Last time, in 2016, the Democrat candidate Hillary Clinton found a convenient scapegoat in Russia after a poor campaign, in which she was overly confident of romping home, saw her lose to Donald Trump. Her campaign manager, Robby Mook, was the person to start the Russian myth.
This time, every organisation and individual who tilts left or towards the centre is trying to lend a hand to prevent a repeat that would ensure another four years in the White House for Trump.
Here's the moment on July 24th, 2016, when Robby Mook planted the Russia collusion hoax. This is what started it all. As we just learned from @DNI_Ratcliffe, this was immediately followed by Hillary pushing the fabricated scandal that Trump was working with Russia. pic.twitter.com/mRlLtk2CJ4— Hans Mahncke (@HansMahncke) September 29, 2020
Of course, none of these worthies ever undertakes a comprehensive study of the clumsy system that is used for elections in the US, with no central authority to mandate methods of voting and each state free to conduct the ballot in the way it wants. In many cases, this involves the use of voting machines — either models on which one votes directly or else devices which read a voter's choice from a sheet of paper — which have been shown to be extremely dodgy in the past.
On 27 September, the newspaper ran an article titled Ransomware Attacks Take On New Urgency Ahead of Vote which contains so much misinformation that anyone who lent their names to it would have also come away not exactly covered in glory.
The takeoff for this yarn, written by Nicole Perlroth and David Sanger, was a ransomware attack on US technology services provider Tyler Technologies, a company that provides services to a number of local governments. iTWire reported the attack as we do with most newsworthy ransomware incidents.
I've had nothing but respectable convos with Perlroth online but she's a terrible cyber security journo and don't be a source for her https://t.co/G2uj73kJbr— The Cyber (@r0wdy_) September 28, 2020
Initially, Sanger and Perlroth write that this firm sells software that cities and states use to display results on election night. But two paragraphs later, comes the clarifier: "While Tyler does not actually tally votes, it is used by election officials to aggregate and report them in at least 20 places around the country..." Then why not say so at the start? I'm guessing that it would have diluted the story and all the subsequent hyperbole in which the pair indulge.
There is another very broad statement before this, with no source quoted, either anonymously or by name: "Many of the attacks are conducted by Russian criminal groups, some with shady ties to President Vladimir V. Putin’s intelligence services. (Don't miss the use of Putin's middle initial, an American obsession)." So where do the enterprising duo get this information? One is left scratching one's head.
The Times continues: "But the attack on Tyler Technologies, which continued on Friday night with efforts by outsiders to log into its clients’ systems around the country, was particularly rattling less than 40 days before the election." How so? Ransomware attacks take place every day and the number of groups is growing as enterprising people, noting that it is an easy way for skilled hackers to make money: take the code of some existing ransomware package, modify it a bit and market it under a new name.
Before I go any further, let me point out that I report on ransomware attacks a fair bit. Some say excessively. The geographical region in which the target is located doesn't really matter as long as the incident is newsworthy. All attacks within Australia are, of course, reported.
But back to the NYT. There is a really stupid statement, that "Tyler would not describe the attack in detail. It initially appeared to be an ordinary ransomware attack, in which data is made inaccessible unless the victim pays the ransom, usually in harder-to-trace cryptocurrencies." Nobody, not even grandma in her winter woollies, gives out details of a ransomware attack while an investigation is in progress.
Ransomware isn't taking a break because of the pandemic, nor will they take a break because of the election. Doesn't mean there's some grand plan to undermine democracy, criminals just like money and ransomware victims have lots of it.— MalwareTech (@MalwareTechBlog) September 29, 2020
And what is an "ordinary ransomware attack?" Is there then some category called extraordinary attacks? Ninety percent of attacks nowadays are carried out using malware that also has scripts written in PowerShell to exfiltrate data before the encryption happens on-site. This gives the criminals a second way of forcing the victim to accede to a ransom demand.
It does not take much effort to gain some kind of education about these things before committing finger to keyboard. But Perlroth and Sanger, no doubt both highly paid professionals, were too busy to find out even the basics.
Ransomware has been used to attack Windows systems for years. Were the US federal officials unaware of this? Why is it necessary to run election-related software on Windows? There are more than enough qualified professionals who can be given a contract to write secure (to the extent possible) software.
Why is it necessary to connect these machines to the public Internet? Neither Perlroth nor Sanger asked these basic questions of federal officials for their piece which appears to have been written in haste. (But I'm sure the two will claim that they have been "researching" (another word for searching with Google) for at least a few months).
The pair then write: "With only 37 days before the election, federal investigators still do not have a clear picture of whether the ransomware attacks clobbering American networks are purely criminal acts, seeking a quick payday, or Trojan horses for more nefarious Russian interference. But they have not had much success in stopping them. In just the first two weeks of September, another seven American government entities have been hit with ransomware and their data stolen."
Of course, the myth that Russia played a role in bringing Trump to power is now an accepted fact among certain classes, especially on the left. Denying it is something like a man going to church and denying the existence of God. Thankfully, there are some worthy exceptions in journalistic ranks, people like the Rolling Stone's Matt Taibbi, The Gray Zone's Aaron Maté and The Intercept's Glenn Greenwald.
How did these officials try to stop ransomware attacks? No detail about that at all. What are the seven American government entities that have been hit? Again, one draws a blank.
Then there is another blanket claim: "The proliferation of ransomware attacks that result in data theft is an evolution in Russian tactics, beyond the kind of 'hack and leak' events engineered against the Democratic National Committee and Hillary Clinton’s campaign chairman, John Podesta, in 2016."
Data theft became a part of ransomware attacks in December 2019. That's nearly a year ago. The data that was exfiltrated from the DNC was taken away internally – my authority for that is former NSA technical director William Binney and CIA veteran Ray McGovern. Who is the source for what Perlroth and Sanger claim? Again, in the best traditions of reporting "all the news that's fit to print", no sources are cited.
Further down the article, one comes across this gem: "Part of the problem is that the full scale of ransomware attacks is not always disclosed." Why exactly would a commercial or government entity confess? So that their IT people can be mocked as idiots? So that they lose their jobs? Show me one incident in which the victim has fully disclosed the details.
I'm not going to detail all the remaining stupidity in this article but would just observe that the US Government — the richest and best resourced in the world — seems to be adopting a policy of simply sitting back and waiting to be attacked.
The report says: "A record 966 ransomware attacks hit the American public sector last year – two-thirds of them targeting state or local governments." This is incorrect. As a report from New Zealand-headquartered Emsisoft, a security firm that follows ransomware attacks very closely, said, at least 948 government agencies, healthcare providers and educational establishments had been hit in 2019 at a cost estimated to be about US$7.5 billion (A$10.5 billion).
And for this year, the number of attacks on US public sector bodies fell during the period from January to April month-on-month even as the COVID-19 crisis intensified, but appeared to be reversing in July. Once again, the source is Emsisoft.
Ending the piece is another biased quote. "There is a pax mafiosa between the Russian regime and its cyber cartels,” said Tom Kellermann, the head of cyber security strategy at VMware, who sits on the Secret Service’s cyber investigations advisory board.
“Russia’s cyber criminals are treated as a national asset who provide the regime free access to victims of ransomware and financial crime. And in exchange, they get untouchable status.”
“It’s a protection racket,” Mr. Kellermann said. “And it works both ways.” Kellermann, it appears, has a direct link to the Russian mafia – else how could he be so damn certain?
The NYT seems to be getting the public geared up for another Democrat loss and a convenient scapegoat: Russians, and what's more, people who are armed with ransomware. Not the ordinary variety either. Truly, this article is a sorry mess from a newspaper that claims to be among the best in the world. Standards have really fallen. Why are we surprised that a man like Trump has ascended to the White House?