Respond to prefers-color-scheme dark in app web views

Follow section front redirects in Spectrum

Enable NLP source in PCS for load testing

Switch off the News Alerts Survey Widget when we have enough responses

Poll to determine if new LUF updates are available

Allows the winning A/B test variant to be turned on without Spectrum deployment

Show infinite scrolling sections in Assembler MultiView

Show option for NLP article summaries in Action Bar

Show NLP summaries collection recirc on article pages

A general feature flag for Recipe Features that aren't yet released

Feature flag for media team features that aren't yet released

Use new Orca video player for preroll plugin in Spectrum

Show the snow tracker (instead of the heat tracker) on Spectrum

What Trump promised oil CEOs as he asked them to steer $1 billion to his campaign

Judge keeps tying Trump to possible intimidation

What extremism looks like to Sean Hannity and his party

Ask Amy: Relatives keep giving me updates on my old family home

Ask Sahaj: My husband wants me to forget all about his emotional affair

Carolyn Hax: Was it wrong to approach late wife’s pal for no-commitment sex?

5 big travel lessons from a Patagonia CEO-turned-conservationist

Cruise worker accused of stabbing 3 with scissors arrested in Alaska

France tries to shed its rude reputation ahead of the Olympics

In Arizona, election workers trained with deepfakes to prepare for 2024

How Trump’s allies amplify his Truth Social messages to the wider world

Indy Star bars columnist from Caitlin Clark’s games after awkward exchange

Think you want a dog? Take our quiz to find out if you’re ready.

In Photos: Russians mark 79th Victory Day with military parade

Tornadoes hit Michigan, damage FedEx facility

Need beauty? These are 7 of the most gorgeous gardens in the D.C. area.

Nationals finally run out of answers and fall to Orioles in 12 innings

4 best things to do with kids in the D.C. area this weekend

In the campaign against Donald Trump, do the ends justify the means?

The next global crisis could come from the sun. We should prepare now.

The FTC’s noncompete clause rule goes too far

Dog hit by car loses leg, is adopted by firefighter who helped her

Postal worker finds WWII-era letters, drives 5 hours to deliver them

Strangers help Sesame Street puppeteer after heirloom necklace was stolen

Protesters descend on Eurovision, object to Israel’s participation

Emboldened Russia marks Victory Day with parade of nuclear-capable weapons

Deaf baby hears for the first time after ‘groundbreaking’ gene therapy trial

RFK Jr’s ‘history lesson’ on Russia’s invasion of Ukraine flunks the fact test

The Trump-Biden battle over the 2017 tax cut

That time football legend, rig-driving eligible bachelor Biden was arrested

Hack targeting hospital chain Ascension is impacting patient care

A college professor wants to use Section 230 against Big Tech

Commerce Department revokes more export licenses to China’s Huawei

Former U.S. President Donald Trump appears at court in New York

See more coverage in your recommendations

Get the weekly Campaign Moment newsletter

Set alerts for major election developments

Election 2024

The Campaign Moment newsletter

Politics alerts

The Kaseya ransomware attack, which paralyzed hundreds of businesses over the Fourth of July weekend, marks a major strategic advancement for the criminal hacking gangs that have wreaked havoc on U.S. businesses.&nbsp;

Most ransomware gangs exploit basic security flubs to lock up victims' computers and demand payments, such as shared and reused passwords. REvil, the Russia-based group responsible for this attack, however, exploited a computer bug that had never been used and was unknown to top cybersecurity experts.&nbsp;

That’s a highly sophisticated sort of attack, known as a “zero day,” that’s more commonly used by nation-states looking to steal each other’s secrets than by financially motivated criminals. And it paid dividends — it's the largest ransomware attack to date, locking up computers at up to1,500 companies that work with the software management company Kaseya and its clients, and enabling a $70 million ransom demand. &nbsp;

That probably is a sign of things to come as cybercrime gets more lucrative and cybercriminals gain more money and resources to pull off major heists.&nbsp;

“A lot of ransomware actors have bigger budgets than some nation-state actors do, so this is the logical next step,” Allan Liska, senior threat intelligence analyst at the cybersecurity firm Recorded Future, told me. “They’re going to have to continue going after larger targets if they want multimillion-dollar ransoms and using zero days is one way of doing that.”&nbsp;

Criminal hackers are unlikely to ever achieve the skills of top government hackers in the United States, the United Kingdom, Russia and China. But they could equal the capabilities and investments of some third-tier cyber powers such as Pakistan or Brazil, Liska said.&nbsp;

Brendan Smialowski

Experts widely agree that REvil and other major ransomware gangs operate on Russian territory with at least the Kremlin’s tacit approval.&nbsp;

“There’s no reasonable doubt among the analyst community that these guys work with the approval of the Russian government, and having Russia crack down would be a big win,” Jake Williams, the founder of the cybersecurity company Rendition Infosec who has investigated those groups, told me.&nbsp;

President Biden<a href="https://www.washingtonpost.com/politics/2021/06/17/cybersecurity-202-here-are-four-cyber-takeaways-biden-putin-summit/"> pressed Russian President Vladimir Putin </a>to crack down on criminal hackers during their summit in Geneva last month and officials from the two nations have been in regular contact on the topic ever since.&nbsp;

But it’s far from clear if Putin will comply or if the United States will compel him to do so.&nbsp;

U.S. military hackers could also impede the ransomware gangs from launching bigger operations by seizing and dismantling the digital infrastructure they use. 

White House Spokeswoman Jen Psaki <a href="https://www.washingtonpost.com/politics/2021/07/07/cybersecurity-202-now-theres-even-more-pressure-biden-punch-back-against-russian-ransomware/?itid=ap_josephmarks">repeated a pledge</a> from Biden this week that “if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action, or reserve the right to take action on our own.”&nbsp;

It would be extremely difficult, however, for U.S. Cyber Command to consistently keep such groups offline, Williams, a former National Security Agency hacker, told me.&nbsp;

That’s because many such gangs operate using hundreds of (often stolen) Internet domains that are closely integrated with noncriminal Internet operations, making it logistically and legally complicated to take everything down. And even if they did so, the groups could rebuild rather quickly, Williams said.&nbsp;

Kaseya

As ransomware gangs become more sophisticated, it could throw a wrench in the common wisdom, which says basic cybersecurity protections are sufficient for most organizations. 

In effect, such attacks could produce a world where cybercriminals are willing to invest all their resources into hacking a company that will produce a big payday as governments do into hacking their adversaries.&nbsp;

“You’ll go back to the well if it continues to give water, and this has been very successful,” Kelvin Coleman, executive director of the National Cyber Security Alliance, a nonprofit organization that promotes cybersecurity, told me.&nbsp;

It’s not clear how REvil got ahold of the zero day that gave it access to Kaseya. One likely possibility is that REvil hackers were spying on communications between Kaseya and a Dutch security research group that spotted the flaw independently and <a href="https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/">began warning Kaseya about it in April</a>.&nbsp;

In other cases, criminals might uncover such vulnerabilities through their own digging. Or they could buy them from independent researchers that find them and sell them to the highest bidder. Those researchers often sell such bugs to the company whose product is vulnerable or to intelligence agencies that want to use them for spying. But they've been known to sell them to criminal groups as well.&nbsp;

“If I can encrypt 10,000 computers [at a major bank] and I had to spend $3 million on a zero day to do that, I know I’m going to make 10 times more than that,” Liska said

DHS and the FBI say there's no evidence yet that the Republican National Committee was breached.

Evan Vucci

The agencies “have not confirmed” that a security incident at an RNC vendor affected any of the campaign group's systems or data, DHS's Cybersecurity and Infrastructure Security Agency said in a statement.&nbsp;

That backs up an earlier statement from the RNC which <a href="https://twitter.com/Danielle_Alva/status/1412529360033177601">disputed </a>a Bloomberg News <a href="https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committee">report</a> that Russia’s foreign intelligence service breached the GOP campaign arm.&nbsp;

A person familiar with the matter told my colleague Ellen Nakashima that a Russian government hacking group was behind the breach of Synnex, the RNC contractor. That alone is not evidence the hackers were able to take the extra step of cracking into the RNC's own systems.&nbsp;

Government spy agencies routinely seek to steal information from adversary nations' political campaigns to gather information about possible future political leaders. Such breaches have taken on added significance, however, following the Kremlin-backed 2016 operation that leaked stolen information from the Democratic National Committee and the Hillary Clinton campaign to damage her candidacy.&nbsp;

A Pennsylvania lawmaker is pushing an Arizona-style partisan audit of voting machines. 

Julio Cortez

State Sen. Doug Mastriano (R) is seeking voting equipment from three counties, saying the machines are “needed to conduct a forensic investigation” of the 2020 election and this year’s primary, the Philadelphia Inquirer’s Andrew Seidman and Jonathan Lai <a href="https://www.inquirer.com/politics/election/doug-mastriano-pa-election-audit-20210707.html">report</a>. It’s part of a <a href="https://www.washingtonpost.com/national-security/ransomware-biden-russia/2021/07/06/ff52a9de-de72-11eb-b507-697762d090dd_story.html">wave of GOP efforts </a>to launch partisan audits in the wake of a highly controversial audit in Maricopa County, Ariz., and baseless claims by former president Donald Trump that the election was rigged against him.&nbsp;

“It’s much of what we saw in Arizona, which really set the standard on a forensic analysis,” Mastriano said. Pennsylvania’s Republican-controlled state Senate has looked into the prospect of using private funding for the review, the Associated Press <a href="https://apnews.com/article/joe-biden-pennsylvania-election-2020-elections-business-74f345eb650ee1dd5901dab771a9c142">reported</a>.

Mastriano sent letters to the three counties that warned the Senate Intergovernmental Operations Committee, which he leads, could issue subpoenas if the counties don’t respond with a plan to turn over their voting machines by the end of the month. The review will almost certainly face legal challenges, including from the state’s Democratic attorney general, Josh Shapiro:

The Pentagon’s 3-D printing systems are vulnerable to hacking, a watchdog said.

Staff

Nearly 75 percent of the computers used for 3-D printing that a Pentagon watchdog <a href="https://www.oversight.gov/node/159986">reviewed</a> had outdated operating systems, making them vulnerable to cyberattacks.&nbsp;

The Pentagon’s inspector general also found a bevy of other issues. Nearly 70 percent of computers it reviewed were not checked regularly for&nbsp;vulnerabilities. And more than a dozen of the computers and printers used removable devices that were improperly secured.

WikiLeaks founder Julian Assange won’t be held in a Supermax prison if he’s extradited to the United States, U.S. officials say.

Frank Augstein

The announcement could clear a major hurdle for Assange’s extradition to the United States on espionage charges, the Wall Street Journal’s Jason Douglas <a href="https://www.wsj.com/articles/julian-assange-wont-be-held-in-supermax-jail-if-extradited-u-s-assures-u-k-11625681049">reports</a>. It came as the British High Court agreed to hear an appeal by the U.S. government for his extradition, William Booth and Rachel Weiner <a href="https://www.washingtonpost.com/world/europe/julian-assange-extradition-appeal/2021/07/07/41bc3914-df2e-11eb-a27f-8b294930e95b_story.html">report</a>.

In January, a British judge <a href="https://www.washingtonpost.com/world/europe/julian-assange-extradition-wikileaks/2021/01/04/7c2644c6-4ae8-11eb-97b6-4eb9f72ff46b_story.html">blocked </a>Assange’s extradition on the grounds that he was at risk of committing suicide and might not be protected from harming himself in a U.S. prison.&nbsp;

U.S. authorities have charged Assange with 18 federal crimes, including<a href="https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/04/12/the-cybersecurity-202-security-experts-irked-u-s-prosecutors-used-anti-hacking-law-to-nab-julian-assange/5cafea7ea7a0a475985bd40f/"> one</a> for trying to help Chelsea Manning crack a password. Critics say that’s a poor use of an overly broad hacking law. Assange supporters say he merely published leaked information that embarrassed the U.S. government.

<a href="https://www.axios.com/tucker-carlson-putin-interview-surveillance-c9952d7c-33d7-45e9-be68-2ba4c3817f98.html" target="_blank">Tucker Carlson sought interview with Putin at time of NSA spying claim (Axios)</a>

<a href="https://www.washingtonpost.com/technology/2021/07/07/ai-weapons-us-military/" target="_blank">The U.S. says humans will always be in control of AI weapons. But the age of autonomous war is already here. (Gerrit De Vynck)</a>

<a href="https://www.washingtonpost.com/technology/2021/07/08/kaseya-ransomware-attack-leonardtown-maryland/" target="_blank">‘Shut down everything:’ Global ransomware attack takes a small Maryland town offline (Chris Velazco and Rachel Lerman)</a>

<a href="https://www.washingtonpost.com/technology/2021/07/07/making-semiconductors-is-hard/" target="_blank">Three months, 700 steps: Why it takes so long to produce a computer chip (Jeanne Whalen)</a>

<a href="https://www.reuters.com/article/idUSKCN2ED1HV" target="_blank">Hackers attack websites of Ukraine's president and security service (Reuters)</a>

Thomas Rid, a professor of strategic studies at Johns Hopkins University's School of Advanced International Studies, posed this provocative question on Twitter:

John Hultquist, the vice president of analysis at FireEye’s Mandiant Threat Intelligence:

JD Work, the Bren Chair for Cyber Conflict and Security at Marine Corps University:

Booz Allen Hamilton's Nate Beach-Westmoreland:

Peter Kucik, a former senior sanctions adviser at the Treasury Department’s Office of Foreign Assets Control, has <a href="https://efile.fara.gov/docs/6170-Short-Form-20210702-702.pdf">registered</a> to lobby for Chinese surveillance giant Hikvision via Mercury Public Affairs. Hikvision, which is accused of helping the Chinese government surveil the Uyghur minority, has also <a href="https://www.washingtonpost.com/technology/2021/06/25/china-hikvision-lobbying-fara-moffett-vitter-boxer/?itid=lk_inline_manual_85">hired</a> former lawmakers as the U.S. government limits its ability to do business in the United States.

Glenn LeMunyon, a former Capitol Hill aide, has <a href="https://lda.senate.gov/filings/public/filing/44765ae3-6bf0-48a9-91ee-331a4e3bf760/print/">registered</a> to lobby for Chinese telecom giant Huawei. He plans to lobby on telecommunications and infrastructure issues, according to a lobbying registration filing effective June 15.

Carnegie Mellon University’s Center for Informed Democracy and Social-cybersecurity kicks off its<a href="https://www.cmu.edu/ideas-social-cybersecurity/events/2021-ideas-conference.html"> </a><a href="https://www.cmu.edu/ideas-social-cybersecurity/events/2021-ideas-conference.html">two-day annual conference</a> on July 12.

Defending Digital Campaigns <a href="https://www.eventbrite.com/e/free-training-in-oregon-protecting-democracy-through-cybersecurity-tickets-154876145721">hosts</a> a cybersecurity training event for Oregon campaign and election officials on July 13 at 2 p.m.

Georgetown University, MS in Foreign Service

University of Wisconsin - Madison, BA in English

Joe Marks writes The Cybersecurity 202 newsletter focused on the policy and politics of cybersecurity. He previously covered cybersecurity for Politico and for Nextgov. 