Traitor Snowden Decries Ransomware Hack Based on NSA Leak

In a huge turn of irony, hackers have wreaked chaos at the Russian Interior Ministry, along with the British National Health Service and Spain’s Telefónica. The attack consisted of “ransomware” which encrypts a computer’s files and then blackmails the user to pay a ransom to get them back. It used an exploit that was part of the NSA’s surveillance toolkit and was leaked to the public several months ago.

If the Russians, who harbor and protect an American traitor, had found the exploit first, I doubt we’d have known about it beforehand.

The British were particularly hard hit, since “up to 90 percent of NHS computers still run Windows XP.” Microsoft discontinued the 16-year-old operating system and stopped all support and patches in 2014. Not to blame the victims here, but nobody serious should be running Windows XP outside of a virus lab.

The ransomware is taking advantage of EternalBlue, an exploit spies used to secretly break into Windows machines, according to the Register.

Microsoft did issue a patch for EternalBlue, but only for supported operating systems.

The NSA used this vulnerability as part of its surveillance toolkit, and only reported it to Microsoft after a security breach was discovered last August, the Washington Post reported.

Microsoft fixed the problem in a patch it released in March, before a group calling itself the “Shadow Brokers” publicly released it online in April.

The ransomware, known as #WannaCry, brought out the usual calls for clipping the NSA’s wings.

The traitor Snowden has done more damage to our national security cyberwarfare capabilities than perhaps any living soul. Here he is slamming the NSA because they found an exploit before more nefarious hackers did.

Microsoft did nothing wrong. It has a right to discontinue support for Windows XP, which it released  in 2001.

Blatantly untrue. NHS hospitals using Windows XP knew they were vulnerable, not just from NSA-discovered vulnerabilities, but any vulnerabilities, since Microsoft no longer supported the product (the NHS got a one-year extension in 2014 but that has long expired). This is like buying a 2005 Chevy Silverado and complaining when GM refuses to honor the warranty that expired in 2008.

Honestly, I’d rather have the eggheads at the NSA find exploits than have the Russians find them. Would the Russian hackers who work for Putin have reported EternalBlue to Microsoft? Would Snowden, who lives outside of a prison cell only by clinging to the bosom of Mother Russia, be so quick to condemn his protectors if they found the exploit first?

No, of course not. We’d never even be having this discussion, because when Russian hackers find an exploit, they tell nobody. They could even be spying on us right now (they probably are). The NSA is our best defense against foreign cyberwarfare.

The problem isn’t the NSA finding exploits, or even using them (although I admit there are privacy concerns). The problem is the traitorous leakers who would rather betray their country than work within the system. If anyone is to blame for #WannaCry, it’s Snowden and people like him.

The Cyber and How The Government Uses It

The government doesn’t need a warrant to obtain and read your emails. Unlike other forms of communication that do require law enforcement and other government agencies to get a search warrant, emails are open to government inspection with only a court order or subpoena – neither of which require proof of probable cause.

Fortunately, this lax standard of inspection and examination only applies to emails that are older than 180 days. Put another way, if an email was sent or received during the past 180 days, the government would have to show probable cause and get a search warrant to access it, but for any email older than 180 days, the probable cause standard disappears.

The 180-day requirement dates back to the Electronic Communications Privacy Act, which became law in 1986. Back then, data companies routinely deleted emails that were older than 180 days and the concept of a “cloud” where internet users could store vast amounts of data – including archived emails – was inconceivable. The vast quantities of data storage that come with iCloud, Gmail or any number of digital services have made it possible to save emails well beyond 180 days, and many people do just that.

But the law hasn’t been updated to reflect changing technology.

A recent high profile court case between Microsoft and the FBI proved the need for an overhaul of email privacy laws. Seeking information for a drug case, the FBI demanded that Microsoft, a U.S.-based company, turn over emails stored on a company server in Ireland, outside the jurisdiction of warrant the bureau had obtained. A federal appeals court ruled that, like it or not, tech companies don’t have to turn over data stored outside the U.S. if they don’t obtain a local warrant (or the equivalent). The case was a win for internet privacy, but only stressed the confusing nature of current U.S. internet privacy laws.

In Wisconsin, there is an up-close example of what can happen when government obtains emails for a questionable purpose. Called the John Doe II probe, and initiated by liberals at the state Government Accountability Board and the Democratic district attorney of Milwaukee County, it obtained sweeping search warrant powers and confiscated the computers and digital files of numerous conservative individuals. Also targeted were conservative non-profit groups.

Using pre-dawn raids, investigators obtained literally millions of pieces of digital information and communications for a prosecution that never happened because state and federal courts ruled prosecutors were pursuing an un-constitutional and illegal theory of legal violations.

Now, years after the probe started, and well after their case was dismissed by multiple courts, prosecutors are suspected of being behind leaks of the confiscated (and confidential) material to a British newspaper, which has published some of the information online.

To end the current “Wild West” of regulation surrounding government access to emails older than 180 days, the International Communications Privacy Act has been proposed. Although it shows no signs of passing during this session of Congress, starting next year it is likely lawmakers will take up the measure. A key component of the legislation protects all digital communications from government review regardless of whether they are 180 minutes old or 180 days or 180 months old. Under ICPA’s provisions, law enforcement would always need to obtain a search warrant before it obtained and reviewed any emails. Additionally, the legislation reforms procedures for obtaining information held by U.S. companies overseas for clients by establishing a reciprocity process that respects the laws of other sovereign nations and synthesizes the efforts of across-border law enforcement.

Iowa Sucked, Bernie Won, Blame Microsoft

I worked with the Decision Desk HQ crew Monday night to help assemble Iowa caucus data*. I can tell you that the Microsoft application deployed to handle both parties caucuses, to use a technical term, sucked.

It was buggy, inconsistent (different people had different updates of the same data using the same application), prone to crashing, browser killing (we tried Firefox, Chrome and Safari and all of them at some point stopped responding), and surprisingly difficult to use. For a company with Microsoft’s pedigree, I expected more.

The biggest problem I saw was that the Democrats didn’t report vote counts. I now know that this is by design.

Discrepancies can occur in official elections, and caucuses are not even official election events run by the secretary of state’s office, noted Dennis Goldford, a Drake University professor who closely studies the Iowa caucuses.

“The caucus system isn’t built to bear the weight placed on it,” he said. “There aren’t even paper ballots (in the Democratic caucuses) to use for a recount in case something doesn’t add up.”

By contrast, the Republican caucuses were a dream, although hampered by the same terrible Microsoft app. In fact, the Des Moines Register results page crashed throughout the night using Microsoft’s “API” (application program interface) data feed. DD used manual input and beat the automated AP results most of the night. That’s how bad the Microsoft “solution” was.

We’ve got two competing stories as to who really won Iowa on the Democrat side (I’m not even going to touch Trump’s call for a do-over). Quin Hillyer at National Review reported that Sanders really won, because Hillary’s six coin flip wins (the odds of that being 63:1) for county delegates gave her an edge in “delegate equivalents.”

But I’ve seen nobody point out what should be obvious: If “delegate equivalents” are supposed to fairly represent the actual voting behavior of caucus attendees, even down to narrow fractions, then in terms of actual votes, Sanders slightly defeated Clinton. The final count of delegates to the state [county] convention (aside from the seven won by Martin O’Malley) was Clinton 699, Sanders 695. But by actual voter decisions, the count was Sanders 695, Clinton 693, and six ties.

CNN disputes this.

The Iowa Democratic Party does not have comprehensive records on how many coin flips/games of chance were held Monday evening. However, they do have partial records.

More than half of the 1,681 Democratic caucuses held Monday night used a new Microsoft reporting app. Of those, there were exactly seven county delegates determined by coin flip. The remaining precincts did not use the Microsoft app, and instead used traditional phone-line reporting to transmit results. In these precincts, there no are records of how many coin flips occurred. There’s only anecdotal information on these precincts.

In most endeavors of life, such a situation would be known as (what the military calls) a “Charlie-Foxtrot.” Or a fustercluck.

But barring the opaque mysteries of Democratic Party religious rites and oaths, Clinton and Sanders ended in a tie, which means Sanders won. Hillary can declare victory all she wants, but she didn’t win. The big loser in all this is Microsoft, which should be barred for all eternity from handling election data.

I like the caucus system because it forces voters to take a bit more effort and participate in actual candidate selection, versus a drive-by early vote on the way to Wendy’s. But if caucuses are like the one held Monday in Iowa, let’s stick to primaries and let the state and county election officials, who know their ass from a hole in the ground (generally at least), deal with the results.

*Decision Desk called the GOP race at 9:41 p.m., nearly an hour before anyone else. Check them out for the NH primary. I volunteer for them, so my gushing is really based on believing in the project, not financial gain.