Nikki Haley Calls Russian Election Interference ‘Warfare’

Nikki Haley, the US ambassador to the United Nations, hit back hard at Russia’s interference in the 2016 elections on Thursday. Haley, speaking to an audience in New York, delivered one of the strongest denunciations yet against Vladimir Putin’s “weapon of choice” and called Russia’s meddling an act of “warfare.”

“I will tell you that when a country can come interfere in another country’s elections, that is warfare. It really is, because you’re making sure that the democracy shifts from what the people want to giving out that misinformation,” Haley said in Politico. “And we didn’t just see it here. You can look at France and you can look at other countries. They are doing this everywhere. This is their new weapon of choice. And we have to make sure we get in front of it.”

Haley continued, “I find it fascinating because the Russians, God bless ‘em, they’re saying, ‘Why are Americans anti-Russian?’ And why have we done the sanctions? Well, don’t interfere in our elections and we won’t be anti-Russian. And I think we have to be so hard on this and we have to hold them accountable and we have to get the private sector to understand they are responsible for this, too. We all have to step up from this event.”

President Trump has frequently denied that Russia attempted to manipulate the 2016 elections, but did sign a sanctions bill passed by Congress. A few weeks ago, Sen. John McCain (R-Ariz.) and Sen. Ben Cardin (D-Md.) announced that the Trump Administration had not yet implemented the sanctions.

Even though the president has been largely silent on Russia’s interference, other members of his administration in addition to Haley have spoken out to confirm and condemn the cyberattacks. CIA Director Mike Pompeo, Chief of Staff John Kelly, Defense Secretary James Mattis and Secretary of State Rex Tillerson are among the members of the Trump Administration who have expressed concern about Russia’s interference in the election.

In her remarks, Haley indicated that the silence from the president does not mean that the threat from Russia is being ignored. The ambassador said that US counterintelligence agencies are “working overtime” to counter the Russian cyberthreat.

Haley made her comments at the “Spirit of Liberty” forum in New York sponsored by the George W. Bush Institute. President Bush made a keynote address at the conference as well, in which he singled out Russia as an external threat to American democracy.

 

Leakers Take a Bite of the New Apple iPhone 8 Before Launch Date

Apple has been comprised yet again in the latest leak about the forthcoming  iOS operating system. This comes at an interesting time as Apple is set to launch the new iPhone 8 tomorrow.

The leak is being described as an “intentional act of sabotage” by Apple insiders:

“As best I’ve been able to ascertain, these builds were available to download by anyone, but they were obscured by long, unguessable URLs [web addresses],” wrote John Gruber, a blogger known for his coverage of Apple.

“Someone within Apple leaked the list of URLs to 9to5Mac and MacRumors. I’m nearly certain this wasn’t a mistake, but rather a deliberate malicious act by a rogue Apple employee.”

For those curious about the leak, here’s what was revealed about the new iOS operating system:

 

  • a reference to iPhone X, which acts as fresh evidence that Apple intends to unveil a high-end model alongside more modest updates to its handset line
  • images of a new Apple Watch and AirPod headphones
  • a set-up process for Face ID – an alternative to the Touch ID system fingerprint system – that says it can be used to unlock handsets and make online purchases from Apple, among other uses
  • the introduction of Animoji – animated emoji characters that mirror a user’s captured facial expressions

In a time where major entities and prominent individuals are proving to be vulnerable to attack through leaks, it’s important to secure digital means. How can Apple continue to make itself susceptible to these kinds of attacks? Perhaps it’s blowback? Perhaps those saboteurs (likely disgruntled former employees) think Apple isn’t too big to fail anymore?

Regardless, secure your systems. Simple as that. These frequent data breaches and leaks shouldn’t be occurring on this large scale in 2017.

Comparing Timeline to Emails Creates Big Problems for Trump

The text of Donald Trump Jr.’s emails detailing the meeting with Russian attorney Natalia Veselnitskaya is troubling enough, but the way the emails fit into the overall timeline of the presidential campaign and the unfolding Russia scandal are even more problematic for the Trump Administration. The emails, released by Donald Trump, Jr., provide confirmation that members of the Trump campaign were open to accepting “Russia and its government’s support for Mr. Trump” and actions taken by the Trump campaign may indicate that Donald Trump himself was aware of the offer and intended to use the Russian government’s intelligence information.

The email chain began on June 3, 2016, about a week after Donald Trump had officially secured a majority of Republican delegates to become the presumptive nominee. At this point, the hacking of the Democratic National Committee and the theft of the emails was not public knowledge.

On Tuesday, June 7, 2016, Donald Trump announced, “I am going to give a major speech on… probably Monday of next week [June13] and we’re going to be discussing all of the things that have taken place with the Clintons and I think you’re going to find it very informative and very, very interesting.”

The next day, June 8, the @DCLeaks_ Twitter account posted the first links to stolen emails on the DC Leaks website. The DC Leaks website and Facebook accounts apparently debuted the same day.

On Thursday, June 9, Donald Trump, Jr., Jared Kushner and then-campaign manager Paul Manafort met with Natalia Veselnitskaya, “The [sic] Russian government attorney” referred to in the emails, in New York’s Trump Tower.

On Sunday, June 12, WikiLeaks founder Julian Assange said on British television that more leaked emails relating to the Clinton campaign would be coming out soon.

Donald Trump did not make his promised “very interesting” speech on June 13, but on June 14, the Washington Post broke the news that hackers had penetrated the DNC network and “gained access to the entire database of opposition research on GOP presidential candidate Donald Trump.” The report, which identified the culprits as “Russian government hackers” even at that early date, also said that “the intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic.” The Post also reported the hackers had targeted Republicans as well. Trump’s speeches from that week did not contain any new and notable information about Hillary.

The next day, June 15, a hacker calling himself “Guccifer 2.0” contacted The Smoking Gun to claim credit for the hack of the Democratic National Committee. Guccifer 2.0  claimed to be a Romanian, but is widely suspected to be a creation of Russian intelligence.

On June 18, the Washington Post reported that the Trump campaign had removed a pledge to provide weapons to the Ukrainian forces fighting the Putin-backed invasion of their country. The report says that the changes were made “last week,” which would mean the platform changes immediately followed the meeting of Trump’s campaign advisors with Veselnitskaya.

On June 27, the first stolen DNC emails were published on the DC Leaks website.

A month later, on July 22, WikiLeaks released a second batch of DNC emails. The FBI announced that it was opening an investigation into the hack shortly after.

It was at this point that Donald Trump publicly asked Russia for help in finding the emails that were deleted from Hillary Clinton’s private server. “I will tell you this,” Trump said on July 27 at a press conference, “Russia: If you’re listening, I hope you’re able to find the 30,000 emails that are missing.”

A few months later, just before the final release of stolen emails by WikiLeaks, Roger Stone, a Trump advisor, seemed to hint that something big was coming. “Trust me, it will soon the Podesta’s time in the barrel,” Stone tweeted on August 21. In the week before the final email dump on Oct. 7, Stone posted three tweets hinting that something was coming according to Business Insider, including one on Oct. 3 that read “I have total confidence that @wikileaks and my hero Julian Assange will educate the American people soon.”

While Donald Trump, Jr. claims that nothing of substance emerged from the meeting with the Russian lawyer, his response to the emails and the subsequent actions of the Trump campaign clearly show an intent to use information obtained from a foreign government to discredit a political rival. Such coordination is possibly illegal and certainly unethical.

While there is currently no paper trail that leads directly to Donald Trump, Sr., Trump’s speech on June 7 suggests that he was aware that something was in the wind. Additionally, his July 27 appeal to Russia looks starkly different in view of the revelation that the Russian government had offered its assistance to his campaign a month before.

In addition to the fact that none of the Trump advisors disclosed the meeting and that Donald Trump, Jr. initially lied about what was discussed, the emails create another problem for the Trump Administration.  The timing of the meeting and the platform change raise the possibility of a quid pro quo with the Russians. The fact that the Trump campaign changed the Republican Party platform in a way that benefitted the Russian government immediately after the Russians offered dirt on Hillary is something that will be difficult to explain away. It is also a decision that can likely be traced to Donald Trump himself.

Although the Donald Trump, Jr. emails are not a smoking gun to prove that the Trump campaign colluded with Russia, but they are close to it.

Massive Cyberattack Rocks Business World

A broad cyberattack featuring a ransomware program that encrypts infected computer files is spreading rapidly from Russia to Europe and the Americas. More than 2,000 computer systems are known to be infected at this point.

The New York Times reports that the attack has infected numerous systems in the Ukraine including radiation monitoring at Chernobyl, several government ministries, and local banks and transit systems. Other companies that were reportedly attacked include the Danish shipping company, Maersk, the American pharmaceutical company, Merck, and Rosneft, a state-owned Russian oil company.

The Times reports that infected computers display a black screen with red text that reads, “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.”

The Kapersky Lab, a cybersecurity firm headquartered in Moscow and own by a British corporation, said that it had tentatively identified the ransomware as a new strain of the Petya computer virus that was compiled on June 18, 2017. Some researchers are calling the new strain “NotPetya” because it is significantly different from the original virus.

NotPetya has the potential to be much more problematic than the WannaCry virus that fizzled earlier this year. According to Forbes, the new virus can even attack Windows systems that have security patches that are up to date. Even computers running Windows 10 are reported to be vulnerable. NotPetya can even extract passwords and use them to spread the infection to other computers.

The source of the NotPetya is unknown, but is presumed to be cybercriminals rather than a state actor. The program demands a ransom payment payable in bitcoin. At least 22 payments have been made, but Forbes reports that the email address set up to provide keys has been shut down by the provider, leaving owners of infected computer systems few options in recovering their files.

NotPetya has yet to run its course. “This is going to be a big one. Real big one,” cybersecurity expert David Kennedy told Forbes.

Trump Tweets Against Obama Handling of Russia Hacking

Yesterday President Trump launched into tweetstorm against Barack Obama’s handling of Russian cyberattacks during the 2016 election. The twitter rant may have been a response to a weekend story in the Washington Post, an outlet that the president called “fake news” in a tweet today, that detailed Barack Obama’s lackluster handling of cyberattacks that were well-known long before the election.

“The reason that President Obama did NOTHING about Russia after being notified by the CIA of meddling is that he expected Clinton would win,” President Trump tweeted on Monday. “And did not want to ‘rock the boat.’ He didn’t ‘choke,’ he colluded or obstructed, and it did the Dems and Crooked Hillary no good,” the president continued in a second tweet.

“The real story is that President Obama did NOTHING after being informed in August about Russian meddling. With 4 months looking at Russia under a magnifying glass, they have zero ‘tapes’ of T people colluding. There is no collusion & no obstruction. I should be given apology!” Trump’s third and fourth tweets said.

In a final tweet on the subject, Trump cited a Fox News story, saying, “From @FoxNews “Bombshell: In 2016, Obama dismissed idea that anyone could rig an American election.”  Check out his statement – Witch Hunt!” Trump did not provide a link to the story, but a Fox News clip on YouTube does show then-President Obama saying precisely what Trump said he did.

The Trump tweets signal an important shift in Trump’s position on the Russian cyberattacks. From the earliest reports of the hacking of the Democratic National Committee, Trump has denied reports of Russian involvement. Two months after the election and after being presented with evidence by intelligence officials, Trump released a statement on January 6 that blamed “Russia, China, other countries, outside groups and people” for the hacking. Since then, Trump has backtracked, calling the “Russia story” a “hoax” and “fake news” on numerous occasions. Now, as information emerges that is damaging to Barack Obama, President Trump changes his tune.

President Trump is on the mark with this series of tweets. While there is so far no evidence that Donald Trump colluded with the Russians to throw the election, the scandal of Russian cyberattacks has become more frightening as details emerge about the extent of the Russian hacking which very nearly compromised voting machine software and voter databases. President Obama’s fecklessness in the face of the cyberattack on the core of American democracy is a major part of the story.

Although much of the blame for the response to the attack lies with the Obama Administration, the Trump Administration carries a share of the blame as well. Trump’s denials of Russian meddling in the election have undoubtedly emboldened the Putin regime, which has also attacked elections in European countries. Russian hacking in Ukraine has taken an even more ominous turn where banks and electric companies have been targeted. Russian hacking has been responsible for blackouts in the Ukraine in apparent test runs for malware that is to be used elsewhere.

The Trump Administration response to Russia’s cyberattacks has not been encouraging. While Congress is attempting to pass a new bill imposing sanctions on Russian citizens and organizations tied to cyberattacks and hacking, but there are reports that the Trump Administration is working against the bill. The silence on the hacking from the Trump Administration has been deafening. Defense Secretary James Mattis, who has said, “I do not see any indication that Mr. Putin would want a positive relationship with us,” is an exception.

While Trump is correct that there is no evidence of illegal collusion between the Trump campaign and Russia, he is also correct in his admission that there is ample evidence that Russia meddled with American elections in an unprecedented way and that President Obama bungled the response.

The Russian cyberattacks demand a response and American electoral systems, power grids and financial institutions need to be protected from future attacks. The responsibility for a response and protection from future attacks falls on Mr. Trump’s shoulders.

NEW: Reality Winner Just Provided Evidence of Russian Election Hacking

The news of the arrest of Reality Winner, the inappropriately named NSA contractor who allegedly leaked classified information to The Intercept, is overshadowing the real news. In a looking-at-the-forest-versus-the-trees moment, the world seems focused on Ms. Winner herself, a 25-year-old blonde, and the details of her arrest rather than the content of her leak.

The big news is that Ms. Winner has provided what many Russia skeptics have been asking for over the past few months: evidence of Russian meddling in the election. The report contains direct, unfiltered insight into the NSA findings on Russian hacking of election officials and companies.

The Intercept published many details of the report that Ms. Winner purloined from an NSA facility at Ft. Gordon, Georgia. The report, dated May 5, 2017, “indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyberattacks on US companies that provide election software. The NSA found that the Russians stole data that they then used to conduct “a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.”

The report does not assess the impact of the cyberattacks, but there was previously no indication that Russia had targeted computers connected to actual voting in the election. “It is unknown,” the NSA notes, “whether the aforementioned spear-phishing deployment successfully compromised the intended victims, and what potential data could have been accessed by the cyber actor.”

While electronic voting machines are not connected to the internet, Alex Halderman, director of the University of Michigan Center for Computer Security and Society and an electronic voting expert, told The Intercept that a major risk would be if the Russian attacks compromised vendors who program voting machines prior to Election Day.

“Usually at the county level there’s going to be some company that does the pre-election programming of the voting machines,” Halderman said. “I would worry about whether an attacker who could compromise the poll book vendor might be able to use software updates that the vendor distributes to also infect the election management system that programs the voting machines themselves. Once you do that, you can cause the voting machine to create fraudulent counts.”

Another possibility would be a denial of service attack. Pamela Smith, president of Verified Voting, an elections watchdog group, said, “If someone has access to a state voter database, they can take malicious action by modifying or removing information. This could affect whether someone has the ability to cast a regular ballot, or be required to cast a ‘provisional’ ballot — which would mean it has to be checked for their eligibility before it is included in the vote, and it may mean the voter has to jump through certain hoops such as proving their information to the election official before their eligibility is affirmed.”

The Intercept article noted that polling station computers that deal with registration and check-in are tied to the internet and connect directly to country voter databases. A virus spread by the polling equipment could quickly infect other government computers. Malware that changed or deleted voter rolls could throw an election into confusion.

At this point, the investigation is still ongoing and most of the results are still secret, like Reality Winner’s report should be, but this glimpse that the report provides into what is already known by the government is disturbing. Even if the attacks were ultimately unsuccessful, the mere fact of the attempt could undermine public faith in the outcome of the elections.

“It’s not just that [an election] has to be fair, it has to be demonstrably fair, so that the loser says, ‘Yep, I lost fair and square.’ If you can’t do that, you’re screwed,” said Bruce Schneier, a cybersecurity expert at Harvard. “They’ll tear themselves apart if they’re convinced it’s not accurate.”

Wikileaks Targets the CIA

Julian Assange is at it again.  Fresh off of airing the Democrat National Committe’s dirty laundry with its release of John Podesta’s emails, Wikileaks is back with an even bigger haul of pilfered documents–and this time, the target is none other than Spooks-R-Us, the Central Intelligence Agency:

The initial release, which WikiLeaks said was only the first installment in a larger collection of secret C.I.A. material, included 7,818 web pages with 943 attachments, many of them partly redacted by WikiLeaks editors to avoid disclosing the actual code for cyberweapons. The entire archive of C.I.A. material consists of several hundred million lines of computer code, the group claimed.

With this latest leak of documents, Assange is claiming to reveal the true extent of the CIA’s hacking programs, which up until now has been something of a mystery.  Conventional wisdom has always placed the National Security Agency, which specializes in signals intelligence, at the forefront of the Unites States’ efforts at cyber-espionage.  If Wikileaks is to be believed, however, the CIA has created a program that far surpasses any other:

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.

Wikileaks is keeping the source of all these documents a secret, saying only that the source came to them over concerns that the CIA had simply become too powerful in its ability to hack computers, smartphones and even smart TV sets:

In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

Of even greater concern, though, is Wikileaks’ allegation that the hacking tools developed at CIA have already been loosed in the wild:

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner.

If true, this would be the cyber-equivalent of having an arsenal of loose nukes floating around on the open market for anyone to buy and use.  When you think about the kind of money that rogue governments would pay former CIA contractors for these hacking tools, the potential for disaster sends a shiver down your spine.

But how much truth is there to these leaks?  Some analysis pegs them as part of an elaborate disinformation campaign by the Russians, which is a possibility (one has to wonder why Wikileaks never seems to spill the beans on Putin).  It’s also possible that only some of the information is real, mixed in with bogus materials to make it impossible to tell what’s what.  The CIA, of course, has declined to comment.

What’s seems inescapable, however, is that that the CIA has vastly expanded its powers and its reach over the course of the Obama administration.  That in itself isn’t damning, given the growth of terrorism and other serious threats that face the country.  There is, however, the question of oversight, and whether or not Obama’s CIA properly informed Congress about what was going on.

With the former president’s penchant for abusing the IRS and the Department of Justice, I have my doubts.

 

Guess Who Tried to Hack Indiana’s Vote? Hint: It Wasn’t the Russians

With all the loose talk of hacking the 2016 election making the rounds in the media (not to mention the more feverish swamps of the American left), there was bound to be some evidence that turned up about it–especially since that whole KOMPROMAT thing on Donald Trump didn’t pan out.  Well, lo and behold, the media hacks might finally have some real hacking to investigate!  The bad news is that it doesn’t look like the Russians were coming, but instead it was. . .the Department of Homeland Security?

Department of Homeland Security (DHS) officials tried to hack Indiana’s state electoral system with at least 14,800 “scans” or hits between Nov. 1, 2016, to Dec. 16, 2016, The Daily Caller News Foundation Investigative Group has learned.

 

The attacks are the second confirmed IT scanning assault by DHS officials against states that resisted then-President Barack Obama’s attempt to increase federal involvement in state and local election systems by designating them as “critical infrastructure” for national security.

Yes, you read that right.  After Indiana told DHS secretary Jeh Johnson to take a hike, it seems his agency took it upon itself to hack the bejeebers out of the state’s election system.  But like an bumbling Blofeld leading a low-rent version of SPECTRE, they just couldn’t quite get the job done:

[Indiana Secretary of State Connie] Lawson said despite the scale of the scans, the DHS efforts to attack its election system was unsuccessful. “Our voter registration system was not penetrated.”

When they make this one into a movie, I’m hoping they get Jim Varney to play Johnson.

Whether the hack was an attempt to embarass Mike Pence, who was Indiana’s governor at the time, or whether it was a scare tactic to get Lawson to go along with DHS’s power grab, is anybody’s guess.  But what stands out even more than the brutishness of the attack is the utter incompetence of its execution.  Not only did DHS fail to break in, they left all kinds of evidence that led straight back to them.  Haven’t these guys ever heard of a VPN?

On the bright side, if you’re worried about an all-powerful deep state that controls everything, everywhere, you can relax.  These dudes aren’t exactly James Bond caliber.  On the other hand, maybe if they hired some Russians…