The US Department of State is offering up to $10m as a reward for information on foreign interference in US elections.
Part of the department’s Rewards for Justice Program, the initiative is open to anyone who can provide information “leading to the identification or location of any person who works with or for a foreign government for the purpose of interfering with US elections through certain illegal cyber activities”.
The Rewards for Justice Program states that foreign interference in US politics, through actions such as accessing voter registration databases, interfering with voting infrastructure or stealing or leaking confidential information is “an unusual and extraordinary threat to the national security and foreign policy of the United States”.
In a statement, the department said that those operating malicious cyber operations targeting federal, state, or local elections or campaigns may be prosecuted under the Computer Fraud and Abuse Act.
Election interference reward to prevent 2016 repeat
Administered by the Department of State’s Diplomatic Security Service, the Rewards For Justice programme has already awarded over $150m to more than 100 people around the world since it began in 1984.
With the US Presidential election just months away, the subject of foreign interference in US politics is once again a key issue. The “sweeping and systematic” Russian interference, as described in the 2019 Mueller report, is thought to have boosted Donald Trump’s 2016 presidential campaign. There are concerns that there will be similar meddling ahead of the November voting day.
A recent report by the US State Department also accuses Russia of carrying out disinformation and propaganda campaigns, particularly related to the Covid-19 pandemic.
This comes weeks after UK Government’s Intelligence and Security Committee’s Russia report on election interference in the UK, which said that Russian election interference was now the “the new normal”.
Bill Conner, CEO of SonicWall, comments:
“The Department of State is absolutely right in requesting the assistance of other entities to locate any person or organisation aiding foreign interference via cyber activities.
“Governments must, in the interest of national cyber defense and the protection of democratic institutions, be prepared to create and uphold public-private partnerships to tackle the increasingly urgent and significant problem of hostile cyber interference, especially in cases of vital importance such as elections.
“At a time when cybercriminals are ramping up their destructive efforts, the Department of State shows its awareness of the valuable trove of information private threat detection labs have access to, and its willingness to collaborate with parties which can really help stamp down hostile intrusions.”
However, Ilia Kolochenko, Founder & CEO of web security company ImmuniWeb believes that it could encourage fraudulent reports:
“I think it’s a smart move but the outcomes are highly uncertain for the time being. Most of the cybercriminals implicated in grand hacking campaigns will likely keep silent fearing arrest and prosecution for their past sins when communicating their details for payment. Moreover, in light of uncertain and ambiguous conditions of the bounty payment by the government. From the current context, it’s also a bit unclear whether the $10 million is to be apportioned for all of the reports or if it’s a per payment cap.
“We will likely get a considerable volume of “false positives” or even fraudulent reports aimed to extort money from the government or frame up a rival. In the future, however, bounty awards for information about cyber criminals may become a formidable weapon of law enforcement. Frequently, technical sophistication, the unpreparedness of victims and crypto-currencies make data breaches technically uninvestigable and provide virtual impunity to cybercriminals. The sole tenable way to identify them is to get a hint from an ex-accomplice or a rival cyber gang. Thus, we may see a gradual growth of such bounty payments by governments in the near future as the last resort to curb the uncontrolled proliferation of cybercrime.”