GOP-led Senate panel agrees Russia infowar campaign helped Trump

In the U.S. Senate on Tuesday, a bipartisan panel of lawmakers presented evidence that Russia conducted information warfare against the U.S. in 2016 and demanded urgent action from Congress, the trump White House, and Silicon Valley to prevent the same thing from happening in 2020. Read the rest

Notpetya: the incredible story of an escaped US cyberweapon, Russian state hackers, and Ukraine's cyberwar

Andy Greenberg (previously) is Wired's senior security reporter; he did amazing work covering Russian cyberwarfare in Ukraine, which he has expanded into a forthcoming book: Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers (I read it for a blurb and a review; it's excellent). Read the rest

U.S. Cyber Command DDOS'd Russian troll factory's internet on 2018 midterms voting day: WaPo

The official cyberwarfare division of America's military successfully blocked off Internet access for the Russian government's notorious “troll factory” on the day of the 2018 U.S. midterm elections. Read the rest

'He has learned nothing,' Zuckerberg considers crowdsourcing news fact-checks for Facebook

Facebook founder and CEO Mark Zuckerberg reveals the company may crowdsource fact-checking as a new model for Facebook’s third-party factchecking partnerships, now that they've botched the deal they had with Snopes.

Earlier this month, we wrote that Snopes ended their 'debunking false stuff' partnership with Facebook.

This is the first time we've read that Mark Zuckerberg has come up with a new plan.

It sucks.

From today's new reporting at the Guardian:

In the first of a series of public conversations, Zuckerberg praised the efforts of factcheckers who partnered with Facebook following the 2016 presidential election as a bulwark against the flood of misinformation and fake news that was overtaking the site’s News Feed.

“The issue here is there aren’t enough of them,” he said. “There just aren’t a lot of factcheckers.”

He continued: “I think that the real thing that we want to try to get to over time is more of a crowdsourced model where people, it’s not that people are trusting some sort, some basic set of experts who are accredited but are in some kind of lofty institution somewhere else. It’s like do you trust? Like if you get enough data points from within the community of people reasonably looking at something and assessing it over time, then the question is: can you compound that together into something that is a strong enough signal that we can then use that?”

Here's the bullshit-free response from Snopes' Brooke Binkowski, same Guardian story:

Brooke Binkowski, the former managing editor of Snopes, a factchecking site that previously partnered with Facebook, said Zuckerberg’s comments signaled that he “has learned nothing at all”.

Read the rest

Ex-NSA American mercenaries for UAE used 'Karma' to hack journalists and human rights activists

Former NSA spies have been working for the government of the United Arab Emirates as hacker mercenaries, helping the UAE attack journalists, dissidents, and human rights activists. This is a great read, and a shocking story from Reuters. Read the rest

Schneier's "Click Here To Kill Everybody pervasive connected devices mean we REALLY can't afford shitty internet policy

Bruce Schneier (previously) has spent literal decades as part of the vanguard of the movement to get policy makers to take internet security seriously: to actually try to make devices and services secure, and to resist the temptation to blow holes in their security in order to spy on "bad guys." In Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, Schneier makes a desperate, impassioned plea for sensible action, painting a picture of a world balanced on the point of no return.

'Too Late to Protect 2018 Elections,' says Alex Stamos, former Facebook CSO

The latest read from Alex Stamos bears an appropriately grim title. Read the rest

The true story of Notpetya: a Russian cyberweapon that escaped and did $10B in worldwide damage

Andy Greenberg (previously) is a veteran Wired security reporter who has chronicled the frightening and chaotic world of cyberwar since its earliest days; in a forthcoming book called "Sandworm," Greenberg tells the fascinating and terrible tale of Notpetya (previously), a Russian cyberweapon (built on leaked NSA cyberweapons!) that disguised itself as criminal ransomware, but which was designed to identify and destroy key Ukrainian computer systems and networks. Read the rest

Facebook kills 652 more political disinformation accounts, Russia and Iran blamed

Facebook announced today they are taking down 652 pages, groups and fake accounts for "coordinated inauthentic behavior." Read the rest

WATCH: U.S. intel chief warns of new cyberattacks on U.S. infrastructure by Russia, North Korea, Iran, China

The “warning lights are blinking red again,” said the American government's top intelligence official on Friday.

Director of National Intelligence Dan Coats warned of newly resurgent threats by Russia, Iran, North Korea, and China on critical U.S. infrastructure while speaking at the Hudson Institute think tank.

Coats happened to be speaking at the event just after the Department of Justice revealed an indictment against 12 Russian military agents for hacking the 2016 U.S. presidential elections. Read the rest

Vault 8: Wikileaks publishes sourcecode from last spring's CIA Vault 7 cyberweapons leak

In March, Wikileaks published the Vault 7 leaks, a cache of CIA cyberweapons created under the doctrine of "NOBUS" ("No One But Us"), in which security agencies suppress the publication of bugs in widely used software, choosing instead to develop attack-tools that exploit these bugs, on the assumption that no one else will ever discover those bugs and use them to attack the people they're charged with defending. Read the rest

Spanish tech activists publish a "how-to guide for preserving fundamental rights on the Internet"

As the Spanish government was hacking the Catalonian independence movement, shutting down the .cat top-level domain, and engaging mass-blocking of websites and apps to control information about yesterday's referendum on Catalonian independence, the Xnet collective published a basic (but wide-ranging) guide to "preserving fundamental rights on the Internet," suitable for anyone living under the kind of state suppression that Spain underwent. Read the rest

That "ransomware" attack was really a cyberattack on Ukraine

According to Kaspersky, the Petya ransomware that raced around the world this week wasn't ransomware at all, and there is no way to get back your files after it does its work (that's why it was so easy to shut down the email address the ransomware used to negotiate payments and decryption with victims whose computers had been taken over). Read the rest

Ukraine is Russia's testbed for launching devastating cyberwar attacks with total impunity

Ever since the Ukrainian "Maidan" revolution, the country has been subjected to waves of punishing cyberwar attacks, targeting its power grids, finance ministry, TV networks, election officials, and other critical systems. Read the rest

North Korea has been hacking the U.S. since 2009, warn DHS and FBI—and they're not stopping

A rare joint alert from the U.S. Department of Homeland Security and the Federal Bureau of Investigation explicitly blames the government of North Korea for a series of hacking attacks on various American targets, dating as far back as 2009. The government alert warns that more such ”state-sponsored cyberattacks,” as they're known in security jargon, are likely to come. Read the rest

How Russia pulled off a cyberwar invasion of America, according to the New York Times

Huge New York Times investigation on Russia's role in the elections, and Trump's upset victory: "The Perfect Weapon: How Russian Cyberpower Invaded the US.” It's a riveting tic-tock narrative, and no doubt those in the intel/security biz will debate the contents.

An examination by The Times of the Russian operation — based on interviews with dozens of players targeted in the attack, intelligence officials who investigated it and Obama administration officials who deliberated over the best response — reveals a series of missed signals, slow responses and a continuing underestimation of the seriousness of the cyberattack.

The D.N.C.’s fumbling encounter with the F.B.I. meant the best chance to halt the Russian intrusion was lost. The failure to grasp the scope of the attacks undercut efforts to minimize their impact. And the White House’s reluctance to respond forcefully meant the Russians have not paid a heavy price for their actions, a decision that could prove critical in deterring future cyberattacks.

The low-key approach of the F.B.I. meant that Russian hackers could roam freely through the committee’s network for nearly seven months before top D.N.C. officials were alerted to the attack and hired cyberexperts to protect their systems. In the meantime, the hackers moved on to targets outside the D.N.C., including Mrs. Clinton’s campaign chairman, John D. Podesta, whose private email account was hacked months later.

Even Mr. Podesta, a savvy Washington insider who had written a 2014 report on cyberprivacy for President Obama, did not truly understand the gravity of the hacking.

Read the rest

In 2000, the NSA hacked the Hague-based Organization for the Prohibition of Chemical Weapons

A reader writes, "According to last week's Shadow Brokers leak, the NSA compromised a DNS server of the Hague-based Organization for the Prohibition of Chemical Weapons in September 2000, two years after the Iraq Liberation Act and Operation Desert Fox, but before the Bush election." Read the rest

More posts