News: Ex-White House officials gear up for Harris fundraiser in Vegas

Monday, August 5, 2024

Ex-White House officials gear up for Harris fundraiser in Vegas

Aug 05, 2024

With help from Maggie Miller and John Sakellariadis

Driving the day

— Tens of thousands have already been raised by former White House cyber heavyweights orchestrating a major fundraiser for Kamala Harris’ presidential bid on the sidelines of some of the world’s biggest hacker conventions in Vegas.

HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! I’ve done my stretching and calibrated my heart rate to brisk mode in anticipation for Black Hat and DEF CON. Good luck trying to catch me this week, comms people.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find Joseph on X at @JGedeon1 or email him at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

THE CONFERENCE CIRCUIT

A BLUE WAVE IN THE DESERT — Top former White House cyber officials are going all in on Kamala Harris, launching a high-octane fundraiser that’s so far raised tens of thousands of dollars for her presidential campaign just as cyber world's elite gather for DEF CON and Black Hat.

"Literally, like three hours after her campaign was announced, I called [former White House acting national cyber director] Kemba [Walden] and said, 'Hey, we've got to do this event,'" Jake Braun, former White House acting principal deputy national cyber director and fundraiser co-organizer, told MC.

— The place to be: Rescheduled to Thursday afternoon in Vegas, the event aims to attract both Black Hat crowd and DEF CON enthusiasts who back the new blue candidate.

Expect to see a who's who of cyber bigwigs in attendance, with Braun hinting at "significant representation from the cyber industry" — though that likely wouldn’t include any current government officials.

— Fundraising frenzy: Organizers are aiming to rake in around $150,000 this year, and already pulled together tens of thousands in donations, Braun said. That’s a higher cap from the two past presidential cyber and hacker fundraisers, which pulled in about $100,000 total.

The Harris team has been on a roll since announcing her takeover campaign bid for president on July 21. The Biden-then-Harris campaign swamped former President Donald Trump with $310 million in total fundraising last month, compared to his $138.7 million.

— What they consider important: As for what the cyber community would be looking to, Braun says, is that a “future Harris administration keeps research waivers top of mind” — referring to the DMCA’s anti-circumvention provisions that allow researchers to examine and test the security of electronic voting systems.

— Crickets for Biden: While the cyber community is looking to rally behind Harris’ presidential campaign in Vegas, it seems like a similar event for President Joe Biden was never on the books.

While Team Biden did score some cyber cash in 2020 with a virtual event, the Harris bandwagon started rolling within hours of her campaign announcement.

“She had our back,” Braun said. “So now the hacker community needs to have hers.”

— Picture this: It’s the last day of DEF CON 2018. Braun’s on a plane, about to leave Vegas when his phone started getting inundated with messages saying “you won’t believe” what then-Sen. Kamala Harris just did. Then? He loses signal as the plane takes off.

“I’m sitting there for hours in suspense,” Braun tells MC. “What the hell is going on? Are we getting sued?”

Turns out, then-Sen. Harris orchestrated a bipartisan letter with Sens. James Lankford (R-Okla.), Susan Collins (R-Maine), and Mark Warner (D-Va.) urging a major electronic voting machine manufacturer to take seriously the vulnerabilities exposed during a voting machine hacking contest at DEF CON's Voting Village, Braun’s brainchild that had been facing some serious heat.

"It was a turning point," Braun said. "Our adversaries who were trying to stop us kind of backed off at that point, and we really had her to thank for it."

On the Hill

MC EXCLUSIVE — Sen. Chuck Grassley (R-Iowa) unleashed a flurry of inquiries into the massive AT&T data breach that exposed call records of nearly all its customers, firing off letters to the telecom giant and 17 federal agencies, Morning Cyber has learned.

The Senate Budget Committee’s top Republican dispatched these missives late Friday, demanding answers from AT&T CEO John Stankey and the heads of multiple government departments — including Defense, Homeland Security, State, Health and Human Services, Energy, the FBI, the Department of Justice and the White House’s executive office of the president — seeking extensive information about the April cyberattack and its potential national security implications.

— What’s in the letters:

To AT&T CEO Stankey: Grassley wants details on security protocols, vulnerability awareness, and breach response. He’s particularly interested in why it took AT&T five days to detect the intrusion and why the public wasn't informed until nearly three months later. He also wants to know when federal authorities were alerted, and how many (if any) were affected.

"AT&T must explain how this data breach happened and what is being done to ensure that it does not place American data at risk again," Grassley writes.
The company’s director of communications Alex Byers told MC they’ve received the letter and “will be responding.”

To federal agencies: The senator is pressing for info and impact details, including whether hackers accessed sensitive government data and federal communication patterns, and how agencies communicated with AT&T and other authorities post-breach.

The Pentagon, Commerce and Department of Homeland Security tell MC they will respond directly to members of Congress. Other departments did not respond to a request for comment.
— Why it matters: Grassley's wide-ranging inquiry signals growing congressional concern over cybersecurity vulnerabilities in critical infrastructure. Congress passed a mandatory reporting bill for hacks in critical infrastructure in 2022, it just isn't in effect yet.

— What’s next: Responses are due by Aug. 16.

FIRST IN MC: NEW ELECTION DISINFO BILL — A group of six Senate democrats are introducing a bill to hold social platforms liable if they knowingly host disinformation about the time, place and manner of how to vote on their platforms.

Spearheaded by Sen. Peter Welch (D-Vt.), the proposal would carve out an exception to liability protections companies like Facebook and X enjoy under Section 230 of the Communications Decency Act, a foundational internet-era law that shields the platforms from civil liability over most third-party content.

— Watch this space: While the bill lacks any Republican backers and is unlikely to become law anytime soon, its introduction shows how concerned some lawmakers remain about viral Election Day hoaxes.

In a press statement, Welch said that social media platforms have been “reluctant to intervene” even in cases where there are “carefully orchestrated campaigns target[ing] voters with false information in an effort to keep them from the ballot box.”

— The full roster: Sens. Amy Klobuchar (D-Minn.), Jeff Merkley (D-Ore.), Ben Ray Luján (D-N.M.), Michael Bennet (D-Colo.), and Mazie Hirono (D-Hawaii) are also sponsoring the bill, and it has support from left-leaning voter advocacy groups Common Cause and Stand Up America.

The International Scene

FLAW IN THE TREATY — The final meeting of the United Nations’ Ad Hoc Committee to create a cybercrime treaty is entering its second week — and chaos could be about to unfold as delegates look to hammer out an agreement that might not even make it through a vote.

The cybercrime treaty, the idea for which was first put forward formally by Russia, has been in negotiations for years, and while it’s nearing the final stretch, some advocates have serious concerns about the text as it stands now. These include the potential that it could be used by countries including Russia and China to back up state surveillance of citizens, and create problems for privacy and security research.

Raman Jit Singh Chima, director of Asia Pacific policy at digital rights group Access Now, has been observing the negotiations. He told Maggie on Friday that the Chinese delegation has been quietly working to push the treaty forward with the nation’s preferred language behind the scenes, in particular opposing language to protect human rights issues in the text.

In addition, he said that Russia has been advocating to keep the number of states needed to ratify the treaty low, making it easier for the text to go into effect, even if the U.S. and its allies in the European Union oppose it.

The ad hoc committee has until the end of the working week to hammer out the text, at which point a vote will be called. If the treaty does not pass in full, portions will be voted on to see if they can reach a two thirds majority. Only if the treaty makes it through this gauntlet can it have a hope of a vote during the UN General Assembly in September.

Tweet of the Day

You can’t hack it if it’s offline. That’s thinking ahead.

Source: https://x.com/_xpn_/status/1820120761505657298

@_xpn_/X

Quick Bytes

MAGNIBER ALERT — A massive Magniber ransomware campaign is encrypting home computers worldwide and demanding thousands of dollars in ransom for decryption. Lawrence Abrams with BleepingComputer has the story.

BOLD MOVE, ATTACKERS — Hackers directly contacted immigration firm customers after a cyberattack, potentially to pressure the company for ransom, writes Jonathan Greig for The Record.

“GPS Jamming Reported in Tel Aviv and Central Israel, Echoing Eve of April's Iran Attack”’ (Haaretz)

Chat soon.

Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).