Department of State seeks the identification or location of foreign adversaries
The US government has offered rewards of up to $10 million for information related to foreign agents looking to disrupt elections through cyber-attacks.
A statement from the US Department of State announced that it is seeking the identification or location of any foreign adversary looking to interfere with federal, state, or local elections by aiding or abetting a violation of computer fraud and abuse laws.
The government specifically pointed to section 1030 of title 18, which encompasses fraud and related activity in connection with computers.
“Persons engaged in certain malicious cyber operations targeting election or campaign infrastructure may be subject to prosecution under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, which criminalizes unauthorized computer intrusions and other forms of fraud related to computers.
“Among other offenses, the statute prohibits unauthorized accessing of computers to obtain information and transmit it to unauthorized recipients,” the statement reads.
The incentive is being offered through the ‘Rewards for Justice’ program, administered by the Diplomatic Security Service.
Since its inception in 1984, the program has paid out more than $150 million in return for actionable information to prevent terrorism, bringing terrorist leaders to justice, and resolving threats to US national security, the government said.
Right to (securely) vote
The offer for recompense comes as the US prepares for the 2020 presidential election, set to take place in November.
Yesterday, attendees at the annual Black Hat USA conference heard cryptographer Matt Blaze discuss the pitfalls of current voting systems.
Confidence in the outcome of an election increasingly depends on the integrity of the voting systems themselves, Blaze said.
The Covid-19 outbreak has raised concern over whether voters will be able to attend polling stations to cast their votes. So why not move voting online?
A major issue surrounding online voting is the risk of interference, notably the threat of nation-state adversaries.
“They may be satisfied with simply disrupting the overall process and casting doubt on the legitimacy of the outcome, or making it difficult for people to vote or to know who won,” he said.
So, if voting in person isn’t secure and voting online isn’t secure, what is the answer?
“If you ask the internet, they are pretty unanimous that there are two solutions to this problem. One is that you shouldn’t use software – let’s go back to hand counting paper ballots.
“The other is that you should use more software – that is, everyone should vote on the block chain. And unfortunately, once you start digging in, neither of those ‘simple’ solutions are as viable as they might sound.”
Read more about Blaze’s keynote briefing here.
Blaze wasn’t the only speaker at this year’s virtual Black Hat conference to voice his apprehension over the security of the upcoming elections.
Yesterday Chris Krebs, director of the US Cybersecurity and Infrastructure Security Agency (CISA), expanded on the topic of election security with a talk focusing on federal efforts to support state and local officials in delivering secure elections in November.
Later on Wednesday, a representative from a voting machine vendor, Chris Wlaschin, shared a platform with Mark Kuhr, CTO of cybersecurity firm Synack, to discuss their relative perspectives and the need for improved collaboration.
“The voting industry and the security researchers who are examining their products need a vulnerability disclosure program so both communities can effectively work together to fix problems in election systems and ultimately make America’s democracy stronger and more resilient,” a preview of the talk explained.