As I See It: Bot Versus Bot

February 12, 2018 Victor Rozek

An editor at MAD Magazine once joked that the “E” in Alfred E. Neuman probably stood for “Enigma” because no one actually knew what it stood for. Well, maybe it stands for “Entertaining” because the magazine features some wicked satire. Whatever his middle name, Neuman has graced the magazine cover since its inception in 1961. And, as an unanticipated satirical bonus, it turned out that with his boyish-bumpkin looks and deep insights (“What, me worry?”) he bore an uncanny resemblance to George W. Bush.

One of the popular features in MAD is Spy vs Spy – a wordless cartoon that depicted two identical spies, one dressed in all white and the other all black, perpetually trying to outsmart and out-harm each other. It was a parody of the Cold War, a time of black/white thinking fueled by mutual paranoia that spawned assorted acts of provocation and retaliation. Happily for the folks at MAD, provocation and retaliation remain target-rich environments. Only technology changed in the ensuing half-century; the spies merely migrated to cyberspace.

You’d have to be exceedingly trusting or in deep denial to believe Russia played no part in our last election. Although the beneficiaries of Russian involvement have tried mightily to discredit verification from our own intelligence services, their conspiracy theories will now have to expand beyond our borders to include that distant bastion of anti-Americanism and fake news . . . the Netherlands.

The Washington Post reported that hidden among the tulips the Dutch were secreting some pretty fine hackers of their own. As far back as the summer of 2014, the Netherlands’ Joint Sigint Cyber Unit managed to infiltrate a Russian state-sponsored hacking group known as “Cozy Bear.” Their den was apparently located in a university building next to Moscow’s Red Square. And not only were the Dutch clever enough to infiltrate the network, they also hacked a surveillance camera in the hall and got some nice CCTV footage of the hackers.

The Dutch were able to monitor the 2014 State Department hack, the penetration of unclassified systems at the White House and Congress, and the 2016 hack of the Democratic National Committee. Intrusion alerts were passed on to the CIA and the NSA, likely contributing to the reason the FBI began investigating Russian election meddling in the first place.

The scope of Russia’s cyber ambitions was truly stunning, although in all likelihood, not far removed from our own. The Russians, it turns out, were also hacking 19 European nations. But while the Europeans took the threat seriously, the White House equivocated. Senator Benjamin Cardin (D-MD), who commissioned a congressional report on Russian election interference, was appalled that the President failed to respond to the overwhelming evidence, preferring to take Putin’s assurances that no meddling occurred. (Comrade, zere iz nothing to zee here, pleaze to be moving it along.) In a Washington Post op-ed, Cardin wrote: “Never before has a president ignored such a clear national security threat.”

Indeed, while Russia has always been a formidable foe in cyberspace, in the past two years, according to Dimitri Alperovitch, whose firm analyzed security breaches on the DNC’s computers, “There’s been a thousand-fold increase in its espionage campaign against the West.” The Russians have hacked “government agencies, tech companies, defense contractors, energy and manufacturing firms, and universities in the United States, Canada and Europe as well as in Asia.”

And they’re doing it with a ferocity and persistence previously unknown. Even when detected, they don’t back off and attempt to cover their tracks, but rather redouble their efforts; their spies dueling our spies, dueling their spies, in the same endless cycle of provocation and retaliation. Spy vs Spy has gone digital.

The beauty of computers, however, is that they facilitate automation, and the Russians made extensive use of bots to spread propaganda during the election cycle. And if the President won’t take the word of his own intelligence agencies, he should be more amenable to evidence presented by the company that facilitates his nighttime addiction: Twitter.

Twitter, along with Facebook and Google, testified before the Senate Intelligence committee. Apparently, the Russians set up 50,000 automated accounts that busily retweeted all of Trump’s messages. Just weeks before the election, the bots were responsible for about 500,000 retweets. Going back to the beginning of September 2016 through election day, the bots tweeted “some 2 million messages.”

For its part, Facebook reported that approximately 150 million accounts were exposed to Russian propaganda.

Congress was less dubious than the President about Russian meddling, and last year passed a near-unanimous resolution mandating sanctions against the masters of Cozy Bear. But in spite of CIA warnings that the Russians are once again poised to meddle in our upcoming election, wonder of wonders, the State Department announced that it saw “no need” to impose sanctions on Russia. Really? If chipping away at the foundation of American Democracy is insufficient, one wonders what would constitute “sufficient need” for the Trump administration?

Meanwhile, as the election draws near, voting machine manufacturers don’t want us to know how pathetically vulnerable their products are to hacking. At last year’s Defcon, an array of voting machines dubbed the Voting Village was made available to white-hat hackers in order to test their security features.

Alfred E. Neuman may not worry, but voters should. The hackers uncovered massive security issues plaguing all types of electronic voting machines. Every machine in the Village was successfully hacked. Some within minutes. Some were hacked wirelessly. Many hadn’t had an OS patch in over a decade. Others were still loaded with voter data that hadn’t been wiped. One brand had a common hard-coded password. None had a credible audit trail.

But rather than prove that their products are now reliable, manufacturers decided that this year it was safer to deny Defcon access to their machines. They are trying to prevent the resale of voting machines, sending threatening letters to eBay sellers claiming the sale of voting machines is illegal, which is not true, thus adding dishonesty to incompetence.

This is the sad state of our electoral system: it remains vulnerable to hacking, with a guarantee of no reprisal to the hackers. Without an audit trail, national elections are notoriously easy to rig. There are often a few hotly-contested swing states that ultimately decide the outcome. Flip the vote in a handful of precincts in these states and, given the peculiarities of the electoral college, hypothetically, a candidate could lose the popular vote by millions and still win.

It was none other than Alfred E. Neuman who said: “Elections are when people find out what politicians stand for and politicians find out what people will fall for.” Increasingly, elections are fought – and possibly decided – in cyberspace. It’s a clandestine world of hackers, bots, and disinformation. Given the volume of data circling the globe, it’s more difficult to sort out just what we’re falling for, but that doesn’t mean we should stop trying. The moment Democracy stops being a self-cleaning oven, is the moment it stops being a Democracy.

Neuman is also credited with saying: “If opera is entertainment, then falling off a roof is transportation!” I don’t know what that has to do with anything, but given the state of the affairs of state, I figured you could use a good laugh.