s. Later, he co-founded a publishing house for Tibetan writing, hoping literature could be a salve for other exiles.As Beijing tightens its crackdown on Tibet, detaining writers and intellectuals, many say Sonam’s press is helping Tibet’s literature become a proxy for the nation-state.“It’s not like I can live my life on Tibetan land,” said Tenzin Dickie, a writer and editor, “but I can live it in Tibetan literature.”ARTS AND IDEASMilan Kundera in 1984.Francois Lochon/Gamma-Rapho, via Getty ImagesMilan Kundera dies at 94“It’s hard to overstate how central Milan Kundera was, in the mid-1980s, to literary culture in America and elsewhere,” my colleague Dwight Garner writes in an appraisal of Kundera’s life.Kundera, who died in Paris this week at 94, wrote mordant, sexually charged novels that captured the suffocating absurdity of life. “The Unbearable Lightness of Being,” which was adapted into a film, is his most famous book.“He was the best-known Czech writer since Kafka,” Dwight continued, “and his fiction brought news of sophisticated Eastern European societies trembling under the threat of Soviet repression.”PLAY, WATCH, EATWhat to CookDavid Malosh for The New York Times. Food Stylist: Simon Andrews.Mix this Thai-style vegetable salad.What to WatchIn “Amanda,” a dark Italian comedy, a delusional graduate befriends an agoraphobic misanthrope.FashionMore men are baring their midriffs in crop tops.Tech TipHow does Meta’s Threads stack up against Twitter? Read our review.Now Time to PlayFill in the Mini Crossword, and a clue: Broke ground in a garden (four letters).Here are the Wordle and the Spelling Bee. You can find all our puzzles here.That’s it for today’s briefing. See you tomorrow! — AmeliaP.S. Alice Callahan will be our new nutrition reporter.“The Daily” is on the U.S. labor market.We’d love to hear from you. Write: briefing@nytimes.com. More

    • 75 Shares109 Views

      in Elections

      Possible Cyberattack Disrupts The Philadelphia Inquirer

      by

      The Inquirer, citing “anomalous activity” on its computer systems, said it was unable to print its regular Sunday edition and told staff members not to work in the newsroom at least through Tuesday.A possible cyberattack on The Philadelphia Inquirer disrupted the newspaper’s print operation over the weekend and prompted it to close its newsroom through at least Tuesday, when its staff will be covering an expensive and fiercely contested mayoral primary.Elizabeth H. Hughes, the publisher and chief executive of The Inquirer, said that the newspaper discovered “anomalous activity on select computer systems” on Thursday and “immediately took those systems offline.”But The Inquirer was unable to print its regular Sunday edition, the newspaper reported. Instead, print subscribers received a Sunday “early edition,” which went to press on Friday night. The newspaper also reported on Sunday that its ability to post and update stories on its website, Inquirer.com, was “sometimes slower than normal.”The Monday print editions of The Inquirer and The Philadelphia Daily News, which The Inquirer also publishes, were distributed as scheduled, Evan Benn, a company spokesman, said.But employees will not be permitted to work in the newsroom at least through Tuesday because access to The Inquirer’s internet servers has been disrupted, Ms. Hughes said in an email to the staff on Sunday evening that was shared with The New York Times.Ms. Hughes said that the company was looking for a co-working space for Tuesday, when The Inquirer will be covering a closely contested Democratic primary that is all but certain to determine the next mayor of Philadelphia — the largest city in Pennsylvania, a presidential swing state.“I truly don’t think it will impact it at all, short of us not being able to be together in the formal newsroom,” said Diane Mastrull, an editor who is president of The Newspaper Guild of Greater Philadelphia, the union that represents reporters, photographers and other staff members at The Inquirer. “Covid has certainly taught us to do our jobs remotely.”She said on Monday that the newspaper’s content management system, which staff members use to write and edit stories, was “operating with continued workarounds.”“I would not use the word ‘normal,’” Ms. Mastrull said.Ms. Hughes said that The Inquirer had notified the F.B.I. and had “implemented alternative processes to enable publication of print editions.”The newspaper was also working with Kroll, a corporate investigation firm, to restore its systems and to investigate the episode, Ms. Hughes said.The Inquirer, in its news story on the “apparent cyberattack,” said it was the most significant disruption to the publication of the newspaper since January 1996, when a major blizzard dropped more than 30 inches of snow on Philadelphia.The newspaper reported that Ms. Hughes, citing a continuing investigation, had declined to answer detailed questions about the episode, including who was behind it, whether The Inquirer or its employees appeared to have been specifically targeted, or whether any sensitive employee or subscriber information might have been compromised.In an email on Monday, Mr. Benn, the company spokesman, said: “As our investigation is ongoing, we are unable to provide additional information at this time. Should we discover that any personal data was affected, we will notify and support” anyone who might have been affected.Special Agent E. Edward Conway of the F.B.I. field office in Philadelphia said that while the agency was aware of the issue, it was the bureau’s practice not to comment on specific cyber incidents. “However, when the F.B.I. learns about potential cyberattacks, it’s customary that we offer our assistance in these matters,” Mr. Conway said in an email.Ms. Mastrull, who was working as an editor over the weekend, said that staff members had noticed on Saturday that they could not log on to the content management system.They were given a workaround, she said, but the process created “very, very difficult working conditions” as the staff covered the last weekend of campaign events before the primary, Taylor Swift concerts at Lincoln Financial Field and Game 7 of the Eastern Conference semifinals between the Boston Celtics and the Philadelphia 76ers.Employees were “a little concerned that there weren’t enough protections against this, and very frustrated that the company’s communication was lacking specifics,” Ms. Mastrull said.In 2018, The Los Angeles Times said that a cyberattack had disrupted its printing operations and those at newspapers in San Diego and Florida. Unnamed sources cited by The Los Angeles Times suggested that the newspaper might have been hit by ransomware — a pernicious attack that scrambles computer programs and files before demanding that the victim pay a ransom to unscramble them.The Guardian reported that it was hit by a ransomware attack in December in which the personal data of staff members in Britain was compromised. The Guardian reported that the attack forced it to close its offices for several months.In an email to the staff of The Inquirer on Sunday night, Ms. Mastrull summarized the day’s news and paid tribute to the staff members who covered it, “despite a publishing system rendered virtually inoperable.”“Now all we have to do is find some co-working space so we can cover a really important election Tuesday,” she wrote. “Can’t keep us down!” More

    • 125 Shares99 Views

      in Elections

      Meta Manager Was Hacked With Spyware and Wiretapped in Greece

      by

      Artemis Seaford, a dual U.S.-Greek national, was targeted with a cyberespionage tool while also under a wiretap by the Greek spy agency in a case that shows the spread of illicit snooping in Europe.A U.S. and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.The disclosure is the first known case of an American citizen being targeted in a European Union country by the advanced snooping technology, the use of which has been the subject of a widening scandal in Greece. It demonstrates that the illicit use of spyware is spreading beyond use by authoritarian governments against opposition figures and journalists, and has begun to creep into European democracies, even ensnaring a foreign national working for a major global corporation.The simultaneous tapping of the target’s phone by the national intelligence service and the way she was hacked indicate that the spy service and whoever implanted the spyware, known as Predator, were working hand in hand.The latest case comes as elections approach in Greece, which has been rocked by a mounting wiretapping and illegal spyware scandal since last year, raising accusations that the government has abused the powers of its spy agency for illicit purposes.The Predator spyware that infected the device is marketed by an Athens-based company and has been exported from Greece with the government’s blessing, in possible breach of European Union laws that consider such products potential weapons, The New York Times found in December.The Greek government has denied using Predator and has legislated against the use of spyware, which it has called “illegal.”“The Greek authorities and security services have at no time acquired or used the Predator surveillance software. To suggest otherwise is wrong,” Giannis Oikonomou, the government spokesman, said in an email. “The alleged use of this software by nongovernmental parties is under ongoing judicial investigation.”“Greece was among the first countries in Europe that passed legislation banning the sale, use and possession of malware in December 2022, which has the most severe legal consequences and strict penalties for individuals and legal entities involved in such an offense,” Mr. Oikonoumou continued. “The same legislation includes provisions on restructuring of the National Intelligence Service, additional safeguards for legal surveillance and modernizing procedures on confidentiality of communications.”European Union lawmakers have launched their own investigation.Prime Minister Kyriakos Mitsotakis of Greece has come under pressure to explain how and why Predator was sold from Greece and used in Greece, supposedly without the government’s knowledge, against members of his own government, opposition politicians and journalists.Prime Minister Kyriakos Mitsotakis of Greece, center, during a parliamentary debate in January. He has been under pressure to explain how and why Predator spyware was sold from Greece and used in Greece.Petros Giannakouris/Associated PressHe has insisted that the Greek government had nothing to do with the cyber-surveillance tool, but that opaque actors may have used it behind the authorities’ backs.The latest case centers on Artemis Seaford, a Harvard and Stanford Law graduate, who worked from 2020 to the end of 2022 as a Trust and Security manager at Meta, the parent company of Facebook, while living in Greece.In her role at Meta, Ms. Seaford worked on policy questions relating to cybersecurity and she also maintained working relations with Greek as well as other European officials.After she saw her name on a leaked list of spyware targets in the Greek news media last November, she took her phone to The Citizen Lab at the University of Toronto, the world’s foremost forensics experts on spyware.The lab report, which was reviewed by The New York Times, found that Ms. Seaford’s mobile phone had been hacked with the Predator spyware in September 2021 for at least two months.“This does not preclude the possibility of other infections, or of an infection period extending beyond 2021-11-16,” the forensic report by Citizen Lab said.Ms. Seaford on Friday filed a lawsuit in Athens against anyone found responsible for the hack. The suit compels prosecutors to open an investigation.Ms. Seaford also filed a request with the Greek Authority for the Protection of the Privacy of Telecommunications, an independent constitutional watchdog, asking them to determine whether the Greek national intelligence service, known as the EYP, had wiretapped her phone..css-1v2n82w{max-width:600px;width:calc(100% – 40px);margin-top:20px;margin-bottom:25px;height:auto;margin-left:auto;margin-right:auto;font-family:nyt-franklin;color:var(–color-content-secondary,#363636);}@media only screen and (max-width:480px){.css-1v2n82w{margin-left:20px;margin-right:20px;}}@media only screen and (min-width:1024px){.css-1v2n82w{width:600px;}}.css-161d8zr{width:40px;margin-bottom:18px;text-align:left;margin-left:0;color:var(–color-content-primary,#121212);border:1px solid var(–color-content-primary,#121212);}@media only screen and (max-width:480px){.css-161d8zr{width:30px;margin-bottom:15px;}}.css-tjtq43{line-height:25px;}@media only screen and (max-width:480px){.css-tjtq43{line-height:24px;}}.css-x1k33h{font-family:nyt-cheltenham;font-size:19px;font-weight:700;line-height:25px;}.css-1hvpcve{font-size:17px;font-weight:300;line-height:25px;}.css-1hvpcve em{font-style:italic;}.css-1hvpcve strong{font-weight:bold;}.css-1hvpcve a{font-weight:500;color:var(–color-content-secondary,#363636);}.css-1c013uz{margin-top:18px;margin-bottom:22px;}@media only screen and (max-width:480px){.css-1c013uz{font-size:14px;margin-top:15px;margin-bottom:20px;}}.css-1c013uz a{color:var(–color-signal-editorial,#326891);-webkit-text-decoration:underline;text-decoration:underline;font-weight:500;font-size:16px;}@media only screen and (max-width:480px){.css-1c013uz a{font-size:13px;}}.css-1c013uz a:hover{-webkit-text-decoration:none;text-decoration:none;}What we consider before using anonymous sources. Do the sources know the information? What’s their motivation for telling us? Have they proved reliable in the past? Can we corroborate the information? Even with these questions satisfied, The Times uses anonymous sources as a last resort. The reporter and at least one editor know the identity of the source.Learn more about our process.Two people with direct knowledge of the case said that Ms. Seaford had in fact been wiretapped by the Greek spy service from August 2021, the month before the spyware hack, and for several months into 2022.They spoke on condition of anonymity because it is illegal for them to publicly comment on EYP operations.It could take a minimum of three years for Ms. Seaford to be informed of the spy agency wiretap under Greek laws that the government has twice changed since a flurry of wiretapping cases have come to light.Ms. Seaford is now is the fourth known person to file suit in Greece involving the spyware, after an investigative reporter and two opposition politicians.In the first case, an investigative reporter, Thanasis Koukakis, in 2020 similarly asked the constitutional watchdog authority to inform him whether he had also been placed under a wiretap.Thanasis Koukakis, an investigative journalist, has taken the Greek government to the European Court of Human Rights over a change in Greece’s surveillance law. Angelos Tzortzinis/Agence France-Presse — Getty ImagesBefore Mr. Koukakis could get a formal answer, the government quickly passed a law in 2021 that drastically curbs citizens’ rights to be informed if they had been under surveillance by the national intelligence service. Mr. Koukakis has taken the Greek government to the European Court of Human Rights over the change in the law.The Greek government has since come under pressure to restore some recourse for citizens to learn about being wiretapped and seek redress if their surveillance had been abusive.Under a law passed last year, a citizen who has been targeted by the spy agency can now be informed — but only if they ask, and subject to the approval of a committee, and no earlier than three years after the end of the wiretap.It is under those new conditions that Ms. Seaford’s surveillance by the Greek national intelligence service may one day be officially confirmed.“Targets of abusive surveillance should have the right to know what happened to them and have means of redress just like every other crime,” Ms. Seaford said in an interview.She maintains that there is no reasonable explanation for her being targeted. Wiretapping in Greece is permitted only for national security reasons or serious criminal investigations.More than a year after her surveillance by the Greek intelligence service and the illegal spyware infection of her mobile device, no charges have been brought against her, and she has not been asked to cooperate with the authorities on any investigation.“In my case, I do not know why I was targeted, but I cannot see any reasonable national security concerns behind it,” Ms. Seaford said. Meta and the U.S. embassy in Athens declined to comment.Ms. Seaford’s targeting by the Greek spy agency and some elements of her case were earlier reported by the Greek newspaper Documento.In Ms. Seaford’s case, it appears that information gleaned from the wiretap may have assisted the ruse used to implant the spyware, according to the timeline established by the forensic analysis and submitted to the Greek prosecutor.Demonstrators in Athens last year protesting revelations of the phone tapping of a political leader and journalists by the Greek National Intelligence Service. The scandal has become an issue in coming elections.Orestis Panagiotou/EPA, via ShutterstockIn September 2021, Ms. Seaford booked an appointment for a booster shot of the Covid-19 vaccine through the official Greek government vaccination platform.She got an automated SMS with her appointment details on Sept. 17, just after midnight. Five hours later, at 05:31 a.m., documents show, she received another SMS asking her to confirm the appointment by clicking on a link.This was the infected link that put Predator in her phone. The details for the vaccination appointment in the infected text message were correct, indicating that someone had reviewed the authentic earlier confirmation and drafted the infected message accordingly.The sender also appeared to be the state vaccine agency, while the infected URL mimicked that of the vaccination platform.Ms. Seaford, who has been reluctant to get dragged into Greek party politics, where the surveillance scandal has become a point of bitter debate, said the question of spyware and surveillance abuse should be a nonpartisan issue.“My hope is that my case and others like mine will not just be instrumentalized, shut down to avoid political cost for some, or, conversely, elevated for the political gain of others,” she said. More

    • 100 Shares199 Views

      in Elections

      L.A. Drops Criminal Charges Against Election Software Executive

      by

      Before the arrest of its founder and chief executive, Eugene Yu, Konnech repeatedly denied keeping data outside the United States, including in statements to The New York Times.Emily Elconin for The New York TimesLos Angeles County dropped criminal charges against the top executive of an elections technology company on Wednesday, bringing to an abrupt end an unusual case that became the focus of Americans who distrust the country’s electoral system.The district attorney’s office said in a statement that it had dropped the case against the executive, Eugene Yu, because of concerns about the “pace of the investigation” and the “potential bias in the presentation” of evidence in the case. The office said the county had assembled a new team to “determine whether any criminal activity occurred.”The prosecutors did not respond to questions about the decision.“Mr. Yu is an innocent man,” Gary Lincenberg, Mr. Yu’s lawyer, said in a statement, adding that “conspiracy theorists” were using the arrest to “further their political agenda.”Last month, Los Angeles prosecutors accused Mr. Yu, the chief executive of Konnech, a small election software company in Michigan, of storing data about poll workers on servers in China, a breach of the company’s contract with the county. The charges related only to poll worker data and had no impact on votes or election results.Mr. Yu, 64, has repeatedly denied sending data to China. The New York Times published an article about the claims and his denials as a part of its coverage of misinformation and elections. Los Angeles prosecutors arrested Mr. Yu the day after the article was published.The abrupt dismissal left several unanswered questions about the case and Mr. Yu’s suspected activities. The district attorney’s office did not clarify whether the company had, in fact, stored data in China. It was also not clear whether additional criminal or civil charges could be filed against Mr. Yu or Konnech from Los Angeles County or dozens of other counties that use Konnech’s election management software.Konnech has about 20 employees in the United States and about 20 customers. It plays no role in the tabulation or counting of votes in American elections. But some election deniers have suggested that Konnech gave the Chinese government a back door to manipulate America’s election process.True the Vote, an organization that claims to be devoted to uncovering election fraud, said at a conference this summer that its team had found and downloaded Konnech’s poll worker data from servers in China. It provided no evidence that it had downloaded the data, but said it had delivered a hard drive to the Federal Bureau of Investigation.Konnech sued True the Vote, along with Catherine Engelbrecht, its founder, and Gregg Phillips, an election denier and longtime associate of the group, accusing them of defamation and hacking. The pair were briefly jailed last week after refusing to release the name of a person involved in the suspected hack of Konnech’s data.In an earlier court filing, Mr. Phillips said he had spoken with the grand jury in Los Angeles County that eventually indicted Mr. Yu. More

    • 125 Shares189 Views

      in Elections

      How a Tiny Elections Company Became a Conspiracy Theory Target

      by

      At an invitation-only conference in August at a secret location southeast of Phoenix, a group of election deniers unspooled a new conspiracy theory about the 2020 presidential outcome.Using threadbare evidence, or none at all, the group suggested that a small American election software company, Konnech, had secret ties to the Chinese Communist Party and had given the Chinese government backdoor access to personal data about two million poll workers in the United States, according to online accounts from several people at the conference.In the ensuing weeks, the conspiracy theory grew as it shot around the internet. To believers, the claims showed how China had gained near complete control of America’s elections. Some shared LinkedIn pages for Konnech employees who have Chinese backgrounds and sent threatening emails to the company and its chief executive, who was born in China.“Might want to book flights back to Wuhan before we hang you until dead!” one person wrote in an email to the company.In the two years since former President Donald J. Trump lost his re-election bid, conspiracy theorists have subjected election officials and private companies that play a major role in elections to a barrage of outlandish voter fraud claims.But the attacks on Konnech demonstrate how far-right election deniers are also giving more attention to new and more secondary companies and groups. Their claims often find a receptive online audience, which then uses the assertions to raise doubts about the integrity of American elections.Unlike other election technology companies targeted by election deniers, Konnech, a company based in Michigan with 21 employees in the United States and six in Australia, has nothing to do with collecting, counting or reporting ballots in American elections. Instead, it helps clients like Los Angeles County and Allen County, Ind., with basic election logistics, such as scheduling poll workers.Konnech said none of the accusations were true. It said that all the data for its American customers were stored on servers in the United States and that it had no ties to the Chinese government.But the claims have had consequences for the firm. Konnech’s founder and chief executive, Eugene Yu, an American citizen who immigrated from China in 1986, went into hiding with his family after receiving threatening messages. Other employees also feared for their safety and started working remotely, after users posted details about Konnech’s headquarters, including the number of cars in the company’s parking lot.“I’ve cried,” Mr. Yu wrote in an email. “Other than the birth of my daughter, I hadn’t cried since kindergarten.”The company said the ordeal had forced it to conduct costly audits and could threaten future deals. It hired Reputation Architects, a public relations and crisis management company, to help navigate the situation.After the conspiracy theorists discovered that DeKalb County in Georgia was close to signing a contract with Konnech, officials there received emails and comments about the company, claiming it had “foreign ties.” The county Republican Party chairwoman, Marci McCarthy, heard from so many members about Konnech that she echoed parts of the conspiracy theory at a public comment period during the county’s elections board meeting.“We have a lot of questions about this vendor,” Ms. McCarthy said.The county signed the contract soon after the meeting.“It’s a completely fabricated issue,” Dele Lowman Smith, the elections board chair, said in an interview. “It’s absolutely bizarre, but it’s part of the tone and tenor of what we’re having to deal with leading up to the elections.”Although Konnech is a new target, the people raising questions about the company include some names notorious for spreading election falsehoods.The recent conference outside Phoenix was organized by True the Vote, a nonprofit founded by the prominent election denier Catherine Engelbrecht. She was joined onstage by Gregg Phillips, an election fraud conspiracy theorist who often works with the group. The pair achieved notoriety this year after being featured in “2000 Mules,” a widely debunked documentary claiming that a mysterious army of operatives influenced the 2020 presidential election.Ms. Engelbrecht and Mr. Phillips claimed at the conference and in livestreams that they investigated Konnech in early 2021. Eventually, they said, the group’s team gained access to Konnech’s database by guessing the password, which was “password,” according to the online accounts from people who attended the conference. Once inside, they told attendees, the team downloaded personal information on about 1.8 million poll workers.A Truth Social account shared the conspiracy theory about Konnech that Gregg Phillips, left on the stage, and Catherine Engelbrecht presented at an event in Arizona in August.Truth SocialThe pair said they had notified the Federal Bureau of Investigation of their findings. According to their story, the agents briefly investigated their claim before turning on the group and questioning whether it had hacked the data.The F.B.I.’s press office said the agency “does not comment on complaints or tips we may or may not receive from the public.”Konnech said in a statement that True the Vote’s claim it had access to a database of 1.8 million poll workers was impossible because, among other reasons, the company had records on fewer than 240,000 poll workers at the time. And the records on those workers are not kept on a single database.The company said it had not detected any data breach, but declined to provide details about its technology, citing security concerns.Konnech once owned Jinhua Yulian Network Technology, a subsidiary out of China, where programmers developed and tested software. But the company said its employees there had always used “generic ‘dummy’ data created specifically for testing purposes.” Konnech closed the subsidiary in 2021 and no longer has employees in China.Konnech sued True the Vote last month, accusing it of defamation, violation of the federal Computer Fraud and Abuse Act, theft and other charges.The judge in the case granted Konnech’s request for an emergency temporary restraining order against the group, writing that Konnech faced “irreparable harm” and that there was a risk that True the Vote would destroy evidence. The order also required True the Vote to explain how it had supposedly gained access to Konnech’s data.True the Vote, Ms. Engelbrecht and Mr. Phillips said they could not comment because of a restraining order issued against them.But in a livestream on social media, Ms. Engelbrecht said the allegations by Konnech were meritless. “True the Vote looks forward to a public conversation about Konnech’s attempts to silence examination of its activities through litigation,” she said.Since the restraining order, True the Vote, Ms. Engelbrecht and Mr. Phillips have told Konnech a new version of their story, changing several important details.Mr. Phillips had explained in a podcast on Aug. 22 that “my analysts” had gained access to the data. But in a letter shared with Konnech’s lawyers, the group claimed that a third party who “was not contracted to us or paid by us” had approached them, claiming it had Konnech’s data. That person, who was unnamed except in a sealed court filing, presented only a “screen share” of “certain elements” of the data. They added that while the group had been provided with a hard drive containing the data, they “did not view the contents,” instead sharing it with the F.B.I.“True the Vote has never obtained or held any data as described in your petition,” they wrote. “This is just one of many inaccuracies contained therein.”The lawsuit did little to slow believers, who continued attacking Konnech. Some employees left the company, citing stress from the crisis, Mr. Yu said. The departures added to the workload among remaining staff just a few weeks before the midterm election.As True the Vote blanketed Konnech’s customers with information requests last year, Mr. Yu sent an email to Ms. Engelbrecht offering his help. True the Vote released that email exchange, including his unredacted email address and phone number, and a trove of other documents related to the company. That gave conspiracy theorists an easy way to target Mr. Yu with threatening messages. He now calls the email he sent naïve.“As we did more research into who they were, it became more and more clear that they had no interest in the truth,” he said. “For them, the truth is inconvenient.”Alexandra Berzon More