Posts Tagged ‘hacking’

Democratic Party files suit alleging Russia, the Trump campaign, WikiLeaks and others all in a conspiracy to help Trump win the 2016 election

April 20, 2018

By 

Image may contain: 1 person, suit and closeup

The Democratic Party on Friday sued President Donald Trump’s presidential campaign, the Russian government and the Wikileaks group, claiming a broad conspiracy to help Trump win the 2016 election.

The multi-million-dollar lawsuit filed in Manhattan federal court says that “In the Trump campaign, Russia found a willing and active partner in this effort” to mount “a brazen attack on American Democracy.”

The named defendants include Trump’s son Donald Trump Jr., his son-in-law Jared Kushner, former campaign chief Paul Manafort and campaign official Richard Gates, and Trump ally Roger Stone.

Also named is the Russian Federation, the general state of the Russian armed force, a Russian intelligence services hacker known as Guccifer 2.0., Wikileaks and its leader Julian Assange, and 10 unidentified people.

This story is developing. Please check back for updates.

https://www.cnbc.com/2018/04/20/democratic-party-files-suit-alleging-russia-the-trump-campaign-and-wikileaks-conspired-to-disrupt-the-2016-election-report.html

Image may contain: 1 person, beard and closeup

.

Image may contain: 1 person, closeup

.

Image may contain: 1 person, closeup

.

Image may contain: 1 person, closeup

Here are the primary source documents.

Suing a foreign country presents a number of legal challenges for the Democrats, partly because other nations have immunity from most U.S. lawsuits.

Part of the thinking here may be to force the government to disclose evidence, via the legal discovery process.

From reporters Tom Hamburger, Rosalind S. Helderman and Ellen Nakashima in the Washington Post:

The complaint, filed in federal district court in Manhattan, alleges that top Trump campaign officials conspired with the Russian government and its military spy agency to hurt Democratic presidential nominee Hillary Clinton and help Trump by hacking the computer networks of the Democratic Party and disseminating stolen material found there.

“During the 2016 presidential campaign, Russia launched an all-out assault on our democracy, and it found a willing and active partner in Donald Trump’s campaign,” DNC Chairman Tom Perez said in a statement.

“This constituted an act of unprecedented treachery: the campaign of a nominee for President of the United States in league with a hostile foreign power to bolster its own chance to win the presidency,” he said.

The case asserts that the Russian hacking campaign — combined with Trump associates’ contacts with Russia and the campaign’s public cheerleading of the hacks — amounted to an illegal conspiracy to interfere in the election that caused serious damage to the Democratic Party.

Lawfare

@lawfareblog

“Document: DNC Sues Russia, Trump Campaign and WikiLeaks for Election Interference,” the latest from Matthew Kahn: http://tinyurl.com/y9wlkhxx 

Document: DNC Sues Russia, Trump Campaign and WikiLeaks for Election Interference

On Friday, the Democratic National Committee filed a lawsuit in the U.S. District Court for the Southern District of New York against the Russian government, the Trump campaign and associated…

lawfareblog.com

emptywheel@emptywheel

[Silently hopes to self the DNC lawsuit will be more competently managed than the Fusion oppo research.]

[Oh did I say that out loud?]

x=”⚖💾💀✨“}alert(1);if(0){//@Esquiring

Well that’s a hell of a caption. https://twitter.com/ZoeTillman/status/987348085935366144 

x=”⚖💾💀✨“}alert(1);if(0){//@Esquiring

Should someone tell the DNC lawyers they forgot to plead that the DNC computers meet the 1030(e)(1) definition? pic.twitter.com/CJC4RQWECx

View image on Twitter

Reuters Politics

@ReutersPolitics

MORE: Lawsuit alleges Trump campaign and Russian agents agreed to promote Trump’s candidacy through illegal meanshttps://www.twitter.com/ReutersPolitics/status/987349798410964992 

Jennifer Epstein

@jeneps

DNC suit is against: Russian Federation, GRU, Guccifer 2.0,  Aras & Emin Agalarov, Joseph Mifsud, WikiLeaks, Julian Assange, Donald J. Trump for President, Donald Trump Jr., Paul Manafort, Roger Stone, Jared Kushner, George Papadopoulos, & Richard Gates https://bloom.bg/2HfWlg3 

DNC Sues Trump Campaign, WikiLeaks, Russia Over Election Interference

The Democratic National Committee sued Russia, the Trump campaign and WikiLeaks over interference in the 2016 election, saying Russia launched a “brazen attack on American democracy” that began with…

bloomberg.com

 https://boingboing.net/2018/04/20/democratic-party-lawsuit-says.html
Advertisements

Will Donald Trump Meet Kim Jong Un and Start Meaningful Negotiations? The Odds Just Got Lower as John Bolton Heads to The White House

March 23, 2018

Peace and Freedom

Donald Trump’s new National Security Advisor is a hawk who plays hard ball. He has a history of claiming that North Korea will never give up its quest for nuclear weapons and will never negotiate in good faith.

This joke has been attributed to Bolton:

 “Question: How do you know that the North Korean regime is lying? Answer: Their lips are moving.”

See also:

Image may contain: 1 person, smiling, outdoor

The return of John Bolton, a hawk on North Korea and Iran, sparks concerns

https://www.washingtonpost.com/world/south-korea-worries-about-the-return-of-john-bolton-and-his-hawkish-views/2018/03/23/4adc68aa-2e6c-11e8-911f-ca7f68bff0fc_story.html?utm_term=.9a2315e1008b

l

***********************************

Image may contain: 1 person, eyeglasses and closeup

CNN

(CNN) John Bolton said on Thursday that his past policy statements are “behind me” and that, after taking over next month as President Donald Trump’s national security adviser, “The important thing is what the President says and the advice I give him.”

But Bolton’s history of provocative, often bellicose pronouncements, typically in the form of calls to bomb countries like Iran and North Korea — along with his unwavering support, before and after, for the 2003 invasion of Iraq — are impossible to pass off, especially as Trump considers tearing up the Iran nuclear deal and prepares for talks with Pyongyang.
.
What follows is a small sampling of Bolton’s rhetoric, dating back to the post-9/11 period. Back then, while working in the Bush administration, Bolton made the case at home and abroad that Saddam Hussein possessed weapons of mass destruction and that the US role in the aftermath of regime change in Iraq would be “fairly minimal.” Trump, by the way, has pointed to his own opposition to the Iraq war as evidence of his smarts.
.
Bolton also publicly accused Cuba of providing “dual-use biotechnology to other rogue states.” Years later, after leaving his post as ambassador to the UN, he pushed to expand the Iraq War into Iran. More recently, he’s pushed for unilateral strikes in Iran and North Korea, while casting doubt on Russia’s role in 2016 election-related hacking.
 .

He made the case last month for striking North Korea ‘first’

Citing preemptive strikes by Israel on Syrian (2007) and Iraqi (1981) reactor sites, Bolton in February of this year — less than four weeks ago — made a case in the Wall Street Journal for a potential US attack on North Korea:
.
“Pre-emption opponents argue that action is not justified because Pyongyang does not constitute an ‘imminent threat.’ They are wrong. The threat is imminent, and the case against pre-emption rests on the misinterpretation of a standard that derives from prenuclear, pre-ballistic-missile times. Given the gaps in U.S. intelligence about North Korea, we should not wait until the very last minute. That would risk striking after the North has deliverable nuclear weapons, a much more dangerous situation.”
.

He suggested election hacking was a ‘false flag operation’ designed to frame the Russians

.

In December 2016, Bolton said he wasn’t convinced the Russian had a role in pre-election hacking.
.
“It’s not at all clear to me just viewing this from the outside that this hacking into the DNC and the RNC computers was not a false flag operation. The question that has to be asked is, why did the Russians run their smart intelligence service against Hillary’s server but their dumb intelligence services against the election?”
.

He seems to have changed his mind; is now advocating heavy retaliation

.

In an opinion piece filed after special counsel Robert Mueller returned indictments alleging conspiracy to defraud the US against a group of Russian nationals, Bolton wrote:
.
“One way to (deter Russia) is to engage in a retaliatory cyber campaign against Russia. This effort should not be proportional to what we have just experienced. It should be decidedly disproportionate. The lesson we want Russia (or anyone else) to learn is that the costs to them from future cyberattacks against the United States will be so high that they will simply consign all their cyberwarfare plans to their computer memories to gather electronic dust.”
.

He said a diplomatic option for dealing with North Korea was to ‘end the regime’

.

Asked by a Fox News host if there were any “diplomatic options” remaining in the nuclear standoff with North Korea, Bolton suggested this:
.
Bolton: “I think the only diplomatic option left is to end the regime in North Korea by effectively having the South take it over. You’ve got to argue with China–“
.
Fox News host Trish Regan: “That’s not really diplomatic! (Laughing) As far as they’re concerned.”
Bolton: “Well, that’s their problem, not ours. Anybody who thinks that more diplomacy with North Korea, more sanctions, whether against North Korea, or an effort to apply sanctions against China, is just giving North Korea more time to increase its nuclear arsenal…”
.

He compared — to laughter and cheers — former President Barack Obama to a ‘Muslim king’

.

In a speech to the American Freedom Alliance conference in August 2016, Bolton drew applause when he said this of Obama at the beginning of a speech on Muslim countries and their politics:
“King Abdullah of Jordan, who is not simply the Muslim king of a Muslim country, unlike our president… (laughter and cheers) … King Abdullah and other political leaders in the Middle East have said this is a civil war within Islam.”
.

He desperately wants to scuttle the Iran nuclear deal

.

In Janaury of this year, again in the Wall Street Journal, he argued that the administration take more forceful steps to break the terms of the pact:
.
“Spending the next 120 days negotiating with ourselves will leave the West mired in stasis. Mr. Trump correctly sees Mr. Obama’s deal as a massive strategic blunder, but his advisers have inexplicably persuaded him not to withdraw. Last fall, deciding whether to reimpose sanctions and decertify the deal under the Corker-Cardin legislation, the administration also opted to keep the door open to ‘fixes’ — a punt on third down. Let’s hope Friday’s decision is not another punt.”
.
He also touched on a common theme in his writing, going back at least to former President George W. Bush’s “Axis of Evil” speech, that connects Iran and North Korea:
.
“Little is known, at least publicly, about longstanding Iranian-North Korean cooperation on nuclear and ballistic-missile technology. It is foolish to play down Tehran’s threat because of Pyongyang’s provocations. They are two sides of the same coin.”
.

He took — and seems to take — the ‘Axis of Evil’ line literally

.

Rewind to August 2002 and remarks made during talks between the North and South Koreans, when Bolton defended the expression and insisted “it was factually correct.” This is from the New York Times report:
.
“In a strongly worded speech, the official, John R. Bolton, the under secretary of state for arms control, cited what he said was ‘a hard connection between these regimes — an “axis” along which flow dangerous weapons and dangerous technology.'”
.

He argued in favor of Brexit, touting the UK’s strong negotiating hand

.

Ahead of the Brexit vote in 2016, Bolton wrote in the New York Daily News that the UK would enter potential EU exit negotiations with the upper hand. (Things have been somewhat more difficult than he figured.):
.
“EU stalwarts like German Minister of Finance Wolfgang Schäuble have tried to scare Britain by proposing obnoxious exit terms. The rhetoric is hollow bluster. The advantages of free trade and easy movement of goods and financial resources between Europe and Britain, whether or not the latter remains part of the former, will dictate that Britain and the EU negotiate Brexit terms that are mutually advantageous. … There is an inherent economic risk in abandoning arrangements and institutions built up over time. But in the sweep of European history, the EU is a newcomer. It makes sense for Britain exit now rather than wait until disaster strikes.”
.

Before the deal was done, he wrote an op-ed calling on the US to bomb Iran

.

Shortly before the framework of the Iran nuclear deal was set in place, Bolton wrote a piece headlined, “To Stop Iran’s Bomb, Bomb Iran.” He even considered outsourcing the job to Israel:
.
“Time is terribly short, but a strike can still succeed. … An attack need not destroy all of Iran’s nuclear infrastructure, but by breaking key links in the nuclear-fuel cycle, it could set back its program by three to five years. The United States could do a thorough job of destruction, but Israel alone can do what’s necessary. Such action should be combined with vigorous American support for Iran’s opposition, aimed at regime change in Tehran.”
.

He (still) believes leaving Iraq was a worse decision than invading it

.

Bolton became Bush’s under secretary of state for arms control and international security in May of 2001 and remained in the job for about four years, during which time the US invaded Iraq under false pretenses, before taking over as ambassador the United Nations via recess appointment. Asked in 2015 about the decision to go to war, here’s what he told the Washington Examiner:
.
“I still think the decision to overthrow Saddam was correct. I think decisions made after that decision were wrong, although I think the worst decision made after that was the 2011 decision to withdraw U.S. and coalition forces. The people who say, oh things would have been much better if you didn’t overthrow Saddam miss the point that today’s Middle East does not flow totally and unchangeably from the decision to overthrow Saddam alone.”
.

He wanted to bomb Iran during the Iraq war

.

In 2008, Bolton called for strikes inside Iran as part of a bid to cut off Tehran’s aid to insurgents in Iraq. Asked by a Fox News host what he thought would “happen next” if the US attacked, he downplayed the potential for widening the war:
.
“I think the Iranians need to look very carefully at what risk they would run if they were to escalate. The idea here is not to have much larger hostilities, but to stop the Iranians from engaging in the hostilities that they’re already doing against us inside Iraq. And they’re doing much the same by aiding the Taliban in Afghanistan. So this is not provocative or preemptive, this is entirely responsive on our part.”
.

He downplayed the short- and long-term dangers of war in Iraq

.

In the run-up to the Iraq invasion he made the case for regime change to the BBC. Here’s one of his arguments in favor:
.
“I think the Iraqi people would be unique in history if they didn’t welcome the overthrow of this dictatorial regime. And Iraqi opposition leaders of a variety of positions and views are discussing now what will happen after Saddam Hussein. I expect that the American role actually will be fairly minimal. I think we’ll have an important security role. I think concluding the destruction of the weapons of mass destruction themselves will be important. But I think fundamentally the recreation of a hopefully democratic Iraqi government — that must rest with the Iraqis.”
.
.
See also:
.
The return of John Bolton, a hawk on North Korea and Iran, sparks concerns
.

Hacked Japanese Cryptocurrency Exchange Pays Back Customers — Coincheck spends $435 million to compensate customers

March 13, 2018

Coincheck spends $435 million to compensate customers who kept a digital currency called NEM at Coincheck

Coincheck resumed accepting withdrawals of selected cryptocurrencies including bitcoin on Monday. Here, Koichiro Wada, president of the exchange.
Coincheck resumed accepting withdrawals of selected cryptocurrencies including bitcoin on Monday. Here, Koichiro Wada, president of the exchange. PHOTO: FRANCK ROBICHON/EPA-EFE/REX/SHUT/EPA/SHUTTERSTOCK

TOKYO—Coincheck Inc., a Japanese cryptocurrency trading platform operator that was hacked in January, said Tuesday that it has completed compensating customers affected by the hacking and resumed some exchange services.

Coincheck, based in Tokyo, spent ¥46.3 billion ($435 million) to compensate 260,000 customers who had kept a digital currency called NEM at Coincheck. The exchange said 523 million units of NEM were stolen in a cyberattack in January.

TOKYO: Japanese cryptocurrency exchange Coincheck Inc, reeling from government reprimands over lax standards after $530 million dollar theft of digital money, said it would from Monday start repaying customers affected by the heist.

The customers received refunds in yen at a rate of 88.549 yen per NEM, in line with earlier promises by Coincheck. That is higher than the current market rate but lower than the ¥110 value at the time of the hacking.

A Coincheck spokeswoman said the payment in yen to the former NEM holders was begun and finished on Monday. She said the company used its own funds for the payment.

The company also resumed accepting withdrawals of selected cryptocurrencies including bitcoin on Monday. It had halted the service after the hacking, saying it wanted to make sure the system was secure. The company hasn’t resumed accepting deposits.

Some Coincheck customers expressed relief on Twitter and other social media and said they would use the refunded yen to buy cryptocurrencies again.

Still, experts warn that cryptocurrencies and the exchanges dealing in them remain vulnerable to cyberattacks. Japanese authorities are investigating the hacking at Coincheck, but they haven’t reported significant progress in identifying the hackers. Many cryptocurrencies were designed to provide a high level of anonymity to their owners.

Image may contain: 2 people

Coincheck said it couldn’t comment on the investigation.

The company, which has described itself as Japan’s largest bitcoin exchange, has said it hopes to stay in business, but it hasn’t acquired a license from the Japanese government. The nation’s financial watchdog has told the company twice to improve its governance and controls.

Coincheck executives have said they would like the company to remain independent but wouldn’t rule out a buyout if that is the best way to survive.

Write to Takashi Mochizuki at takashi.mochizuki@wsj.com

https://www.wsj.com/articles/hacked-japanese-cryptocurrency-exchange-pays-back-customers-1520917328

Russia’s conflict-laden foreign policy

March 12, 2018

Russian foreign policy has hardened under President Vladimir Putin. Although Russia is looking for cooperation, it is not afraid of confrontation, which has often led to difficult foreign relations. DW has the lowdown.

Image may contain: 1 person

United States

Russia has an ambivalent relationship to the US. During the US presidential elections in the fall of 2016, Russia apparently tried subtly to influence public opinion to benefit the future president Donald Trump. At least, that is the gist of special investigator Robert Mueller’s work to date.

But since Trump’s inauguration, the relationship between the two heads of state has been strained. At the beginning of March, Putin announced in his speech on the state of the nation that he wanted to turn new, and what he described as impossible to attack, nuclear missiles against the West.

This was also a reaction to the US’ withdrawal from the treaty with Russia on missile defense in 2002. In any case, the US did not seem surprised by this move. Trump announced the construction of new nuclear missiles with reduced explosive force. Political scientist Susanne Spahn told DW that she suspects it is important to Putin to strengthen his country’s position of power specifically in relation to the US.

“The main enemy is the United States. Putin has used very threatening rhetoric towards the West along the lines of, ‘in the past you did not want to listen to us, then at least listen to us now’.”

Middle East

Russia’s ambition to become an international political heavyweight again is most evident in the Middle East. Russia strongly supports the Syrian President Bashar al-Assad, who is at war with sections of his own population. Russia has set up a substantial military contingent to protect Assad and his established political order.

Read moreWhat foreign powers want from the war in Syria

There are several reasons for Moscow’s involvement: Firstly, it is about having a military foothold in the Mediterranean region. Above all, however, Russia has become an actor in the region that no one can avoid. Together with Assad’s other key ally, Iran, Russia now has considerable influence in the region between Iran and Israel.

Russia’s authority holds significantly more weight than at the beginning of the Syrian war, in Iraq, Syria and in areas of Lebanon controlled by Iran-backed Hezbollah. Russian authority also counts in Turkey, which intervened in northern Syria in January. The US had largely withdrawn from the Middle East under the Obama administration. They left behind a gap that Russia is increasingly filling.

Central and Eastern Europe

Russia has rather difficult relations with the former satellite states of the Soviet Union. Lithuania has barely had any political contact with Russia since the Ukraine crisis. Around 65 percent of Lithuanians regard Russia as an “unfriendly” neighbor, while around 18 percent do not rule out the possibility that Russia could invade their country. This has made them all the happier about the 1,000 NATO soldiers who have been deployed to Lithuania.

Lithuania has also distanced itself economically. For a long time, the Baltic country was heavily dependent on Russian energy exports. It has systematically reduced this dependence.

Russian relations with Poland are also at a low point. Jaroslaw Kaczynski, whose role as chairman of the right-wing conservative ruling PiS party makes him a kind of eminence grise of Polish politics, is a staunch anti-communist. He has also distanced himself from Putin’s Russia. For example, he is a strong supporter of the EU’s sanctions against Poland’s neighbor to the east. Neither country has any discernible interest in rapprochement.

On the other hand, Russia enjoys good relations with Serbia, which is in large part due to the good personal relationship between Putin and Serbian President Aleksandar Vucic. Serbia also gets a substantial part of its arms and energy imports from Russia.

Germany

Russia has had a difficult relationship with Germany since the outbreak of the Ukraine crisis. Germany supports the EU’s decision to impose trade sanctions on Russia, despite the fact that German firms have suffered heavily as a result; around 40 percent of trade losses affect Germany.

Nevertheless, Germany is maintaining its critical stance on the annexation of Crimea and the conflict in Ukraine, SPD foreign policymaker Rolf Mützenich told DW. The breach of international law in Crimea is unacceptable, he said. However, he explained that the relationship with Ukraine and Russia generally remains a focal point of German foreign policy. “We must not put ourselves at the mercy of domestic political actors in either country,” said Mützenich.

Russia’s President Putin has an unclear relationship with Germany. On the one hand, Moscow maintains a close dialogue with Berlin. On the other hand, Putin questioned Germany’s sovereignty in June 2017. “There are not that many countries in the world that enjoy the privilege of having sovereignty. I don’t want to offend anyone, but what Mrs. Merkel said [in a previous speech – Ed] is an expression of the resentment of a limited authority that has accumulated over a long period of time.” The relationship is also strained by alleged Russian hacker attacks on German government computers.

Asia

Since relations with the EU have cooled as a result of the Ukraine crisis, Russia has increasingly turned its attention to China. Both countries want to expand their trade relations. Russia also wants to participate in the expansion of the “New Silk Road” — the dynamism of this primarily Chinese-European trade route should also benefit the Russian economy.

Read moreAre China and Russia challenging US military dominance?

In political terms, both states maintain a similar style, in particular, authoritarian dealings with critics and opponents within the country and a robust representation of their own interests to the outside world. Both states have repeatedly spoken out against Syria’s condemnation in the UN Security Council. They argue that interference in the country’s internal affairs is not admissible.

The two states have also come closer to each other militarily. They conducted several joint maneuvers — not only in central Asia, but also in the East China Sea. As a result, Russia has moved away in part from its previously cultivated neutrality in the dispute between China and Japan over islands in the South China Sea — a state of affairs that weighs heavily on Russian-Japanese relations, but that has further strengthened those with China.

 http://www.dw.com/en/russias-conflict-laden-foreign-policy/a-42916379

U.S. government still has no effective, unified approach to deal with Russia’s cyber threat

March 8, 2018

Reuters

Image result for Curtis M. Scaparrotti, photos

WASHINGTON (Reuters) – The top U.S. general in Europe said on Thursday that the U.S. government did not have an effective unified approach to deal with Russia’s cyber threat.

U.S. officials have warned repeatedly that Russia is trying to interfere in the 2018 mid-term U.S. elections by hacking or using social media to spread propaganda and misleading reports, much as it did during the 2016 presidential race.

Lawmakers, particularly Democrats, have accused the Trump administration of doing too little to combat hacking. Some lawmakers have stressed the need for a “whole of government approach.”

“I don’t believe there is an effective unification across the interagency, with the energy and the focus that we could attain,” U.S. Army General Curtis Scaparrotti, who is also NATO’s Supreme Allied Commander, Europe, told a Senate Armed Services Committee hearing.

Scaparrotti had been asked by Senator Jack Reed, the top Democrat on the committee, whether he believed the different parts of the government had a coordinated effort to confront Russia’s cyber threat.

Scaparrotti told lawmakers that the United States’ understanding of Russian cyber infrastructure was not satisfactory.

“We’re getting a better understanding of it, (but) I would not characterize it as a good picture at this point, not satisfactory to me,” he said.

U.S. intelligence agencies determined that Russia sought to influence the 2016 presidential election to boost Trump, the Republican candidate. The finding has shadowed his 14 months in the White House amid multiple congressional investigations and a probe by Special Counsel Robert Mueller.

Moscow denies meddling. Trump has denied collusion between his associates and Russia.

When asked whether Russia was directly targeting the United States with cyber and information warfare, Scaparrotti said he had seen Russian activity related to infrastructure within the United States, but did not provide more details.

The top U.S. intelligence official said on Tuesday that President Donald Trump’s administration is “actively engaged” in countering Russian efforts to influence the November elections, even as he warned of Moscow’s continuing “malign activities.”

Reporting by Idrees Ali; Editing by Alistair Bell

Russian election assaults, cyber and otherwise, pose quandary for 2018 campaigns

March 1, 2018

The Associated Press

By TOM LoBIANCO and STEVE PEOPLES

Image may contain: text

WASHINGTON (AP) — Encrypted messages. Two-factor authentication. Real-time monitoring of social media for malicious internet bot activity.

This is the new reality for candidates running in 2018, scared of email hacks and elaborate misinformation schemes like the ones Russia used to disrupt the 2016 campaign.

And many candidates say they’re concerned they can’t rely on Congress or the White House for advice, or protection.

“Since many in Washington continue to bury their head in the sand over the dangers our Democracy faces, our campaign has taken deliberate steps to guard against cyberattacks by mandating extensive security measures,” said Gareth Rhodes, a Democrat running for an upstate New York House seat. He said he’s put his campaign staff through training on how to identify phishing and hacking attempts.

The horror of 2016′s hacked emails is still fresh for most operatives. Democratic lawmakers saw their cellphone numbers splashed online. Democratic National Committee chairwoman Debbie Wasserman Schultz resigned before the convention. The hacks even prompted a North Carolina man to storm a Washington pizzeria with an assault rifle, based on an internet conspiracy theory that started with Clinton campaign chairman John Podesta’s emails.

Since then, the Democratic Senatorial Campaign Committee has been hosting cybersecurity briefings for its candidates and staff, pushing campaigns to use encrypted messaging and two-factor authentication. The National Republican Congressional Committee, or NRCC, has hired multiple cybersecurity staffers to work with its candidates and promises to do more.

“We’re starting to advise campaigns, but we’re not ready to roll the whole thing out. We’re working on it,” NRCC Chairman Steve Stivers said this week. “We’re working on the technology-based stuff to try and make sure that we know what’s out there — which is hard, too — and then we try to defend against it the best we can.”

Leaders with the Democratic Congressional Campaign Committee and the NRCC negotiated last year on a coordinated defense against hacks and cyberattacks, but the talks crumbled last summer amid accusations from both sides of grandstanding on the issues, according to Democratic and Republican officials familiar with the effort. The officials spoke on condition of anonymity to discuss private negotiations.

Jason Rosenbaum, the former head of digital advertising for Hillary Clinton’s presidential campaign, likened the average congressional campaign to how Rocky Balboa of the ’80s blockbuster movie “Rocky IV” was doing a bare-bones training regime in an isolated cabin in the frozen tundra and clearly was outgunned by Russian prizefighter Ivan Drago.

“Drago had unlimited state resources, and House campaigns are like Rocky, pushing tree logs in the snow,” said Rosenbaum, who also worked previously in Google’s elections and issues department.

Special counsel Robert Mueller only heightened these concerns when he revealed an intricate misinformation campaign run out of Russia, which used fake identities, set up rallies in America and rushed protesters into the streets on both sides of the divide.

The deeper problem, say cybersecurity experts advising campaigns, is that while hacks and phishing attempts can be blocked, misinformation is more amorphous and harder to curtail.

Supporters of Virginia Democratic Gov. Ralph Northam may offer the best example of what can, and cannot, be done.

In the homestretch of the Virginia governor’s race last year, a Democratic group aired an explosive ad showing a white man in a pickup truck with a waving Confederate flag chasing four black, Hispanic and Muslim kids through a leafy suburban neighborhood.

It sparked an outcry among conservatives who said it unfairly painted supporters of Republican candidate Ed Gillespie as unrepentant racists. The spot was taken down after two days, and Democrats thought they may have avoided any nasty consequences from the politically insensitive ad. But then a small group of Twitter bots and accounts closely associated with Russia’s Internet Research Agency, a Kremlin-connected troll farm, latched on and kept the ad alive through the final week of the race.

In a matter of hours, an easily missed TV ad quickly punched through the din of the national news and was enshrined as one caustic part of the 2017 governor’s race. Now, with the 2018 vote looming for hundreds of candidates for governor and the House and Senate, it’s a cautionary tale about the perils of a new political landscape filled with bots, trolls and even “cyborgs” — real people blasting from dozens of social media accounts at a time.

“You’re not going to be able to battle them in the digital sphere, there’s just too many. It’s calling them out for what they are. They’re not voters, they’re not constituents — they’re just machines,” said David Turner, who worked as Northam’s spokesman during the governor’s race.

A social media report commissioned by Virginia’s teachers union pinned much of the blame on 15 Twitter accounts. The report did not specifically state that the accounts were operated by Russia’s troll farm, but the accounts were heavily retweeted and promoted by Russian accounts, according to a database compiled by NBC of tweets purged by Twitter.

U.S. intelligence officials have warned that Russian operatives didn’t stop on Election Day 2016. While they offered few details, officials said they expect attacks to continue through the current election season.

The social media giants, too, have struggled to come up with answers on their own.

Through the end of the 2016 election campaign, the Tennessee Republican Party pressed Twitter to take down an impostor account that was tweeting wild accusations — like claims that then President Barack Obama wanted to convert children to Islam. But Twitter didn’t do anything for 11 months, until it discovered the account was linked to Russian meddling in the election.

Mueller later tagged the account “@TEN_GOP” as one of the most active run by the Internet Research Agency in St. Petersburg, Russia.

But when Twitter recently purged thousands of accounts it discovered were fake or automated, it spurred a backlash among conservative pundits online who lost thousands of followers. The hashtag “#TwitterLockout” quickly began trending last week in response to the purge.

Later the same day, the chairman of the House Intelligence Committee, Republican Devin Nunes, mocked Democrats on Twitter worried about Russian meddling: “Catch up on mainstream media Russian conspiracy theories in this piece by @FDRLST PS-If you are a Russian Bot please make this go viral PSS-If you’re not a Russian Bot you will become one if you retweet.”

Mueller’s indictment of the Russian nationals and companies two weeks ago outlined an effort that was mostly aimed at helping Trump and hurting Clinton. But their targets weren’t all Democrats — the indictment said the Russians also tried to spread misinformation about some of Trump’s GOP primary opponents, including Republican Sen. Marco Rubio.

Terry Sullivan, Rubio’s campaign manager in 2016, said the campaign noticed misinformation online but didn’t suspect it was from Russians. He’s not managing any campaigns this year, but advises anyone who is slammed by negative content online to create more of their own content that is positive.

“What I learned early on is you can only focus on the things you can control and don’t worry about the rest,” Sullivan said. “And to a large extent this is beyond any campaign manager’s control.”

The other problem, noted Stivers from the NRCC, is that misinformation is a quintessential part of campaign politics.

“It’s been part of American politics since the presidential campaigns of the 1800s,” he said.

__

Associated Press reporter Mary Clare Jalonick contributed to this report.

Apparent attack by Russian hackers penetrated Germany’s foreign ministry — “The German government strongly urged Russia to refrain from attacks.”

March 1, 2018

.

Image result for German foreign ministry, photos, eagle

Security experts discovered malware on the German foreign ministry’s network in December. The defense ministry may have been affected, too. (Michael Kappeler/Associated Press)
.
 February 28 at 5:51 PM
The Washington Post
.
 German officials said Wednesday that the government’s information technology networks had been infiltrated and that evidence pointed toward a Russian hacking group that’s been implicated in high-profile cyberattacks worldwide.The breach, acknowledged by the interior ministry in a statement, had been known since December, when security experts discovered malware in the secure computer networks of the foreign ministry, according to a senior German security official. German media outlets reported that the defense ministry also was affected.

The senior security official, who spoke on the condition of anonymity because he was not authorized to comment on the record, said the Federal Office for the Protection of the Constitution and the Federal Office for Information Security allowed the malicious program to keep running in recent months so they could monitor hacker activity. But no significant data was transmitted, according to the official. He said at some stage German officials decided to stop monitoring.

The official also said the country’s security agencies suspected that the Russian-linked hacking network known as APT28, or Fancy Bear, was behind the attack. Germany’s Süddeutsche Zeitung reported that the hackers may have had access to German governmental networks for up to a year.

Fancy Bear has previously been connected to a range of cyberattacks, including one in which phishing and malware was used to infiltrate the U.S. Democratic National Committee before the 2016 presidential election, as well as the networks of Emmanuel Macron’s election campaign before last year’s French presidential election, according to the Tokyo-based cybersecurity research group Trend Micro.

The extent of damage in Germany, if any, was not made public. The interior ministry said in a statement that the breach was “isolated and brought under control.”

Still, the revelation that sensitive systems had been penetrated, with potential Russian fingerprints, represented a major breach just three years after suspected Russian hackers broke into the computer networks at the German parliament and made off with 16 gigabytes worth of data, enough for about a million emails. The information stolen in that attack has never been published.

If the Russian link is proved, it could mark a potential escalation in hostilities between Moscow and the West.

“If the details reported so far are accurate, this attack represents an unprecedented incident,” said Sven Herpig, Director for International Cyber Politics at Germany’s New Responsibility Foundation. “The prior hacking of the German parliament was also problematic, but it only lasted for a short period of time.”

He indicated that whoever was behind the latest attack must have assumed that it would eventually become public.

“Following the parliamentary breach, the German government strongly urged Russia to refrain from attacks,” Herpig said. “The likelihood that such incidents become public relatively quickly is high.”

Some experts believe Fancy Bear was also behind the cyberattack on the parliament, known as the Bundestag, though other experts say there’s not sufficient proof. German security officials publicly said they believed that attack was of Russian origin.

Mekhennet reported from Frankfurt, Noack from London and Beck from Berlin. Griff Witte contributed from Athens.

https://www.washingtonpost.com/world/apparent-attack-by-russian-hackers-penetrated-germanys-foreign-ministry/2018/02/28/10f9b9a8-1cb5-11e8-98f5-ceecfa8741b6_story.html?utm_term=.a274da5801e0

Apple Says All Macs, iPhones and iPads Exposed to Chip Security Flaws

January 5, 2018

Bloomberg

By Mark Gurman

 Updated on 
  • Company says recent software updates mitigate Meltdown flaw
  • Fixes won’t slow down devices; users not currently affected
  Intel’s Chip Vulnerabilities
 .
No automatic alt text available.

Apple Inc. said all Mac computers and iOS devices, like iPhones and iPads, are affected by chip security flaws unearthed this week, but the company stressed there are no known exploits impacting users.

The Cupertino, California-based company said recent software updates for iPads, iPhones, iPod touches, Mac desktops and laptops, and the Apple TV set-top-box mitigate one of the vulnerabilities known as Meltdown. The Apple Watch, which runs a derivative of the iPhone’s operating system is not affected, according to the company.

Despite concern that fixes may slow down devices, Apple said its steps to address the Meltdown issue haven’t dented performance. The company will release an update to its Safari web browser in coming days to defend against another form of the security flaw known as Spectre. These steps could slow the speed of the browser by less than 2.5 percent, Apple said in a statement posted on its website.

All About That Big Chip Security Weakness: QuickTake Q&A

Intel Corp. on Wednesday confirmed a report stating that its semiconductors contain a vulnerability based around a chip-processing technique called speculative execution. Intel said its chips, which power Macs and devices from other manufacturers, contain the flaw as well as processors based on ARM Holdings architecture, which is used in iOS devices and Android smartphones.

In December, Apple came under fire for iPhone software changes that reduced the performance of some older models of its smartphone. Alongside an apology and an explanation that a software change was implemented to balance out the effect of aging batteries, the company reduced the cost of replacing the power units from $79 to $29 through the end of 2018.

Apple shares remained flat after it announced its devices were affected by the computer-chip flaw. Intel dropped as much as 5.7 percent to $42.69 in New York Thursday before recovering slightly to $44.43, after declining 3.4 percent on Wednesday.

Security experts have said highly regulated sectors of industry, such as government offices and public health institutions, are most at risk of compromise as a result of the chip security vulnerability.

— With assistance by Nate Lanxon

Includes video:

https://www.bloomberg.com/news/articles/2018-01-05/apple-says-all-macs-iphones-ipads-exposed-to-chip-flaw

Related:

Tech Giants Race to Address Widespread Chip Flaws

January 4, 2018

Spectre and Meltdown, long-time design bugs, could make many devices vulnerable to hack

The world’s computer-chip and software makers scrambled to respond to the discovery of two widespread hardware vulnerabilities disclosed by cybersecurity experts that could affect most of the world’s modern computing devices.

Tech manufacturers and researchers described the two vulnerabilities as design flaws, long present in most modern chips. The bugs, dubbed Spectre and Meltdown, make data stored in the working memory of shared servers and individual devices—including personal computers, tablets and smartphones—vulnerable to attack.

The flaws could allow hackers to access and steal data from devices or servers. To take advantage of either bug, however, a hacker must run malicious software on the central processing unit—essentially the brains of any modern computing device—of the machine they are targeting.

Companies and several government cybersecurity agencies said there was no indication so far of reports of any significant breaches related to the two flaws.

Still, because of the widespread nature of the flaws, Intel Corp. , Microsoft Corp. , Amazon.com Inc., Alphabet Inc. -owned Google and others moved quickly to explain the nature of the bugs and what they have done to minimize the threat, including rolling out software fixes. Some patches, however, could slow down computers, security experts warned, though it was unclear Thursday whether they were causing any major disruptions.

Intel’s corporate offices are seen in Santa Clara, Calif. Intel says it is working to patch a security vulnerability in its products.Photo: Ben Margot/Associated Press

The U.S. Computer Emergency Readiness Team, a cybersecurity center that is part of the U.S. Department of Homeland Security, said late Wednesday that it was aware of the two bugs. It encouraged system administrators to contact software vendors for ways to patch them. CERT said it wasn’t aware of any “active exploitation” of the bugs.

A spokesperson for the National Cyber Security Centre, an arm of the U.K.’s intelligence agency, said it wasn’t aware of evidence of “malicious exploitation” of the flaws. “The NCSC advises that all organizations and home users continue to protect their systems from threats by installing patches as soon as they become available.”

Google said its researchers had identified the flaws and had planned to disclose them—as well as what it has done to fix them—later this month. But it moved up action after the bugs were widely disclosed Wednesday. Often firms and researchers working to protect systems from hacks hold off on disclosing bugs widely to minimize the risk that potential hackers could exploit them.

Google said it had mitigated the vulnerabilities in many of its own products at risk. For instance, it said users of its Android operating system who have installed the latest security fixes didn’t need to do anything else. Users of Google’s Chrome browser, however, were asked to take specific action in some cases to protect their systems.

Google said it had also patched its cloud platform that it leases to businesses. But it said that its cloud customers must implement the patch within their own systems.

Amazon said it had notified its web-services customers that it was patching its data centers. The company said that customers need to patch the operating systems they are running on top of Amazon’s infrastructure. Microsoft said it has “been working closely with chip manufacturers to develop and test mitigations to protect our customers.”

The two flaws could affect practically every computer on the globe running a modern central-processing unit, or CPU, according to researchers that first identified them. They pose a particular danger for shared machines that have many users—such as those in data centers used for cloud computing—because they could allow one user to grab sensitive data belonging to another user, such as passwords or encryption keys.

They take advantage of tricks that modern chips use to speed up their performance, where chips perform calculations out of order, or guess what calculations they will have to do, rather than waiting for all the information they need to complete each step in order. Researchers showed that hackers could use those speculative, or out of order, instructions to trick chips into revealing sensitive data elsewhere in the processor’s memory.

The bug called Meltdown allows software to jump over protections that would normally restrict access to a device’s memory, giving hackers access to core functions of the machine as well as data from other users. Researchers say that bug is easier to patch than Spectre, although the patch could slow the performance of the machines that use it.

In a conference call late Wednesday, Intel’s general manager of data center engineering, Stephen Smith, said any potential exploit “is really not the result of product erratum. The processors are really operating as they should operate, as they were designed to operate and validated to operate.”

He said software patches can help mitigate the flaw, and that Intel launched an industrywide collaboration to incorporate a fix in the hardware.

There are existing patches against Meltdown for Microsoft’s Windows, Apple Inc.’s Mac OS and Linux, a family of open-source operating systems. But it is up to companies, such as cloud providers, to apply them.

In the case of Spectre, the flaw is so deeply embedded in the way modern chips are designed that while some patches can stop known exploits, fully fixing it will require redesigning computer chips and then replacing those currently in use, according to a federally funded cybersecurity center at Carnegie Mellon University.

Spectre appears to affects chips designed or made by Intel, Advanced Micro Devices Inc. and SoftBank Group Corp. -owned ARM, a British-based chip designer.

An ARM spokesman said the majority of its processors weren’t impacted, and those affected were certain high-end chips. The spokesman said ARM was working with Intel and AMD to patch the possible hacking method, “which is not an architectural flaw or a bug.” In the worst-case scenario, a hacker could access “small pieces of data.”

AMD said in a statement that software patches resolved one of the vulnerabilities with “negligible impact expected,” while the differences in the way AMD chips are designed means “there is a near zero risk” they are vulnerable to the other attacking methods.

Write to Sam Schechner at sam.schechner@wsj.com and Stu Woo at Stu.Woo@wsj.com

Related:

Vulnerability in computer chips sparks security fears and debate

January 4, 2018

AFP

© Josh Edelson/AFP| An Intel sign at the Intel Museum in Santa Clara, CA. Security weaknesses found in computer chips, including ones made by Intel, prompted concerns on Wednesday.

Text by NEWS WIRES

Latest update : 2018-01-04

Researchers expressed concerns on Wednesday that hackers could access sensitive data on most modern systems, as technology firms sought to play down the security risks.

Chip giant Intel issued a statement responding to a flurry of warnings surfacing after researchers discovered the security hole which could allow privately stored data in computers and networks to be leaked.

Intel labeled as incorrect reports describing a “bug” or “flaw” unique to its products.

Intel chief executive Brian Krzanich told CNBC that “basically all modern processers across all applications” use this process known as “access memory,” which was discovered by researchers at Google and kept confidential as companies work on remedies.

Google, meanwhile, released findings from its security researchers who sparked the concerns, saying it made the results public days ahead of schedule because much of the information had been in the media.

The security team found “serious security flaws” in devices powered by Intel, AMD and ARM chips and the operating systems running them and noted that, if exploited, “an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications.”

“As soon as we learned of this new class of attack, our security and product development teams mobilized to defend Google’s systems and our users’ data,” Google said in a security blog.

“We have updated our systems and affected products to protect against this new type of attack. We also collaborated with hardware and software manufacturers across the industry to help protect their users and the broader web.”

Spectre and Meltdown

The Google team said the vulnerabilities, labeled “Spectre” and “Meltdown,” affected a number of chips from Intel as well as some from AMD and ARM, which specializes in processors for mobile devices.

Intel said it was working with AMD and ARM Holdings and with the makers of computer operating software “to develop an industry-wide approach to resolve this issue promptly and constructively.”

Jack Gold, an independent technology analyst, said he was briefed in a conference call with Intel, AMD and ARM on the issue and that the three companies suggested concerns were overblown.

“All the chips are designed that way,” Gold said.

The companies were working on remedies after “some researchers found a way to use existing architecture and get into protected areas of computer memory and read some of the data,” he added.

Microsoft said in a statement it had no information suggesting any compromised data but was “releasing security updates today to protect Windows customers against vulnerabilities.”

But an AMD spokesman said that because of the differences in AMD processor architecture, “we believe there is near zero risk to AMD products at this time.”

ARM meanwhile said it was “working together with Intel and AMD” to address potential issues “in certain high-end processors, including some of our Cortex-A processors.”

“We have informed our silicon partners and are encouraging them to implement the software mitigations developed if their chips are impacted,” the SoftBank-owned firm said.

Slowdown?

Earlier this week, some researchers said any fix — which would need to be handled by software — could slow down computer systems, possibly by 30 percent or more.

Intel’s statement said these concerns, too, were exaggerated.

“Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time,” the company statement said.

Tatu Ylonen, security researcher at SSH Communications Security, said the patches “will be effective” but it will be critical to get all networks and cloud services upgraded, Ylonen said.

British security researcher Graham Cluley also expressed concern “that attackers could exploit the flaw on vulnerable systems to gain access to parts of the computer’s memory which may be storing sensitive information. Think passwords, private keys, credit card data.”

But he said in a blog post that it was “good news” that the problem had been kept under wraps to allow operating systems such as those from Microsoft and Apple to make security updates before the flaw is maliciously exploited.

(AFP)