27 April 2019

Cybersecurity and the Mueller Report

By Paul Rosenzweig 

It isn't as sexy as the overall question of Russian information operations or the president's obstructive criminal behavior, but as someone focused on cybersecurity more generally, I thought it would be amusing to tease out a few of the issues in the Mueller report that bump up against my day job. To be clear, I am not talking about the blindingly obvious—namely, the fact that the thrust of Volume I of the report is on two Russian cyber operations, one a hacking operation by Russian military intelligence against Democratic operatives and the other an information operation by a Russian goverment-affliated group, the Internet Research Agency, targeting Western opinion via social media. There are also indications of unsuccessful efforts to directly intrude on the electoral databases of some election agencies. At the risk of overstating the case only a slight bit, the Russia portion of this criminal investigation is a cybercrime extravaganza and an indictment of the (lack of) cybersecurity in a wide range of institutions.


Rather, I wanted to briefly call out two smaller items of note:

First, it is clear that the "going dark" problem limited the ability of the Mueller team to collect evidence of the connections between Trump campaign officials and Russians. As the Washington Post reports, the use of WhatsApp and Facetime were significant hindrances. Or as Mueller put it: "The Office learned that some of the individuals we interviewed or whose conduct we investigated—including some associated with the Trump Campaign—deleted relevant communications or communicated during the relevant period using applications that feature encryption or that do not provide for long-term retention of data or communications records."

Second, Bitcoin is not as anonymous as its users hope it is. As CNN reports, the Russians used Bitcoin to avoid traditional financial institutions, but it wasn't enough to evade Mueller's forensic analysis. Citing an expert interview, CNN writes, "trading Bitcoins on exchanges usually requires users to set up Bitcoin wallets that are tied to an email address. Federal investigators were able to access at least some of the email accounts used in the operation, which ... would have made tracing Bitcoin transactions a lot easier."

As I said, not quite as sexy as the overall questions raised by the investigation, but a fun little bit of follow-on for those interested.

No comments: