Friday Squid Blogging: Squid Tea Bags

It's pu'er tea -- from Japan.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on June 21, 2019 at 4:25 PM • 66 Comments

Comments

BenJune 21, 2019 4:56 PM

Congress Technologically Illiterate
The first of several court convictions highlight the gross security incompetence of our Congress:
A former aide to Sen. Maggie Hassan (D-N.H.) was sentenced to four years in prison Wednesday for hacking Senate computers and releasing personal information online about five Republican senators out of anger spurred by their roles in the confirmation hearings for Justice Brett Kavanaugh.
U.S. District Court Judge Thomas Hogan said the sentence for Jackson Cosko, 27, was needed to send a signal that criminal harassment driven by political motives would be punished severely in an era marked by extreme political polarization. https://www.politico.com/story/2019/06/19/maggie-hassan-staff-doxing-case-1370529
In contrast this more partisan article illustrates how the ‘trusted’ press sanitizes its reporting:
https://dailycaller.com/2019/06/20/jackson-cosko-democrats-data-theft/

My analysis of the court/police findings is our hapless Congress is too corrupt, partisan and technically incompetent to author any privacy legislation. Instead representatives attend parties hosted by lobbyists hoping to get re-elected.
The only way this bickering, sidetracked Congress can pass privacy/cryptocurrency legislation is for Sheryl Sandberg to hand it to them, all the while praising for them being so-smart.

Pretty-Please Request
The Chair of the House Financial Services Committee, ASKED Facebook to pause its project
‘given the company's troubled past, I am requesting that Facebook agree to a moratorium on any movement forward on developing a cryptocurrency’
https://financialservices.house.gov/news/documentsingle.aspx?DocumentID=403943

Polite Response
The social media giant's COO Sheryl Sandberg, in an interview airing Wednesday, said the company has called for regulation and is NOT waiting around for Congress to take action.
In other words the new commander is Silicon Valley who dictates its rules to our broken, hapless representivites.

And The World Will Live As One
Once the private, corporate Libra cabal becomes the worlds reserve currency, Chinese President Xi will no longer be able to shun Mark Zuckerberg. In fact the two will meet to discuss harmonizing rules, data exchanges, trusted news sources, and education camps/lessoned-learned between their individually controlled Social Control Systems.
Rather than focus at the nation-state level the talks will shift to entire continents with Africa being first after Hong Kong and Taiwan.
https://www.spiegel.de/international/world/china-expands-media-dominance-in-africa-a-1272274.html

Googly Eyes
This unparalleled omnipotent, omniscient and omnipresent security will surely benefit humanity. Congress will be tasked to setting the minimum social score to enjoy the monthly Day of Rest until the 20 trillion national debt is paid back. After that the crumbling USA transportation infrastructure will finally be rebuilt using Belt and Road financing.
As a good-will gesture Google’s Dragonfly project will finally win approval! /s

FranklyJune 21, 2019 6:59 PM

XKCD -- "Gotta feel kind of bad for nation-state hackers who spend years implanting and cultivating some hardware exploit, only to discover the entire target database is already exposed to anyone with a web browser."
https://xkcd.com/2166/

Ergo SumJune 22, 2019 4:48 AM

@Ben...

Hacking Senators computers can be a OK, even if it is politically motivated:

As CIA Director Brennan penetrated and spied on a US Senate Committee investigating torture by the CIA.

Source: hxxps://stonecoldtruth.com/how-john-brennan-led-the-cia-to-hack-the-senate/

In another word, hacking anyone is as OK, as long as the entity is LEOs, spooks, etc. In dividual on the other hand is SOL...

Ismar June 22, 2019 6:55 AM

@Anders - Any idea why that NASA security audit would be in public domain?

Who?June 22, 2019 10:45 AM

@ Anders, Ismar

No idea either. I would say this one is another area where JPL security must be improved (and, while here, NASA's too.)

Clive RobinsonJune 22, 2019 10:52 AM

@ Ismar, Anders,

Any idea why that NASA security audit would be in public domain?

I suspect it night have something to do with it's agency charter, funding and various federal and state laws. Acording to their communications policy[1] they have a requirment to make much of their work or the results of their work "public" within a short period of time (24Hours in some cases). The report appears to be finalized it does not appear to contain clasiffied or contract information thus I guess it just got made public.

[1] It's dull read but you can find the NASA,communications policy at,

https://www.nasa.gov/audience/formedia/features/communication_policy.html

The PullJune 22, 2019 11:49 AM

customs hack reveals vast surveillance

At the time, the agency said that 100,000 images of faces and license plates of immigrants, citizens, and asylum seekers had been stolen and leaked online, but that none had shown up on the dark web. Now The Washington Post says there is actually far more sensitive information from the breach spreading across the internet. “So much material, totaling hundreds of gigabytes, that The Washington Post required several days of computer time to capture it all,” the Post writes. Rather than showing the product of a single government surveillance contractor, the Post reports that the documents reveal a vast surveillance network the government is hoping to keep under wraps .. All told, the data reveals the inner workings of a vast surveillance network at the border, and how it relies on a small group of private companies and contractors.

https://www.wired.com/story/firefox-vulnerability-coinbase-ransomware-border-hack/

Who?June 23, 2019 5:12 AM

NSA contributes code to Coreboot

Interesting, but slightly worrying, the National Security Agency is contributing code to the Coreboot project.

If you allow me to share my personal point of view on NSA's mission, I think both offensive and defensive capabilities are necessary. I really like the work NSA is doing on the protection of infrastructures (e.g. the publically available reports from the Vulnerability Solutions Office are great and well-written resources). This one may be a good example of its work on this area. On the other hand, the offensive capabilities are being developed in the wrong way weakening protocols, algorithms and their implementations. They should firmly believe on the ability of their staff to access adversary networks without weakening the global infrastructure making the world less safe. They are clever enough to find a way to reach their goals by finding configuration mistakes in adversary networks.

I think their work on Coreboot will be very well received by the community, which needs an open-source firmware alternative to UEFI.

Gerard van VoorenJune 23, 2019 7:15 AM

@ Who?,

> If you allow me to share my personal point of view on NSA's mission, I think both offensive and defensive capabilities are necessary.

You have to be a yank. There is no other way.

> I think their work on Coreboot will be very well received by the community, which needs an open-source firmware alternative to UEFI.

Again. You have to be a yank. There is no other way.

And this is why. Security needs to be simple and without options. That is why I don't trust SELinux. Just have a look at OpenBSD's security features, think about Pledge. That is proper security!

Now, have a look at Coreboot. Coreboot is a project made by Google (Ron Minnich). They also made "oreboot" btw, which is Coreboot without the C. It is written in Rust (a "secure" PL). But Coreboot also contains blobs. Okay, oreboot doesn't. But I still prefer Libreboot because that doesn't contain blobs.

But let me tell you something. NO person that isn't a yank likes what the NSA is doing!

WinterJune 23, 2019 2:41 PM

"I do not think this is an accident that they did this, right after announcing via NYTimes what they had done in Russia."

Russia helps Iran, like they did Assad in Syria. This is a warning not to get involved.

This is all stupid as China gets a lot of oil from Iran. They will not sit idle in this war.

But it is far from me to suggest the current politics of the WH are not the most brilliant in human history.

The PullJune 23, 2019 3:37 PM

@Winter

Hahaha... I agree. :-)

Good point on the US doing that action in light of their eyes on Iran, as opposed to looking at the 2020 election cycle. I had not considered that. That seems likely, though I am going to probably settle on this being dual purpose. And, good point on the likelihood of China getting involved. They seem oddly quiet on the matter -- probably just not something that hits my news cycle.

Trump, I will be upfront and state I view as a really hardcore sociopath. I do see him as having a strong admiration of Russia despite his protestations. He has a long history of relations there, familiarity, going back to his cold war emigree first wife and his russian business dealings.

I am actually highly skeptical he will actually do a war with Iran, despite his posturing because of his affinity with Russia. And, just because he is a devil doesn't mean he has it in him to really start killing a bunch of people. He relies, strongly, and is a big believer in The Bluff. He is good at it.

But, we will see. He is listening to military and other advisors, it sounds like.

Besides the ease of really getting nasty of a cyberwar front there... which may get very interesting.

War with Iran would be a true nightmare, for everyone on the planet.

DavidJune 23, 2019 4:13 PM

The Pull wrote

As for Russia's activities in these regards, it is very relevant. Bruce mentions it in his blog from time to time. And, it is highly likely to continue to remain relevant as 2020 approaches.


What's 2020? Do you mean the year, as in next year? Why next year, and not any other year? Or is it shorthand for a piece of imminent technology?
If I was feeling flippant I'd imagine 2020 sounds like a science fiction film title. Looking forward to your response

The PullJune 24, 2019 12:04 AM

@George


Regarding 2020, it was reference to the expected attacks from Russia and preparations made against those attacks by the US mil & intelligence.

This other stuff you mention is entirely irrelevant to the conversation. Nobody said they are Democrats, support NWO (lol), or anything like that.

You are seriously brainwashed, kid.

Don't think you know people, when you don't. You don't have the slightest clue on my world. Believe me.


Denton ScratchJune 24, 2019 4:36 AM

I'm afraid I'm not at all enthusiastic about the NSA contributing to Coreboot. They have form for deliberately inserting weaknesses into open-source security projects (Dual ECDRBG anyone?) and then foisting them onto users by pressurising commercial suppliers. Admittedly only one supplier made the NSA's curves the default (stand up please, RSA). But the fact that these curves got into the code-base in the first place shows that the 'many eyes' principle doesn't work very well with crypto and security.

ECDRBG was just an option (albeit the default option in the RSA product); NSA code in Coreboot will be burned in, and probably shipped with hardware. Coreboot is our only (rather ragged) hope of preventing firmware-level hacking of our systems. NSA's reputation should automatically disbar it from contributing to such an important project as Coreboot.

I'm really rather surprised that anyone here thinks this is a good idea.

AlejandroJune 24, 2019 5:50 AM

NSA + Google = Coreboot?

Anyone who doesn't see this is a deep, deep government op is a fool.

Sounds like they are building the mythical pan-optic back door only for the special people. Until, it's not.

Bruce SchneierJune 24, 2019 9:04 AM

I would like to apologize for the large amount of off-topic posts on this thread. I was away from the blog over the weekend, and was unable to monitor the off-topic conversations. I have since deleted a bunch of posts, and will monitor this thread more carefully in the coming days.

Please take political discussion elsewhere.

Clive RobinsonJune 24, 2019 10:27 AM

@ Denton Scratch,

But the fact that these curves got into the code-base in the first place shows that the 'many eyes' principle doesn't work very well with crypto and security.

They got in because the NSA representative on the NIST's standards committee so alienated the other members they effectively left, even though several had complained to NIST managment that the NSA person's behaviour was not fit for the work place and that NIST should terminate the NSA persons position.

NIST did not, others started to look into things Niels Ferguson had done research in the area and became deeply suspicious.

To cut a long story short NIST ended up having to do a highly embarrassing U-turn and re-issue the standard.

The side effect of this is now a general distrust of anything to do with mathmatical and similar crypto functions where there are "hidden variables" when using them in CS-PRBG's. Further the work of Adam Young and Moti Yung on what they call Kleptography shows that you can make a Public Key that can be used to reveal one of the P and Q primes (or a number close enough to make searching practical). Even if you were given both the P and Q primes of the Public key you would not know that they made a back door to get the prime factors quickly. Such are the joys of the amount of redundancy in the way Public Key systems work.

That said even hash functions should be looked on with suspicion in CS-PRBG's or even TRNG's because they don't increase entropy nor do they realy increase security because unless used correctly they are nothing more than a simple substitution cipher with a very large alphabet, that might or might not be almost the equivalent of a random mapping.

But hash functions are based on one way functions, that might or might not be "one way"[1]. What we do know is that in the case of some apparently one way functions we know that they can have secret "trap doors" that allow the apparently "one way function" to have a very efficient way to reverse the function and thus get a collision. Thus the question arises is this ability to be reversed by a method shorter than brut force just applicable to a very few select one way functions or to all one way functions...

The SigInt agencies like the NSA and GCHQ supposadly did employ the majority of people working in this sort of area of maths. If they still do is open to conjecture. But to err on the side of caution it would be more likely that they would discover ways to reverse hashes than other people. In fact we have good reason to think it's an active area of research for them and probably has been for thirty years or more. If you think back to stuxnet and it's predecessor flame, it was suggested at the time that the NSA had a way to get colissions in the md5 hash functions[3]. Whilst hashes have been improved they appear to suffer from the law of diminishing returns which is on reason the NIST 3G hash competition entrants are not as widely adopted as expected before the competition.


[1] It's been a while since I looked, but back then as far as I remember no one had come up with a proof that one way functions actually existed, it was just "assumed"[2].

[2] I suspect if there was a proof that had been found we would all know about it because it would be very newsworthy. If such a proof did exist it would also have solved one of the most eagerly sort after proofs in not just crypto and computer science, but mathmatics as well. Because if one way functions could be proved to exist the proof would also answer the question about the complexity classes P and NP not being equal... Which would also be awkward for other reasons.

[3] https://arstechnica.com/information-technology/2012/06/flame-crypto-breakthrough/

VinnyGJune 24, 2019 12:33 PM

@The Pull re: Regarding 2020, it was reference to the expected attacks from Russia and preparations made against those attacks by the US mil & intelligence.

I trust you aren't suggesting that the Russians would/will be stupid enough to try the same tactics in 2020 that they used in 2016? Whatever they are, imo they aren't that stupid. Possibly there will be a feint of those tactics with the real damage attempt to come from some other direction. Unfortunately I think less highly of the abilities of those responsible to detect and render harmless such interference attempts to classify a possible feint as such and identify and neutralise the actual attack...

The PullJune 24, 2019 1:07 PM

@VinnyG

Good point.

I think US mil & intellligence are preparing and taking the security seriously, and new found autonomy to do so.

I think disinformation & hacking used together are tactics 'here to stay'. But, the implementation of it in 2016 was roughshod. Unpracticed, poorly planned out, and poorly implemented. But, it was effective.

They did have startling successes.

With the US openly compromising their energy infrastructure, and open about malicious capabilities of the rootkits/trojans therein, Russia probably is going to think twice. A lot more important that whatever they do, they do not get caught. So, the US can not justify actually doing anything.


The PullJune 24, 2019 1:18 PM

The combination of the US openly compromising Russia's energy infrastructure -- even admitting to not just having rootkit/trojans, but malicious capabilities for destruction... with the strike this week on Iran's command and control center as a response... is a Big Deal. And shows "how things will be".

vas pupJune 24, 2019 1:27 PM

The “dark triad” makes us more creative but also more likely to cheat. It turns out there is an opposite make-up – the “light triad” – that could explain why some of us are naturally good.
http://www.bbc.com/future/story/20190617-the-light-triad-that-can-make-you-a-good-person

"Rather than being all light or all dark, though, most people will be a mix. You can take a test that will show your levels of both light and dark personality traits at Kaufman’s website[link inside the article].

My take: AI could find out the best combo of light and dark personality traits for IT, LEA, IC personal and then may predict effectiveness at particular activity

vas pupJune 24, 2019 1:40 PM

From one brain scan, more information for medical artificial intelligence

System helps machine-learning models glean training information for diagnosing and treating brain conditions:
https://www.sciencedaily.com/releases/2019/06/190619134834.htm

"The crux of the work is automatically generating data for the "image segmentation" process, which partitions an image into regions of pixels that are more meaningful and easier to analyze. To do so, the system uses a convolutional neural network (CNN), a machine-learning model that's become a powerhouse for image-processing tasks. The network analyzes a lot of unlabeled scans from different patients and different equipment to "learn" anatomical, brightness, and contrast variations. Then, it applies a random combination of those learned variations to a single labeled scan to synthesize new scans that are both realistic and accurately labeled. These newly synthesized scans are then fed into a different CNN that learns how to segment new images."

gordoJune 24, 2019 2:04 PM

@The Pull,

"how things will be"

Whatever the truth of the matter, I'm sure that the hardliners and hawks on all sides are positively swooning over such developments

VinnyGJune 24, 2019 3:01 PM

@The Pull re: "...US mil & intelligence are preparing and taking the security seriously, and new found autonomy to do so." It would also seem to be naive not to recognize that the capabilities and autonomy to which you allude could go a long way toward providing opportunity for manipulation to the very entities charged with preventing it...

The PullJune 24, 2019 3:26 PM

@gordo

Yes, I am sure very much so.

@VinnyG

What do you mean? That they might move from protecting, to doing active operations their own selves against the entities they are protecting? The nature of disinformation campaigns tend to demand this. On that, there is a strong history there, during the 60s. That was also much due to concern with Soviet disinformation campaigns, funding of groups, guidance of groups onshore. Military and intelligence had a lot of covert agent programs in place. People integrating into targeted - or suspected targeted groups.

Nowadays, you can do so much of that online. And, you can also work with opposition groups, guide them from a distance, without 'getting your hands dirty'.

Safest bet is simply to run *information* programs countering *disinformation* programs, or suspected disinformation programs. But, they have to go well beyond merely making boring videos or influencing American cinema. (Both of which they are known to do.)

Saw a video prepared by CIA on "what intelligence really is like contrary to the movies" (or similar), on reddit. It was very boring.

Contrary to that, Homeland Season 7 work by the CIA on informing people about the dangers of disinformation was very slick. (I don't know how much direct hand they had in that, but these sorts of things are well accepted in the cinema business and often to good effect. Typically, back and forth happens when you want to make a movie utilizing, for instance, tanks, warplanes, and the like.)

For instance, https://www.cracked.com/article_24593_6-movies-you-didnE28099t-know-were-propaganda.html

LomaxJune 24, 2019 4:23 PM

Messages supposedly extracted from the phones of brazilian federal attorneys are the source of a new political storm for the current brazilian minister of Justice, Sergio Moro. They would involve friendly conversations among the former judge that worked on Operation Carwash and the operation's prosecutors.

The revelations disclosed by Glenn Greenwald's The Intercept come on a silver platter to the lawyers of politicians condemned or being investigated by corruption, especially former president Lula who is currently in jail. They fuel doubts whether there was a political agenda to the investigation, although the population is mostly still favorable to the judge but the debate could even be enough to tip over the brazilian supreme court to release the ex-president. The charismatic ex-president still has a cult following that puts pressure for his release and friends still holed up in several nooks and crannies of the government.

But why is this being posted in a security blog? Two reasons.

The first is the way the messages were obtained. Apparently, several members of the Justice system had their phones hacked by an unknown but sophisticated hacker. Not much detailed technical info has been released but it appears a flaw in the Android OS was exploited to gain control of the phones and then the Telegram transcripts were dumped and somehow made their way to Greenwald's hands who took care of going public. So we have a obviously target-oriented hacker offensive to influence the situation of politics in Brazil.

The second reason why this is news is because of the very questionable rumors that get both sides riled up in a country that is becoming more bipartisan than ever. On one side, you get the leftists claiming their "hero" was a victim of a scheme to put him in jail.
On the other side, there are a lot of questions being asked about what is behind this leak. Who would benefit from these messages being leaked? (Wait, I kinda answered that already). Who would have the technical expertise to pull it off? Could it be a russian government-sponsored hacker? It wouldn't be a farfetched theory, given Putin and Lula are on very friendly terms (as opposed to Bolsonaro's much closer alignment to Trump). For example, both Lula and Putin are friendly to Venezuela's Maduro.
Another detail that complicates this web of intrigue that already looks like a Cold-war spy thriller is the fact that Glenn Greenwald himself is married to a congressman affiliated with a very radical leftist party. It got the opposing side wondering whether his involvement was purely journalistic or ideological too.
While this second point isn't directly related to security it is still important because not only it affects foreing politics in South America (that in turn reflect on USA, Russia, the whole globe), it also influences the likelihood of Moro's anti-crime laws package being approved. These laws include harsher sentences for several crimes including money laundering and corruption, so the leaks and consequent weakening of Moro's support certainly gives several congressmen a glint of hope that they'll manage to reject the law.

Gerard van VoorenJune 24, 2019 4:43 PM

@ The Pull,

The one thing about Season 7 of Homeland is the end. The end where the POTUS of the US did resign because of all the lies that she just couldn't take any more and without using an autocue. Now, that would be a good thing! But of course that is also some thing that just doesn't happen.

John CarterJune 24, 2019 9:37 PM

I predicted years ago that when the WWIII arrived everybody will be going "What the Hell? Where did that come from?"...

... only to find that the military had been running a hot war in cyberspace for decades, and the public only found out when it spilt over into meatspace.

So far we're really on track for that prediction!

GeorgeJune 25, 2019 3:49 AM

@The Pull wrote, "@George"

Interesting that the mods allow us to talk about Russia's alleged "meddling" but deletes posts about DNC cheating on nationaly televised debates which is also a security breach.

GeorgeJune 25, 2019 4:29 AM

@The Pull wrote, " Nobody said they are Democrats, support NWO (lol), or anything like that."

My apologies. I never made assertions of that sort about you. If you want an honest opinion, I'd think you're an unlikely NWO supporter but fits in the far left of the spectrum of political beliefs, judging by your posts only.

One thing I'd like to point out tho is that "Russian meddling" is not enough grounds to silence a political voice while a lot of anti-DNC information were fed by Ameircans themselves.

IMHO, the powers that be is doing informed voters a disservice by selectively labeling certain information as "disinformation" without really going into specific details on what information is "disinformation" and with no solid proof on who is spreading them.

Last, I'd appreciate if you don't call me a "kid" if you don't know how old I really am.

No PoliticsJune 25, 2019 10:13 AM

Google just got caught lying again.

Google AI executive opens up on hidden camera about Google's plans and methods to control what you think.

This is scary stuff.

The PullJune 25, 2019 11:02 AM

@George

"Interesting that the mods allow us to talk about Russia's alleged "meddling" but deletes posts about DNC cheating on nationaly televised debates which is also a security breach."

Bruce pulled all of my posts, gordo's, and Clive's on election security. I can understand his reasoning. He does not want a left versus right war on board, which is a thing that happens. That was not my intention, I was trying to stick to the topics of election security. But, I can see how that would not work.

"My apologies. I never made assertions of that sort about you. If you want an honest opinion, I'd think you're an unlikely NWO supporter but fits in the far left of the spectrum of political beliefs, judging by your posts only."

You are quite incorrect there. And that is what alarmed me about your response. No offense, but I deal with a lot of folks in cults or otherwise brainwashed in my free time. And they view everyone outside of their group as "Satan". So, when someone starts to tell me what my views are or labels me like that, my alarms go off.

Bruce does not want us to talk poltics, so if you want to talk, email me at: schneier_throwaway_e654 a t nym.hush.com. I will delete this email account after a day or so to avoid spam. But, could talk via another email address given afterwards. If you wish to.

I link to one of my group's - Hacktivismo - website, and I have a paper there which discusses some of my views: http://www.hacktivismo.com/public/tfiles/confessionhacktivist.txt

Not to stereotype me, but a major influencer was the Underground Church. (I am also a big fan of WWII anti-Nazi resistance.) Those *sorts* of influences better describe me, though then 'what you have in your head'. I am very anti-Communist, but also anti-Nazi. However, my viewpoints are more complex then 'just that', as are my allegiances.


"One thing I'd like to point out tho is that "Russian meddling" is not enough grounds to silence a political voice while a lot of anti-DNC information were fed by Ameircans themselves."

Topic of intelligence agencies and what they do is one thing. Getting partisan is something else -- that is politics. If this list allowed it, I would argue either side. I did, above, implicitly argue *some* of the legitimacy of the 60s intelligence programs against far left groups. A fact you blatantly missed.

Hardly "far left", arguing the legitimacy of that sort of strategy. (To be fair, I do agree, there were terrible excesses. But, the general strategy, I do not disagree with, considering the efforts of the Soviets, at the time.)

"MHO, the powers that be is doing informed voters a disservice by selectively labeling certain information as "disinformation" without really going into specific details on what information is "disinformation" and with no solid proof on who is spreading them."

Russia did engage in an extensive intelligence information warfare program during the 2016 election. Sorry that your group happened to have been helped by that. In the 60s, they helped the far left. Just happens, in 2016, they helped the far right.

I am opposed to that. But, more interested in discussing the intelligence strategies and tactics used by both sides. That is a non-partisan issue. I do not hate Russia, nor do I hate China. Both nations I have a lot about them I am fans of.

I also like discussing US and other "allied" nation intelligence tactics and strategies. I am not "for" everything these nations do. But, nations which have a commitment to democracy and liberty are allies to me.

I believe discussing intelligence agency tactics and strategies are 'on topic', as long as you avoid propagandizing partisan politics.

The PullJune 25, 2019 11:12 AM

@George

"Last, I'd appreciate if you don't call me a "kid" if you don't know how old I really am."

Hopefully, due to my above post, you see why I did it.

You painted me as "far left", which is a 'bad thing to do' to someone who has spent decades as an anti-Communist 'resistance fighter' -- no guns, just words and code. Far more then just "Hacktivismo". I have put myself in severe harm's way for that cause, and had countless sleepless nights and pacing days. Many times soaked with sweat from the adrenaline of it. A lot of emotional stresses.

I was trying to jar you, to make you think about how easy it is to get someone wrong. But, I apologize, it is a rude tactic to use. I will not call you 'kid' again.


The PullJune 25, 2019 11:22 AM

@John Carter

You are right.

Effectively, the nations of the world have snuck ourselves into a "global world war", through many nations, day and night, attacking each other via cyberwarfare.

We can not say "nobody has gotten hurt", either. That is due to the Israeli strike on a Palestinian cyberwarfare compound a few weeks ago. That, actually, was the first true "meatspace" manifestation of "all this".

Not to be alarmist or encourage 'security theater', but the state of affairs is a reality.

I have mostly been considering these things 'global espionage wars', personally. Sadly, we can bat around all sorts of terms, like 'global cold war'. Unlike the cold war - which really was a world war, if you think about it, though - this current state of affairs includes a wide mixture of nations on multiple sides. Two major sides are Shia & Sunni and those who side with one group or the other.

But, like WWI and WWII, 'it is more complex then that'.

And, unlike these world wars, it is not entirely cold. US and China, for instance, are players on the 'other side', yet could not be closer friends economically, and in many other ways.

Frenemies.


vas pupJune 25, 2019 1:46 PM

@No Politics • June 25, 2019 10:13 AM
Thank you for the link provided.
So, there is no fair election process: we are always subject of manipulation either by own big data companies as Google based on their own political agenda and/or by foreign actors in their interests.
They all consider us as puppets, reserving for them role of puppet masters.
What is POSSIBLE the solution? THINK BY YOUR OWN HEAD, DO NOT BE PUPPET regardless who is puppet master.

VinnyGJune 25, 2019 2:01 PM

@The Pull re: What do you mean? I mean that enough latitude to prevent distortions of the US electoral process by foreign entities could also constitute the power to create such a distortion, undetected. I'm not much more comfortable with the concept of NSA or CIA controlling US elections than that of control by Russian political interests. Those services are imo less than fully accountable, some elements therein seem to have no accountability whatsoever...

The PullJune 25, 2019 2:33 PM

@VinnyG

They very well could start to do this. I do feel comfortable with them taking against against disinformation in the political circles, where this is extremism. Just as they did in the 60s, too, except, hopefully, without the same excesses. I know that is kind of hard core, but I think the situation demands it. I can understand if that is repugnant to you & apologize. (Though, shoe is on the other foot this time around.)

I agree, though, such programs could spin out of control. Or, they could decide to run their own programs, and start it out of control to begin with.

We could argue "people do this stuff on their own anyway", but like with hacking: a nation state hacking is much more dangerous then a rogue hacker. They are capable of much more damaging activity. Same is true with this other form of information warfare.

The excesses are good to remember. And where to draw the line. Probably the single worst excess to remember is the campaign against Martin Luther King Jr. OTOH, there were real far left groups, some engaging in very real terrorism. Can modern mil intel and other agency intel have some kind of better scoping? Or, is this just always going to be a bad thing?

I think it is good, if the group is really being funded, trained, and taking orders from an malicious minded overseas nation, I dare say.

The PullJune 26, 2019 10:01 AM

@david, michael

You know there is ample evidence for it. Countless media reports which are well documented, US government reports. You also know Bruce mentions it from time to time on his blog.

I am not going to get into an argument. If you are claiming it is unsound, you are claiming the conspiracy is from the mainstream media, the US government, and sound folks like Bruce Schneier. Which is unreasonable. That would be a conspiracy theory well beyond reason in and of its' own self.

You can google it, otherwise here is the wiki article on the subject.

https://en.wikipedia.org/wiki/Russian_interference_in_the_2016_United_States_elections

VinnyGJune 26, 2019 5:45 PM

@David re: Russian meddling cites & "We will appreciate..." - Just who in the bleeding H*ll is this "we" to which you refer? Do you have the proverbial mouse in your pocket (or are you possibly in the alternative condition?) Or is it just you and "George," since the two of you (both using pseudonyms that I have not noticed recently used for posting on this blog, which I regard as quite suspect) are the only ones who seem to be complaining about The Pull's allegations. I might quibble with him about the magnitude, and I generally do not agree with him on the solution (nor am I trustful of any State in any way, shape, or form) but I am convinced from the body of evidence developed and expounded upon since 2016 that there was a sustained and substantial effort to undermine the "normal" US election process, and that attribution of that effort to Russian perpetrators is likely as accurate as such attributions can be (which attribution, unfortunately, is by class of work much less than optimally definitive.)

The PullJune 26, 2019 8:21 PM

https://techcrunch.com/2019/06/24/hackers-cell-networks-call-records-theft/

Security researchers say they have uncovered a massive espionage campaign involving the theft of call records from hacked cell network providers to conduct targeted surveillance on individuals of interest.
The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records — including times and dates of calls, and their cell-based locations — on at least 20 individuals.
Researchers at Boston-based Cybereason, who discovered the operation and shared their findings with TechCrunch, said the hackers could track the physical location of any customer of the hacked telcos — including spies and politicians — using the call records.
Lior Div, Cybereason’s co-founder and chief executive, told TechCrunch it’s “massive-scale” espionage.
Call detail records — or CDRs — are the crown jewels of any intelligence agency’s collection efforts. These call records are highly detailed metadata logs generated by a phone provider to connect calls and messages from one person to another. Although they don’t include the recordings of calls or the contents of messages, they can offer detailed insight into a person’s life. The National Security Agency has for years controversially collected the call records of Americans from cell providers like AT&T and Verizon (which owns TechCrunch), despite the questionable legality.

DavidJune 27, 2019 2:00 AM

VinnyG

Meanwhile, the two people obsessed about RussiaGate (tm) are unable to provide any proof despite repeated requests to substantiate their accusations. One, obviously a nice guy but with a most unfortunate choice of handle, can only provide Wikipedia as a source. And the other - 'because everybody says so' .

Clive RobinsonJune 27, 2019 5:26 AM

@ David,

With regards,

    german-regulator-says-it-discovered-new-illegal-software-on-daimler-diesels

On the radio news this morning they said that there had been a new software fault found on Bieing 737 Max aircraft...

These two suggest there is not enough initial scrutiny of software in mechanical devices that can endanger life...

Maybe regulators will wake up, but then again...

gordoJune 27, 2019 6:30 PM

@A90210,

IIRC Putin, in Helsinki 2018, said he interfered in the 2016 US presidential election on behalf of Trump.

From The Atlantic:

GLOBAL
Russian Speakers Explain What Putin Actually Said About Trump
In Helsinki, the Russian president didn’t confess to meddling. But he left no doubt about who he wanted to win the U.S. election.
URI FRIEDMAN, JUL 18, 2018

On Tuesday, I noted that one of the key exchanges in the Trump–Putin press conference in Finland doesn’t appear in full in the White House transcript, or at all in the Kremlin’s English-language transcript of the event. The Reuters reporter Jeff Mason asked, “President Putin, did you want President Trump to win the election and did you direct any of your officials to help him do that?” But how exactly did Vladimir Putin respond to those pointed questions?


If you listen to the English translation that was broadcast during the press conference, the Russian leader said, “Yes, I did. Yes, I did. Because he talked about bringing the U.S.–Russia relationship back to normal.” This rendering of Putin’s remarks leaves open the possibility that he’s stating “Yes, I did” in reference not just to wanting Donald Trump to win the 2016 presidential race, but also to ordering Russian officials to help Trump win, even though Putin repeatedly denied Russian interference in the election and collusion with the Trump campaign throughout the rest of the news conference.

But I’ve heard from a number of Russian speakers who point out that Putin’s actual comments in Russian concerning who he wanted to win the election are much less ambiguous than the way they were translated. He seems to have not used the phrase Yes, I did once, let alone twice. Instead, in Russian, Putin roughly said, “Yes, I wanted him to win, because he talked about the normalization of Russian–American relations.” In other words, he was apparently answering the first part of Mason’s question but not the second about whether he directed help Trump’s way. It’s unclear if that’s because Putin didn’t hear the second half of the question, it wasn’t translated into Russian accurately, or he simply chose to ignore it.

The comments are still significant: Putin is publicly admitting, in the clearest form yet, that he wanted Trump to beat Hillary Clinton during the U.S. presidential campaign and that this preference stemmed from Trump’s conciliatory approach to Russia. He is acknowledging a motive for meddling in the U.S. election even as he rejects allegations that he did so.

https://www.theatlantic.com/international/archive/2018/07/putin-trump-election-translation/565481/

Clive RobinsonJune 28, 2019 2:18 AM

@ A90210,

From the article @gordo quotes,

    The comments are still significant: Putin is publicly admitting, in the clearest form yet, that he wanted Trump to beat Hillary Clinton during the U.S. presidential campaign

No, they are not as The Atlantic article story teller puts it "significant", every one is entitled to an opinion, and even heads of state are alowed to refere to them in retrospect, which it was.

What the US MSM article author fails to say in this paragraph is what Vladimir Putin said which was,

    “Yes, I wanted him to win, because he talked about the normalization of Russian–American relations.”

Which lets be honest is not just a valid opinion but a quite normal one even for politicians to say, after all "normalization" is generally a non destructive state which enables both nations economies to grow via peaceful trade. Which is generaly considered good for both nations "National Security", but their "International Security" as well. As it usually brings stability and improvments in both nations citizens lifestyles, health and education outcomes, thus benifiting future generations.

Thus as an opinion it's not contentious or "significant" in any way, and it is most certainly not as the article author claims,

    "... acknowledging a motive for meddling in the U.S. election..."
.

That is pure inflammatory nonsense equivalent to "shouting FIRE in a crowded auditorium" and the article author certainly knows it. In most countries there are quite justified laws designed to prevent such behaviours by significantly punishing those who break such laws...

So ask yourself why is the paragraph prefaced with "significant" and tailed with "meddling in the U.S. election"?

I would guess at a minimum "Editorial political bias", through "Yellow Journalism", or if you prefer more properly "propaganda". Designed to stir up the masses in Orwellian style political "hate crime". Such that the masses don't realise they are being played as naives and fools, or if you prefer "sheeple". Ready as the sheeple term implies, to be first fleeced, then sold, before being slaughtered, or comming to some other untimely and unpleasent death along the journey to being butchered as is the lot of most "sheep in their pasture".

But as I said when the Previous President Barack Obama was still in office, his behaviour in 2016 was more than certainly worse when it came to election meddling. As was the behaviour of certain US right wing hedge fund managers funneling money through Cambridge Analytica, who blatently advertised themselves as election riggers/fixers, who went on to commit various types of "Election fraud" in the UK[1]...

Take Barack Obama's blatant behaviour back PRIOR to the UK Brexit vote, which was without doubt "significant" "meddling in a UK election". He actually came to Britain and made a quite deliberate threat against everybody in the UK to get a vote favourable to the US when he said[2],

    "... maybe some point down the line there might be a UK-US trade agreement, but it’s not going to happen any time soon..."

Closely followed by,

    “The UK is going to be in the back of the queue.”

Which is diplomatic speech equivalent to "Might is right, and it ain't ever going to happen unless we can get a way better advantage". Which as has been pointed out more recently by US diplomatic personnel means the UK will be forced to give up "food safety" and destroy our "National Health System" to the whims of the same Corporates that have wrecked havoc in the US such that the US actually has a declining average age of death unlike other Western and many other second world and some third world nations...

So maybe we should be asking the question of who is the worst in this regard, Barack Obama or Vladimir Putin?

The answer you chose is actually irrelevant, because it's the wrong question to ask. The question should realy be "Why are the US and other citizens being manipulated and who benifits by it and how?".

Something perhaps you should be asking yourself?

[1] https://www.theguardian.com/politics/2017/mar/04/nigel-oakes-cambridge-analytica-what-role-brexit-trump

[2] https://www.theguardian.com/politics/2016/apr/22/barack-obama-brexit-uk-back-of-queue-for-trade-talks

RachelJune 28, 2019 3:18 PM

Clive Robinson
kindness and care beaming youur way. May the medical touch be warm, as well

https://www.nakedcapitalism.com/2019/06/five-things-we-found-in-the-fdas-hidden-device-database.html

5 Things We Found In the FDA's Hidden Device Database

After two decades of keeping the public in the dark about millions of medical device malfunctions and injuries, the Food and Drug Administration has published the once hidden database online, revealing 5.7 million incidents publicly for the first time.

MarkJune 29, 2019 2:13 AM

@Clive Robinson wrote, "So maybe we should be asking the question of who is the worst in this regard, Barack Obama or Vladimir Putin?"

B.O. had delivered much success to NWO architect'd world order during his Presidency, not only in the U.S. front but also abroad. Mrs Clinton was his deputy when it comes to dealings in the foreign front, as she was propelled on her path to her presidency run from a wife in the oval office to the state politics and etcetra. Furthermore...

In the not so distant past, Bill had meddled in foreign elections so this should come as no surprise they aren't exactly great friends with the Russians. The FBI would probably call this justifiable intent, enough to put forth allegations without providing the American public much of the needed proof.

So if we connect the dots, there's a deliberate intention and action to propagandize the Russian meddling story in order to sway the 2020 election, among other nefarious means.

At the present, sitting Prez. Trump looks one with upper hand but lest not forget the famous last quotes usually given when one's at the apex as this is when he least expects a stab to the back.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.