“A lie can travel halfway around the world while the truth is still putting on its shoes.”
If you think that’s Mark Twain speaking, think again. Centuries ago fans were saluting satirist Jonathan Swift for that sentiment.
OK, try this quote: “On average, a false story reaches 1,500 people six times more quickly than a factual story.”
That’s from a research study cited last week by Sarah Mojarad, a lecturer from the University of Southern California’s Viterbi School of Engineering. “This is true about false stories on any topic,” she added, “but stories about politics are more likely to go viral.”
Mojarad was one of 11 speakers convened online for a two-hour regional workshop for North Carolina and four other states as part of the USC Election Cybersecurity Initiative.
Mojarad’s focus was disinformation and misinformation while other national experts offered tips and insights on cybersecurity, cyber safety and crisis response techniques.
What’s a good sign you’re reading disinformation? It causes you to fear or feel outrage, Mojarad said.
Take a breath and check it out before sharing it, thereby giving it more credibility than it deserves, she said.
Don’t use the same password for one account that you also use for financial transactions, warned Clifford Neuman, director of USC’s Center for Computer Systems Security. Without your knowledge, your passwords may already be available on the dark web.
“The most believable phishing sites trick almost half the users,” or 45%, Neuman said. “Hackers move fast. Twenty percent of the accounts are accessed within 30 minutes.”
The most common password people used in 2020 was 123456. Rather than think of a password, Neuman said, use a pass-phrase, such as WellWinSuperBowl56!
Worried about malware and ransomware?
“Every new app you install is a risk,” Neuman said. “Always download apps from trusted sources.” Don’t just Google to find an app, he added.
In an interview before the workshop, host Adam Clayton Powell III flashed this red light for journalists: Bad actors have shifted their focus from national attacks to local governments, local elections, local businesses and local news organizations, which offer both more credibility to hack and more vulnerability to malicious interventions.
Powell is executive director of the USC initiative, a nonpartisan, independent project funded with a generous grant from Google. Last year Powell’s team visited all 50 states, either in person or mostly online because of the pandemic.
This year the USC initiative will cover all 50 states again, but with combinations of states in 10 regional online workshops. The North Carolina workshop, held LAST Thursday afternoon, also included representatives from Kentucky, Tennessee, Virginia and West Virginia.
“From RSVPs we can see that almost all of the workshop participants are new — they were not with our 2020 workshops — so we are reaching new campaign and election workers across the country,” Powell said. “For 2021 we are including live updates on both the new threats and the new free resources for campaigns and elections.”
From North Carolina to Kentucky, one thing became clear: No one is safe from malicious actors intent on breaching their private information — personal, medical or financial — or holding their institutions ransom.
Last year, Chatham County’s computer network was hit with a ransomware attack launched through a malicious attachment in a phishing email, as reported by the News + Record.
Last month, Kentucky’s state capital, the City of Frankfort, sustained a cyberattack. Details of a suspected ransom are still being sought with open records requests by The State Journal, the city’s newspaper.
One year later, the details of a historic cyberattack on the University of Kentucky and UK HealthCare are revealed in a recent audit by the university showing how much the hospital’s cyberattack cost — $5 million — and how “perilously close” it came to the dire consequences of a system-wide shutdown for UK HealthCare.
The university’s 46-page audit revealed that malware installed on university servers was designed to mine cryptocurrency.
Calculating the costs surrounding cybersecurity is difficult enough. But when the bad actors demand ransom in Bitcoin, the calculations are elusive.
The demand for a 50 Bitcoin ransom in the Chatham County case was estimated to be nearly $700,000 in the News + Record’s first-day story about the Oct. 28, 2020, attack. When the Raleigh News & Observer published a follow-up story in February 2021, it calculated the same 50 Bitcoin ransom amount — at time of publication — to be worth $2.4 million.
Any way you count it, time is money, and there’s no time to lose to secure your own operations against cyberattacks, according to workshop speakers.
Flying under the flag of “Our Candidate is Democracy!” the workshop’s goal was to keep the next elections in all five states safe and secure.
“The USC Election Cybersecurity Initiative is an invaluable effort to spread the word about digital threats to American democracy,” said Robert Farley, a senior lecturer who recommended the workshop to his students in UK’s Patterson School of Diplomacy and International Commerce.
“We know that the electoral system has suffered malicious attacks from both foreign and domestic actors,” Farley said, “and understanding both the effects of those attacks and the steps that have been taken to protect the integrity of the electoral process is critical to maintaining faith in the electoral process.”
The University of Kentucky hosted a USC Election Cybersecurity Initiative workshop in February of last year. At that time, Don Blevins Jr., Fayette County clerk, predicted a dark future and the ultimate challenge for journalists. He now fears that prediction may have come true.
“My primary concern is actually not about cybersecurity,” Blevins said. “My primary concern is that the public will lose confidence in elections through misinformation or other types of activities that might lead them to believe their vote doesn’t count or that the election is rigged ... I think that is a far greater challenge we need to watch for.”
News + Record Publisher Bill Horner III said such things threaten democracy.
“We’ve seen an incredible growth in not only the amount of disinformation, but also in peoples’ willingness to swallow it without question,” he said. “For others, it’s easy to just throw their hands up and separate themselves from valid news reports and even interest in the elections because of frustration and mistrust.”
For perspective on the challenges faced at the state level, Powell turned in Thursday’s workshop to Bob Babbage, a former Kentucky Secretary of State, a lobbyist and a cofounder and managing partner of a consulting and advocacy firm, Babbage Cofounder.
“With global cybersecurity experts,” Babbage said, “we have learned this much: That whatever we do, the bad folks, the criminals, are going to keep coming back and trying to break in. That makes your initiative all the more important.”
Buck Ryan, a University of Kentucky journalism professor, is conducting a “participatory case study” of the Chatham (N.C.) News + Record. He can be reached at buck.ryan@uky.edu. For more information on the USC Election Cybersecurity Initiative, visit www.electionsecurity.usc.edu
