Facebook’s former security chief says it’s ‘too late’ to safeguard 2018 midterms

The opportunity has passed for protecting the November midterm elections against the type of meddling witnessed in 2016, Facebook’s former chief security officer warned.

Alex Stamos, the social network’s head of security until earlier this month, raised concerns Wednesday about the current status of election security in a blog post written in the wake of both Facebook and Microsoft announcing the discovery of suspicious activity linked to Russian military intelligence services Tuesday, including evidence of alleged hacking and misinformation campaigns similar to ones waged during the 2016 U.S. presidential race.

“This underlines a sobering reality: America’s adversaries believe that it is still both safe and effective to attack U.S. democracy using American technologies and the freedoms we cherish,” Mr. Stamos wrote in a post published by the Lawfare blog titled “It’s Too Late to Protect the 2018 Elections.”

“In some ways, the United States has broadcast to the world that it doesn’t take these issues seriously and that any perpetrators of information warfare against the West will get, at most, a slap on the wrist. While this failure has left the U.S. unprepared to protect the 2018 elections, there is still a chance to defend American democracy in 2020,” added Mr. Stamos, an adjunct professor at Stanford University’s Freeman Spogli Institute of Public Policy who previously served as Yahoo’s chief security officer prior to joining Facebook in 2015.

Two years after allegedly conducting a multi-pronged attack against the 2016 election, Microsoft and Facebook separately accused Moscow this week of mounting new operations targeting potential victims in the U.S. and abroad using methods similar to those deployed prior to the last presidential race.

Microsoft said early Tuesday that it detected and seized web domains mimicking the U.S. Senate and two conservative-think tanks that were allegedly created by Russian military intelligence services and likely meant to be used as part of an attempted phishing campaign intended to steal log-in credentials.

Facebook later said that it recently identified and removed several pages, groups and accounts allegedly associated with the Russian government, including content related to the Inside Syria Media Center, an organization accused of covertly spreading pro-Russian and pro-Syrian material.

Moscow deployed similar methods during the 2016 race, including creating phishing sites used to siphon credentials from Democratic targets and spreading disinformation on social networking services meant to hurt the campaign of Democratic nominee Hillary Clinton, according to U.S. federal intelligence and law enforcement officials.

“As a security leader in my former role at Facebook, my personal responsibility for the failures of 2016 continues to weigh on me, and I hope that I can help elucidate and amplify some hard-learned lessons so that the same mistakes will not be made again and again,” Mr. Stamos wrote in the blog post, adding that Congress should cooperate with the tech sector to stymie any subsequent attacks.

“The attacks against U.S. political discourse aim to undermine citizens’ confidence, create chaos and jeopardize the legitimacy of the American government,” he said. “With the right political will and cooperation, the United States can demonstrate that 2016 was an aberration and that the U.S. political sphere will not become the venue of choice for the latest innovations in global information warfare. The world — including America’s enemies — is watching.”