Editor’s Note: Weekly Cybersecurity is a weekly version of POLITICO Pro’s daily Cybersecurity policy newsletter, Morning Cybersecurity. POLITICO Pro is a policy intelligence platform that combines the news you need with tools you can use to take action on the day’s biggest stories. Act on the news with POLITICO Pro.
— TikTok is summarily removing videos about hacking — including content meant to help and educate the public.
— An alleged cyberattack targeting the State Department is just the latest example of how vulnerable the federal government remains.
— Results of a Republican-backed election “audit” in Arizona are expected today, but state officials are already dismissing its claims.
IT’S MONDAY. Welcome back to Morning Cybersecurity! I’m your host, Sam Sabin. Start your week off on the right foot: Send thoughts, feedback and — especially — story tips to [email protected]. Follow @POLITICOPro and @MorningCybersec. Full team contact info below.
NOT FOR YOU PAGE — Well-intentioned hackers trying to teach online hygiene and safety are running into a problem on TikTok: the newer social media platform’s algorithms can’t distinguish between videos about criminal and ethical hacking.
Marcus Hutchins, who rose to fame after temporarily stopping the WannaCry ransomware attack in 2017, knows this problem well. Whenever he posts an educational video demonstrating hacking techniques bad actors use, TikTok’s content moderation algorithm immediately removes it for seemingly violating policies against promoting criminal activity. The platform also bans Hutchins from posting for a couple of days.
— The weird part: Each time he’s appealed the removals, TikTok has reinstated the video. And Hutchins says he’s not the only one. “Everyone in cybersecurity is having this issue,” he told MC.
TikTok spokesperson Jamie Favazza pointed MC to a section in the platform’s guidelines that says educational content like Hutchins’ should be allowed: “We recognize that some content that would normally be removed per our Community Guidelines could be in the public interest,” the guidelines say. “Therefore, we may allow exceptions under certain circumstances.” (This is most likely why Hutchins’ videos are reinstated following appeal.)
— Favazza also shared a July blog post detailing the platform’s switch to algorithmic violation detection, where an algorithm is the first to flag if a video appears to be breaking the rules. The switch to automatic removal was made to reduce “the volume of distressing videos moderators view,” the company said. The blog post also says that if a video is reinstated, then a violation shouldn’t impact an account going forward, although Hutchins’ experience did not match that standard.
Hutchins said the video removals and temporary suspensions have become so predictable that he plans his posts around them. Videos like an explainer of what “ethical hacking” will be posted first so he has fresh content up before he’s eventually suspended for another week when he publishes his demonstration of how bad actors could steal personal information from employee key cards.
— Still the early days: Hutchins said he ran into the same problems with content moderation in the early days of YouTube. But while YouTube, Instagram and Twitter don’t flag his videos anymore, TikTok remains a problem.
But TikTok’s speed and mostly Gen Z and millennial audience makes it too valuable to creators like Hutchins to completely abandon, despite the headaches.
“Even if I do get banned for a week after every single post, I’m probably still going to be getting more views than on any other [social media] channel,” Hutchins said. “I’m guessing at some point my ban becomes permanent, at which point I guess I’m forced to stop.”
THE LATEST GOVERNMENT BREACH — A few weeks after a Senate report gave the State Department a “D” for its cybersecurity posture, a cyberattack is targeting the department, according to a Fox News report Saturday.
It’s not known who’s behind the attack and what data they may have accessed — if any. A State Department spokesperson told MC on Sunday that “for security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time.”
CISA redirected inquiries to the State Department.
— A silver lining: A source familiar with the situation told Fox News that the attack hasn’t impacted the “mass evacuation of thousands of Americans and Afghans from Kabul.”
While not much is known about the extent of the State Department incident, the Senate Homeland Security Committee report published earlier this month revealed serious cyber shortcomings at eight federal agencies, including State.
Here are a few of the most alarming findings:
— The State Department is still using systems that no longer receive software updates from the vendor, including an unsupported version of Microsoft Windows. The department also lacks a “software management process” that would plan phase outs of unsupported software.
— The department had 450 critical and 736 high-risk vulnerabilities that still hadn’t been patched. “This number of outstanding vulnerabilities demonstrates the department’s failure to comply with its own policy for patch management and vulnerability remediation,” the report said.
— State has also failed to deactivate thousands of inactive accounts that have access to classified networks in a timely manner. The department’s inspector general has previously reported that some accounts remained active for as long as 152 days after an employee leaves their post.
LET THE BATTLE BEGIN — The results of a partisan election “audit” in Arizona’s Maricopa County are expected to be submitted to state Republican lawmakers Monday. But experts and state election officials have already been dismissing the findings — which won’t be immediately made available to the public.
Since Republican lawmakers hired small Florida-based cybersecurity firm Cyber Ninjas to conduct their own “audit” of the state’s 2020 presidential election results, the event has been riddled with problems: The audit has gone well past the original 60-day timeline. It was sanctioned solely by the Republican party. And Cyber Ninjas’ owner has promoted conspiracy theories about the 2020 election, sparking concerns about bias in the investigation.
— Getting ahead of it: And as my colleague Zach Montellaro reports, most election officials and the GOP-led Maricopa County Board of Supervisors have already completely dismissed the Republican lawmakers’ efforts. Democratic Secretary of State Katie Hobbs said last week that the “review conducted by the Senate’s contractors has consistently lacked” controls, access and transparency. Stephen Richer, the Republican county recorder in Maricopa County, said that the only thing that’s been “consistent about this endeavor has been missed deadlines and having to walk back statements.” And the state’s Republicans are already divided on whether the audit will help their odds in 2022.
Ahead of the 2022 midterms, the spread of election lies isn’t just happening in Arizona. Earlier this month, MyPillow Chief Executive Mike Lindell’s “cyber symposium” was filled to the brim with lies about the 2020 presidential election’s validity and whether voting machines are to be trusted.
T-MOBILE BREACH’S LONG TAIL — T-Mobile’s fifth data breach in four years is worse than the company originally thought. In an update Friday afternoon, the telecommunications giant said that now more than 54 million people have been affected by the breach, up from the roughly 48.6 million first reported on Wednesday. T-Mobile also said that phone numbers, as well as identifying numbers associated with a mobile phone, were also compromised.
From Joshua Miller, a threat analyst at Proofpoint: “In order to gain mainstream acceptance, hacking back will now be known as ‘Cyber Stand Your Ground.’”
— The House returns Monday to take up the infrastructure package. (POLITICO)
— The FBI is warning Silicon Valley companies that Russia and China are trying to turn their employees into spies. (Protocol)
— “Inside the Secret Codes Hackers Use to Outwit Ransomware Cops.” (The Daily Beast)
— LockBit ransomware is now attacking Microsoft Exchange servers. (Bleeping Computer)
Stay in touch with the whole team: Eric Geller ([email protected]); Bob King ([email protected]); Sam Sabin ([email protected]); and Heidi Vogt ([email protected]).