|Home||Switchboard||Unix Administration||Red Hat||TCP/IP Networks||Neoliberalism||Toxic Managers|
May the source be with you, but remember the KISS principle ;-)
Skepticism and critical thinking is not panacea, but can help to understand the world better
|News||See also||Recommended Links||Recommended Books||Big Uncle is Watching You||Vault 7 scandal||Non-scanner antispyware tools|
|Anti-spyware forums||Softpanorama Malware Defense Strategy||Spyware Scanners||Malicious Web Sites||Windows Defender||Fighting PopUps with toolbars|
|Geraam Password Stealing Trojan||Win32 Alureon||Win32/Morto.A||Duqu Trojan||Flame||Web Browsers Insecurity|
|Data Recovery Trojan||XP Antivirus 2012||Dr Guard||Antivirus System Pro||Cryptolocker (Win32/Crilock.A||AbetterInternet||BHO|
|Identity theft||Adding sites to the hosts file||Phishing||
If you use Softpanorama Spyware removal strategy, you can remove most of spyware types no matter how complex and sophisticated the infection method is. The only exception is encryption based extortionware such as Cryptolocker (Win32/Crilock.A)
Yes, spyware can be complex, extremely annoying and obnoxious as well as extremly difficult to remove (and latest banking and data encryption Trojans are a serious warning). Typically the period between malware gets into your computer and the moment it is detected by AV program installed can vary from hours to several weeks or even months. For some not very popular and regional (or highly specialized, "government sponsored", etc ) malware it can be years.
At the same time while protection of PC using scanning AV program is never enough, paranoia about spyware is completely unwarranted. Despite tremendous increase in spyware complexity and capabilities in recent years, restoration of OS from a "healthy" C-drive image using a bootable CD created beforehand on other (non-infected) computer is a sure way to defeat even the most complex spyware. One important lesson that extortionware such as Cryptolocker (Win32/Crilock.A) taught is that there should always be two sets of backup (say A and B) and each week you should change from one set to another. And that periodic backup to double layer DVD makes perfect sense if the size of your backup image is less then 8GB. Backup on a USB harddrives can be attacked, backup on DVD is in-penetratable after it was created. Another method to defeat attempts of data-encryption Trojans to destroy your backups is to daily move of your current backup image via FTP or SCP to a different, Linux-based backup computer.
Using this "backup-based disinfection" is a three step approach. You can read about it at Softpanorama Malware Defense Strategy Here is the contents:
Formally spyware is any software which uses an internet connection from your computer in the background (as "backchannel") operating without user knowledge or explicit permission. that definition actually includes a lot of modern commercial software. The presence of such a backchannel represents a simple way to detect even the most sophisticated spyware and a TCP/IP sniffer often is an adequate tool for this. For example, you can switch to other computer (and periodic switching between computers is another good practice, as it keeps you "reference image" tested and up-to-date) and see what communications exist on your "old" PC or laptop for a week or so using sniffer logs. That actually greatly helps against "spyware paranoia" (NSA under each bed ;-).
Spyware is often connected with some way to get an advertising revenue, propagate spam or similar things. In few cases they try to steal and use your financial information (so called banking Trojans). And in very rare cases they want to monitor your activities. In any case now spyware became mostly "for profit" criminal business, and this type of criminals have enough money to pay developers and buy exploits. That means that each new generation of spyware is more sophisticated then previous generations of malware. Interest to this type of programs from NSA and other three letter agencies does not help iether: the methods they develop using government funds and highly paid developers are eventually revealed and then flowing downhill from spooks to financial criminals. Story of malware used to damage Iranian uranium enrichment program is pretty instructive in this respect. See Duqu Trojan, Flame and Stuxnet for more information. Just those three advanced 'state of the art" of spyware development considerably, creating essentially a "new era" in malware (as in "beforeStuxnet" and "after Stuxnet")
In any case we can safely assume that those days few spyware/adware programs are primitive and just uses one Run key to launch itself (and that removal of this key disinfects computer).
Generally any use of an Internet "backchannel" connection should be preceded by a complete and truthful disclosure followed by the receipt of explicit, informed, consent for such use. Often spyware is disguised as a useful utility (atomic clock, toolbar, free game or other useful utility). In this case the developer does not disclose that in addition to openly stated function it is using PC Internet connection to send information about your activities or even your data to the third party. Typical connected information is the site you visited (WeatherBug is one classic example).
Often spyware deliberately complicates its removal from the computer or tried to reinstall itself by downloading missing components, if one component is removed.
The spyware problem is not a pure Windows security problem. Situation is more complex. While the insecurity and architectural flaws of Windows operating system is a problem that aids malware in general, the channel for spreading spyware is usually Web and specifically Google search engine (which for some reason does not mark DNS names that are less then a month old -- many "waterhole spyware distribution sites" belong to this category. We really need something for IE that blocks sites which has DNS registered less then a month or so ago. OpenDNS is an interesting option is this respect. Checking can be incorporated into DNS Prefetching:
The DNS Prefetch addon for Firefox enables DNS Prefetching which is a method of resolving and caching DNS lookups before you actually click on a link. DNS prefetching just resolves domain names before a user tries to navigate, so that there will be no effective user delay due to DNS resolution. One example where prefetching can help is when a user is looking at a page with many links to various other domains, for instance a search results page.
With DNS Prefetching, Firefox automatically scans the content of each page looking for links, extracting the domain name from each link, and resolving each domain to an IP address. All this work is done in parallel with the user's reading of the page. When a user clicks on any of these pre-resolved names to visit a new domain, they save an average of over 250ms in navigation.
Email spam and deceptive advertising of sites via Google or other search engine is still the major channels of penetration of spyware into PCs. Google search results is especially nasty and effective channel. Be careful not to get into "grey zone" site on the PC that you use for your daily work. If you can't live without browsing grey areas of Internet, buy a Goggle Chomebook (such Acer C720 11.6" Chromebook) or Android tablet and browse those areas exclusively from them . Or install Ubuntu on one of your old PCs. Using a different Os then Windows represent an additional lawyer of protection -- most attacks are still directed toward Windows users and PC with Intel-compatible CPUs and Windows XP-Windows 7-Windows 10 installed. Using a different OS and/or CPU architecture gives you substantial additional protection via "security via obscurity" effect.
Spyware authors like virus authors look for a particular category of gullible and greedy users: despite all this bad experience some people just can't avoid clicking on a "Get Kool Mouse Pointerz Here" or "Free Microsoft Office 2013" type of links iether in search results or email ;-). Using a email client that disables all "rich content" and hides attachments such as Thunderbird proves you with free and effective layer of protection against such threats.
Spyware authors like virus authors look for a particular category of gullible and greedy users: despite all this bad experience some people just can't avoid clicking on a "Get Kool Mouse Pointerz Here" or "Free Microsoft Office 2013" type of links iether in search results or email ;-). Using a email client that disables all "rich content" and hides attachments such as Thunderbird proves you with free and effective layer of protection against such threats.
An ounce of prevention is worth a pound of cure. Here are some potentially useful methods for those who are using IE Internet browser:
You can configure UAC in your computer to meet your preferences:
If you detected spyware on your computer before removal look at the network connections the computer uses and try to "cut an oxygen" by adding sites that it accesses to hosts file and to the restricted zone. That might helps to prevent re-infections
Acronis True Image
You can run your system in a special try mode with the Try&Decide feature. In this mode you can try out new applications or experiment with the system while being sure that you can always discard the changes made to the system and revert it back to the state it was just before turning on the Try&Decide mode.
When you turn on the Try&Decide mode, the product activates a special Acronis driver, which starts reading all requests to the protected partition and forwards these to the storage location you have selected.
Unless you are targeted by government agencies spyware can be eliminated. If you use separate PC for vital tasks chance to get spyware on this "more secure" PC is really small. Using several virtual machines on 8GB laptop is no-brainer and also provides a reasonably high level of protection (many types of advanced spyware detect the presence of VM environments and refuse to run on it, fearing that they are "watched"/analysed ) .
Still there is high level of paranoia about spyware in mainstream press. Sometimes it reaches a really stupid level of "if your computer is infected discard it and get a new one". A pretty telling example of this paranoia was a NYT article By MATT RICHTEL and JOHN MARKOFF "Corrupted PC's Find New Home in the Dumpster" (July 17, 2005 ). The main hero of this article (who claim to holds PhD in computer science) demonstrates simply amazing level of ignorance of Windows OS (unless this was just a pretext to upgrade his old computer ;-)
SAN FRANCISCO, July 15 - Add personal computers to the list of throwaways in the disposable society.
On a recent Sunday morning when Lew Tucker's Dell desktop computer was overrun by spyware and adware - stealth software that delivers intrusive advertising messages and even gathers data from the user's machine - he did not simply get rid of the offending programs. He threw out the whole computer.
Mr. Tucker, an Internet industry executive who holds a Ph.D. in computer science, decided that rather than take the time to remove the offending software, he would spend $400 on a new machine.
He is not alone in his surrender in the face of growing legions of digital pests, not only adware and spyware but computer viruses and other Internet-borne infections as well. Many PC owners are simply replacing embattled machines rather than fixing them.
"I was spending time every week trying to keep the machine free of viruses and worms," said Mr. Tucker, a vice president of Salesforce.com, a Web services firm based here. "I was losing the battle. It was cheaper and faster to go to the store and buy a low-end PC."
In the face of a constant stream of pop-up ads, malfunctioning programs and performance slowed to a crawl or a crash - the hallmarks of spyware and adware - throwing out a computer "is a rational response," said Lee Rainie, director of the Pew Internet and American Life Project, a Washington-based research group that studies the Internet's social impact.
While no figures are available on the ranks of those jettisoning their PC's, the scourge of unwanted software is widely felt. This month the Pew group published a study in which 43 percent of the 2,001 adult Internet users polled said they had been confronted with spyware or adware, collectively known as malware. Forty-eight percent said they had stopped visiting Web sites that might deposit unwanted programs on their PC's.
Moreover, 68 percent said they had had computer trouble in the last year consistent with the problems caused by spyware or adware, though 60 percent of those were unsure of the problems' origins. Twenty percent of those who tried to fix the problem said it had not been solved; among those who spent money seeking a remedy, the average outlay was $129.
By comparison, it is possible to buy a new computer, including a monitor, for less than $500, though more powerful systems can cost considerably more.
Meantime, the threats from infection continue to rise, and "the arms race seems to have tilted toward the bad guys," Mr. Rainie said.
The number of viruses has more than doubled in just the last six months, while the number of adware and spyware programs has roughly quadrupled during the same period, said Vincent Weafer, a senior director at Symantec, which makes the Norton computer security programs. One reason for the explosion, Symantec executives say, is the growth of high-speed Internet access, which allows people to stay connected to the Internet constantly but creates more opportunity for malicious programs to find their way onto machines.
Mr. Weafer said an area of particular concern was infections adept at burying themselves in a computer system so that the cleansing programs had trouble finding them. The removal of these programs must often be done manually, requiring greater technical expertise.
There are methods of protecting computers from infection through antivirus and spyware-removal software and digital barriers called firewalls, but those tools are far from being completely effective.
"Things are spinning out of control," said David Gelernter, a professor of computer science at Yale.
Mr. Gelernter said his own family's computer became so badly infected that he bought a new one this week. He said his two teenage sons were balking at spending the hours needed to scrub the old one clean of viruses, worms and adware.
Mr. Gelernter blames the software industry for the morass, noting that people are increasingly unwilling to take out their "software tweezers" to clean their machines.
Microsoft executives say they decided to enter the anti-spyware business earlier this year after realizing the extent of the problem.
"We saw that a significant percentage of crashes and other problems were being caused by this," said Paul Bryan, an executive in the company's security business unit. Windows XP Service Pack 2, an upgrade to the latest Windows operating system that has been distributed to more than 200 million computers, includes an automated malware removal program that has been used 800 million times this year, he said.
At least another 10 million copies of a test version of the company's spyware removal program have been downloaded. Yet Microsoft executives acknowledged that they were not providing protection for people who have earlier versions of the company's operating system. And that provides little comfort for those who must navigate the perils of cyberspace.
Terrelea Wong's old computer now sits beside her sofa in the living room, unused, except as a makeshift table that holds a box of tissues.
Ms. Wong, a physician at Kaiser Permanente Medical Center in South San Francisco, started getting a relentless stream of pop-up ads a year ago on her four-year-old Hewlett-Packard desktop computer. Often her entire screen would turn blue and urge her to "hit any key to continue." Sometimes the computer would freeze altogether.
After putting up with the problem for months, Ms. Wong said she decided last November that rather than fix her PC, she would buy a new one. Succumbing to the seduction of all the new bells and whistles, she spent $3,000 on a new Apple laptop.
She is instituting new rules to keep her home computer virus-free.
"I've modified my behavior. I'm not letting my friends borrow my computer," she said, after speculating that the indiscriminate use of the Internet by her and her friends had led to the infection problems.
Peter Randol, 45, a stockbroker for Charles Schwab in Denver, is at his wits' end, too. His family's four-year-old Dell computer has not been the same since last year when they got a digital subscriber line for high-speed Internet access. Mr. Randol said the PC's performance has slowed, a result he attributes to dozens of malicious programs he has discovered on the computer.
He has eliminated some of the programs, but error messages continue to pop up on his screen, and the computer can be agonizingly slow.
"I may have no choice but to buy a new one," he said, noting that he hopes that by starting over, he can get a computer that will be more impervious to infection.
Buying a new computer is not always an antidote. Bora Ozturk, 33, who manages bank branches in San Francisco, bought a $900 Hewlett-Packard computer last year only to have it nearly paralyzed three months ago with infections that he believes he got from visiting Turkish news sites.
He debated throwing the PC out, but it had pictures of his newborn son and all of his music files. He decided to fix it himself, spending 15 hours learning what to do, then saving all his pictures and music to a disk and then wiping the hard drive clean - the equivalent of starting over.
For his part, Mr. Tucker, the Salesforce.com executive, said the first piece of software he installed on the new machine two weeks ago was antivirus software. He does not want a replay of his frustrations the last month, when the attacks on his old machine became relentless.
"It came down to the simple human fact that maintaining the old computer didn't pay," he said.
If we assume that "Mr. Tucker, an Internet industry executive who holds a Ph.D." holds Ph.D in computer science, it is clear that he is iether idiot or crook. With all due respect to this Ph.D holder I think that any holder of associate or bachelor degree in computer science should be able to reinstall Windows OS. Moreover even bachelor degree in computer science presuppose some interest and level of understanding of OS internals and TCP/IP networking ;-).
But there is some rational in this naive and deceptive NYT drivel: having a second computer helps to fight spyware. Used computer of decent quality can be bought for less then $200 on eBay. By having a second computer you can switch to it and continue your work instead of frantically trying to disinfect the current machine. Actually the most damaging to your data blunders are done not by viruses or Trojans but by users who try to fix the computer and do not fully understand the consequences of their action. In a way classic scenario of Sysadmin Horror Stories which is so intimately known by any Unix sysadmin is replaced here with a different OS and different players.
Beware AV vendors that try to create hysteria and profit from it. In my opinion both Symantec and McAfee lost track and use "gray" methods of increasing sales of their, generally speaking, mediocre products. Microsoft Security Essentials and other similar free AV programs while far from being perfect are good enough for most users and money spend of McAfee should generally be spend on buying better backup drives and such.
Spreading FUD is a classic method to increase sales. Of course, such behavior perfectly suit the job description of any a senior director at Symantec. But this is slightly skeptical site and we should know better then believe stupid FUD of Symantec weasels. The truth is that Symantec behavior is some cases is very close to behavior of spam vendors (Symantec employs scareware sales tactics, lawsuit charges - Computerworld)
The lawsuit, which was filed in a California federal court by lawyers representing Washington State resident James Gross, charged Symantec with deceptive business practices, fraud and other violations of state and federal laws.
Gross took exception to the way Symantec promotes a trio of tools: PC Tools Registry Mechanic, PC Tools Performance Toolkit and Norton Utilities. According to Gross, Symantec pitches those programs with a free diagnostic scan that consistently posts menacing warnings that the customer's PC needs maintenance. To fix the all the problems, however, the user must pay for the software.
Those are the same schemes used by "scareware" makers to con customers into forking over money for essentially worthless security software, said Gross.
The paradox wasn't lost on Gross, who cited research on scareware programs from Symantec's own security research arm.
"In what can only be described as supreme irony, or a clever attempt by Defendant to persuade customers to choose its own 'legitimate' computer utility software, the results of Symantec's research succinctly capture the fraud at issue in this lawsuit," said Gross' complaint.
They also were sued for automatically renewing subscriptions to Norton Antivirus. The New York Attorney General's office fined Symantec $375,000 for the practice and ordered it to give notice before renewing any subscription. Here is one customer letter (Symantec Corporation Complaint - Be Careful What You Order from Symantec - Norton Antivirus):
I recently ordered Norton Antivirus 2010 as a download from Symantec for 39.95 (or so I thought). A month later, my electronic bank statement revealed that Symantec had debited my account $140 in three separate transactions. Two debits were just double-bills for the 2010 Norton Antivirus and one was for an internet security package at $70, which I never ordered.
I went to a Symantec chatroom to complain, and the stsffer immediately agreed to a full refund, no questions asked.
The catch is I won't get my money back for 5-10 business days. And the company removed all its software from my computer. Also, they immediately wanted a statement from me that I was satisfied with their customer support (forget about it!).
I did some research and learned this company has been sued for deceptive business practices in the past and recently paid a fine to the NY State Attorney General for renewing subscriptions without permission and charging debit/credit cards.
McAfee is not much better then Symantec either. Here is a relevant info from Wikipedia:
A review of VirusScan 2006 by CNET criticized the product due to "pronounced performance hits in two of our three real-world performance tests" and some users reviewing the same product reported encountering technical problems.
Some older versions of the VirusScan engine use all available CPU cycles.
Customer Support Criticisms
Reviewers have described customer support for McAfee products as lacking, with support staff slow to respond and unable to answer many questions.
2010 Reboot Problem
On April 21, 2010, beginning approximately at 2 PM GMT, an erroneous virus definition file update from McAfee affected millions of computers worldwide running Windows XP Service Pack 3. The update resulted in the removal of a Windows system file (
svchost.exe) on those machines, causing machines to lose network access and, in some cases, to enter a reboot loop. McAfee rectified this by removing and replacing the faulty DAT file, version 5958, with an emergency DAT file (version 5959) and has posted a fix for the affected machines in its consumer "KnowledgeBase".
Generally there are strange bedfellows in this spyware business. See Jesse Willms Settles in Court with Google a Google Win against the Scammers Strangely Perfect
Actually cleaning spyware it's not a rocket science as you always can restore OS from a healthy image or reinstall Windows and software and then merge your data with this image.
In all, even the most complex cases of spyware infection, reinstallation from a "healthy" disk image works perfectly well and for anybody who is professional in the field (and not a lazy misfit with CS degree who has no backups and does not know what is installed on his/her computer) should take less an hour. I doubt that anyone can find a plausible case when you cannot clean spyware by reinstallation. But I encourage you to try and submit such case in a letter to the editor of Softpanorama.
Most vendors now provide a special partition with the image of initially installed Windows 7 or Windows 8 as well as ordered with PC software such as Microsoft Office (factory install image). The manual always has a special chapter about restoring the image where description is understandable for everybody with an average IQ ;-). If it's to bad y ou can always call vendor and they are quite helpful.
For the guys who assemble computer themselves the same idea works as well: they should be able to create additional partition and "initial image" using free version of Acronis True Image (for Seagate and Western digital drives) or any other similar utility.
Not all spyware produces any signs that you are infected. For obvious reasons banking Trojans do not.
But many other types of spyware do produced to signs. If you are seeing new toolbars in your browser, excessive popups, or your homepage has been switched, or more commonly PC became very slow or periodically reboot itself or crashes chances are that you are infected. Other typical symptoms:
There are several prominent groups of spyware:
Remote access Trojans(RATs) is malware that provides hidden channel of remote assess to your computer administrator (or equivalent) account, much like VNC (on which many of them are based) or ssh or telnet. Computer which has covert remote control installed and about the owner of the computer does not know is called zombie. Such Trojans often use rootkit technology to hide their presence. The set of such computers controlled from a single center is called zombie network. Some publications suggest that there are millions of such computers in the world. This is a popular brand of malware with its own ecosystem that contain open source code that can serve as a template for new strains of malware (All copy and paste makes Jack a bored boy - Microsoft Malware Protection Center )
We recently came across what appeared to be a new sample, but was actually part of malware discovered in 2010. This new-old sample is built from publicly available source code and, like many of its kind, is frequently rebranded. Because of all the changes that malware authors have made, we have detection for each customized iteration. One such iteration (SHA1 8d81462089f9d1b4ec4c7423710cf545be2708e7) is commonly deployed under private obfuscators (such as H1N1 or Umbra). We detect this threat as TrojanSpy:Win32/SSonce.C(the sample also has a message for antivirus researchers, asserting that our job is monotonous and boring.)
Other backdoors that originate from the same source code are currently detected as Backdoor:Win32/Bezigate.A and Backdoor:Win32/Talsab.C, and Backdoor:Win32/Nosrawec.C. What we are seeing here is rampant use of copy/paste in the code. Because of this, all these spying families share common features, such as: reverse-connection to an attacker's server, plugins capable of file transfers, screen capture and anti-virus software disabling. Although the code is publicly available, there are some features, such as mouse/keyboard control, which are only available in private versions, as seen from the Facebook page of one of the authors.
The idea of hijacking somebody else computer to use as a storage or computational resource is as old as computing itself. Morris worm was the first computer worm that propagated from one Unix machine to another by exploiting vulnerabilities of Unix known at this time. Later there were several well publicized cases of oversees hackers trying to get access (and succeeding) at university and research networks. See for example:
Free AV scanner such a Microsoft security essentials is a useful first layer of defense. It is easily breached and can't be relied upon but nevertheless it is unreasonable not to use a free scanning software for detection. See Spyware Scanners. This is important as not all spyware has obvious signs and reveals itself in changing the behavior of the computer of IE or both. Businesses which want an inexpensive software tool that can be used to clean up a Spyware infection on a one-time basis should use free Microsoft Security Essentials which Windows compatibility wise is better, not worse then expensive ( and redundant) solutions from Symantec (junk), McAfee (semi-junk) and other AV vendors. And as for spyware detection they all are at best mediocre. You might be lucky and you might be not but generally it can be three or more months before they will include particular malware that infected your PC into their signature databases.
Microsoft provides free spyware scanner (actually 10 days copy of Microsoft Security essentials) That I recommend to try first.
If you see some suspicious files detected by free scan or files in " C:\Documents and Settings\dell\Local Settings\Temp\" that you can't delete you can use free service called VirusTotal which allow to submit sample and run it over more then two dozens of AV tools. It produce some useful results and is best of the breed as of 2012.
AV vendors are just an overhead caused by flaws in Microsoft Windows design. For example Microsoft program loader is junk, signing executables is an option (Authencode), but it is rarely used (With Security set to High, no potentially dangerous content will be run, signed or unsigned). Ability to tell the source of the program in Windows is almost non-existent. System files are scattered in really messy fashion and Windows directory is a big mess. Registry is another mess which provides tremendous amount of ways to launch rogue programs.
In any case free spyware scanners are simple and yet effective against almost all but the most complex spyware. And that's why they should be tried first. There are two prominent free Spyware scanners (Adaware and Spybot S&D). Spybot S&D usage is discussed in a separate page.
The main problem with of the Spyware scanners is that Spyware is repeating the path of file viruses and newer variants are designed with the specific mechanism to aviod detection by the scanners (polymorthic spyware). One early example of this trend was vx2 Spyware (SAHAgent, aka Golden Retriever, ShopAtHome and ShopAtHomeSelect). Another early example was CoolWebSearch or CWS as many refer to it. With more the a hundred know variants CWS has surpassed most other spyware in sophistication of the infection and dificulty of removal.
In any case it does not make sense to spend money of commersial spyware scanner. It is batter to bye a USB drive and a good backup tool like Acronis.
Please be aware that you need to check the reputation of the product before downloading it. Some spyware mask itself as AV product and is installed on your PC without your permission., After that it produced fake report about multiple infections found to scare you into registering the product. An early example of this trend was Antivirus system pro. A more recent example is XP Antivirus 2012 Such product is essentially an extortion scheme designed to exploit the fear of infection for financial gain.
While analyzing network traffic is the best way to detect spyware, the non-scanner based strategies of fighting spyware includes several additional lines of defense:
Feb 14, 2020 | www.moonofalabama.org
Petri Krohn , Feb 11 2020 20:38 utc | 16The reason European customers trust Huawei is because Huawei uses open-source software or at least makes their code available for inspection by customers.
Closed-source software cannot provide secrecy or security. This was vividly demonstrated last month when NSA revealed a critical vulnerability in Windows 10 that rendered any cryptographic security worthless.Critical Windows 10 vulnerability used to Rickroll the NSA and Github
Rashid's simulated attack exploits CVE-2020-0601, the critical vulnerability that Microsoft patched on Tuesday after receiving a private tipoff from the NSA. As Ars reported, the flaw can completely break certificate validation for websites, software updates, VPNs, and other security-critical computer uses. It affects Windows 10 systems, including server versions Windows Server 2016 and Windows Server 2019. Other versions of Windows are unaffected.
The flaw involves the way the new versions of Windows check the validity of certificates that use elliptic-curve cryptography. While the vulnerable Windows versions check three ECC parameters, they fail to verify a fourth, crucial one, which is known as a base point generator and is often represented in algorithms as 'G.' This failure is a result of Microsoft's implementation of ECC rather than any flaw or weakness in the ECC algorithms themselves.
The attacker examines the specific ECC algorithm used to generate the root-certificate public key and proceeds to craft a private key that copies all of the certificate parameters for that algorithm except for the point generator. Because vulnerable Windows versions fail to check that parameter, they accept the private key as valid. With that, the attacker has spoofed a Windows-trusted root certificate that can be used to mint any individual certificate used for authentication of websites, software, and other sensitive properties.
I do not believe this vulnerability was a bug. It is more likely a backdoor intentionally left in the code for NSA to utilize. Whatever the case, NSA must have known about it for years. Why did they reveal it now? Most likely someone else had discovered the back door and may have been about to publish it.
(I commented on these same issues on Sputnik a few weeks ago.)
Jan 08, 2020 | www.zerohedge.com
Death2Fiat , 5 minutes ago linkThe Last Sasquatch , 12 minutes ago link
No doubt Krugman has dirt on him for blackmail. No one gets his kind of job without being compromised.Johann Gelbwesten , 25 minutes ago link
These aren't my pantstheWHTMANN , 25 minutes ago link
Probably happened when he clicked on an email from Prince Andrew.CosmoJoe , 31 minutes ago link
C'mon that guy's face screams...WP82 , 32 minutes ago link
Getting ahead of it quickly eh Paul?Captain Phoebus , 33 minutes ago link
Gee. Maybe it's nobody other than Krugman using His IP address.
Covering his a$$?Jackprong , 35 minutes ago link
Don't we believe him?
Typical ... to blame his actions on his perceived enemies.
Dec 20, 2019 | turcopolier.typepad.com
Special Counsel Robert Mueller's report insists that Guccifer 2.0 and DCLeaks were created by Russia's military intelligence organization, the GRU, as part of a Russian plot to meddle in the U.S. 2016 Presidential Election. But this is a lie. Guccifer 2.0 and DCLeaks were created by Brennan's CIA and this action by the CIA should be a target of U.S. Attorney John Durham's investigation. Let me explain why.
Let us start with the January 2017 Intelligence Community Assessment aka ICA. Only three agencies of the 17 in the U.S. intelligence community contributed to and coordinated on the ICA--the FBI, the CIA and NSA. In the preamble to the ICA, you can read the following explanation about methodology:
When Intelligence Community analysts use words such as "we assess" or "we judge," they are conveying an analytic assessment or judgment
To be clear, the phrase,"We assess", is intel community jargon for "opinion". If there was actual evidence or source material for a judgment the writer of the assessment would state, "According to a reliable source" or "knowledgeable source" or "documentary evidence."
Pay close attention to what the analysts writing the ICA stated about the GRU and Guccifer 2.0 and DCLeaks:
We assess with high confidence that the GRU used the Guccifer 2.0 persona, DCLeaks.com, and WikiLeaks to release US victim data obtained in cyber operations publicly and in exclusives to media outlets.
- Guccifer 2.0, who claimed to be an independent Romanian hacker, made multiple contradictory statements and false claims about his likely Russian identity throughout the election. Press reporting suggests more than one person claiming to be Guccifer 2.0 interacted with journalists.
- Content that we assess was taken from e-mail accounts targeted by the GRU in March 2016 appeared on DCLeaks.com starting in June.
We assess with high confidence that the GRU relayed material it acquired from the DNC and senior Democratic officials to WikiLeaks. Moscow most likely chose WikiLeaks because of its self-proclaimed reputation for authenticity. Disclosures through WikiLeaks did not contain any evident forgeries.
Not one piece of corroborating intelligence. It is all based on opinion and strong belief. There was no human source report or electronic intercept pointing to a relationship between the GRU and the two alleged creations of the GRU--Guccifer 2.0 persona and DCLeaks.com. Now consider the spin that Robert Mueller put on this opinion in his report on possible collusion between the Trump campaign and the Russians. Mueller bluffs the unsuspecting reader into believing that it is a proven fact that Guccifer 2.0 and DCLeaks were Russian assets. But he is relying on a mere opinion from a handpicked group of intel analysts working under the direction of then CIA Director John Brennan.
Here's Mueller's take (I apologize for the lengthy quote but it is important that you read how the Mueller team presents this):
"The GRU began planning the releases at least as early as April 19, 2016, when Unit 26165 registered the domain dcleaks.com through a service that anonymized the registrant.137 Unit 26165 paid for the registration using a pool of bitcoin that it had mined.138 The dcleaks.com landing page pointed to different tranches of stolen documents, arranged by victim or subject matter. Other dcleaks.com pages contained indexes of the stolen emails that were being released (bearing the sender, recipient, and date of the email). To control access and the timing of releases, pages were sometimes password-protected for a period of time and later made unrestricted to the public.
Starting in June 2016, the GRU posted stolen documents onto the website dcleaks.com, including documents stolen from a number of individuals associated with the Clinton Campaign. These documents appeared to have originated from personal email accounts (in particular, Google and Microsoft accounts), rather than the DNC and DCCC computer networks. DCLeaks victims included an advisor to the Clinton Campaign, a former DNC employee and Clinton Campaign employee, and four other campaign volunteers.139 The GRU released through dcleaks.com thousands of documents, including personal identifying and financial information, internal correspondence related to the"Clinton Campaign and prior political jobs, and fundraising files and information.140
GRU officers operated a Facebook page under the DCLeaks moniker, which they primarily used to promote releases of materials.141 The Facebook page was administered through a small number of preexisting GRU-controlled Facebook accounts.142
GRU officers also used the DCLeaks Facebook account, the Twitter account @dcleaks__, and the email account firstname.lastname@example.org to communicate privately with reporters and other U.S. persons. GRU officers using the DCLeaks persona gave certain reporters early access to archives of leaked files by sending them links and passwords to pages on the dcleaks.com website that had not yet become public. For example, on July 14, 2016, GRU officers operating under the DCLeaks persona sent a link and password for a non-public DCLeaks webpage to a U.S. reporter via the Facebook account.143 Similarly, on September 14, 2016, GRU officers sent reporters Twitter direct messages from @dcleaks_, with a password to another non-public part of the dcleaks.com website.144
The dcleaks.com website remained operational and public until March 2017."
On June 14, 2016, the DNC and its cyber-response team announced the breach of the DNC network and suspected theft of DNC documents. In the statements, the cyber-response team alleged that Russian state-sponsored actors (which they referred to as "Fancy Bear") were responsible for the breach.145 Apparently in response to that announcement, on June 15, 2016, GRU officers using the persona Guccifer 2.0 created a WordPress blog. In the hours leading up to the launch of that WordPress blog, GRU officers logged into a Moscow-based server used and managed by Unit 74455 and searched for a number of specific words and phrases in English, including "some hundred sheets," "illuminati," and "worldwide known." Approximately two hours after the last of those searches, Guccifer 2.0 published its first post, attributing the DNC server hack to a lone Romanian hacker and using several of the unique English words and phrases that the GRU officers had searched for that day.146
That same day, June 15, 2016, the GRU also used the Guccifer 2.0 WordPress blog to begin releasing to the public documents stolen from the DNC and DCCC computer networks.
The Guccifer 2.0 persona ultimately released thousands of documents stolen from the DNC and DCCC in a series of blog posts between June 15, 2016 and October 18, 2016.147 Released documents included opposition research performed by the DNC (including a memorandum analyzing potential criticisms of candidate Trump), internal policy documents (such as recommendations on how to address politically sensitive issues), analyses of specific congressional races, and fundraising documents. Releases were organized around thematic issues, such as specific states (e.g., Florida and Pennsylvania) that were perceived as competitive in the 2016 U.S. presidential election.
Beginning in late June 2016, the GRU also used the Guccifer 2.0 persona to release documents directly to reporters and other interested individuals. Specifically, on June 27, 2016, Guccifer 2.0 sent an email to the news outlet The Smoking Gun offering to provide "exclusive access to some leaked emails linked [to] Hillary Clinton's staff."148 The GRU later sent the reporter a password and link to a locked portion of the dcleaks.com website that contained an archive of emails stolen by Unit 26165 from a Clinton Campaign volunteer in March 2016.149 "That the Guccifer 2.0 persona provided reporters access to a restricted portion of the DCLeaks website tends to indicate that both personas were operated by the same or a closely-related group of people.150
The GRU continued its release efforts through Guccifer 2.0 into August 2016. For example, on August 15, 2016, the Guccifer 2.0 persona sent a candidate for the U.S. Congress documents related to the candidate's opponent.151 On August 22, 2016, the Guccifer 2.0 persona transferred approximately 2.5 gigabytes of Florida-related data stolen from the DCCC to a U.S. blogger covering Florida politics.152 On August 22, 2016, the Guccifer 2.0 persona sent a U.S. reporter documents stolen from the DCCC pertaining to the Black Lives Matter movement.153"
Wow. Sounds pretty convincing. The documents referencing communications by DCLeaks or Guccifer 2.0 with Wikileaks are real. What is not true is that these entities were GRU assets.
In October 2015 John Brennan reorganized the CIA . As part of that reorganization he created a new directorate--DIRECTORATE OF DIGITAL INNOVATION. Its mission was to "manipulate digital footprints." In other words, this was the Directorate that did the work of creating Guccifer 2.0 and DCLeaks. One of their specialties, creating Digital Dust.
We also know, thanks to Wikileaks, that the CIA was using software specifically designed to mask CIA activity and make it appear like it was done by a foreign entity. Wikipedia describes the Vault 7 documents :
Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, that detail activities and capabilities of the United States' Central Intelligence Agency to perform electronic surveillance and cyber warfare. The files, dated from 2013–2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers (including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera Software ASA), and the operating systems of most smartphones (including Apple's iOS and Google's Android), as well as other operating systems such as Microsoft Windows, macOS, and Linux[6
One of the tools in Vault 7 carries the innocuous name, MARBLE. Hackernews explains the purpose and function of MARBLE:
Dubbed "Marble," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which is basically an obfuscator or a packer used to hide the true source of CIA malware.
The CIA's Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation.
Marble is used to hamper[ing] forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA," says the whistleblowing site.
"...for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion," WikiLeaks explains.
So guess what gullible techies "discovered" in mid-June 2016? The meta data in the Guccifer 2.0 communications had "Russian fingerprints."
We still don't know who he is or whether he works for the Russian government, but one thing is for sure: Guccifer 2.0 -- the nom de guerre of the person claiming he hacked the Democratic National Committee and published hundreds of pages that appeared to prove it -- left behind fingerprints implicating a Russian-speaking person with a nostalgia for the country's lost Soviet era.
Exhibit A in the case is this document created and later edited in the ubiquitous Microsoft Word format. Metadata left inside the file shows it was last edited by someone using the computer name "Феликс Эдмундович." That means the computer was configured to use the Russian language and that it was connected to a Russian-language keyboard. More intriguing still, "Феликс Эдмундович" is the colloquial name that translates to Felix Dzerzhinsky, the 20th Century Russian statesman who is best known for founding the Soviet secret police. (The metadata also shows that the purported DNC strategy memo was originally created by someone named Warren Flood, which happens to be the name of a LinkedIn user claiming to provide strategy and data analytics services to Democratic candidates.)
Just use your common sense. If the Russians were really trying to carry out a covert cyberattack, do you really think they are so sloppy and incompetent to insert the name of the creator of the Soviet secret police in the metadata? No. The Russians are not clowns. This was a clumsy attempt to frame the Russians.
Why would the CIA do this? The CIA knew that Podesta's emails had been hacked and were circulating on the internet. But they had no evidence about the identity of the culprit. If they had such evidence, they would have cited it in the 2017 ICA.
The U.S. intelligence community became aware around May 26, 2016 that someone with access to the DNC network was offering those emails to Julian Assange and Wikileaks. Julian Assange and people who spoke to him indicate that the person was Seth Rich. Whether or not it was Seth, the Trump Task Force at CIA was aware that the emails, which would be embarrassing to the Clinton campaign, would be released at some time in the future. Hence the motive to create Guccifer 2.0 and pin the blame on Russia.
It is essential to recall the timeline of the alleged Russian intrusion into the DNC network. The only source for the claim that Russia hacked the DNC is a private cyber security firm, CrowdStrike. Here is the timeline for the DNC "hack."
Here are the facts on the public record. They are at odds with the claims of the Intelligence Community:
- It was 29 April 2016 , when the DNC claims it became aware its servers had been penetrated. No claim yet about who was responsible. And no claim that there had been a prior warning by the FBI of a penetration of the DNC by Russian military intelligence.
- According to CrowdStrike founder , Dimitri Alperovitch, his company first supposedly detected the Russians mucking around inside the DNC server on 6 May 2016. A CrowdStrike intelligence analyst reportedly told Alperovitch that:
- Falcon had identified not one but two Russian intruders: Cozy Bear, a group CrowdStrike's experts believed was affiliated with the FSB, Russia's answer to the CIA; and Fancy Bear, which they had linked to the GRU, Russian military intelligence.
- The Wikileaks data shows that the last message copied from the DNC network is dated Wed, 25 May 2016 08:48:35.
- 10 June 2016 --CrowdStrike waited until 10 June 2016 to take concrete steps to clean up the DNC network. Alperovitch told Esquire's Vicky Ward that: 'Ultimately, the teams decided it was necessary to replace the software on every computer at the DNC. Until the network was clean, secrecy was vital. On the afternoon of Friday, June 10, all DNC employees were instructed to leave their laptops in the office."
- On June 14, 2016 , Ellen Nakamura, a Washington Post reporter who had been briefed by computer security company hired by the DNC -- Crowdstrike--, wrote:
- Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.
- The intruders so thoroughly compromised the DNC's system that they also were able to read all email and chat traffic, said DNC officials and the security experts.
- The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some Republican political action committees, U.S. officials said. But details on those cases were not available.
- 15 June, 2016 , an internet "personality" self-described as Guccifer 2.0 surfaces and claims to be responsible for the hacks but denies being Russian. The people/entity behind Guccifer 2.0:
- Used a Russian VPN service provider to conceal their identity.
- Created an email account with AOL.fr (a service that exposes the sender's IP address) and contacted the press (exposing his VPN IP address in the process).
- Contacted various media outlets through this set up and claimed credit for hacking the DNC, sharing copies of files purportedly from the hack (one of which had Russian error messages embedded in them) with reporters from Gawker, The Smoking Gun and other outlets.
- Carried out searches for terms that were mostly in English, several of which would appear in Guccifer 2.0's first blog post. They chose to do this via a server based in Moscow. (this is from the indictment,
"On or about June 15, 2016, the Conspirators logged into a Moscow-based server used and managed by Unit 74455")
- Created a blog and made an initial blog post claiming to have hacked the DNC, providing links to various documents as proof.
- Carelessly dropped a "Russian Smiley" into his first blog post.
- Managed to add the name "Феликс Эдмундович" (which translates to Felix Dzerzhinsky, also known as "Iron Felix") to the metadata of several documents. (Several sources went beyond what the evidence shows and made claims about Guccifer 2.0 using a Russian keyboard, however, these claims are just assumptions made in response to the presence of cyrillic characters.)
The only thing that the Guccifer 2.0 character did not do to declare its Russian heritage was to take out full page ads in the New York Times and Washington Post. But the "forensic" fingerprints that Guccifer 2.0 was leaving behind is not the only inexplicable event.
Time for the common sense standard again. Crowdstrike detected the Russians on the 6th of May, according to CEO Dimitri Alperovitch, but took no steps to shutdown the network, eliminate the malware and clean the computers until 34 days later, i.e., the 10th of June. That is 34 days of inexcusable inaction.
It is only AFTER Julian Assange announces on 12 June 2016 that WikiLeaks has emails relating to Hillary Clinton that DCLeaks or Guccifer 2.0 try to contact Assange.
The actions attributed to DCLeaks and Guccifer 2.0 should be priority investigative targets for U.S. Attorney John Durham's team of investigators. This potential use of a known CIA tool, developed under Brennan with the sole purpose to obfuscate the source of intrusions, pointing to another nation, as a false flag operation, is one of the actions and issues that U.S. Attorney John Durham should be looking into as a potential act of "Seditious conspiracy. It needs to be done. To quote the CIA, I strongly assess that the only intelligence agency that evidence indicates was meddling via cyber attacks in the 2016 Presidential election was the CIA, not the GRU.
Posted at 02:13 PM in Larry Johnson , Russiagate | Permalink
Factotum , 20 December 2019 at 02:45 PMLJ bottom line: "The only intelligence agency that evidence indicates was meddling via cyber attacks in the 2016 Presidential election was the CIA, not the GRU."Paul Damascene , 20 December 2019 at 02:54 PMLarry, thanks -- vital clarifications and reminders. In your earlier presentation of this material did you not also distinguish between the way actually interagency assessments are titled, and ICA which seemed to have been framed to allow journalists or the unwary to link the ICA with more rigorous standards used by more authentic assessments?walrus , 20 December 2019 at 03:51 PMThank you Larry. You have discovered one more vital key to the conspiracy. We now need the evidence of Julian Assange. He is kept incommunicado and He is being tortured by the British in jail and will be murdered by the American judicial system if he lasts long enough to be extradited.Ghost Ship , 20 December 2019 at 04:04 PM
You can be sure he will be "Epsteined" before he appears in open court because he knows the source of what Wikileaks published. Once he is gone, mother Clinton is in the clear.I can understand the GRU or SVR hacking the DNC and other e-mail servers because as intelligence services that is their job, but can anyone think of any examples of Russia (or the Soviet Union) using such information to take overt action?
With the Russians not having the advantages that the NSA does (back doors in all US-designed network hardware/software and taps all over the internet), would Russia reveal anything unless it involved an immediate major national security threat. I doubt that would cover Trump.
Oct 22, 2019 | it.slashdot.org
ccnafr shared their report: One of the gang's victims was Tobias Frömel , a German software developer. Frömel was one of the victims who paid the ransom demand so he could regain access to his files. However, after paying the ransom, Frömel also analyzed the ransomware, gained insight into how Muhstik operated, and then retrieved the crooks' database from their server . "I know it was not legal from me," the researcher wrote in a text file he published online on Pastebin earlier Monday, containing 2,858 decryption keys. "I'm not the bad guy here," Frömel added.
Besides releasing the decryption keys, the German developer also published a decrypter that all Muhstik victims can use to unlock their files. The decrypter is available on MEGA [ VirusTotal scan ], and usage instructions are avaiable on the Bleeping Computer forum.
In the meantime, Frömel has been busy notifying Muhstik victims on Twitter about the decrypter's availability, advising users against paying the ransom.
Sep 13, 2019 | www.unz.com
Originally from: How the CIA, Mossad and "the Epstein Network" are Exploiting Mass Shootings to Create an Orwellian Nightmare, by Whitney Webb
... ... ...
Carbyne's current CEO, Amir Elichai, served in Unit 8200 and tapped former Unit 8200 commander and current board member of AIPAC Pinchas Buchris to serve as the company's director and on its board. In addition to Elichai, another Carbyne co-founder, Lital Leshem , also served in Unit 8200 and later worked for Israeli private spy company Black Cube. The only Carbyne co-founder that didn't serve in Unit 8200 is Alex Dizengof, who previously worked for Israel's Prime Minister's office.
As MintPress noted in a past report detailing Israeli military intelligence's deep ties to American tech giant Microsoft, Unit 8200 is an elite unit of the Israeli Intelligence corps that is part of the IDF's Directorate of Military Intelligence and is involved mainly in signal intelligence (i.e., surveillance), cyberwarfare and code decryption. It is frequently described as the Israeli equivalent of the NSA and Peter Roberts, senior research fellow at Britain's Royal United Services Institute, characterized the unit in an interview with the Financial Times as "probably the foremost technical intelligence agency in the world and stand[ing] on a par with the NSA in everything except scale."
Notably, the NSA and Unit 8200 have collaborated on numerous projects, most infamously on the Stuxnet virus as well as the Duqu malware . In addition, the NSA is known to work with veterans of Unit 8200 in the private sector, such as when the NSA hired two Israeli companies , to create backdoors into all the major U.S. telecommunications systems and major tech companies, including Facebook, Microsoft and Google.
Both of those companies, Verint and Narus, have top executives with ties to Israeli intelligence and one of those companies, Verint (formerly Comverse Infosys), has a history of aggressively spying on U.S. government facilities.
Unit 8200 is also known for spying on civilians in the occupied Palestinian territories for "coercion purposes" -- i.e., gathering info for blackmail -- and also for spying on Palestinian-Americans via an intelligence-sharing agreement with the NSA.
Sep 02, 2019 | www.yahoo.com
The first-of-its-kind virus, designed to sabotage Iran's nuclear program, effectively launched the era of digital warfare and was unleashed some time in 2007, after Iran began installing its first batch of centrifuges at a controversial enrichment plant near the village of Natanz.
The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad, according to sources who spoke with Yahoo News.
An Iranian engineer recruited by the Dutch intelligence agency AIVD provided critical data that helped the U.S. developers target their code to the systems at Natanz, according to four intelligence sources. That mole then provided much-needed inside access when it came time to slip Stuxnet onto those systems using a USB flash drive.
The Dutch were asked in 2004 to help the CIA and Mossad get access to the plant, but it wasn't until three years later that the mole, who posed as a mechanic working for a front company doing work at Natanz, delivered the digital weapon to the targeted systems. "[T]he Dutch mole was the most important way of getting the virus into Natanz," one of the sources told Yahoo.
Neither the CIA nor the Mossad responded to inquiries from Yahoo News about the information. The AIVD declined to comment on its involvement in the operation.
The now famous covert operation known as "Olympic Games" was designed not to destroy Iran's nuclear program outright but to set it back for a while to buy time for sanctions and diplomacy to take effect. That strategy was successful in helping to bring Iran to the negotiating table, and ultimately resulted in an agreement with the country in 2015.
The revelation of Dutch involvement harkens back to a time when there was still extensive cooperation and strong, multilateral agreement among the U.S. and its allies about how to deal with the Iranian nuclear program -- a situation that changed last year after the Trump administration pulled out of the hard-won nuclear accord with Tehran.
withdrawal from the Iran nuclear deal, May 8, 2018. (Photo: Saul Loeb/AFP/Getty Images)
The Olympic Games operation was primarily a joint U.S.-Israel mission that involved the NSA, the CIA, the Mossad, the Israeli Ministry of Defense and the Israeli SIGINT National Unit, Israel's equivalent of the NSA. But the U.S. and Israel had assistance from three other nations, according to sources, hence the covert codename that gave nod to the five-ring symbol of the world's most famous international sporting event. Two of the three participating players were the Netherlands and Germany. The third is believed to be France, although U.K. intelligence also played a role.
Germany contributed technical specifications and knowledge about the industrial control systems made by the German firm Siemens that were used in the Iranian plant to control the spinning centrifuges, according to sources. France is believed to have provided intelligence of a similar sort.
But the Dutch were in a unique position to perform a different role -- delivering key intelligence about Iran's activities to procure equipment from Europe for its illicit nuclear program, as well as information about the centrifuges themselves. This is because the centrifuges at Natanz were based on designs stolen from a Dutch company in the 1970s by Pakistani scientist Abdul Qadeer Khan. Khan stole the designs to build Pakistan's nuclear program, then proceeded to market them to other countries, including Iran and Libya.
The Dutch intelligence agency, known as AIVD, along with U.S. and British intelligence, infiltrated Khan's supply network of European consultants and front companies who helped build the nuclear programs in Iran and Libya. That infiltration didn't just involve old-school tradecraft but also employed offensive hacking operations being developed as part of the burgeoning field of digital espionage.
AIVD's cyber capabilities are well known now -- last year it was revealed that AIVD was responsible for tipping off the FBI to the 2016 hack of the Democratic National Committee, knowledge it had acquired because its operatives had hacked into computers belonging to the Russian hacking group known as Cozy Bear in 2014 and were watching in 2015 when the Russians broke into computers at the U.S. State Department and the DNC.
But during the early days of Iran's nuclear program, AIVD's hacking team was small and still developing.The Iranian program, which had been on the back burner for years, kicked into high gear in 1996, when Iran secretly purchased a set of blueprints and centrifuge components from Khan. In 2000, Iran broke ground at Natanz with plans to build a facility that would hold 50,000 spinning centrifuges for enriching uranium gas. That same year, AIVD hacked the email system of a key Iranian defense organization in an effort to obtain more information about Iran's nuclear plans, according to sources.
Israeli and Western intelligence agencies secretly monitored the progress at Natanz over the next two years, until August 2002, when an Iranian dissident group publicly exposed the Iranian program at a press conference in Washington, D.C., using information provided by the intelligence agencies. Inspectors for the International Atomic Energy Agency, the United Nations body that monitors nuclear programs around the world, demanded access to Natanz and were alarmed to discover that the Iranian program was much further along than believed.
Iran was pressed into agreeing to halt all activity at Natanz while the IAEA sought to obtain more information about the nuclear program, and the suspension continued throughout all of 2004 and most of 2005. But it was only a matter of time before operations at Natanz resumed, and the CIA and the Mossad wanted to be inside when they did.
The request to the Dutch for help with this came toward the end of 2004, when a Mossad liaison working out of the Israeli Embassy in the Hague and a CIA official based at the U.S. Embassy met with a representative from AIVD. There was no talk yet about inserting a digital weapon into the control systems at Natanz; the aim at that time was still just intelligence.
But the timing wasn't random. In 2003, British and U.S. intelligence had landed a huge coup when they intercepted a ship containing thousands of centrifuge components headed to Libya -- components for the same model of centrifuges used at Natanz. The shipment provided clear evidence of Libya's illicit nuclear program. Libya was persuaded to give up the program in exchange for the lifting of sanctions, and also agreed to relinquish any components already received.
By March 2004, the U.S., under protest from the Dutch, had seized the components from the ship and those already in Libya and flown them to the Oak Ridge National Lab in Tennessee and to a facility in Israel. Over the next months, scientists assembled the centrifuges and studied them to determine how long it might take for Iran to enrich enough gas to make a bomb. Out of this came the plot to sabotage the centrifuges.
The Dutch intelligence agency already had an insider in Iran, and after the request from the CIA and Mossad came in, the mole decided to set up two parallel tracks -- each involving a local front company -- with the hope that one would succeed getting into Natanz.
Establishing a dummy company with employees, customers and records showing a history of activity, takes time, and time was in short supply. In late 2005, Iran announced it was withdrawing from the suspension agreement, and in February 2006 it began to enrich its first batch of uranium hexaflouride gas in a pilot plant in Natanz. The Iranians ran into some problems that slowed them down, however, and it wasn't until February 2007 that they formally launched the enrichment program by installing the first centrifuges in the main halls at Natanz. [ in 2007 it is still Bush administration (which means Cheney) at the helm]
By then, development of the attack code was already long under way. A sabotage test was conducted with centrifuges some time in 2006 and presented to President George Bush, who authorized the covert operation once he was shown it could actually succeed.
By May 2007, Iran had 1,700 centrifuges installed at Natanz that were enriching gas, with plans to double that number by summer. But sometime before the summer of 2007, the Dutch mole was inside Natanz.
The first company the mole established had failed to get into Natanz -- there was a problem with the way the company was set up, according to two of the sources, and "the Iranians were already suspicious," one explained.
The second company, however, got assistance from Israel. This time, the Dutch mole, who was an engineer by training, managed to get inside Natanz by posing as a mechanic. His work didn't involve installing the centrifuges, but it got him where he needed to be to collect configuration information about the systems there. He apparently returned to Natanz a few times over the course of some months.
"[He] had to get in several times in order to collect essential information [that could be used to] update the virus accordingly," one of the sources told Yahoo News.
The sources didn't provide details about the information he collected, but Stuxnet was meant to be a precision attack that would only unleash its sabotage if it found a very specific configuration of equipment and network conditions. Using the information the mole provided, the attackers were able to update the code and provide some of that precision.
There is, in fact, evidence of updates to the code occurring during this period. According to the security firm Symantec, which reverse-engineered Stuxnet after it was discovered, the attackers made updates to the code in May 2006 and again in February 2007, just as Iran began installing the centrifuges at Natanz. But they made final changes to the code on Sept. 24, 2007, modifying key functions that were needed to pull off the attack, and compiled the code on that date. Compiling code is the final stage before launching it.
The code was designed to close exit valves on random numbers of centrifuges so that gas would go into them but couldn't get out. This was intended to raise the pressure inside the centrifuges and cause damage over time and also waste gas.
This version of Stuxnet had just one way to spread -- via a USB flash drive. The Siemens control systems at Natanz were air-gapped, meaning they weren't connected to the internet, so the attackers had to find a way to jump that gap to infect them. Engineers at Natanz programmed the control systems with code loaded onto USB flash drives, so the mole either directly installed the code himself by inserting a USB into the control systems or he infected the system of an engineer, who then unwittingly delivered Stuxnet when he programmed the control systems using a USB stick.
Once that was accomplished, the mole didn't return to Natanz again, but the malware worked its sabotage throughout 2008. In 2009 the attackers decided to change tactics and launched a new version of the code in June that year and again in March and April 2010. This version, instead of closing valves on the centrifuges, varied the speed at which the centrifuges spun, alternatively speeding them up to a level beyond which they were designed to spin and slowing them down. The aim was to both damage the centrifuges and undermine the efficiency of the enrichment process. Notably, the attackers had also updated and compiled this version of the attack code back on Sept. 24, 2007, when they had compiled the code for the first version -- suggesting that intelligence the Dutch mole had provided in 2007 may have contributed to this version as well.
By the time this later version of the code was unleashed, however, the attackers had lost the inside access to Natanz that they had enjoyed through the mole -- or perhaps they simply no longer needed it. They got this version of Stuxnet into Natanz by infecting external targets who brought it into the plant. The targets were employees of five Iranian companies -- all of them contractors in the business of installing industrial control systems in Natanz and other facilities in Iran -- who became unwitting couriers for the digital weapon.
"It's amazing that we're still getting insights into the development process of Stuxnet [10 years after its discovery]," said Liam O'Murchu, director of development for the Security Technology and Response division at Symantec. O'Murchu was one of three researchers at the company who reversed the code after it was discovered. "It's interesting to see that they had the same strategy for [the first version of Stuxnet] but that it was a more manual process. ... They needed to have someone on the ground whose life was at risk when they were pulling off this operation."
O'Murchu thinks the change in tactics for the later version of Stuxnet may be a sign that the capabilities of the attackers improved so that they no longer needed an inside mole.
"Maybe back in 2004 they didn't have the ability to do this in an automated way without having someone on the ground," he said. "Whereas five years later they were able to pull off the entire attack without having an asset on the ground and putting someone at risk."
But their later tactic had a different drawback. The attackers added multiple spreading mechanisms to this version of the code to increase the likelihood that it would reach the target systems inside Natanz. This caused Stuxnet to spread wildly out of control, first to other customers of the five contractors, and then to thousands of other machines around the world, leading to Stuxnet's discovery and public exposure in June 2010.Months after Stuxnet's discovery, a website in Israel indicated that Iran had arrested and possibly executed several workers at Natanz under the belief that they helped get the malware onto systems at the plant. Two of the intelligence sources who spoke with Yahoo News indicated that there indeed had been loss of life over the Stuxnet program, but didn't say whether this included the Dutch mole.
While Stuxnet didn't significantly set back the Iranian program -- due to its premature discovery -- it did help buy time for diplomacy and sanctions to bring Iran to the negotiating table. Stuxnet also changed the nature of warfare and launched a digital arms race. It led other countries, including Iran, to see the value in using offensive cyber operations to achieve political aims -- a consequence the U.S. has been dealing with ever since.
Gen. Michael Hayden, former head of the CIA and the NSA, acknowledged its groundbreaking nature when he likened the Stuxnet operation to the atomic bombs dropped on Hiroshima and Nagasaki. "I don't want to pretend it's the same effect," he said, "but in one sense at least, it's August 1945."
Kim Zetter is a journalist and the author of Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon . Huib Modderkolk is a journalist with the Dutch newspaper de Volkskrant who broke the story last year of AIVD's hack of Cozy Bear; he is also the author of Het is oorlog: maar niemand die het ziet (The Invisible War), to be published this week in the Netherlands.
Operation Ajax seem to be forgotten by the West, but well remembered, by the Iranian folks. Gary
"The now famous covert operation known as "Olympic Games" was designed not to destroy Iran's nuclear program outright but to set it back for a while to buy time for sanctions and diplomacy to take effect."
REALITY CHECK 2 hours ago
General Michael Hayden (ex CIA and NSA head) "In other words, there were many of us in government who thought the purpose of the [Israeli threatened air] raid wasn't to destroy the Iranian nuclear system but the purpose of the raid was to put us at war with Iran." -in "Zero Days" 2016 documentary about the Stuxnet attack on Iran
From the 'Zero days' documentary on Stuxnet: "Inside the ROC (NSA Remote Operations Center] we were furious. The Israelis took our code for the [Stuxnet] delivery system and changed it. Then, on their own, without our agreement they just ****ing launched it. 2010, around the same time they started killing Iranian scientists, [unintelligble] ****ed up the code, Instead of hiding, the code started shutting down computers, so naturally people noticed. Because they [Israel] were in a hurry, they opened Pandora's Box. They let it out, and it spread all over the world. ... The problem was that the Israelis, Unit 8200, were always pushing us to be more aggressive ----
Our "friends" in Israel took a weapon that we jointly developed, in part to keep Israel from doing something crazy, and then used it on their own in a way that blew the cover of the operation and could have led to war. And we can't talk about that?" But my concern, and the reason I'm talking, is because when you shut down a country's power grid, it doesn't just pop back up. It's more like Humpty Dumpty. and if all the King's men can't turn the lights back on, or filter the water for weeks, then lots of people die. And something we can do to others, they can do too. Is that something we should keep quiet? Or should we talk about it? ---- R
REALITY CHECK 1 hour ago@potz.. Nice try at the diversion. In fact it's already well known that the "jewish state" funds your internet propaganda operations. In fact I'll give readers a little insight to your operation. Ever wondered why Mid East comments are so overwhelmingly anti-Muslim, anti-Iran, anti-Palestinians and pro-israel? A new propaganda app sponsored by the Israeli Strategic Affairs Ministry for israel's thousands of internet trolls, Act.il : "A new app 'arms' thousands of motivated civilians worldwide, defending Israel's image online" ... ... ..
"We had about 1,000 volunteers, most of them students from the IDC, who created pro- Israel PR content in 35 different languages, reaching some 40 million web users."... we started working from the operations room on a regular basis. We had a database of student volunteers from dozens of countries, and it became more and more organized. We started setting up departments: One department created pro-Israeli marketing content, another department found and marked online articles that required our attention, and a third department dealt with finding and reporting pages that incite against Israel."...
Within only two weeks, it was downloaded by over 6,000 people in 27 countries around the world ... "In the months before the app's launch, we ran it a pilot among a group of some 800 students, most of them Americans,"...
During the pilot period, we were able to remove 2-5 inciting pages or videos every week. We re working with the IDF [Israeli Defense Forces] and the Shin Bet [Israeli version of theFBI], who are giving us information on such inciting content, and even they couldn't keep uswith how fast we were getting things removed."
"Companies, such as Facebook, remove content following reports from the community," Ben-Yosefexplains. "If there is only one person reporting it, he usually gets told by Facebook the content doesn't meet the criteria for removal. If300 report it-the content is removed immediately. As soon as content inciting against "Companies, such as Facebook, remove content following reports from the community," Ben-Yosefexplains. "If there is only one person reporting it, he usually gets told by Facebook the content doesn't meet the criteria for removal. If300 report it-the content is removed immediately. As soon as content inciting against Israel is posted online, we send a message through the app and all of its subscribers immediately report it." ...
"Students from the University of California (UC), where there are a lot of anti-Israel activists, came to us for help," Briga says. "We organized a joint campaign, in which we opened Skype chats at the IDC and at UC campuses and we let random students just sit down and have a conversation with someone from here [Israel].
People need to research just how much the Zionist jew state skrewed the U.S. and the world with this Stuxnet, and many OTHER computer viruses.
Unit 8200 is a cyber terrorist training facility just outside Jerusalem. https://www.forbes.com/sites/startupnationcentral/2018/05/28/rise-of-computer-vision-brings- obscure-israeli-intelligence-unit-into-spotlight/#7530b9743c19
The accelerating shift toward technologies like autonomous driving, satellite navigation, image recognition, and augmented and virtual reality, are bringing to the fore Israeli intelligence unit 9900, whose grads are starting to make a name for The accelerating shift toward technologies like autonomous driving, satellite navigation, image recognition, and augmented and virtual reality, are bringing to the fore Israeli intelligence unit 9900, whose grads are starting to make a name for them
korok malfesio, 2 hours ago
If the CIA, Mossad, and AIVD have refused to comment on the veracity of this story, where did the information come from, and how did the reporters verify the story? The Dutch mole, who was actually an Iranian citizen, is a possibility, but another insider is needed for confirmation. This cyber sortie has more leaks in it than the Titanic.
Could it be that the story itself has been planted by intelligence operatives? Well, yeah. Okay. Now we have a story with a potential epiphany.
rod, 8 hours ago
A little bit of disinformation here on this story. The article refers to "enrich its first batch of uranium hexaflouride gas" This is incorrect. You can not enrich Hexaflouride gas. You can however, use a radioactive gas such as Irridium gas,
or any other gas that is radioactive in nature such as xenon gas which will bind to the raw uranium molecule and make it bigger. Therefor allowing the refinement process to become more efficient. This is why Baghdad calls their bahgatrons, an improvement from a traditional centerfuge.
Also, I remember how the U.S. infiltrated the Iraq military command by installing special chips inside printers to get into their command and control systems. Not much was talked about in this article about the torture of the people who were suspected of being #$%$. sympathizer.
The assassination of civilian scientists fall under the same umbrella but as a crime of murder. The malware move does not bother me but could have caused the release of toxic radiation throughout the world. Killing civilians is wrong.
True Blue, yesterday
Former Ohio Congressman James Traficant ~ "Israel Owns the Congress and the Senate" ...
We had an agreement that stopped Iranian development of Nukes. It was verified by international inspectors that Iran was and is living up to the agreement. America didn't live up to their end of the bargain. Because Trump walked away from the agreement after America gave their word, now Iran has been given a green light to restart their program courtesy of Donald Trump.
True Blue, yesterday
AIPAC is an organization holding our elected government officials hostage to their foreign policy directives ! Before Israel we had no enemies in the Middle East... fact !
Just sayin...It was a combination of the CIA, Mossad, Meyer Lansky, and Israel that killed JFK, Israel wanted nuclear weapons, Kennedy would have none of it. Lansky wanted his properties back that Castro nationalized when he took over Cuba, and the Jewish James 'Jesus' Angleton was an Israeli 'mole' who rose to be the 3rd ranked member of the CIA. The book 'Finale Judgement' lays out all the connections extremely well, there's no doubt than David Ben Gurion and Israel were a part of the scheme to take out an American president...
Ally M, yesterday
ALL my Congressmen and ALL my Senators have ASSURED me that they will make certain that America provides Israel with all the Military Intelligence and Military equipment that they should require not only to Defend themselves, but to ensure that they will Defeat their enemies in any major conflict.
Thank you to ALL our C.I.A. and Military Intelligence officials in Iraq, Syria, Lebanon, Egypt, Qatar, and, yes, Iran who are providing our Israel friends with Real-time Intelligence information!
AliMD, 18 hours ago
Interesting how Israel planted a virus to help "not to destroy Iran's nuclear program outright but to set it back for a while to buy time for sanctions and diplomacy to take effect." And now Israel is so adamant in trying to derail it.
vani, 9 hours ago
Lot's of misinformation out there about Iran and Nuclear power, they have never tried to put a nuke BOMB together. They may not like Israel but they have never threatened them with Nukes either.
Israel has provoked so many neighbors, their troubles are on them. They are bullies in the region and the world protects them even when they mistreat and attack others. They always claim they are going after enemies who are plotting against them, but the truth is they are stealing more land.
The Mossad is spying on US citizens, they are as bad as Russia on interfering with our sovereign rights to fair elections, and a threat to our constitutional rights.
Mike, 4 hours ago
We're supposed to believe these sources? This piece is typical of the Huff who makes up sensational conspiracies, revelations, showing them as be a or facts. Laughable
As always, if we turn the situation around, the major news media would be screaming bloody murder and calling for war with Iran.
This hypocrisy by the American media has been going on since the early 1900s, and is the reason America gets into so many unnecessary wars. One of the top American generals, Smedley Butler, was correct when he called war nothing but a racket.
Mark Paris, yesterday
"While Stuxnet didn't significantly set back the Iranian program - due to its premature discovery - it did help buy time for diplomacy and sanctions to bring Iran to the negotiating table." - Or they have to say that since there has been loss of innocent lives as they say, themselves. - _
"Stuxnet also changed the nature of warfare and launched a digital arms race. It led other countries, including Iran, to see the value in using offensive cyber operations to achieve political aims - a consequence the U.S. has been dealing with ever since."
Otherwise, to help Israel achieve its demented goal, Stuxnet, ultimately, has come back to bite the US in the >ssa<. Good going morons. How to teach the enemy defeat you in your own game.
What comes around, often goes around...
Everyman, 21 hours ago
Operation Talpiot is the back door data pipeline from your computer/cell phone to Israel. Everything you communicate electronically is stored and analyzed by Israel...
sam spade, 17 hours ago
So this why you stay in the nuclear deal. They know we did it. They signed the deal anyway. They have no reason to trust us, yet they signed the deal. Can we get back into the deal?
TommyGun, 22 hours ago
This is a nice story-cloak and dagger and all that. Why would anyone want to expose this? ..and endanger the lives of those involved as there will always be retributions.
Israel will always have people around the world willing to help because if you believe in God and the Bible then helping Israel is an easy decision against the evil Ishmaelite's. God will forever protect Israel against her enemies those who want to destroy Israel are on a collision with God, just look at all the countries who hate Israel, they are the worse human rights countries on the planet, no mans land.
Loyal Tribune, 15 hours ago
Stuxnet haven't had much affect on Iranian side. I read, they through out all infected centrifuges and replaced with brand new ones in matter of a news weeks. although to them it was like nothing important happened, but a few life are gone for not much to gain.
IrishAmericanPsycho, 7 hours ago
Yet, as a signatory to the NNPT, Iran has every right to pursue nuclear energy, for civilian purposes.
Meanwhile, India, Pakistan and Israel couldn't legally sign the NNPT, as they refused to divulge how many nukes they had....YET THE US SHARED NUCLEAR TECH with those countries anyway.....
Censored, 11 hours ago
US and Israel have tried everything to topple Iran: malware terrorism, sanctions, oil embargo, supporting Wahhabi terrorists, financial terrorism, economic war, sanctioning any country who does business with Iran, disinformation, sabotage, threats, disallowing Red Cross to help flood victims, pirating... yet, Iran stands tall and grows. The only reason they didn't attack Iran is simple: they can't.
Famous act of war. Imagine if Iran had done this? Amazing how restrained the Iranians have been in the face of all the attacks.
anatoly, 16 hours ago
betcha stuff like this is still going on!
P KP K, 4 hours ago
Stuxnet was working fine until Israel decided without US knowledge to increase the effects of the virus and it was caught by the Iranians. Then it was subsequently used by the Iranians on attacks against Saudi and the US.
Funny how that part of the story was left out
Shekel_Trader, 4 hours ago
If the US had put in half the effort back in the '60's to stop Israel's illicit nuke program, as they did with Stuxnet, we'd all be a much happier and healthier society today, without Israel threatening its neighbors with one hand while waving the "Sampson option" in the other.
Alex, 17 hours ago
This article glorifies the typical USA interference in other countries affairs, the hate and mistrust toward the USA is 100% founded, that country through out its history has shown his neighbors and the the rest of the world that they are friends of no one and always try to undermine other nations.
They practically exterminated the native Americans, stole half of Mexico, sponsored coups all over the world, promoted wars and became the biggest producer of arms. All historical facts that no one can denied, and so much more, karma will eventually catch up with the USA, is already starting
Tony, 22 hours ago
Another propaganda by YAHOO. Nothing about the 6 billion Obama gave them ??? What do you thing that money went towards. Yahoo should be investigated for treason.
Collapsing Society, 20 hours ago
Fact: Iran has not attacked any country since the year 1798. Why does the West so bent on bringing Iran down? Answer: https://youtu.be/HP7L8bw5QF4
If Eisenhower hadn't overthrew Iran's government and put our puppet, the Shah, in its place, and if Reagan hadn't shot down an Iranian civilian jet killing 250 people they'd still be our ally.
William, 23 hours ago
Now that the details are coming out, it doesn't sound like it was a terribly effective operation.
Antiestablishmentarian, 2 hours ago
The Neocons (and NeoLiberals) opened Pandora's box when they came up with the plan to destabilize the Middle East. Instead they destabilized our planet..
----------10 hours ago
This is a fictitious article. Another fake news from liberal Yahoo-Verizon. It's purpose is to falsely attack President Trump as someone who has permanently damaged relations with all of our allies. Complete lie.
Did you know the UK and Australia worked with Clapper and Brennan to spy on Trump and his campaign team? Trump is weeding out all the bad leaders of the world who supported the terrorist state called Iran and threatened his Presidency with a silent coup. Those people are not allies, they are the Obama era monsters. Yahoo-Verizon liberals want Iran to have nuclear weapons to destroy the planet. Liberals cry over plastic in the ocean, yet support the most destructive device on earth being sold to violent, homosexual murdering, muslim terrorists?
Everyman, 21 hours ago
Zionist are finally losing their propaganda war little by little. American people are fed up. In Dickenson Texas, if you need Federal relief assistance after Hurricane Harvey, you have to sign an unconditional pledge to support Israel. Will Floridians who slaves or destroyed by Hurricane Dorian be forced to do the same? Will we have to sign an unconditional oath to support Israel or be refused Federal disaster relief funds?
You're free to be a Zionist if you wish. The rest of us are free to criticize those beliefs. If you wish to push those beliefs into the public domain and include them in political discourse, they WILL be criticized harshly, rightly so.
Ruban, 18 hours ago
If Russians or Chines has done something like this then, western media would whine for months and call for new sanctions against them
copy, 23 hours ago
Can anyone read this article, and NOT understand that the Zionist faction CONTROLS America? And that this incident is just more proof of it?
So all the fuss about "Russian hacking" was crocodile tears western propaganda.
And when they repay in kind, don't scream terrorism.
Brook, 13 hours ago
No one wants to mention that the coup was pulled off during the Bush administration.
Jax,15 hours ago
The Stuxnet operation transferred malware technology from Israel to Iran and Russia. This is the unintended consequence. Now Iran can update the malware and distribute it to attack targets anywhere.
Wallstreet, 6 hours ago
The success of this virus attack spurred on a gold rush for Israel. They now get extra billions per year in funding from USA to keep developing their security software activities which turned commercial and now allows spying around the world. Israel now has access to most of the world's governments secrets and is turning that access into gold.
SamS, 22 hours ago
I am truly glad that its only patriotic defense, when we use our computers and hackers to hack into things in Iran, China or NK and not espionage hacking, as when they do the same exact thing, in reverse!
NSA designed... June 24, 2012, as Big Sleep day for the infamous malware. On that day, it stopped replicating. Its more like neutered, rather than dead," Eric Byres, CTO and vp for engineering at Tofino Security, told TechNewsWorld.
"The 6/24 date stops it from replicating, but if it has infected your uranium centrifuge, it will still be doing its destructive work in the PLCs & the drive controllers.
"Stuxnet was pretty much dead as a spreading worm a month after it was discovered," he added. "Every antivirus company worth its salt had Stuxnet detection signatures out quickly. It was a worm designed to never be found in the 1st place. Once it was uncovered, it was defenseless."
Susie, 11 hours ago
Dutch pirates continue to work at the destruction of other nations. The Dutch East India company created the skull and cross bones flag for its' vessels. That flag soon meant violent pirate ship and continues today as the same warning.
Will, 22 hours ago
Thankfully the Apartheid government of Israel with their "Samson Option" is on our side. They held back information about the impending 9/11 attacks (then celebrated afterwards and were arrested) then gave us false intelligence about Iraq having WMDs. But yes they are our closest allies and we should continue giving them billions in cash and openly allow their spies into top secret facilities.
Israel has an arsenal of nuclear weapons estimated at 200 to 300 war heads. Yet Israel has refused to sign the Nuclear Non Proliferation Treaty or the Chemical Weapons Conventions. And the US says NOTHING about that.
Rudolph, 16 hours ago
If you Turn the Tables and If Iran does the same thing to Israel,why is that considered "Terrorism" ? Because they OWN the media?
opaw, 10 hours ago
we should allow every nation to develop their own nuclear programs in the spirit of competition, deterrence and mutually assured destruction. nobody has the right to say that "you can't have nuclear weapons you are not democracy." the moment that you lay your hands on nukes you already lost the moral decency. plus the more the merrier.
dan, 6 hours ago
The worlds greatest hack of all time is Israeli agents steeling US Nuclear secrets and developing a vast nuclear arsenal. Once the hack was found, Israeli influences dramatically changed to that of soft hacking of the US congress and all other political branches. The greatest 'check and mate'!
Singl, 6 hours ago
So, this secret operation took place from 2004 thru 2015 initiated by the Netherlands and Germany, with an assist from France.....under the ObAMA administration (who also went along with it) .
So Iran development was stalled ...so the agreement could be hammered out.
But it was an OBAMA admin agreement...so it HAD TO be destroyed by the Trump administration.... a crisis created ,...so that the TRUMP administration could,-- one way or another -- "resolve" , the crisis. SICK. This man Trump,...is SICK....and MUST be removed.
How is this story any more than gossip with international security ramifications?
Juan, 4 hours ago
Great! We just put a target on the back of every Dutch in a Muslim nation. Sounds to me like payback for not wanting to join the current Israel/US effort against Iran.
ccc, 22 minutes ago
And when other nations attack us using cyber We claim it's a declaration of war
Wondering what these other countries are doing to us and we dont know?
HC, 7 hours ago
About the last successful thing the CIA's ever done in Iran.
JASON, 6 hours ago
I remember when my parents told me to mind my own business. It seems like the U.S. and Israeli government can't mind their own business. It seems like they are the problem for world peace.
Sep 03, 2019 | www.unz.com
anon  Disclaimer , says: September 3, 2019 at 9:30 am GMT@Lot Iran is also involving into Israel-India relationship. Netanyhooo has cancelled his visit just 2 weeks before the election – Haaretz.
And now we don't hear much about terrorism on Europe soil but bit by bit we hear the terrorism committed by Dutch Norwegian Danish against Iran . Justice ? It will arrive one day . Dutch will be supposed so will be the numerous pundits . Why Dutch? Yes that question will find its answer "why Afghanistan ?" after 911.
"Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran --
For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran's nuclear program: How did the U.S. and Israel get their malware onto computer systems at the highly secured uranium-enrichment plant?
The first-of-its-kind virus, designed to sabotage Iran's nuclear program, effectively launched the era of digital warfare and was unleashed some time in 2007, after Iran began installing its first batch of centrifuges at a controversial enrichment plant near the village of Natanz.
The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad, according to sources who spoke with Yahoo News."
Jul 30, 2019 | it.slashdot.org
Louisiana Governor Declares State Emergency After Local Ransomware Outbreak (zdnet.com) 141 Posted by BeauHD on Thursday July 25, 2019 @10:10PM from the hit-hard dept. Louisiana Governor John Bel Edwards has activated a state-wide state of emergency in response to a wave of ransomware infections that have hit multiple school districts.
The ransomware infections took place this week and have impacted the school districts of three North Louisiana parishes -- Sabine, Morehouse, and Ouachita. IT networks are down at all three school districts, and files have been encrypted and are inaccessible, local media outlets are reporting. By signing the Emergency Declaration, the Louisiana governor is making available state resources to impacted schools. This includes assistance from cybersecurity experts from the Louisiana National Guard, Louisiana State Police, the Office of Technology Services, the Governor's Office of Homeland Security and Emergency Preparedness (GOHSEP), and others.
State officials hope that additional IT expertise will speed up the recovery process so schools can resume their activity and preparations for the upcoming school year.
Earlier today, some residents of Johannesburg have been left without electricity after a ransomware infection.
stealth_finger ( 1809752 ) , Friday July 26, 2019 @05:36AM ( #58989714 )Re:State of emergency? ( Score: 5 , Insightful)Uh, once a student clicks on the wrong
.exe it's too late to unplug anything.
If something a student clicks can fuck your whole network, you have bigger problems.
Ocker3 ( 1232550 ) on Thursday July 25, 2019 @11:27PM (#58988772)
Re:State of emergency? (Score:2)
Does the student also have admin rights on the server?
When you're getting attacked by serious teams who know what they're doing, sometimes smaller enterprises just don't have the resources to fight back, only shut down and restore everything from backups (which hopefully aren't also compromised).
With BYOx being So common, the amount of hostile traffic coming from authenticated users Inside your network is a huge PITA.
rtb61 ( 674572 ) on Friday July 26, 2019 @03:19AM (#58989406) Homepage
Re:State of emergency? (Score:2)
It has impacted three school districts as in every school in each district, so clearly this is a high level admin security failure and not something happening at school level. At least one benefit, find what is common with those three districts and you are on the path to tracking the insider who did it, although it is likely they did not attack every school district they could for the same reason, similarly figuring out which school districts they could have attacked and didn't will likely help point the finger.
Re:High School IT (Score:2)
by drinkypoo ( 153816 ) <email@example.com> on Friday July 26, 2019 @09:06AM (#58990296) Homepage Journal
High schools won't trust students with that kind of access, and colleges don't need to, since tuition is high enough these days to hire IT staff.
Re:High School IT (Score:1)
by plloi ( 1055946 ) on Friday July 26, 2019 @09:57AM (#58990628)
Can confirm. Myself and my 2 best friends in high school where the admins for my junior and senior year. Dunno who got the job when we graduated.
luther349 ( 645380 ) , Friday July 26, 2019 @05:39AM ( #58989722 )Re:My password is about to expire ( Score: 3 )
all the admin machines should be vms with snapshots. that way if this happens you can quickly restore. but public schools never have a good setup and normally stock unpatched end of life windows.Revek ( 133289 ) , Thursday July 25, 2019 @11:07PM ( #58988682 ) HomepageThey will blame everyone but the ( Score: 4 , Insightful)
Substandard employees that they hire. They will blame IT first. Ideally their IT should have proper backups that are air gaped at some part of the process. But ultimately these things happen because clueless employees allow it to happen.Gojira Shipi-Taro ( 465802 ) , Thursday July 25, 2019 @11:11PM ( #58988698 ) HomepageRe:They will blame everyone but the ( Score: 2 )
Heavens! Are you saying that getting the cheapest contractors they can find isn't the best financial decision they could have made? But those nice MBAs assured them that running things like a cutthroat corporation was the best way!Revek ( 133289 ) writes:Re:They will blame everyone but the ( Score: 2 )
Heavens no. For instance I know of a city municipality that has the wan side of their internet merged with the lan side of their network. potentially exposing their whole infrastructure. I know and I told them but they would rather trust the guy who did the wiring to know more about networking than the guy who configured their fiber circuit. I'm sure that when they get their asses hacked again they will try to cast the net wide looking for anyone other than themselves to blame. That is why I fired offRockoon ( 1252108 ) , Friday July 26, 2019 @12:57AM ( #58989042 )Re:They will blame everyone but the ( Score: 2 )
But they hired the comptrollers brother! Nothing can go wrong.gweihir ( 88907 ) , Friday July 26, 2019 @12:56AM ( #58989040 )Re:They will blame everyone but the ( Score: 2 )
Well, the MBA morons think that one unit of "employee xyz" is of course exactly the same as another one. Hence getting the cheapest ones does make sense to them. It is a sure recipe for an eventual collapse, of course.houghi ( 78078 ) , Friday July 26, 2019 @06:01AM ( #58989768 )Re:They will blame everyone but the ( Score: 2 , Interesting)
You can't blame the substandard and clueless employees. You can blame the people who decided to hire substandard and clueless people. Responsability goes from top to bottom. Not the other way around.
So why did they hire substandard people? Because of money. And why did they not have more money? Because people elected those who lowered taxes or apointed them elsewhere.
So who do we blame? The shareholders, or the voters in this case.apoc.famine ( 621563 ) writes: < apoc.famine@gmail. c o m > on Friday July 26, 2019 @12:22PM ( #58991676 ) JournalRe:They will blame everyone but the ( Score: 1 )
What kills me about the low-tax, free market crowd is that they don't seem to be able to link these ideas together. If you want competent teachers and other school staff, you need to pay enough that competent people want to do that job.
Starting salary around here for a teacher who has to have a bachelor's degree at minimum, with a master's preferred is mid-$50k. For someone with a BA in English, that's not bad. But how do you get someone with a MS in a STEM field for that sort of money, when they could, at minimum, be making 50% more in the private sector, and likely close to double that, depending on their field. And that's not even considering that the work environment sucks.
While only working about 190 days a year seems like a nice benefit, the flip side is that you get no vacations during the school year other than the ones scheduled for the kids. That makes things like going to a wedding or joining a family vacation pretty much impossible if it falls during the school year.
And it used to be that teachers got the summers largely off, but now a good portion of states are requiring continuing education to retain your license, which means going back to school during your "summer off". And every time the standards or state curriculum change, teachers get to re-do their lesson plans. Unpaid, during the summer.
And IT? No break for them. Summer is when you refresh all the machines, update the network, get rid of the old stuff that students broke and set up all the new stuff. Likely in a steaming hot school with no AC, or if it has AC, with the thermostat set at 80 to save money since "nobody is there during the summer".
If you want competent people to work in these conditions, you need to pay them appropriately. If you need to pay them more, you need money to do that. And that money comes from taxes, or from finding other things to cut spending on. Of course, we'd never consider violating the sanctity of the football program, so the $2m we're going to spend refreshing the turf and bleachers can't be put to better use....ChoGGi ( 522069 ) writes: < firstname.lastname@example.org > on Friday July 26, 2019 @12:05AM ( #58988926 ) HomepageWhen I hear of X suffered a ransomware whatever ( Score: 4 , Interesting)
I wonder if IT gets the budget it needs (for backups), or slashed and someone fired.
I got nothing (just like Louisiana).MobyDisk ( 75490 ) , Friday July 26, 2019 @11:37AM ( #58991306 ) HomepageMalware finally found a way to make real money ( Score: 2 )
For years, malware was used for things like nabbing credit card numbers and selling them on the black market, or for sending spam emails. Deleting files and defacing web sites was good for the lulz, but nobody made money off that. But two concepts changed all that: Ransomware + Cryptocurrency. Now, ransoming files is safe AND profitable! Expect to see more and more of this.
Ransomware is really kinda genius when you think of it as a business model. The hacker steals the files - but does not need to store the files themselves! The files are still on the victim's own hard drives! So the hacker does not need to pay for storage, rent a server, or pay for bandwidth. It's akin to sneaking into a bank and instead of stealing the money, you just change the combination on the vank vault so they can't get in. The money is still in their own vault, just inaccessible!
Cryptocurrency has made it possible to transfer money with no physical presence, and no presence in any "legitimate" managed institution. Yes, it's still a visible transaction, but there's nobody's name and address and tax ID number assigned to the account.
It seems to me this will re-invigorate the hacking community, and everyone needs to become hyper vigilant. 5 years ago we could say "meh, nobody will hack me" and we were 99.9% right. And if they did, you just had to get a new credit card number or phone number or something. Now, the threat is losing everything.WindBourne ( 631190 ) , Friday July 26, 2019 @12:33PM ( #58991772 ) Journallove seeing the impact of cheap government ( Score: 2 )
rather than having effective government, we simply have government that gives our money to their friends. yeah.SuricouRaven ( 1897204 ) , Friday July 26, 2019 @02:39AM ( #58989292 )Re:Well... ( Score: 2 )
I work in a school. Chromebooks and iPads are certainly used a lot in education - but the bread-and-butter of school IT, in every school, is Windows. On desktops, or on laptops. It really has to be - the ICT classes need it because their course materials and exam standards expect it. Plus we like Active Directory - there's nothing so easily administered for managing large numbers of desktops on other operating systems.Bert64 ( 520050 ) writes: < .moc.eeznerif.todhsals. .ta. .treb. > on Friday July 26, 2019 @03:07AM ( #58989366 ) HomepageRe:Well... ( Score: 4 , Insightful)Plus we like Active Directory - there's nothing so easily administered for managing large numbers of desktops on other operating systems.
The thing with centralised administration is that if compromised, it becomes centralised compromise and allows the ransomware (or whatever else) to infect every machine simultaneously.
Active directory is not very secure by default, and is extremely complex... Actually keeping it secure is extremely difficult and expensive, requiring significant investment, highly skilled staff and quite a lot of inconvenience for users.
Active directory is far from easy if you actually want it to be secure, if you want it to be easy then it also becomes easy to compromise and significantly increases the damage from a ransomware infection.Anonymous Coward , Friday July 26, 2019 @07:17AM ( #58989906 )Re: Well... ( Score: 1 )
Active Directory is easy to secure if you aren't stupid. Don't expose it directly to the internet and firewall off all non essential ports.
And Centralized data stores are easy to restore if compromised. Just use your offsite/offline/warm backup/restore plan. You test that regularly, offline, with false hw date clocks, so even if there is a timebonb strawman to worry about, you've git it covered.gweihir ( 88907 ) , Friday July 26, 2019 @12:50AM ( #58989022 )Re:Well... ( Score: 4 , Insightful)-- and a Windows monoculture.
And apparently no backups and no Business Continuity Management.
IT is not cheap. It is just cheaper than doing it in the traditional ways. If you try to do it on the cheap, it can get very expensive though, and that is why you do not if you have a clue.CaptainDork ( 3678879 ) , Friday July 26, 2019 @12:41PM ( #58991830 )Re:Well... ( Score: 3 )
And a monoculture of under-funded IT departments._Sharp'r_ ( 649297 ) writes: < sharper@nOspam.booksunderreview.com > on Friday July 26, 2019 @03:14AM ( #58989390 ) Homepage JournalRe:Well... ( Score: 3 )
What does Democratic Governor John Bel Edwards have to do with low taxes? Louisiana spends $11K/student, about the same as California, which is pretty damn high for a State with such a low cost of living in comparison.grapesandwich ( 6086162 ) , Friday July 26, 2019 @09:46AM ( #58990556 )Re:government employees are not high quality ( Score: 1 )
Or just block people from opening certain files and restrict them from only being able to do the basic stuff. Also this should be a heads up to people. HAVE BACKUPS! I don't understand how any enterprise can overlook this. Yeah it's expensive, but what's cheaper? Maintaining that, or being locked out of your data for a while/forever or having to pay a ransom that would've cost the same if not more?stealth_finger ( 1809752 ) , Friday July 26, 2019 @05:33AM ( #58989706 )Re:government employees are not high quality ( Score: 2 )cheaper to pay the ransom
Probably cheaper to have a decent backup solution but there you go.
Jul 30, 2019 | it.slashdot.org
An anonymous reader quotes ZDNet: On the three-year anniversary of the No More Ransom project, Europol announced today that users who downloaded and decrypted files using free tools made available through the No More Ransom portal have prevented ransomware gangs from making profits estimated at at least $108 million ... However, an Emsisoft spokesperson told ZDNet that the $108 million estimate that Europol shared today is "actually a huge underestimate. They're based on the number of successful decryptions confirmed by telemetry -- in other words, when the tools phone home to confirm they've done their job," Emsisoft told ZDNet... Just the free decryption tools for the GandCrab ransomware alone offered on the No More Ransom website have prevented ransom payments of nearly $50 million alone, Europol said.
The project, which launched in July 2016, now hosts 82 tools that can be used to decrypt 109 different types of ransomware. Most of these have been created and shared by antivirus makers like Emsisoft, Avast, and Bitdefender, and others; national police agencies; CERTs; or online communities like Bleeping Computer. By far the most proficient member has been antivirus maker Emsisoft, which released 32 decryption tools for 32 different ransomware strains... All in all, Europol said that more than three million users visited the site and more than 200,000 users downloaded tools from the No More Ransom portal since its launch.
One Emisoft researcher said they were "pretty proud" of their decryptor for MegaLocker, "as not only did it help thousands of victims, but it really riled up the malware author."
Jul 09, 2019 | caucus99percent.com
So in the past three years Crowdstrike:
a) detected the DNC server hack, but failed to stop it
b) falsely accused the Russians of hacking Ukrainian artillery
c) failed to prevent the NRCC from being hacked, even though that was why they were hired
In other words, Crowdstrike is really bad at their job. In addition, Crowdstrike is really bad at business too. CrowdStrike recorded a net loss last year of $140 million on revenue of $249.8 million, and negative free cash flow of roughly $59 million.
So what does a cybersecurity company that is hemorrhaging money and can't protect it's clients do? It does an IPO .
It just goes to show that "getting it right" is not the same thing as "doing a good job." If you tell the right people what they want to hear, the money will take care of itself.
Jul 09, 2019 | caucus99percent.com
Whoops, you got hacked? Gee, nothing we could have done. More money please!I think this is most of the IT biz right here
It just goes to show that "getting it right" is not the same thing as "doing a good job."
If you tell the right people what they want to hear, the money will take care of itself.
It's all about making the people at the top feel smart for having hired you and assuring them they don't need to waste their beautiful minds trying to understand what it is you do.
Whoops, you got hacked? Gee, nothing we could have done. More money please!
Jun 25, 2019 | www.moonofalabama.org
William Gruff , Jun 23, 2019 3:41:19 PM | 78the pessimist @68
Iran purged Microsoft Windows OS from military uses years ago, so Stuxnet style attacks are no longer possible. Stuxnet itself was only possible because the manufacturer provided the CIA with a backdoor to the operating system. Prior to 2010 Iran was in the top 10 countries from which patches to the Linux kernel came from, but that has dropped to 0% since then. Though I do not know this for a fact, this suggests that Iran forked Linux in 2010 and has been encouraging domestic development of that operating system.
What does this have to do with claims that the US launched a cyber attack on Iran? It means that any American cyber attack on Iran almost certainly failed 100%.
America's misnamed "intelligence" agencies are spoiled by having easy access to targets' communications through built-in back doors and vulnerabilities that American industry build into their products. Despite appearances, US "intelligence" agencies are not very good at real hacking. In fact, they suck badly at it. If Microsoft, Cisco, Google or Apple don't provide them access to the products that they sell, then the CIA is sh!t out of luck (which is why they hate Huawei, by the way). Since Iran no longer uses Microsoft Windows in any critical functions, and instead uses a version of Linux that has diverged from the ones that the West uses for almost a decade, the chances that the CIA or Pentagram's Visual Basic script kiddies could hack them effectively drops to 0%.
Jun 12, 2019 | russia-insider.com
From the Wikileaks "Year Zero" dump:
The CIA's Remote Devices Branch 's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.
UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.
Everyone knew it. Now we have proof. "Fingerprints" are meaningless. It's now clear that the CIA is able to "pose" as "Russian hackers" whenever it so chooses. Just something to think about. All allegations of "digital fingerprints" left behind by Russian hackers must now be dismissed as either fake or meaningless
ChasMoDee 2 years ago ,Disco Obama ChasMoDee 2 years ago ,
So perhaps the DNC was hacked by the CIA and it was blamed on the Russians.disqus_ayvQwhvS6h Disco Obama 2 years ago ,
How can we trust any investigation when the investigation can be doctored to scapegoat Russia? This is embarrassing.Tom 2 years ago ,
Since 2002. You sheep have had the wool pulled over since 2002. It's been 15 years. Imagine how much you won't find out til the next 15.JackBootedThug✓ Tom 2 years ago ,
So the CIA obtained FISA Warrants for the millions of devices hacked? Guess we now know how Trump Tower was wiretapped when DNI Clapper said there was no such order given.American Freeman 2 years ago ,
Clapper is a known perjurer.4ever&anon 2 years ago ,
Now we know how Obama's administration got through the FISA Court to tape Trump.Mike John Elissen 2 years ago ,
So! It now becomes clear what Obama and the Democrats were planning for the Trump Administration. They could hack away at anything and everything and leave Russian "fingerprints" to make it appear that the Russians did it. It's really no telling what is already planted. Thst's why some Democrat's seem so supremely confident that Trump will be impeached.
I don't think that it's really sunk in for most people that this was a plan for World Domination by a force more evil than the average person could ever imagine. We're still in grave danger but thank Heaven for Julian Assange and Wikileaks. Not only have they saved America but perhaps the whole world from domination that heretofore couldn't even be imagined except in science fiction.
Our problem will now be how to build enough gallows to accomodate the traitors and seditionists who have participated in this dark plan.Elevator2TheTop 2 years ago ,
Hysteria in Oceania. The same goons blaming Russia for robbing the local candy store (without producing evidence) are robbing the candy factory 24/7. All of a sudden, the MSM has found issues and terms like `non-verified documents` and `non-verifiable, anonymous sources` to be of the utmost importance, in contrast to when they were copy-pasting the ` information` about Russian hacking. I wonder how much time it takes for the Ministries of Information and their docile press-clowns to (again) turn the story around and blame WikiLeaks for being a `Russian tool` to discard their own obvious crimes.Bad Hombre 2 years ago ,
This whole Russian hacking thing is sounding more and more like the anti-Muslim video that sparked the Benghazi attacks.ruadh Bad Hombre 2 years ago ,
They wiretapped the entire Trump team thinking they would come up with an October surprise...and found NOTHING. If they had ANYTHING, it would have been used prior to the election. And, since Hillary was supposed to win, the illegal wire taps would never have been disclosed.
Now Trump has exposed the Obama admin and democrats are hyperventilating over Russia to deflect from the crimes they committed.middleclasstaxpayer 2 years ago ,
We always knew that, were told we were crazy, now we have proof. The MSM has been gas-lighting us. I wonder how many red pills you have to swallow to get to the other side of this Rabbit Hole?
It seems our government really is the most corrupt entity on this planet.lou Guest 2 years ago ,Peter Shoobridge ن ruadh 2 years ago ,
Well BO moved to Washington so it will be easy for the Press to shout these questions at him at his home or a restaurant or a ballgame. We need answers BO, and right now. No BS. anymore. Or go back to Indonesia and hide out.TGFD 2 years ago ,
It's really not fun. The intelligence agencies are unaccountable and cloak their criminality with the secrecy of national security. They're not going to back down. They're ruthless. And they kill people for sport. This will not end well unless the military is called in to round them up, which has huge risks of its own...William Dickerson 2 years ago ,
As far as I'm concerned. death becomes anyone in the effing CIA. Same goes for their parasitic family members. Death's image would look good on them.
There is NO secret in the CIA that I would not expose if I could.
I never heard of the term, "Deep State" prior to 2 months ago, and I don't like what I hear, either. I pray that somehow, God will enable TRUMP to vanquish all the filth in the deep state.rayg 2 years ago ,
I knew it - the documents I looked over, the IP addresses I checked, the supposed "malware" that the US said "was the same as we know Russia had used" and more - and it just did not add up.
Now to be sure the American population is dumb when it comes to technology - and they usually blindly believe what the CIA, and media, tells them. But me - being in IT for some decades and having worked with Russian people for 6 years (in an electronics engineering company founded by a Russian immigrant to the U.S.) and being a network security administrator for a small government agency, something smelled odd.
The IP addresses - hahaha - really? Try again - up until the spring of 2016 American company Verizon routed 1 million stolen IP addresses - used by cyber-criminals in the USA........ so guess where some of those IP addresses REALLY belonged. Further, the "CIA" and other spooks included - honestly? TOR exit node addresses. If you use TOR browser, you will find some of those same addresses in your own logs (unless you are smart and either purge or don't log, etc.)
So try again, U.S. spooks - the malware? HAHA - what a JOKE. Really. I mean older software that John Q. Public can download for FREE? Sorry, Russians are far far smarter and they'd not use OLD software that works on WordPress based on PHP servers when the target isn't based on blogging software.
Sorry, silly Americans - including and especially McCain and others in our congress who are, say what? members of INTELLIGENCE committees? Really?
You help guide the intelligence and security operations of a major country and you fall for the BS that was presented to you? Did you not ask questions? I did - I did my own research and I guess that proves I'm as smart or smarter than any member of and house or Senate intelligence committee. Do these people even know where the power button is on their computer? Smart - they hire unvetted IT people to take care of congressional computers....... and some of the equipment ends up missing, and these people have full free access as admins to computers used by congressional members of armed services committees and more!
That's how smart our U.S. congress is. Hire your brother-in-laws IT geek, give 'em full admin access, let them come and go freely........... and fall for intelligence reports about Russian hacking...... all the while our own CIA is doing MORE and WORSE.
While this topic is still fresh (thanks to the Democrats) - election interference - Election or campaign interference scores according to political scientist Dov Levin of Carnegie Mellon University: Russia - 36 times, U.S.A - 81 times
The USA's score number doesn't include military coups and regime change efforts following the election of candidates the U.S. didn't like, notably those in Iran, Guatemala and Chile. Nor does it include general assistance with the electoral process, such as election monitoring.
So who exactly is it that interferes or "Helps" with elections? Yeah, I thought so.
President Vladimir Putin must go home each night shaking his head in disbelief at how gullible we are here.
By the way - Podesta was NOT HACKED. He fell for a simple phishing scam. Yes, the email wasn't even very well done. It appeared more like it came out of Nigeria than any professional group, it was lame, didn't even look real, didn't sound real and the URL or link was so obvious, geesh, a fool could have seen it was phishing. Oh, wait, we're talking Podesta here. The man gave away his password (which for a while was indeed 'password'. Worse - he used what for his campaign work? Did you say GMAIL? You have to be kidding! A free consumer email, based in the cloud, and not only that, at least 3 others had account access to his Gmail. He kept documents, calendar, task lists and more in it. The phishing scammer got access to his Gmail inbox, sent items, attachments, calendar, Google Drive, Google Docs, you name it! No hacking needed since this is CLOUD BASED. No one had to touch his computer or iPad.
I really laughed when I found in those emails the admin credentials for his Wi-Fi, and even more funny - the admin credentials for his building security system. Yes, all that in his cloud-based Gmail account. As Bugs Bunny would say- what a maroon!
No wonder he's mad and trying to blame everyone else. He has to know he was scammed and he fell for it and it was all HIS FAULT, no one else but him. Using Gmail for such important work is STUPID as it is - but then to fall for phishing. He got what he deserved, and if it was Russians, tell those teenagers congratulations! That's all it took to phish Podesta - the skill set of KIDS in their early teens.
I could go on about the stupidity involved in all of this, but won't (I hear a collective sigh of relief!)Michael K rayg 2 years ago ,
So, did the Russians hack the election? Or did the Obama CIA hack the election and just did a pizz-poor job of it? Or perhaps Obama really did not want Hillary to win.
This might make those congressional investigations into the alleged hacking of the election by Russians a lot more interesting. That is, of course, assuming that the investigations are really about finding the truth.Gonzogal Michael K 2 years ago ,
Obama Hates Hillary but could not openly control her. With Trump elected he could work openly to damage his administration, and with the help of MSM demonize him, and make him look like a tool of the Russians as well as his appointees. Notice, there was no talk of Russian hacking prior to the election. The "intelligence" agencies waited for the election results to come out with their charges.
Use delaying tactics to prevent approval of appointees, attack and possibly remove approved appointees eroding confidence in the current government. With the help of RINOs delay legislation. Pay protestors to protest everything Trump does using labels such as sexist, racist, Nazi, etc.
Obama's and DNC's goal: Prevent any progress till the mid term elections and try and overturn the balance in Congress to get the liberal agenda back on track. Get poised for the 2020 election and run a more palatable candidate than Hillary.Geoff Caldwell 2 years ago ,
"Obama's and DNC's goal: Prevent any progress till the mid term elections and try and overturn the balance in Congress to get the liberal agenda back on track. Get poised for the 2020 election and run a more palatable candidate than Hillary."
Or, according to Obomber's club make it so that Trump "either resigns or is impeached"
http://www.zerohedge.com/ne...Marsha Moore 2 years ago ,
Let's unpack this. All those rumors about the Obama's hating the Clinton's? TRUE BUT, he couldn't let DOJ go through with indictment so instead gets Clapper, Brennan and the boys to use Russian fingerprints to hack and then sits back and watches the chaos unfold. When you go back to how he got his start in Chicago its exactly how he operates.rlqretired 2 years ago ,
I am furious. I read the original re CIA attempting to influence French elections. But this is CLEAR TREASON by Obama Administration. I NEVER trusted Brennen. violation for CIA to operate inside US.Spyplane 2 years ago ,
Looks like this is an example of Obama/CIA preparation for Treason?
The thing that really pisses me off is that the factual basis for all of this criminal and treasonous activity by the Obama Administration, that is being exposed today, remains covered-up by everyone in a position of responsibility to expose it. That factual basis is that every identification document Obama has presented to prove he is a citizen of the USA is a forgery. Based upon the totality of his record as president he is an agent of foreign Islamic allegiance and everything he has done in the Middle East always ends up in favor of radical Islam and refuses to even acknowledge radical Islamic terrorism exists. The same goes for his refusal to acknowledge domestic Islamic terrorism exists.
Factual answers for these three questions will clear up why we are having this treasonous activity. (1) Why does Obama have and need a forged birth certificate as he posted on his POTUS website? (2) Why does Obama's first officially issued copy of his Selective Service Registration Card have a forged 2 digit postal stamp? (3) Why is Obama using a SS# that was first issued to someone else? These three questions must be answered by Congress as the researched information verifying forgery is readily available and will expose the basis of this treason.Play HideToday Is The Day We Get Trump Spyplane 2 years ago ,
Let's not forget that logging into an email server because of a weak password and getting a copy of emails does not scream CIA. Also John Podesta's email password was extremely weak. So it did not take a covert CIA hacking program to initiate. We keep hearing Russia hacked our election. Yet have ZERO proof! First the majority of election machines are decentralized and not connected to internet. There was not a single instance where vote the count was effected. This was also immediately stated by Obamas DNI. Claiming they ran a propaganda attack on Hillary Clinton is pathetic. They are claiming the American people did not see who Hillary Clinton truly was. The opposite is true.
Hillary Clinton had made her own propaganda against herself. She is who the American people see. Not what the Russians programmed Us to see. The American people made a choice based on her actions no one else's. The liberals continually attacking someone with false claims without proof is a standard Liberal / Alyinsky strategy. It requires no proof if all liberal extremist continually repeat the same attack which is then amplified by the Liberal propaganda media (CNN, MSNBC, CBS, The New York Times, The Washington Post, BBC, etc)
The Russian collusion claim is the exact same scenario. Make the claim which we already knew the Trump campaign speaks with Russian diplomats. Most people in politics interact with all countries diplomat and ambassadors. So instantly the claim is impossible to debunk. The Liberal party has become a party willing to use any and all tactics to avoid listening to the American people. This whole Russian drama is created to go against what the American people voted for. The democrat party is as much a threat to The United States as Communism ever was. It has been said if fascism ever comes back to the United States it will come in the form of liberalism. So the American people have a choice.
Use common sense and stop the liberal extremist party from destroying our democracy or deal with the consequences of America becoming ineffective and divided. The majority of the Democrat party and it's supporters have become so ideologically perverted they have lost sight of morality and what America stands for.
The Russians have not hypnotized Americans to vote for Donald Trump. It wasn't possible for the Russians to manipulate voter data and yes the Trump campaign speaks with Russian diplomats.
But it was the same Russian ambassador that Obama left in the country while expelling all others. The same Russian ambassador Obama scheduled meetings with for Jeff sessions. The same rushing ambassador that all Democrat spend time with. Make a claim that's true then find a way to turn it negative.
Typical Saul Alinsky. Everyone needs to remember anything the Liberals attack someone for the opposite is true.DanJR 2 years ago ,
The point of the Wikileaks is that "proof" is easily manufactured.seanster5977 2 years ago ,
And now you know that the CIA (via Obama's orders or tacit approval) was the one that created the ruse of Trump emailing a Russian bank as a pretext to persuade FISA judges to sign off on the warrants to keep surveillance on him and his contacts.
If I were Obama I'd be seeking the nearest airport and fly to any country offering asylum... it's good night, good riddance for him and the rest of the Deep State Globalists.LH 2 years ago ,
Kind of funny where this started. Remember Hillary stole a server from the government secure server facility and set it up in her basement without proper security software and monitoring for hacking. Proven. And she had idiots in her staff so stupid they used passwords like "p@ssword". Proven. So any 11 year old computer expert could have hacked that server.
And she lied about the content of the messages being transferred. Top secret and classified info was lost due to her illegal actions. But Comey gave the pig a pass.
Of course it was the Obama CIA, pros like the Russians or Chinese, never leave behind "fingerprints" they are smart enough to cover their tracks. As a cyber analyst I can tell you that when you see "fingerprints or breadcrumbs" leading to a source, it's usually deceptive and intentional. Let that sink in!
May 27, 2019 | www.unz.com
Mitleser , says: January 27, 2019 at 3:05 am GMT@WHAT The point is not to stop them entirely, but to delay and disrupt their ambitious programs.
The infamous Stuxnet cyberweapon did not destroy more than a fifth of Iran's nuclear centrifuges, but that does not mean it was not a real success for Israel/America's campaign against the Iranian nuclear program.
May 23, 2019 | turcopolier.typepad.com
Russia did not hack the DNC. This is not an opinion. It is a conclusion that flows from one very specific claim made by the Special Counsel -- i.e., Guccifer 2.0 was a fictional identity created by Russian Military Intelligence, the GRU. If Guccifer was in fact a creation or creature of the GRU, then the forensic evidence should show that this entity was operating from Russia or under the direct control of the GRU. The forensic evidence shows something quite different -- the meta data in the Guccifer 2.0 documents were manipulated deliberately to plant Russian fignerprints. This was not an accident nor an oversight due to carelessness.
What is meta data? This is the information recorded when a document is created. This data includes things such as the date and time the document was created or modified. It tells you who created the document. It is like the Wizard of Oz, it is the information behind the curtain.
Special Counsel Robert Mueller's is correct in stating that Guccifer 2.0 was a "fictious online persona. " He is wrong in attributing that action to Russian Military Intelligence. While Guccifer 2.0 was a "fictious" entity, the information recorded about when, how and who created the document show that deliberate choices were made to present the info as if it was created by someone Russian.
Let us first stipulate and agree that Russia and the United States engage in cyber espionage and covert action against each other. This has been the case since computers and the internet came into existence. Within the U.S. Intelligence Community these activities generally are labeled with the acronym, CNO -- Computer Network Operations. The Russians and the United States have cadres of cyber "warriors" who sit at computer terminals and engage in operations commonly known as hacking. Other countries, such as China, Iran and Ukraine do this as well.
CNOs are classified at the highest level in the United States and normally are handled within special restricted categories commonly known as SAPs (i.e, Special Access Programs). A critical element of these kinds of operations is to avoid leaving any fingerprints or clues that would enable the activity to be traced back to the United States. But this is not unique to the United States. All professional intelligence services around the world understand and practice this principle -- leave no evidence behind that proves you were there.
The case implicating Russia in the hack of the DNC and Clinton emails, including those of her campaign Manager, John Podesta, rests on suspect forensic computer evidence -- is present in the meta data in the documents posted on line by Guccifer 2.0. According to Disobedient Media , "the files that Guccifer 2.0 initially pushed to reporters contain Russian metadata, a Russian stylesheet entry and in some cases embedded Russian error messages."
Why would the Russians make such a mistake, especially in such a high stake operation (targeting a national election with covert action most certainly is a high stake operation). Mueller and the U.S. intelligence community want you to believe that the Russians are just sloppy and careless buffoons. Those ideologically opposed to the Russians readily embrace this nonsenses. But for those who actually have dealt with Russian civilian and military intelligence operatives and operations, the Russians are sophisticated and cautious.
But we do not have to rely on our personal beliefs about the competence or incompetence of the Russians. We simply need to look at the forensic evidence contained in the documents posted by Guccifer 2.0. We will take Robert Mueller and his investigators at their word:
- Beginning in or around June 2016, the Conspirators staged and released tens of thousands of the stolen emails and documents. They did so using fictitious online personas, including "DCLeaks" and "Guccifer 2.0." (p. 2-3)
- The Conspirators also used the Guccifer 2.0 persona to release additional stolen documents through a website maintained by an organization ("Organization 1") [aka WIKILEAKS], that had previously posted documents stolen from U.S. persons, entities, and the U.S. government. (p. 3)
- Between in or around June 2016 and October 2016, the Conspirators used Guccifer 2.0 to release documents through WordPress that they had stolen from the DCCC and DNC. The Conspirators, posing as Guccifer 2.0, also shared stolen documents with certain individuals. (p. 15)
An examination of those documents tells a very different story. While it does not reveal who or what was Guccifer 2.0, it does undermine Mueller's claim that it was the Russians who did these dastardly deeds.
One independent forensic computer investigator, who uses the name, "The Forensicator," examined the meta data in some of the documents posted by Guccifer 2.0 and discovered the following :
Guccifer 2.0 published a file on 13 September 2016 that was originally copied on 5 July 2016 at approximately 6:45 PM Eastern time. It was copied and appeared as the "NGP VAN" 7zip file.
The estimated speed of transfer was 23 MB/s. This means that this initial data transfer could have been done remotely over the Internet. Instead, it was likely done from a computer system that had direct access to the data. "By "direct access" we mean that the individual who was collecting the data either had physical access to the computer where the data was stored, or the data was copied over a local high-speed network (LAN)."
This initial copying activity was done on a system that used Eastern Daylight Time (EDT) settings and was likely initially copied to a computer running Linux, because the file last modified times all reflect the apparent time of the copy, which is a characteristic of the Linux 'cp' command (using default options).
On September 1, 2016, a subset of the initial large collection of DNC related content (the so-called NGP/VAN data), was transferred to working directories on a system running Windows. The .rar files included in the final 7zip file were built from those working directories.
The alleged Russian fingerprints appeared in the first document "leaked" by Guccifer 2.0-- 1.doc -- which was a report on Donald Trump . A forensic examination of the documents shows thatgiven the word processor program used to create the Donald Trump Document released by Guccifer 2.0, the author consciously and purposefully used formats that deliberately inserted "Russian fingerprints" into the document. In other words, the meta-data was purposely altered, and documents were pasted into a 'Russianified' word document with Russian language settings and style headings.
Here are the key facts:
The meta data shows that Slate_-_Domestic_-_USDA_-_2008-12-20.doc was the template for creating 1.doc , 2.doc and 3.doc . This template injected "Warren Flood" as the author value and "GSA" as the company value in those first three Word documents. This template also injected the title , the watermark and header/footer fields found in the final documents (with slight modifications).
The Word documents published in June 2016 by Guccifer 2 also show a "last saved as" user id written in Cyrillic. The Anglicized name is " Felix Edmundovich ", aka "Iron Felix" (the infamous director of an early Soviet spy agency). If you are a Russian cyber spy trying to conduct a covert operation, why do you sign your document with the name of one of the most infamous leaders of Russian intelligence? Robert Mueller wants you to believe that this was just Russian audacity.
But the meta data tells a different story. When we examine The Revision Session Identifiers aka 'RSID's, in the Guccifer document, we see the same Russian style-headings in 1.doc, 2.doc and 3.doc. The document creation timestamps on docs 1, 2 and 3 also are all identical.
Given that MS word assigns a new random 'RSID' with each save when an element is added or edited (this function allows one to track changes made to a Word document), the only way to obtain identical creation timestamps means that someone either directly edited the source document or that there was one empty document open and that individual documents were copy-pasted and saved-as (1.doc), then contents deleted and new doc pasted and saved-as (2.doc), etc. This process also explains identical style-sheet RSIDs .
joanna , 22 May 2019 at 08:54 AMfredw , 22 May 2019 at 09:26 AMThe document creation timestamps on docs 1, 2 and 3 also are all identical.
Curious, no doubt. But who of us did not consider Guccifer 2 curious. Put another way, what experts considered him solid proof for Russian involvement?
Are you suggesting Winword templates were used for the metadata?
As IT nitwit, how can I save three *doc files or their 2016 word equivalent at the same time? Any way to do that? Windows doesn't seem to have a solution to that.
Again: This is a nitwit user asking a question.
I admittedly am not overly motivated to read the Mueller report. I'll read your contribution again to figure out what you may suggest in or between the lines.The phrase "personal beliefs about the competence or incompetence of the Russians" catches something important. Whether it was the Russians or somebody else that did this, whoever did it was pretty sloppy. What this report describes is almost as pathetic when considered a false flag operation as it is as a sabotage operation. So any theory of who stole and published the documents has to explain a capability to access the data combined with blissful obliviousness about handling them. I know of no reason to think the Russian, US, Israeli, or other intelligence communities incapable of such a combination. All of them have brilliant dedicated people but also seemingly endless supplies of mediocre time-servers.joanna , 22 May 2019 at 09:58 AM
Equally interesting is the fact that this analysis has come from such a private source. Surely all the major intelligence agencies have the skill to find the same indicators. And all have comparatively endless resources to apply to the analysis. But they all seem to not want to talk about it. For me the most suspicious thing about the handling of the theft was the FBI's near complete lack of interest in examining the server. I have always assumed that such indifference reflected that they already had all they needed in order to understand what happened. Maybe even watched the theft in real time. But this report demonstrates that you didn't need any special access to blow up the official story. (Note that the official story may be "true". It is just not proven by the cited evidence.)
Yet, whatever actually happened, nobody seems interested in challenging the narrative that Russians stole data and routed it through useful idiots to influence the 2016 elections. This report indicates that a persuasive challenge would not have been hard to produce.
Perhaps the false flag was intentionally clumsy, intended to be detected. Bait for a trap that no one wants to fall into. But I don't see where that thought leads.https://archive.fo/2dMfC#selection-683.213-687.434Karen Eliot , 22 May 2019 at 10:34 AM
This can be discovered by looking at things called 'rsid's or Revision Session Identifiers in Guccifer's document. In order to track changes, MS word assigns a new random 'rsid' with each save upon each element added or edited. The rsids for the Russian style-headings in 1.doc, 2.doc and 3.doc are all the same (styrsid11758497 in the raw source).
Moreover, the document creation timestamps on 1,2, and 3.docs are all identical too. This might imply there was one empty document open, with individual documents being copy-pasted and saved-as (1.doc), then contents deleted and new doc pasted and saved-as (2.doc), etc. This is the only way to go about obtaining identical creation timestamps short of direct editing of the source, and would also explain identical style-sheet RSIDs.
Scenario? Shutdown, closing of words with documents being automatically saved? Ok, otherwise there is apparently no precise saving time stamp on Winwords latest version. How much changed since 2016?
Empty doc open? What would that change?
But good to see that Winword now integrated some type of automatic saving option, didn't have it when I gave it up and shifted to Open Office. On the other hand, can I trust it to not confront me with an earlier revision version? I admittedly asked myself lately. In a 200 page file, mind you.As someone with a little bit of experience in that area I can assure you that language metadata artifacts are practically worthless for attribution. You would mention it in a report, but from it you can only conclude thatjoanna said in reply to Karen Eliot... , 23 May 2019 at 09:51 AM
- either the creator was an amateur and used his own language environment
- or actually selected this particular language environment, either by running a - in this case - Russian copy of Office, or by changing the metadata manually.
- or he used his own language environment because he doesn't care, and because he knows that this information is worthless for any forensics expert.
The Vault7 leak of CIA tools also contained information on how to select any language environment. It's really a standard practice, even for normal criminals.
Attribution is really hard and usually amounts to a lot of guessing who might be interested in the target of an attack, correlating information from other campaigns, and is only rarely based on hard evidence. Big state actors probably can do a little bit better when they have access to enough network taps. But in the end one bit looks like any other, and properties of static documents can always be forged and made to look real. Or simply buy a copy of MS Office in .Fred , 23 May 2019 at 11:24 AMThe document creation timestamps on docs 1, 2 and 3 also are all identical.
Ok doc creation times. Could one create a WinWord Macro? That does exactly that. ok, why would one do this? True. Minor detail, I know. But I see we have experts around now.
More generally. Guccifer 2.0 was a bit of an odd occurrence, not least due to US intelligence considering Guccifer one or zero, if you like.fredw,
"..nobody seems interested in challenging the narrative that Russians..."
That's precisely what Larry has been doing for some time.
"Equally interesting is the fact that this analysis has come from such a private source."
How dare a private citizen challenge the narrative!
"Perhaps the false flag was intentionally clumsy..."
False flag, let's discuss that idea, brought up solely by you, and not discuss Larry's analysis.
May 23, 2019 | turcopolier.typepad.com
Karen Eliot , 22 May 2019 at 10:34 AMAs someone with a little bit of experience in that area I can assure you that language metadata artifacts are practically worthless for attribution. You would mention it in a report, but from it you can only conclude that
- either the creator was an amateur and used his own language environment
- or actually selected this particular language environment, either by running a - in this case - Russian copy of Office, or by changing the metadata manually.
- or he used his own language environment because he doesn't care, and because he knows that this information is worthless for any forensics expert.
The Vault7 leak of CIA tools also contained information on how to select any language environment. It's really a standard practice, even for normal criminals.
Attribution is really hard and usually amounts to a lot of guessing who might be interested in the target of an attack, correlating information from other campaigns, and is only rarely based on hard evidence.
Big state actors probably can do a little bit better when they have access to enough network taps. But in the end one bit looks like any other, and properties of static documents can always be forged and made to look real. Or simply buy a copy of MS Office.
Apr 29, 2019 | www.nakedcapitalism.com
vlade , April 29, 2019 at 11:04 am
...I suspect that for both of those, when they hit, you need to resolve things quickly and efficiently, with panic being the worst enemy.
Panic in my experience stems from a number of things here, but two crucial ones are:
– input overload
– not knowing what to do, or learned actions not having any effect
Both of them can be, to a very large extent, overcome with training, training, and more training (of actually practising the emergency situation, not just reading about it and filling questionairres).
... ... ...
Apr 20, 2019 | www.zerohedge.com
Authored by Pepe Escobar via The Strategic Culture Foundation,
The Made-by-FBI indictment of Julian Assange does look like a dead man walking. No evidence. No documents. No surefire testimony. Just a crossfire of conditionals...
But never underestimate the legalese contortionism of US government (USG) functionaries. As much as Assange may not be characterized as a journalist and publisher, the thrust of the affidavit is to accuse him of conspiring to commit espionage.
In fact the charge is not even that Assange hacked a USG computer and obtained classified information; it's that he may have discussed it with Chelsea Manning and may have had the intention to go for a hack. Orwellian-style thought crime charges don't get any better than that. Now the only thing missing is an AI software to detect them.
Assange legal adviser Geoffrey Robertson – who also happens to represent another stellar political prisoner, Brazil's Lula – cut straight to the chase (at 19:22 minutes);
"The justice he is facing is justice, or injustice, in America I would hope the British judges would have enough belief in freedom of information to throw out the extradition request."
That's far from a done deal. Thus the inevitable consequence; Assange's legal team is getting ready to prove, no holds barred, in a British court, that this USG indictment for conspiracy to commit computer hacking is just an hors d'oeuvre for subsequent espionage charges, in case Assange is extradited to US soil.All about Vault 7
John Pilger, among few others, has already stressed how a plan to destroy WikiLeaks and Julian Assange was laid out as far back as 2008 – at the tail end of the Cheney regime – concocted by the Pentagon's shady Cyber Counter-Intelligence Assessments Branch.
It was all about criminalizing WikiLeaks and personally smearing Assange, using "shock troops enlisted in the media -- those who are meant to keep the record straight and tell us the truth."
This plan remains more than active – considering how Assange's arrest has been covered by the bulk of US/UK mainstream media.
By 2012, already in the Obama era, WikiLeaks detailed the astonishing "scale of the US Grand Jury Investigation" of itself. The USG always denied such a grand jury existed.
"The US Government has stood up and coordinated a joint interagency criminal investigation of Wikileaks comprised of a partnership between the Department of Defense (DOD) including: CENTCOM; SOUTHCOM; the Defense Intelligence Agency (DIA); Defense Information Systems Agency (DISA); Headquarters Department of the Army (HQDA); US Army Criminal Investigation Division (CID) for USFI (US Forces Iraq) and 1st Armored Division (AD); US Army Computer Crimes Investigative Unit (CCIU); 2nd Army (US Army Cyber Command); Within that or in addition, three military intelligence investigations were conducted. Department of Justice (DOJ) Grand Jury and the Federal Bureau of Investigation (FBI), Department of State (DOS) and Diplomatic Security Service (DSS). In addition, Wikileaks has been investigated by the Office of the Director of National Intelligence (ODNI), Office of the National CounterIntelligence Executive (ONCIX), the Central Intelligence Agency (CIA); the House Oversight Committee; the National Security Staff Interagency Committee, and the PIAB (President's Intelligence Advisory Board)."
But it was only in 2017, in the Trump era, that the Deep State went totally ballistic; that's when WikiLeaks published the Vault 7 files – detailing the CIA's vast hacking/cyber espionage repertoire.
This was the CIA as a Naked Emperor like never before – including the dodgy overseeing ops of the Center for Cyber Intelligence, an ultra-secret NSA counterpart.
WikiLeaks got Vault 7 in early 2017. At the time WikiLeaks had already published the DNC files – which the unimpeachable Veteran Intelligence Professionals for Sanity (VIPS) systematically proved was a leak, not a hack.
The monolithic narrative by the Deep State faction aligned with the Clinton machine was that "the Russians" hacked the DNC servers. Assange was always adamant; that was not the work of a state actor – and he could prove it technically.
There was some movement towards a deal, brokered by one of Assange's lawyers; WikiLeaks would not publish the most damning Vault 7 information in exchange for Assange's safe passage to be interviewed by the US Department of Justice (DoJ).
The DoJ wanted a deal – and they did make an offer to WikiLeaks. But then FBI director James Comey killed it. The question is why.It's a leak, not a hack
Some theoretically sound reconstructions of Comey's move are available. But the key fact is Comey already knew – via his close connections to the top of the DNC – that this was not a hack; it was a leak.
Ambassador Craig Murray has stressed, over and over again (see here ) how the DNC/Podesta files published by WikiLeaks came from two different US sources; one from within the DNC and the other from within US intel.
There was nothing for Comey to "investigate". Or there would have, if Comey had ordered the FBI to examine the DNC servers. So why talk to Julian Assange?
T he release by WikiLeaks in April 2017 of the malware mechanisms inbuilt in "Grasshopper" and the "Marble Framework" were indeed a bombshell. This is how the CIA inserts foreign language strings in source code to disguise them as originating from Russia, from Iran, or from China. The inestimable Ray McGovern, a VIPS member, stressed how Marble Framework "destroys this story about Russian hacking."
No wonder then CIA director Mike Pompeo accused WikiLeaks of being a "non-state hostile intelligence agency", usually manipulated by Russia.
Joshua Schulte, the alleged leaker of Vault 7, has not faced a US court yet. There's no question he will be offered a deal by the USG if he aggress to testify against Julian Assange.
It's a long and winding road, to be traversed in at least two years, if Julian Assange is ever to be extradited to the US. Two things for the moment are already crystal clear. The USG is obsessed to shut down WikiLeaks once and for all. And because of that, Julian Assange will never get a fair trial in the "so-called 'Espionage Court'" of the Eastern District of Virginia, as detailed by former CIA counterterrorism officer and whistleblower John Kiriakou.
Meanwhile, the non-stop demonization of Julian Assange will proceed unabated, faithful to guidelines established over a decade ago. Assange is even accused of being a US intel op, and WikiLeaks a splinter Deep State deep cover op.
Maybe President Trump will maneuver the hegemonic Deep State into having Assange testify against the corruption of the DNC; or maybe Trump caved in completely to "hostile intelligence agency" Pompeo and his CIA gang baying for blood. It's all ultra-high-stakes shadow play – and the show has not even begun.
JailBanksters , 40 minutes ago linkExPat2018 , 47 minutes ago link
Not to mention the Pentagram has silenced 100,000 whistleblower complaints by Intimidation, threats, money or accidents over 5 years . A Whistleblower only does this when know there is something seriously wrong. Just Imagine how many knew something was wrong but looked the other way.Betrayed , 2 hours ago link
George Galloway has a guest who explains it all https://www.youtube.com/watch?v=7VvPFMyPvHM&t=8sbesnook , 2 hours ago link
Maybe President Trump will maneuver the hegemonic Deep State into having Assange testify against the corruption of the DNC; or maybe Trump caved in completely to "hostile intelligence agency" Pompeo and his CIA gang baying for blood.
Escobar is brain dead if he can't figure out that Trumpenstein is totally on board with destroying Assange. As if bringing on pukes like PompAss, BoltON, and Abrams doesn't scream it._triplesix_ , 2 hours ago link
assange and wikileaks are the real criminals despite being crimeless. the **** is a sanctioned criminal, allowed to be criminal with the system because the rest of the sanctioned criminals would be exposed if she was investigated.
this is not the rule of laws. this is the law of rulers.Four chan , 34 minutes ago link
Anyone seen Imran Awan lately?
yeah those ***** go free because they got everything on the stupid dems and they are muslim.
assange exposes the podesta dws and clinton fraud against bernie voters+++ and hes the bad guy. yeah right
hillary clinton murdered seth rich sure as **** too.
Apr 10, 2019 | consortiumnews.com
Originally from: The 'Guccifer 2.0' Gaps in Mueller's Full Report April 18, 2019 • 12 Commentsave
Like Team Mueller's indictment last July of Russian agents, the full report reveals questions about Wikileaks' role that much of the media has been ignoring, writes Daniel Lazare.
By Daniel Lazare
Special to Consortium News
<img src="https://consortiumnews.com/wp-content/uploads/2018/04/Daniel-Lazare-150x150.jpg" alt="" width="100" height="100" /> A s official Washington pores over the Gospel According to Saint Robert, an all-important fact about the Mueller report has gotten lost in the shuffle. Just as the Christian gospels were filled with holes , the latest version is too – particularly with regard to WikiLeaks and Julian Assange.
The five pages that the special prosecutor's report devotes to WikiLeaks are essentially lifted from Mueller's indictment last July of 12 members of the Russian military intelligence agency known as the GRU. It charges that after hacking the Democratic National Committee, the GRU used a specially-created online persona known as Guccifer 2.0 to transfer a gigabyte's worth of stolen emails to WikiLeaks just as the 2016 Democratic National Convention was approaching. Four days after opening the encrypted file, the indictment says, "Organization 1 [i.e. WikiLeaks] released over 20,000 emails and other documents stolen from the DNC network by the Conspirators [i.e. the GRU]."<img aria-describedby="caption-attachment-35305" src="https://consortiumnews.com/wp-content/uploads/2019/04/Screen-Shot-2019-04-18-at-5.00.53-PM.png" alt="Barr holding press conference on full Mueller report, April 18, 2019. (YouTube)" width="1248" height="612" srcset="https://consortiumnews.com/wp-content/uploads/2019/04/Screen-Shot-2019-04-18-at-5.00.53-PM.png 848w, https://consortiumnews.com/wp-content/uploads/2019/04/Screen-Shot-2019-04-18-at-5.00.53-PM-400x196.png 400w, https://consortiumnews.com/wp-content/uploads/2019/04/Screen-Shot-2019-04-18-at-5.00.53-PM-768x377.png 768w, https://consortiumnews.com/wp-content/uploads/2019/04/Screen-Shot-2019-04-18-at-5.00.53-PM-700x343.png 700w, https://consortiumnews.com/wp-content/uploads/2019/04/Screen-Shot-2019-04-18-at-5.00.53-PM-160x78.png 160w" sizes="(max-width: 1248px) 100vw, 1248px" />
Attorney General William Barr holding press conference on full Mueller report, April 18, 2019. (YouTube)
Mueller's report says the same thing, but with the added twist that Assange then tried to cover up the GRU's role by suggesting that murdered Democratic National Committee staffer Seth Rich may have been the source and by telling a congressman that the DNC email heist was an "inside job" and that he had "physical proof" that the material was not from Russian.
All of which is manna from heaven for corporate news outlets eager to pile on Assange, now behind bars in London. An April 11, 2019, New York Times news analysis , for instance, declared that "[c]ourt documents have revealed that it was Russian intelligence – using the Guccifer persona – that provided Mr. Assange thousands of emails hacked from the Democratic National Committee," while another Times article published shortly after his arrest accuses the WikiLeaks founder of "promoting a false cover story about the source of the leaks."
But there's a problem: it ain't necessarily so. The official story that the GRU is the source doesn't hold water, as a timeline from mid-2016 shows. Here are the key events based on the GRU indictment and the Mueller report:June 12: Assange tells Britain's ITV that another round of Democratic Party disclosures is on the way: "We have upcoming leaks in relation to Hillary Clinton, which is great. WikiLeaks is having a very big year." June 14: The Democratic National Committee accuses Russia of hacking its computers. June 15: Guccifer 2.0 claims credit for the hack. "The main part of the papers, thousands of files and mails, I gave to WikiLeaks ," he brags . "They will publish them soon." June 22: WikiLeaks tells Guccifer via email: "Send any new material here for us to review and it will have a much higher impact than what you are doing." July 6: WikiLeaks sends Guccifer another email: "if you have anything hillary related we want it in the next tweo [ sic ] days prefable [ sic ] because the DNC [Democratic National Convention] is approaching and she will solidify bernie supporters behind her after."Replies Guccifer: "ok . . . i " July 14: Guccifer sends WikiLeaks an encrypted file titled "wk dnc link1.txt.gpg." July 18: WikiLeaks confirms it has opened "the 1Gb or so archive" and will release documents "this week." July 22: WikiLeaks releases more than 20,000 DNC emails and 8,000 other attachments.
According to Mueller and obsequious news outlets like the Times , the sequence is clear: Guccifer sends archive, WikiLeaks receives archive, WikiLeaks accesses archive, WikiLeaks publishes archive. Donald Trump may not have colluded with Russia, but Julian Assange plainly did. [Attorney General Will Barr, significantly calling WikiLeaks a publisher, said at his Thursday press conference: " Under applicable law, publication of these types of materials would not be criminal unless the publisher also participated in the underlying hacking conspiracy."]<img aria-describedby="caption-attachment-35300" src="https://consortiumnews.com/wp-content/uploads/2019/04/Screen-Shot-2019-04-18-at-4.24.13-PM.png" alt="Deputy Attorney General Rod Rosenstein announcing in 2018 a grand jury indictment of 12 Russian intelligence officers for hacking offenses related to the 2016 U.S. presidential election. (Wikimedia Commons) " width="1236" height="611" srcset="https://consortiumnews.com/wp-content/uploads/2019/04/Screen-Shot-2019-04-18-at-4.24.13-PM.png 973w, https://consortiumnews.com/wp-content/uploads/2019/04/Screen-Shot-2019-04-18-at-4.24.13-PM-400x198.png 400w, https://consortiumnews.com/wp-content/uploads/2019/04/Screen-Shot-2019-04-18-at-4.24.13-PM-768x380.png 768w, https://consortiumnews.com/wp-content/uploads/2019/04/Screen-Shot-2019-04-18-at-4.24.13-PM-700x346.png 700w, https://consortiumnews.com/wp-content/uploads/2019/04/Screen-Shot-2019-04-18-at-4.24.13-PM-160x79.png 160w" sizes="(max-width: 1236px) 100vw, 1236px" />
Deputy Attorney General Rod Rosenstein announcing in 2018 the grand jury indictment of 12 GRU agents. (Wikimedia Commons)
The narrative raises questions that the press studiously avoids. Why, for instance, would Assange announce on June 12 that a big disclosure is on the way before hearing from the supposed source? Was there a prior communication that Mueller has not disclosed? What about the reference to "new material" on June 22 – does that mean Assange already had other material in hand? After opening the Guccifer file on July 18, why would he publish it just four days later? Would that give WikiLeaks enough time to review some 28,000 documents to insure they're genuine?
Honor Bob Parry's legacy by donating to our Spring Fund Drive.
"If a single one of those emails had been shown to be maliciously altered," blogger Mark F. McCarty observes , "Wikileaks' reputation would have been in tatters." There's also the question that an investigator known as Adam Carter poses in Disobedient Media : why would Guccifer brag about giving WikiLeaks "thousands of files" that he wouldn't send for another month?
The narrative doesn't make sense – a fact that is crucially important now that Assange is fighting for his freedom in the U.K. New Yorker staff writer Raffi Khatchadourian sounded a rare note of caution last summer when he warned that little about Guccifer 2.0 adds up. While claiming to be the source for some of WikiLeaks ' most explosive emails, the material he released on his own had proved mostly worthless – 20 documents that he "said were from the DNC but which were almost surely not," as Khatchadourian puts it, a purported Hillary Clinton dossier that "was nothing of the sort," screenshots of emails so blurry as to be "unreadable," and so forth.<img aria-describedby="caption-attachment-35303" src="https://consortiumnews.com/wp-content/uploads/2019/04/John_Podesta_at_2nd_debate_full_image.jpg" alt="John Podesta at the spin room of the second presidential debate of 2016. (Voice of America via Wikimedia Commons)" width="500" height="341" srcset="https://consortiumnews.com/wp-content/uploads/2019/04/John_Podesta_at_2nd_debate_full_image.jpg 650w, https://consortiumnews.com/wp-content/uploads/2019/04/John_Podesta_at_2nd_debate_full_image-400x273.jpg 400w, https://consortiumnews.com/wp-content/uploads/2019/04/John_Podesta_at_2nd_debate_full_image-160x109.jpg 160w" sizes="(max-width: 500px) 100vw, 500px" />
John Podesta: Target of a phishing expedition. (Voice of America via Wikimedia Commons)
While insisting that "our source is not the Russian government and it is not a state party, Assange told Khatchadourian that the source was not Guccifer either. "We received quite a lot of submissions of material that was already published in the rest of the press, and people seemingly submitted the Guccifer archives," he said somewhat cryptically. "We didn't publish them. They were already published." When Khatchadourian asked why he didn't put the material out regardless, he replied that "the material from Guccifer 2.0 – or on WordPress – we didn't have the resources to independently verify."
No Time for Vetting
So four days was indeed too short a time to subject the Guccifer file to proper vetting. Of course, Mueller no doubt regards this as more "dissembling," as his report describes it. Yet WikiLeaks has never been caught in a lie for the simple reason that honesty and credibility are all-important for a group that promises to protect anonymous leakers who supply it with official secrets. (See "Inside WikiLeaks : Working with the Publisher that Changed the World," Consortium News , July 19, 2018.) Mueller, by contrast, has a rich history of mendacity going back to his days as FBI director when he sought to cover up the Saudi role in 9/11 and assured Congress on the eve of the 2003 invasion that Iraqi weapons of mass destruction pose "a clear threat to our national security."<img aria-describedby="caption-attachment-35301" src="https://consortiumnews.com/wp-content/uploads/2019/04/MuellerBushImage.jpg" alt="Mueller with President George W. Bush on July 5, 2001, as he is being appointed FBI director. (White House)" width="501" height="373" srcset="https://consortiumnews.com/wp-content/uploads/2019/04/MuellerBushImage.jpg 600w, https://consortiumnews.com/wp-content/uploads/2019/04/MuellerBushImage-400x298.jpg 400w, https://consortiumnews.com/wp-content/uploads/2019/04/MuellerBushImage-160x119.jpg 160w" sizes="(max-width: 501px) 100vw, 501px" />
Mueller with President George W. Bush on July 5, 2001, as he is being appointed FBI director. (White House)
So if the Mueller narrative doesn't hold up, the charge of dissembling doesn't either. Indeed , as ex-federal prosecutor Andrew C. McCarthy observes in The National Review , the fact that the feds have charged Assange with unauthorized access to a government computer rather than conspiring with the Kremlin could be a sign that Team Mueller is less than confident it can prove collusion beyond a reasonable doubt. As he puts it, the GRU indictment "was more like a press release than a charging instrument" because the special prosecutor knew that the chances were zero that Russian intelligence agents would surrender to a U.S. court.
Indeed, when Mueller charged 13 employees and three companies owned by Russian businessman Yevgeny Prigozhin with interfering in the 2016 election, he clearly didn't expect them to surrender either. Thus , his team seemed taken aback when one of the alleged " troll farms " showed up in Washington asking to be heard. The prosecution's initial response, as McCarthy put it , was to seek a delay "on the astonishing ground that the defendant has not been properly served – notwithstanding that the defendant has shown up in court and asked to be arraigned." When that didn't work, prosecutors tried to limit Concord's access to some 3.2 million pieces of evidence on the grounds that the documents are too " sensitive " for Russian eyes to see. If they are again unsuccessful, they may have no choice but to drop the charges entirely, resulting in yet another " public relations disaster " for the Russia-gate investigation.
None of which bodes well for Mueller or the news organizations that worship at his shrine. After blowing the Russia-gate story all these years, why does the Times continue to slander the one news organization that tells the truth?
Daniel Lazare is the author of "The Frozen Republic: How the Constitution Is Paralyzing Democracy" (Harcourt Brace, 1996) and other books about American politics. He has written for a wide variety of publications from The Nation to Le Monde Diplomatique and blogs about the Constitution and related matters at D aniellazare.com .
Apr 19, 2019 | consortiumnews.com
Abe , April 18, 2019 at 23:23
Behind the Omar Outrage: Suppressed History of the pro-Israel Lobby
Max Blumenthal's article and his 2019 book, The Management of Savagery: How America's National Security State Fueled the Rise of Al Qaeda, ISIS, and Donald Trump (2019), is an impressive exercise in burying the lede.
Blumenthal does chronicle a decades-long panoply of active measures by numerous pro-Israel Lobby figures, groups and think tanks. Yet he fails to explicitly recognize the connection between pro-Israel Lobby efforts and the covert operations and overt invasions of America's national security state.
Julian Assange of Wikileaks was more explicit. Assange named the "country that has interfered in U.S. elections, has endangered Americans living or working overseas and has corrupted America's legislative and executive branches. It has exploited that corruption to initiate legislation favorable to itself, has promoted unnecessary and unwinnable wars and has stolen American technology and military secrets. Its ready access to the mainstream media to spread its own propaganda provides it with cover for its actions and it accomplishes all that and more through the agency of a powerful and well-funded domestic lobby [ ] That country is, of course, Israel."
Apr 19, 2019 | www.moonofalabama.org
somebody , Apr 18, 2019 10:41:06 AM | link
Add to 80
Early Assange :The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie. This must result in minimization of efficient internal communications mechanisms (an increase in cognitive "secrecy tax") and consequent system-wide cognitive decline resulting in decreased ability to hold onto power as the environment demands adaption.
Hence in a world where leaking is easy, secretive or unjust systems are nonlinearly hit relative to open, just systems. Since unjust systems, by their nature induce opponents, and in many places barely have the upper hand, mass leaking leaves them exquisitely vulnerable to those who seek to replace them with more open forms of governance.
Apr 18, 2019 | www.moonofalabama.org
somebody , Apr 18, 2019 6:52:44 AM | link
@wisdombody | Apr 18, 2019 3:09:38 AM | 71
They are the hacker/security blackhat/whitehead scene.
Another example where the actions of the empire bite back.
To understand where they are coming from read Yasha Levine's Surveillance Valley
US Tech Companies have an extremely nice "inclusive" "open" "transparent" company culture. People who don't drink the kool aid can deal with it, people who are on the Asperger/Authism range can't. And these are the people extremely gifted for tech.
Basically US military and secret services believed that Western "Freedom" (TM) was such a powerful advantage in global competition that open anonymous systems connecting dissidents would work to their advantage. They forgot that some people can't do double think.
Wikileaks started as a Chinese dissident project which certainly had the support of the US military-intelligence complex. It quickly became something else, simply because the people working in the project believed the ideology behind it and could not see that what is right for a Chinese dissident against the Chinese state was not right for a US dissident against the US state.
With Julian Assange in Belmarsh prison, everything about "open society" "transparency" "free media" "supporting dissidents" is in dispute.
Apr 18, 2019 | www.youtube.com
Angelor Not , 1 week agofionnualaable , 1 week ago
Assange has exposed so much of the Obama and Clinton cabal that they and their henchman would try any means possible to not have him extradited.Driver Driver , 3 days ago (edited)
(From a horrified and disgusted Brit) My highest regard for: - the 3 dedicated panelists; - those among the honest Spanish police mentioned; - the brave Ecuadorian journalists pursuing presidential corruption charges; and: - elements of the UN not yet become toothless tigers re basic human rights. I have little if any hope such moral fibre will prevail (or be ALLOWED to do so) in the UK. Corruption and blind stupidity seem to have gone too far here, as they have in the USA, and possibly also even in the remaining "5 eyes" countries. Iberia (Portuguese Guteras at UN) has a chance to triumph in justice over degenerate Anglo-Saxon increasingly dictatorship regimes. Will they triumph? We'll see. The whole world will see. And the world has many many more than a mere 5 eyes.A M , 6 days ago
The new president of Ecuador is a real thief. A real crook.Hoomanna Dee , 1 week ago
It's disgusting how the governments behave as we've seen the truth in Wikileaks which remains correct and truth 100% of the time...that's what the governments are scared of..... the truth and transparency..... it shows them for what they are hypocrites and lairs......!!!ishant 7 , 4 days ago
Bit hard to spy on corrupt world leaders without the internet. Pretty sure Moreno has his own set of enemies, since he's blackmailing or bankrolling everyone in his sight with the backing of Goldman Sachs. Also black kettle, that's the most surveilled building in the world inside and out.
Asylees are not supposed to be treated like criminals, he's without charge. The US, Ecuador's current government and the UK are violating international law. And the press is an anemic mess. Our message to them: you're next.
All journalism utilises sources and those sources are entitled to protection. Not a grand jury. Not a supermax. Not torture.nick f , 1 day ago
In India we call these so called journalisfs as PRESSTITUTESNassau Events , 2 days ago
The cockroaches dont like when the rock is lifted and we see them for what they are. Assange lifted the rock and now the cockroaches are out to get him.Needful Things Company , 6 days ago
It is not surprising that Equodoreian leader has failed the integrity of the country and the people of Equodoreian. The fact that Julian Assange had full asylum was granted to him with full protection, it proved the government before protected the souverign country and its citizens as a country which is respected and free from any kind of being a puppet or slave and master position. Assange' s case is extremely important but in the meantime the position of Equodoreian people are let down on the world platform of shame. The day the new leader left Equodoreian naked.
This is so wrong! He needs to be protected. Unless they are bringing him to USA to testify against the Clinton/Obama crimes. We never would have found out anything of the corruption and take down of the USA if it were not for his investigating reporting! Because the crooks got caught and exposed they are trying to destroy him. He acted like a reporter or what they use to be like. Just like the Nixon days but they broke into files. Assange was given information. He was not the spy from what I can gather! They should be thanking him for exposing the crimes that have been going on!
Apr 18, 2019 | thesaker.is
worldblee on April 16, 2019 , · at 3:56 pm EST/EDTThat video is on fire! Good stuff!Павел (Paul) on April 17, 2019 , · at 9:43 am EST/EDTIt is funny but the problem remains... I want to see serious hard hitting justice whatever it takes.vot tak on April 17, 2019 , · at 8:28 pm EST/EDTOops, wrong "button".
"Authorized by the united bitches of america." Yeah, israel's bitches.
Apr 17, 2019 | www.presstv.com
Dr. Paul, the founder of the Ron Paul Institute for Peace and Prosperity, made the remarks on Monday while discussing the violent arrest of Assange by UK Metropolitan Police last week at the Ecuadorian embassy in London, after the Moreno government cancelled his asylum.
The Australian whistleblower was arrested on behalf of the US on Thursday at the Ecuadorean embassy in London, where he had been granted asylum since 2012.
Assange, 47, is wanted by the US government for publishing classified documents related to the Iraq and Afghanistan wars that were leaked by American whistleblower Chelsea Manning. Assange spent seven years at the Ecuadorian embassy before his arrest.
"We have two foreign policies. We tell people what to do. And if they do it, we reward them. We give them a lot of money. If they don't, they're in for big trouble, they're liable to get bombed; we invade them, and there will be a coup," Dr. Paul said.
"We find that Moreno, the president of Ecuador, did not do badly. He's been playing footsies with us, and gaining some money and he delivered, you know, after he became president – it's shame because the previous president the one that allowed or at least would at least Assange could be 'protected' to some degree," he stated.
"But he (Moreno) evidently is out form and now of course he has delivered him. And this might not be even all of that. This probably is official tool of ours to provide these funds," the analyst noted.
"The IMF has already delivered $4.2 billion to [Ecuador], and there's another six billion dollars in the pipeline for that," he said.PressTV-Moreno: Assange used Ecuador's London Embassy for spying President Moreno claims the WikiLeaks founder tried to use Ecuador's Embassy in London for spying activities during his almost seven-year stay.
Moreno on Sunday accused Assange of trying to use Ecuador's embassy in London as a "center for spying," and said that the decision to strip the whistleblower of his political asylum followed "violations" of that status.
In an interview with The Guardian , Moreno defended his decision on the Assange case.
"It is unfortunate that, from our territory and with the permission of authorities of the previous government, facilities have been provided within the Ecuadoran Embassy in London to interfere in processes of other states," the president said.
Apr 16, 2019 | www.zerohedge.com
Anunnaki , 11 hours ago linkAnunnaki , 11 hours ago link
If Trump pardoned Assange, I would consider that draining the swamp. But Orange Jewlius is a Deep State **** socket, so the swamp has grown to a lagoonrtb61 , 12 hours ago link
Jimmy Dore and Tucker Carlson nail it
https://m.youtube.com/watch?v=SnwC_1Pf9VQOZZIDOWNUNDER , 9 hours ago link
Clearly the US government has zero respect for Australia, Australian Law or Australian citizens. The case is shite, else they would allow Assange to be deported to Australia and the extradition hearing to be heard there. They refuse because they know their case is shite and they would have to prove it in Australia before they could get extradition.
The USA is not an ally of Australia because it does not respect Australian law, not in the least. Prove US respect of Australians by deporting Assange to Australia and holding the extradition hearings there, else look as guilty as shite and never ever to be trusted by Australians.NYC80 , 13 hours ago link
The US Govt respects NOBODY but its own Interests. It's the Australian Govt that's complicit in this travesty of Nil justice. The Gutless Australian Govt has NO interest in helping Julian Assange because they were persuaded NOT to by their American masters. It hurts that your own Govt are total A$$holes & follow USA into Crimes with out question. The Australian Govt has a History of lip service only when assistance Overseas is required. **** them !Ms No , 14 hours ago link
Assange probably is a narcissist. So what? All the people criticizing him are, too. At least he's an honest narcissist. In everything he's published, not a single item has even been allegedly false. Can any of these other so-called "journalists" demonstrate that level of accuracy?
Here is a good article on Assange. Explains the cat. Things were okay for him under the real elected president of Ecuador, except no sunlight thanks to US spooks.
Apr 16, 2019 | www.unz.com
Saoirse , says: April 13, 2019 at 1:39 am GMThttp://raymcgovern.com/
Ray on Why the Deep State Hates Julian Assange
Apr 15, 2019 | www.zerohedge.com
Myth #2: Assange Will Get a Fair Trial In the U.S.
14-year CIA officer John Kiriakou notes :
Assange has been charged in the Eastern District of Virginia -- the so-called "Espionage Court." That is just what many of us have feared. Remember, no national security defendant has ever been found not guilty in the Eastern District of Virginia . The Eastern District is also known as the "rocket docket" for the swiftness with which cases are heard and decided. Not ready to mount a defense? Need more time? Haven't received all of your discovery? Tough luck. See you in court.
I have long predicted that Assange would face Judge Leonie Brinkema were he to be charged in the Eastern District. Brinkema handled my case, as well as CIA whistleblower Jeffrey Sterling's. She also has reserved the Ed Snowden case for herself. Brinkema is a hanging judge .
Brinkema gave me literally no chance to defend myself . At one point, while approaching trial, my attorneys filed 70 motions, asking that 70 classified documents be declassified so that I could use them to defend myself. I had no defense without them. We blocked off three days for the hearings. When we got to the courtroom, Brinkema said, "Let me save everybody a lot of time. I'm going to deny all 70 of these motions. You don't need any of this information to be declassified." The entire process took a minute. On the way out of the courtroom, I asked my lead attorney what had just happened. "We just lost the case. That's what happened. Now we talk about a plea."
My attorneys eventually negotiated a plea for 30 months in prison -- significantly below the 45 years that the Justice Department had initially sought. The plea was something called an 11-C1C plea; it was written in stone and could not be changed by the judge. She could either take it or leave it. She took it, but not after telling me to rise, pointing her finger at me, and saying, "Mr. Kiriakou, I hate this plea. I've been a judge since 1986 and I've never had an 11C1C. If I could, I would give you ten years." Her comments were inappropriate and my attorneys filed an ethics complaint against her. But that's Brinkema. That's who she is.
Julian Assange doesn't have a prayer of a fair trial in the Eastern District of Virginia.
Apr 15, 2019 | www.zerohedge.com
Assange's arrest represents an abuse of power, highlighting not only how true journalism has now been banished in the West, but also how politicians, journalists, news agencies and think-tanks collude with each other to silence people
Apr 12, 2019 | spectator.us
The nine-year gap long after Manning had been charged, found guilty, and released from prison suggests that there is something ulterior going on here. The offenses outlined in the indictment are on extraordinarily weak legal footing. Part of the criminal 'conspiracy,' prosecutors allege, is that Assange sought to protect Manning as a source and encouraged her to provide government records in the public interest.
This is standard journalistic practice.
And it is now being criminalized by the Trump DoJ, while liberals celebrate from the sidelines eager to join hands with the likes of Mike Pompeo and Lindsey Graham. You could not get a more sinister confluence of political fraudsters.
They meaning most Democrats will never get over their grudge against Assange for having dared to expose the corruption of America's ruling party in 2016, which they believed help deprive their beloved Hillary of her rightful ascension to the presidential throne. Once again, Rep. Tulsi Gabbard is among the few exceptions.
The DNC and Podesta email releases, now distilled reductively into the term 'Russian interference,' contained multitudinous newsworthy revelations, as evidenced by the fact that virtually the entire US media reported on them. (Here, feel free to refresh your memory on this as well.) But for no reason other than pure partisan score-settling, elite liberals are willing to toss aside any consideration for the dire First Amendment implications of Assange's arrest and cry out with joy that this man they regard as innately evil has finally been ensnared by the punitive might of the American carceral state.
Trump supporters and Trump himself also look downright foolish. It takes about two seconds to Google all the instances in which Trump glowingly touted WikiLeaks on the 2016 campaign trail. 'I love WikiLeaks!' he famously proclaimed on October 10, 2016 in Wilkes-Barre, Penn.
Presumably this expression of 'love' was indication that Trump viewed WikiLeaks as providing a public service. If not, perhaps some intrepid reporter can ask precisely what his 'love' entailed. He can pretend all he wants now that he's totally oblivious to WikiLeaks, but it was Trump himself who relayed that he was contemporaneously reading the Podesta emails in October 2016, and reveling in all their newsworthiness. If he wanted, he could obviously intercede and prevent any unjust prosecution of Assange. Trump has certainly seen fit to complain publicly about all matter of other inconvenient Justice Department activity, especially as it pertained to him or his family members and associates. But now he's acting as though he's never heard of WikiLeaks, which is just pitiful: not a soul believes it, even his most ardent supporters.
Sean Hannity became one of Assange's biggest fans in 2016 and 2017, effusively lavishing him with praise and even visiting him in the Ecuadorian embassy in London for an exclusive interview. One wonders whether Hannity, who reportedly speaks to his best buddy Trump every night before bedtime, will counsel a different course on this matter. There's also the question of whether Trump's most vehement online advocates, who largely have become stalwart defenders of WikiLeaks, will put their money where their mouth is and condition their continued support on Assange not being depredated by the American prison system.
Assange accomplished more in 2010 alone than any of his preening media antagonists will in their entire lifetime, combined. Your feelings about him as a person do not matter. He could be the scummiest human on the face of Earth, and it would not detract from the fact that he has brought revelatory information to public that would otherwise have been concealed. He has shone light on some of the most powerful political factions not just in the US, but around the world. This will remain true regardless of whether Trump capitulates to the 'Deep State' and goes along with this utterly chilling, free speech-undermining prosecution.
I personally have supported Assange since I started in journalism, nine years ago, not because I had any special affinity for the man himself (although the radical transparency philosophy he espoused was definitely compelling). My support was based on the fact that Assange had devised a novel way to hold powerful figures to account, whose nefarious conduct would otherwise go unexamined but for the methods he pioneered. As thanks, he was holed up in a tiny embassy for nearly seven years until yesterday, when they hauled him out ignominiously to face charges in what will likely turn out to be a political show trial. Donald Trump has the ability to stop this, but almost certainly won't. And that's all you need to know about him.
Apr 13, 2019 | www.unz.com
For seven years, we have had to listen to a chorus of journalists, politicians and "experts" telling us that Assange was nothing more than a fugitive from justice, and that the British and Swedish legal systems could be relied on to handle his case in full accordance with the law. Barely a "mainstream" voice was raised in his defence in all that time.
... ... ...
The political and media establishment ignored the mounting evidence of a secret grand jury in Virginia formulating charges against Assange, and ridiculed Wikileaks' concerns that the Swedish case might be cover for a more sinister attempt by the US to extradite Assange and lock him away in a high-security prison, as had happened to whistleblower Chelsea Manning.
... ... ...
Equally, they ignored the fact that Assange had been given diplomatic status by Ecuador, as well as Ecuadorean citizenship. Britain was obligated to allow him to leave the embassy, using his diplomatic immunity, to travel unhindered to Ecuador. No "mainstream" journalist or politician thought this significant either.
... ... ...
They turned a blind eye to the news that, after refusing to question Assange in the UK, Swedish prosecutors had decided to quietly drop the case against him in 2015. Sweden had kept the decision under wraps for more than two years.
... ... ...
Most of the other documents relating to these conversations were unavailable. They had been destroyed by the UK's Crown Prosecution Service in violation of protocol. But no one in the political and media establishment cared, of course.
Similarly, they ignored the fact that Assange was forced to hole up for years in the embassy, under the most intense form of house arrest, even though he no longer had a case to answer in Sweden. They told us -- apparently in all seriousness -- that he had to be arrested for his bail infraction, something that would normally be dealt with by a fine.
... ... ...
This was never about Sweden or bail violations, or even about the discredited Russiagate narrative, as anyone who was paying the vaguest attention should have been able to work out. It was about the US Deep State doing everything in its power to crush Wikileaks and make an example of its founder.
It was about making sure there would never again be a leak like that of Collateral Murder, the military video released by Wikileaks in 2007 that showed US soldiers celebrating as they murdered Iraqi civilians. It was about making sure there would never again be a dump of US diplomatic cables, like those released in 2010 that revealed the secret machinations of the US empire to dominate the planet whatever the cost in human rights violations.
Now the pretence is over. The British police invaded the diplomatic territory of Ecuador -- invited in by Ecuador after it tore up Assange's asylum status -- to smuggle him off to jail. Two vassal states cooperating to do the bidding of the US empire. The arrest was not to help two women in Sweden or to enforce a minor bail infraction.
No, the British authorities were acting on an extradition warrant from the US. And the charges the US authorities have concocted relate to Wikileaks' earliest work exposing the US military's war crimes in Iraq -- the stuff that we all once agreed was in the public interest, that British and US media clamoured to publish themselves.
Still the media and political class is turning a blind eye. Where is the outrage at the lies we have been served up for these past seven years? Where is the contrition at having been gulled for so long? Where is the fury at the most basic press freedom -- the right to publish -- being trashed to silence Assange? Where is the willingness finally to speak up in Assange's defence?
It's not there. There will be no indignation at the BBC, or the Guardian, or CNN. Just curious, impassive -- even gently mocking -- reporting of Assange's fate.
And that is because these journalists, politicians and experts never really believed anything they said. They knew all along that the US wanted to silence Assange and to crush Wikileaks. They knew that all along and they didn't care. In fact, they happily conspired in paving the way for today's kidnapping of Assange.
They did so because they are not there to represent the truth, or to stand up for ordinary people, or to protect a free press, or even to enforce the rule of law. They don't care about any of that. They are there to protect their careers, and the system that rewards them with money and influence. They don't want an upstart like Assange kicking over their applecart.
Now they will spin us a whole new set of deceptions and distractions about Assange to keep us anaesthetised, to keep us from being incensed as our rights are whittled away, and to prevent us from realising that Assange's rights and our own are indivisible. We stand or fall together.
Jonathan Cook won the Martha Gellhorn Special Prize for Journalism. His books include "Israel and the Clash of Civilisations: Iraq, Iran and the Plan to Remake the Middle East" (Pluto Press) and "Disappearing Palestine: Israel's Experiments in Human Despair" (Zed Books). His website is www.jonathan-cook.net .
anonymous  • Disclaimer , says: April 12, 2019 at 10:41 am GMTThank you.Digital Samizdat , says: April 12, 2019 at 5:11 pm GMT
This should be an uncomfortable time for the “journalists” of the Establishment. Very few will speak up as does Mr. Cook. Watch how little is said about the recent Manning re-imprisonment to sweat out grand jury testimony. Things may have grown so craven that we’ll even see efforts to revoke Mr. Assange’s awards.
This is also a good column for us to share with those people who just might want not to play along with the lies that define Exceptionalia.Carlton Meyer , says: • Website April 13, 2019 at 4:32 am GMT
… from the moment Julian Assange first sought refuge in the Ecuadorean embassy in London, they have been telling us we were wrong, that we were paranoid conspiracy theorists. We were told there was no real threat of Assange’s extradition to the United States, that it was all in our fevered imaginations.
It all reminds me of Rod Dreher’s Law of Merited Impossibility: “That’ll never happen. And when it does , boy won’t you deserve it!”
Equally, they ignored the fact that Assange had been given diplomatic status by Ecuador, as well as Ecuadorean citizenship. Britain was obligated to allow him to leave the embassy, using his diplomatic immunity, to travel unhindered to Ecuador. No “mainstream” journalist or politician thought this significant either.
Why would they? They don’t even recognize diplomatic status for heads of state who get in their way! Remember what they did to President Evo Morales of Bolivia back when he was threatening to grant asylum to Ed Snowden? Here’s a refresher:
Any way you slice, this is a sad for liberty.From my blog:The Alarmist , says: April 13, 2019 at 5:01 am GMT
Apr 13, 2019 – Julian Assange
People who just watch corporate media think Julian Assange is a bad guy who deserves life in prison, except those who watch the great Tucker Carlson. Watch his recent show where he explains why our corporate media and political class hate Assange.
He is charged with encouraging Army Private Chelsea Manning to send him embarrassing information, specifically this video of a US Army Apache helicopter gunning down civilians in broad daylight in Baghdad.
But there is no proof of this, and Manning has repeatedly said he never communicated to Assange about anything. Manning got eight years in prison for this crime; the Apache pilots were never charged. and now they want to hang Assange for exposing a war crime. I have recommend this great 2016 interview twice, where Assange calmly explains the massive corruption that patriotic FBI agents refer to as the “Clinton Crime Family.”
This gang is so powerful that it ordered federal agents to spy on the Trump political campaign, and indicted and imprisoned some participants in an attempt to pressure President Trump to step down. It seems Trump still fears this gang, otherwise he would order his attorney general to drop this bogus charge against Assange, then pardon him forever and invite him to speak at White House press conferences.Endgame Napoleon , says: April 13, 2019 at 6:14 am GMT
“… they ignored the fact that Assange was forced to hole up for years in the embassy, under the most intense form of house arrest, even though he no longer had a case to answer in Sweden.”
Meh! Assange should have walked out the door of the embassy years ago. He might have ended up in the same place, but he could have seized the moral high ground by seeking asylum in Britain for fear of the death penalty in the US, which was a credible fear given public comments by various US officials. By rotting away in the Ecuadorian embassy, be greatly diminished any credibility he might have had to turn the UK judicial system inside out to his favour. Now he’s just a creepy looking bail jumper who flung faeces against the wall, rather than being a persecuted journalist.@Johnny Rottenborough Millionaire politicians on both sides of the political fence get very emotional about anything that impacts their own privacy & safety and the privacy & safety of their kin, while ignoring the issues that jeopardize the privacy & safety of ordinary voters. While corporate-owned politicians get a lot out of this game, ordinary voters who have never had less in the way of Fourth Amendment privacy rights, and whose First Amendment rights are quickly shrinking to the size of Assange’s, do not get the consolation of riches without risk granted to bought-off politicians in this era’s pay-to-play version of democracy. It’s a lose / lose for average voters.Tom Welsh , says: April 13, 2019 at 9:31 am GMTMr Cook’s criticism of the mainstream media (MSM) is absolutely justified.UncommonGround , says: April 13, 2019 at 10:13 am GMT
It seems to me that their hatred of Mr Assange reflects the unfortunate fact that, while he is a real journalist, they actually aren’t. Instead, they are stenographers for power: what Paul Craig Roberts calls “presstitutes” (a very happy coinage which exactly hits the bull’s eye).
The difference is that real journalists, like Mr Assange, Mr Roberts and Mr Cook, are mainly motivated by the search for objective truth – which they then publish, as far as they are able.
Whereas those people who go by the spurious names of “journalist”, “reporter”, “editor”, etc. are motivated by the desire to go on earning their salaries, and to gain promotion and “distinction” in society. (Sad but true: social distinction is often gained by performing acts of dishonesty and downright wickedness).
Here are some interesting quotations that cast some light on this disheartening state of affairs. If you look carefully at their dates you may be surprised to find that nothing has changed very much since the mid-19th century.
‘Marr: “How can you know that I’m self-censoring? How can you know that journalists are…”
‘Chomsky: “I’m not saying you’re self censoring. I’m sure you believe everything you’re saying. But what I’m saying is that if you believed something different, you wouldn’t be sitting where you’re sitting”’.
– Transcript of interview between Noam Chomsky and Andrew Marr (Feb. 14, 1996) https://scratchindog.blogspot.com/2015/07/transcript-of-interview-between-noam.html
‘If something goes wrong with the government, a free press will ferret it out and it will get fixed. But if something goes wrong with our free press, the country will go straight to hell’.
– I. F. Stone (as reported by his son Dr Jeremy J Stone) http://russia-insider.com/en/media-criticism/hey-corporate-media-glenn-greenwald-video-can-teach-you-what-real-journalism/ri6669
‘There is no such a thing in America as an independent press, unless it is out in country towns. You are all slaves. You know it, and I know it. There is not one of you who dares to express an honest opinion. If you expressed it, you would know beforehand that it would never appear in print. I am paid $150 for keeping honest opinions out of the paper I am connected with. Others of you are paid similar salaries for doing similar things. If I should allow honest opinions to be printed in one issue of my paper, I would be like Othello before twenty-four hours: my occupation would be gone. The man who would be so foolish as to write honest opinions would be out on the street hunting for another job. The business of a New York journalist is to distort the truth, to lie outright, to pervert, to vilify, to fawn at the feet of Mammon, and to sell his country and his race for his daily bread, or for what is about the same — his salary. You know this, and I know it; and what foolery to be toasting an “Independent Press”! We are the tools and vassals of rich men behind the scenes. We are jumping-jacks. They pull the string and we dance. Our time, our talents, our lives, our possibilities, are all the property of other men. We are intellectual prostitutes’.
– John Swinton (1829–1901), Scottish-American journalist, newspaper publisher, and orator. https://en.wikiquote.org/wiki/John_Swinton http://www.rense.com/general20/yes.htm
‘The press today is an army with carefully organized arms and branches, with journalists as officers, and readers as soldiers. But here, as in every army, the soldier obeys blindly, and war-aims and operation-plans change without his knowledge. The reader neither knows, nor is allowed to know, the purposes for which he is used, nor even the role that he is to play. A more appalling caricature of freedom of thought cannot be imagined. Formerly a man did not dare to think freely. Now he dares, but cannot; his will to think is only a willingness to think to order, and this is what he feels as his liberty’.
– Oswald Spengler, “The Decline of the West” Vol. II, trans. C.F. Atkinson (1928), p. 462
‘How do wars start? Wars start when politicians lie to journalists, then believe what they read in the press’.
– Karl Kraus, “Through Western Eyes – Russia Misconstrued” http://www.hellevig.net/ebook/Putin’s%20new%20Russia.pdf
And finally, two quotations from classic novels which go to the heart of the matter.
‘It is difficult to get a man to understand something when his salary depends upon his not understanding it’.
– Upton Sinclair
‘Sometimes a man wants to be stupid if it lets him do a thing his cleverness forbids’.
– John Steinbeck (“East of Eden”)Very good article. There is one point that I would like to make: Assange asked for asyl before he went to the embassy of Ecuador and Ecuador gave him asylum. This meant that they had an obligation to protect him. It’s really unbeliavable that a country gives asylum to someone and half way tells that they have changed their mind and will let the person be arrested. ” We told you you would be safe with us, but now we just changed our mind”. Assange also became a citizen of Ecuador and this possibly means that Ecuador couldn’t have let him been arrested in their embassy by the police of another country without a process against him in Ecuador and without him having the right to defend himself in a court. Many countries don’t extradit their citizens to other countries.EliteCommInc. , says: April 13, 2019 at 10:59 am GMT
Another remark. For years there were uncountable articles about Assange in The Guardian. Those articles were read by many people and got really many comments. There were very fierce discussions about him with thousends of comments. With time The Guardian turned decisively against him and published articles againt him. There were people there who seemed to hate him. In the last days there were again many articles about him. They pronounce themselves discretely against his extradition to the US even if showing themselves to be critical of him as if trying to justify their years of attacks against him. But one detail: I didn’t find even one article in The Guardian where you can comment the case. Today for instance you can comment an article by Gaby Hinsliff about Kim Kardashian. Marina Hyde talks in an article about washing her hair (whatever else she wants to say, with 2831 comments at this moment). But you don’t find any article about Assange that you can comment. 10 or 8 or 5 years ago there were hundreds of articles about him that you could comment.The game afoot here is obvious.Tsar Nicholas , says: April 13, 2019 at 11:38 am GMT
UK PM May said about Assange – “no one is above the law” – proving she is a weak sister without a clue.
No one is above the law except the British government, which ignored the provisions of the EU Withdrawal Act requiring us to leave on March 29th.
No one is above the law except for the US and the UK which have illegally deployed forces to Syria against the wishes of the government in Damascus.
And Tony Blair, a million dead thanks to his corruption. He should be doing time in a Gulag for his evil crimes.
And of course, the black MP for Peterborough – Fiona Onasanya – served a mere three weeks in jail for perverting the course of justice, normally regarded as a very serious offence. But she was out in time – electronic tag and curfew notwithstanding – to vote in the House of Commons against leaving the EU.
Mar 17, 2019 | consortiumnews.com
O Society , March 16, 2019 at 7:55 am
The Truth is Out There. I Want to Believe!
Same old scams, different packaging. That's New & Improved for you.
Raymond Comeau , March 15, 2019 at 12:35 pm
I could not suffer through reading the whole article. This is mainly because I have watched the news daily about Mueller's Investigation and I sincerely believe that Mueller is Champion of the Democrats who are trying to depose President Donald Trump at any cost.
For what Mueller found any decent lawyer with a Degree and a few years of experience could have found what Mueller found for far far less money. Mueller only found common crimes AND NO COLLUSION BETWEEN PRESIDENT TRUMP AND PUTIN!
The Mueller Investigation should be given to an honest broker to review, and Mueller should be paid only what it would cost to produce the commonplace crimes Mueller, The Democrats, and CNN has tried to convince the people that indeed Trump COLLUDED with RUSSIA. Mueller is, a BIG NOTHING BURGER and THE DEMOCRATS AND CNN ARE MUELLER'S SINGING CANARYS! Mueller should be jailed.
Bogdan Miller , March 15, 2019 at 11:04 am
This article explains why the Mueller Report is already highly suspect. For another thing, we know that since before 2016, Democrats have been studying Russian Internet and hacking tactics, and posing as Russian Bots/Trolls on Facebook and other media outlets, all in an effort to harm President Trump.
It appears the FBI, CIA, and NSA have great difficulty in differentiating between Russians and Democrats posing as Russians.
B.J.M. Former Intelligence Analyst and Humint Collector
vinnieoh , March 15, 2019 at 8:17 am
Moving on: the US House yesterday voted UNANIMOUSLY (remember that word, so foreign these days to US governance?) to "urge" the new AG to release the complete Mueller report.
A non-binding resolution, but you would think that the Democrats can't see the diesel locomotive bearing down on their clown car, about to smash it to pieces. The new AG in turn says he will summarize the report and that is what we will see, not the entire report. And taxation without representation takes a new twist.
... ... ...
Raymond Comeau , March 15, 2019 at 12:38 pm
What else would you expect from two Political Parties who are really branches of the ONE Party which Represents DEEP STATE".
DWS , March 15, 2019 at 5:58 am
Maybe the VIPS should look into the murder of Seth Rich, the DNC staffer who had the security clearance required to access the DNC servers, and who was murdered in the same week as the emails were taken. In particular, they should ask why the police were told to stand down and close the murder case without further investigation.
Raymond Comeau , March 15, 2019 at 12:47 pm
EXACTLY! But, Deep State will not allow that. And, it would ruin the USA' plan to continue to invade more sovereign countries and steal their resources such as oil and Minerals. The people of the USA must be Ostriches or are so terrified that they accept anything their Criminal Governments tell them.
Eventually, the chickens will come home to roost and perhaps the USA voters will ROAST when the crimes of the USA sink the whole country. It is time for a few Brave Men and Women to find their backbones and throw out the warmongers and their leading Oligarchs!
KiwiAntz , March 14, 2019 at 6:44 pm
What a brilliant article, so logical, methodical & a forensic, scientific breakdown of the phony Russiagate project? And there's no doubt, this was a co-ordinated, determined Intelligence project to reverse the results of the 2016 Election by initiating a soft coup or Regime change op on a elected Leader, a very American Coup, something the American Intelligence Agencies specialise in, everywhere else, on a Global scale, too get Trump impeached & removed from the Whitehouse?
If you can't get him out via a Election, try & try again, like Maduro in Venezuela, to forcibly remove the targeted person by setting him up with fake, false accusations & fabricated evidence? How very predictable & how very American of Mueller & the Democratic Party. Absolute American Corruption, corrupts absolutely?
Brian Murphy , March 15, 2019 at 10:33 am
Right. Since its purpose is to destroy Trump politically, the investigation should go on as long as Trump is in office. Alternatively, if at this point Trump has completely sold out, that would be another reason to stop the investigation.
If the investigation wraps up and finds nothing, that means Trump has already completely sold out. If the investigation continues, it means someone important still thinks Trump retains some vestige of his balls.
DH Fabian , March 14, 2019 at 1:19 pm
By last June or July the Mueller investigation has resulted in roughly 150 indictments for perjury/financial crimes, and there was a handful of convictions to date. The report did not support the Clinton wing's anti-Russian allegations about the 2016 election, and was largely brushed aside by media. Mueller was then reportedly sent back in to "find something." presumably to support the anti-Russian claims.
mike k , March 14, 2019 at 12:57 pm
From the beginning of the Russia did it story, right after Trump's electoral victory, it was apparent that this was a fraud. The democratic party however has locked onto this preposterous story, and they will go to their graves denying this was a scam to deny their presidential defeat, and somehow reverse the result of Trump's election. My sincere hope is that this blatant lie will be an albatross around the party's neck, that will carry them down into oblivion. They have betrayed those of us who supported them for so many years. They are in many ways now worse than the republican scum they seek to replace.
DH Fabian , March 14, 2019 at 1:26 pm
Trump is almost certain to be re-elected in 2020, and we'll go through this all over again.
Tom , March 14, 2019 at 12:00 pm
The very fact that the FBI never had access to the servers and took the word of a private company that had a history of being anti-Russian is enough to throw the entire ruse out.
LJ , March 14, 2019 at 2:39 pm
Agreed!!!! and don't forget the FBI/Comey gave Hillary and her Campaign a head's up before they moved to seize the evidence. . So too, Comey said he stopped the Investigation , thereby rendering judgement of innocence, even though by his own words 'gross negligence' had a occurred (which is normally considered grounds for prosecution). In doing so he exceeded the FBI's investigative mandate. He rationalized that decision was appropriate because of the appearance of impropriety that resulted from Attorney General Lynch having a private meeting on a plane on a runway with Bill and Hillary . Where was the logic in that. Who called the meeting? All were Lawyers who had served as President, Senator, Attorney General and knew that the meeting was absolutely inappropriate. . Comey should be prosecuted if they want to prosecute anyone else because of this CRAP. PS Trump is an idiot. Uhinfortunately he is just a symptom of the disease at this point. Look at the cover of Rolling Stone magazine , carry a barf bag.
Jane Christ , March 14, 2019 at 6:51 pm
Exactly. This throws doubt on the ability of the FBI to work independently. They are working for those who want to cover -up the Hillary mess . She evidently has sufficient funds to pay them off. I am disgusted with the level of corruption.
hetro , March 14, 2019 at 10:50 am
Nancy Pelosi's announcement two days ago that the Democrats will not seek impeachment for Trump suggests the emptiness of the Mueller investigation on the specific "collusion" issue. If there were something hot and lingering and about to emerge, this decision is highly unlikely, especially with the reasoning she gave at "so as not to divide the American people." Dividing the people hasn't been of much concern throughout this bogus witch hunt on Trump, which has added to his incompetence in leavening a growing hysteria and confusion in this country. If there is something, anything at all, in the Mueller report to support the collusion theory, Pelosi would I'm sure gleefully trot it out to get a lesser candidate like Pence as opposition for 2020.
James Clooney , March 14, 2019 at 11:17 am
We know and Assange has confirmed Seth Rich, assassinated in D.C. for his deed, downloaded the emails and most likely passed them on to former British ambassador Craig Murray in a D.C. park for transport to Wikileaks.
We must also honor Shawn Lucas assassinated for serving DNC with a litigation notice exposing the DNC conspiracy against Sanders.
hetro , March 14, 2019 at 3:18 pm
Where has Assange confirmed this? Assange's long-standing position is NOT to reveal his sources. I believe he has continued to honor this position.
Skip Scott , March 15, 2019 at 7:15 am
It has merely been insinuated by the offering of a reward for info on Seth's murder. In one breath he says wikileaks will never divulge a source, and in the next he offers a $20k reward saying that sources take tremendous risk. Doesn't take much of a logical leap to connect A to B.
DH Fabian , March 14, 2019 at 1:30 pm
Are you aware that Democrats split apart their 0wn voting base in the 1990s, middle class vs. poor? The Obama years merely confirmed that this split is permanent. This is particularly relevant for Democrats, as their voting base had long consisted of the poor and middle class, for the common good. Ignoring this deep split hasn't made it go away.
hetro , March 14, 2019 at 3:24 pm
Even more important is how the Democrats have sold out to an Establishment view favoring neocon theory, since at least Bill Clinton. Pelosi's recent behavior with Ilhan Omar confirms this and the split you're talking about. My point is it is distinctly odd that Pelosi is discouraging impeachment on "dividing the Party" (already divided, of course, as you say), whereas the Russia-gate fantasy was so hot not that long ago. Again it points to a cynical opportunism and manipulation of the electorate. Both parties are a sad excuse to represent ordinary people's interests.
Skip Scott , March 15, 2019 at 7:21 am
She said "dividing the country", not the party. I think she may have concerns over Trump's heavily armed base. That said, the statement may have been a ruse. There are plenty of Republicans that would cross the line in favor of impeachment with the right "conclusions" by Mueller. Pelosi may be setting up for a "bombshell" conclusion by Mueller. One must never forget that we are watching theater, and that Trump was a "mistake" to be controlled or eliminated.
Cindy Haddix , March 14, 2019 at 8:04 am
Mueller should be ashamed that he has made President Trump his main concern!! If all this investigation would stop he could save America millions!!! He needs to quit this witch-hunt and worry about things that really need to be handled!!! If the democrats and Trump haters would stop pushing senseless lies hopefully this would stop ? It's so disgusting that his democrat friend was never really investigated ? stop the witch-hunt and move forward!!!!
torture this , March 14, 2019 at 7:29 am
According to this letter, mistakes might have been made on Rachel Maddow's show. I can't wait to read how she responds. I'd watch her show, myself except that it has the same effect on me as ipecac.
Zhu , March 14, 2019 at 3:37 am
People will cling to "Putin made Trump President!!!" much as many cling "Obama's a Kenyan Muslim! Not a real American!!!". Both nut theories are emotionally satisfying, no matter what the historical facts are. Many Americans just can't admit their mistakes and blaming a scapegoat is a way out.
O Society , March 14, 2019 at 2:03 am
Thank you VIPS for organizing this legit dissent consisting of experts in the field of intelligence and computer forensics.
This so-called "Russiagate" narrative is an illustration of our "freedom of the press" failure in the US due to groupthink and self censorship. He who pays the piper is apt to call the tune.
It is astounding how little skepticism and scientifically-informed reasoning goes on in our media. These folks show themselves to be native advertising rather than authentic journalists at every turn.
DH Fabian , March 14, 2019 at 1:33 pm
But it has been Democrats and the media that market to middle class Dems, who persist in trying to sell the Russian Tale. They excel at ignoring the evidence that utterly contradicts their claims.
O Society , March 15, 2019 at 3:50 pm
Oh, we're well beyond your "Blame the middle class Dems" stage.
The WINNING!!! team sports bullshit drowns the entire country now the latrine's sprung a leak. People pretend to live in bubbles made of blue or red quite like the Three Little Pigs, isn't it? Except instead of a house made of bricks saving the day for the littlepiggies, what we've got here is a purple puddle of piss.
Everyone's more than glad to project all our problems on "THEM" though, aren't we?
Meanwhile, the White House smells like a urinal not washed since the 1950s and simpletons still get their rocks off arguing about whether Mickey Mouse can beat up Ronald McDonald.
T'would be comic except what's so tragic is the desperate need Americans have to believe, oh just believe! in something. Never mind the sound of the jackhammer on your skull dear, there's an app for that or is it a pill?
I don't know, don't ask me, I'm busy watching TV. Have a cheeto.
Sam F , March 13, 2019 at 6:45 pm
Very good analysis clearly stated, especially adding the FAT timestamps to the transmission speeds.
Minor corrections: "The emails were copied from the network" should be "from the much faster local network" because this is to Contradict the notion that they were copied over the internet network, which most readers will equate with "network." Also "reportedin" should be "reported in."
Michael , March 13, 2019 at 6:25 pm
It is likely that New Knowledge was actually "the Russians", possibly working in concert with Crowdstrike. Once an intelligence agency gets away with something like pretending to be Russian hackers and bots, they tend to re-use their model; it is too tempting to discard an effective model after a one-off accomplishment. New Knowledge was caught interfering/ determining the outcome in the Alabama Senate race on the side of Democrat Doug Jones, and claimed they were merely trying to mimic Russian methods to see if they worked (they did; not sure of their punishment?). Occam's razor would suggest that New Knowledge would be competent to mimic/ pretend to be "Russians" after the fact of wikileaks' publication of emails. New Knowledge has employees from the NSA and State department sympathetic to/ working with(?) Hillary, and were the "outside" agency hired to evaluate and report on the "Russian" hacking of the DNC emails/ servers.
DH Fabian , March 13, 2019 at 5:48 pm
Mueller released report last summer, which resulted in (the last I checked) roughly 150 indictments, a handful of convictions to date, all for perjury/financial (not political) crimes. This wasn't kept secret. It simply wasn't what Democrats wanted to hear, so although it was mentioned in some lib media (which overwhelmingly supported neoliberal Hillary Clinton), it was essentially swept under the carpet.
Billy , March 13, 2019 at 11:11 pm
Barr, Sessions, every congressmen all the corporate MSM war profiteer mouth pieces. They all know that "Russia hacked the DNC" and "Russia meddled" is fabricated garbage. They don't care, because their chosen war beast corporate candidate couldn't beat Donald goofball Trump. So it has to be shown that the war beast only lost because of nefarious reasons. Because they're gonna run another war beast cut from the same cloth as Hillary in 2020.
Realist , March 14, 2019 at 3:22 am
You betcha. Moreover, who but the Russians do these idiots have left to blame? Everybody else is now off limits due to political correctness. Sigh Those Catholics, Jews, "ethnics" and sundry "deviants" used to be such reliable scapegoats, to say nothing of the "undeveloped" world. As Clapper "authoritatively" says, only this vile lineage still carries the genes for the most extremes of human perfidy. Squirrels in your attic? It must be the damned Russkies! The bastards impudently tried to copy our democracy, economic system and free press and only besmirched those institutions, ruining all of Hillary's glorious plans for a worldwide benevolent dictatorship. All this might be humorous if it weren't so funny.
And those Chinese better not get to thinking they are somehow our equals just because all their trillions invested in U.S. Treasury bonds have paid for all our wars of choice and MIC boondoggles since before the turn of the century. Unless they start delivering Trump some "free stuff" the big man is gonna cut off their water. No more affordable manufactured goods for the American public! So there!
As to the article: impeccable research and analysis by the VIPS crew yet again. They've proven to me that, to a near certainty, the Easter Bunny is not likely to exist. Mueller won't read it. Clapper will still prance around a free man, as will Brennan. The Democrats won't care, that is until November of 2020. And Hillary will continue to skate, unhindered in larding up the Clinton Foundation to purposes one can only imagine.
Joe Tedesky , March 14, 2019 at 10:02 pm
I have posted this article 'the Russia they Lost' before and from time to time but once again it seems appropriate to add this link to expound upon for what you've been saying. It's an article written by a Russian who in they're youth growing up in the USSR dreamed of living the American lifestyle if Russia were to ever ditch communism. But . Starting with Kosovo this Russian's youthful dream turned nightmarishly ugly and, as time went by with more and yet even more USA aggression this Russian author loss his admiration and desire for all things American to be proudly envied. This is a story where USA hard power destroyed any hope of American soft power for world unity. But hey that unity business was never part of the plan anyway.
Realist , March 15, 2019 at 10:38 pm
right you are, joe. if america was smart rather than arrogant, it would have cooperated with china and russia to see the belt and road initiative succeed by perhaps building a bridge or tunnel from siberia to alaska, and by building its own fleet of icebreakers to open up its part of the northwest passage. but no, it only wants to sabotage what others propose. that's not being a leader, it's being a dick.
i'm gonna have to go on the disabled list here until the sudden neurological problem with my right hand clears up–it's like paralysed. too difficult to do this one-handed using hunt and peck. at least the problem was not in the old bean, according to the scans. carry on, sir.
Brian James , March 13, 2019 at 5:04 pm
Mar 4, 2019 Tom Fitton: President Trump a 'Crime Victim' by Illegal Deep State DOJ & FBI Abuses: https://youtu.be/ixWMorWAC7c
DH Fabian , March 13, 2019 at 5:55 pm
Trump is a willing player in this game. The anti-Russian Crusade was, quite simply, a stunningly reckless, short-sighted effort to overturn the 2016 election, removing Trump to install Hillary Clinton in office. Trump and the Republicans continue to win by default, as Democrats only drive more voters away.
Howard , March 13, 2019 at 4:36 pm
Thank you Ray McGovern and the Other 17 VIPS C0-Signers of your National Security Essay for Truth. Along with Craig Murray and Seymour Hirsch, former Sam Adams Award winners for "shining light into dark places", you are national resources for objectivity in critical survival information matters for our country. It is more than a pity that our mainstream media are so beholden to their corporate task masters that they cannot depart from the company line for fear of losing their livelihoods, and in the process we risk losing life on the planet because of unconstrained nuclear war on the part of the two main adversaries facing off in an atmosphere of fear and mistrust. Let me speak plainly. THEY SHOULD BE TALKING TO YOU AND NOT THE VESTED INTERESTS' MOUTHPIECES. Thank you for your continued leadership!
James Clooney , March 14, 2019 at 11:28 am
Roger Ailes founder of FOX news died, "falling down stairs" within a week of FOX news exposing to the world that the assassinated Seth Rich downloaded the DNC emails.
DH Fabian , March 13, 2019 at 6:03 pm
Google the Mueller investigation report from last June or July. When it was released, the public response was like a deflated balloon. It did not support the "Russian collusion" allegations -- the only thing Democrats still had left to sell. The report resulted in roughly 150 indictments for perjury/financial crimes (not political), and a handful of convictions to date -- none of which had anything to do with the election results.
Hank , March 13, 2019 at 6:19 pm
Much ado about nothing. All the talk and chatter and media airplay about "Russian meddling" in the 2016 election only tells me that these liars think the American public is that stupid. They are probably right, but the REAL reason that Hillary lost is because there ARE enough informed people now in this nation who are quite aware of the Clinton's sordid history where scandals seem to follow every where they go, but indictments and/or investigations don't. There IS an internet nowadays with lots of FACTUAL DOCUMENTED information. That's a lot more than I can say about the mainstream corporate-controlled media!
I know this won't ever happen, but an HONEST investigation into the Democratic Party and their actions during the 2016 election would make ANY collusion with ANY nation look like a mole hill next to a mountain! One of the problems with living in this nation is if you are truly informed and make an effort 24/7 to be that way by doing your own research, you more-than-likely can be considered an "island in a sea of ignorance".
Tom , March 14, 2019 at 12:13 pm
We know that the FBI never had access to the servers and a private company was allowed to handle the evidence. Wasnt it a crime scene? The evidence was tampered with And we will never know what was on the servers.
Mark McCarty , March 13, 2019 at 4:10 pm
As a complement to this excellent analysis, I would like to make 2 further points:
The Mueller indictment of Russian Intelligence for hacking the DNC and transferring their booty to Wikileaks is absurd on its face for this reason: Assange announced on June 12th the impending release of Hillary-related emails. Yet the indictment claims that Guccifer 2.0 did not succeed in transferring the DNC emails to Wikileaks until the time period of July 14-18th – after which they were released online on July 22nd. Are we to suppose that Assange, a publisher of impeccable integrity, publicly announced the publication of emails he had not yet seen, and which he was obtaining from a source of murky provenance? And are we further to suppose that Wikileaks could have processed 20K emails and 20K attachments to insure their genuineness in a period of only several days? As you will recall, Wikileaks subsequently took a number of weeks to process the Podesta emails they released in October.
And another peculiarity merits attention. Assange did not state on June 12th that he was releasing DNC emails – and yet Crowdstrike and the Guccifer 2.0 personna evidently knew that this was in store. A likely resolution of this conundrum is that US intelligence had been monitoring all communications to Wikileaks, and had informed the DNC that their hacked emails had been offered to Wikileaks. A further reasonable prospect is that US intelligence subsequently unmasked the leaker to the DNC; as Assange has strongly hinted, this likely was Seth Rich. This could explain Rich's subsequent murder, as Rich would have been in a position to unmask the Guccifer 2.0 hoax and the entire Russian hacking narrative.
Sam F , March 13, 2019 at 7:06 pm
Curious that Assange has Not explicitly stated that the leaker was Seth Rich, if it was, as this would take pressure from himself and incriminate the DNC in the murder of Rich. Perhaps he doesn't know, and has the honor not to take the opportunity, or perhaps he knows that it was not Rich.
James Clooney , March 14, 2019 at 11:40 am
View the Dutch TV interview with Asssange and there is another interview available on youtube in which Assange DOES subtly confirmed it was Seth Rich.
Assange posted a $10,000 reward for Seth Rich's murders capture.
Abby , March 13, 2019 at 10:11 pm
Another mistaken issue with the "Russia hacked the DNC computers on Trump's command" is that he never asked Russia to do that. His words were, "Russia if you 'find' Hillary's missing emails let us know." He said that after she advised congress that she wouldn't be turning in all of the emails they asked for because she deleted 30,000 of them and said that they were personal.
But if Mueller or the FBI wants to look at all of them they can find them at the NYC FBI office because they are on Weiner's laptop. Why? Because Hillary's aid Huma Abedin, Weiner's wife sent them to it. Just another security risk that Hillary had because of her private email server. This is why Comey had to tell congress that more of them had been found 11 days before the election. If Comey hadn't done that then the FBI would have.
But did Comey or McCabe look at her emails there to see if any of them were classified? No they did not do that. And today we find out that Lisa Page told congress that it was Obama's decision not to charge Hillary for being grossly negligent on using her private email server. This has been known by congress for many months and now we know that the fix was always in for her to get off.
robert e williamson jr , March 13, 2019 at 3:26 pm
I want to thank you folks at VIPS. Like I have been saying for years now the relationship between CIA, NSA and DOJ is an incestuous one at best. A perverse corrupted bond to control the masses. A large group of religious fanatics who want things "ONE WAY". They are the facilitators for the rogue government known as the "DEEP STATE"!
Just ask billy barr.
More truth is a very good thing. I believe DOJ is supporting the intelligence community because of blackmail. They can't come clean because they all risk doing lots of time if a new judicial mechanism replaces them. We are in big trouble here.
Apparently the rule of law is not!
You folks that keep claiming we live in the post truth era! Get off me. Demand the truth and nothing else. Best be getting ready for the fight of your lives. The truth is you have to look yourself in the mirror every morning, deny that truth. The claim you are living in the post truth era is an admission your life is a lie. Now grab a hold of yourself pick a dogdamned side and stand for something,.
Thank You VIPS!
Joe Tedesky , March 13, 2019 at 2:58 pm
Hats off to the VIP's who have investigated this Russian hacking that wasn't a hacking for without them what would we news junkies have otherwise to lift open the hood of Mueller's never ending Russia-gate investigation. Although the one thing this Russia-gate nonsense has accomplished is it has destroyed with our freedom of speech when it comes to how we citizens gather our news. Much like everything else that has been done during these post 9/11 years of continual wars our civil rights have been marginalized down to zero or, a bit above if that's even still an argument to be made for the sake of numbers.
Watching the Manafort sentencing is quite interesting for the fact that Manafort didn't conclude in as much as he played fast and loose with his income. In fact maybe Manafort's case should have been prosecuted by the State Department or, how about the IRS? Also wouldn't it be worth investigating other Geopolitical Rain Makers like Manafort for similar crimes of financial wrongdoing? I mean is it possible Manafort is or was the only one of his type to do such dishonest things? In any case Manafort wasn't charged with concluding with any Russians in regard to the 2016 presidential election and, with that we all fall down.
I guess the best thing (not) that came out of this Russia-gate silliness is Rachel Maddow's tv ratings zoomed upwards. But I hate to tell you that the only ones buying what Ms Maddow is selling are the died in the wool Hillary supporters along with the chicken-hawks who rally to the MIC lobby for more war. It's all a game and yet there are many of us who just don't wish to play it but still we must because no one will listen to the sanity that gets ignored keep up the good work VIP's some of us are listening.
Andrew Thomas , March 13, 2019 at 12:42 pm
The article did not mention something called to my attention for the first time by one of the outstanding members of your commentariat just a couple of days ago- that Ambassador Murray stayed publicly, over two years ago, that he had been given the thumb drive by a go-between in D.C. and had somehow gotten it to Wikileaks. And, that he has NEVER BEEN INTERVIEWED by Mueller &Company. I was blown away by this, and found the original articles just by googling Murray. The excuse given is that Murray "lacks credibility ", or some such, because of his prior relationship with Assange and/or Wikileaks. This is so ludicrous I can't even get my head around it. And now, you have given me a new detail-the meeting with Pompeo, and the complete lack of follow-up thereafter. Here all this time I thought I was the most cynical SOB who existed, and now I feel as naive as when I was 13 and believed what Dean Rusk was saying like it was holy writ. I am in your debt.
Bob Van Noy , March 13, 2019 at 2:33 pm
Andrew Thomas I'm afraid that huge amounts of our History post 1947 is organized and propagandized disinformation. There is an incredible page that John Simpkin has organized over the years that specifically addresses individuals, click on a name and read about them. https://spartacus-educational.com/USAdisinformation.htm
Mark McCarty , March 13, 2019 at 4:18 pm
A small correction: the Daily Mail article regarding Murray claimed that Murray was given a thumbdrive which he subsequently carried back to Wikileaks. On his blog, Murray subsequently disputed this part of the story, indicating that, while he had met with a leaker or confederate of a leaker in Washington DC, the Podesta emails were already in possession of Wikileaks at the time. Murray refused to clarify the reason for his meeting with this source, but he is adamant in maintaining that the DNC and Podesta emails were leaked, not hacked.
And it is indeed ludicrous that Mueller, given the mandate to investigate the alleged Russian hacking of the DNC and Podesta, has never attempted to question either Assange or Murray. That in itself is enough for us to conclude that the Mueller investigation is a complete sham.
Ian Brown , March 13, 2019 at 4:43 pm
It's pretty astonishing that Mueller was more interested in Roger Stone and Jerome Corsi as credible sources about Wikileaks and the DNC release than Craig Murray!
LJ , March 13, 2019 at 12:29 pm
A guy comes in with a pedigree like that, """ former FBI head """ to examine and validate if possible an FBI sting manufactured off a phony FISA indictment based on the Steele Report, It immediately reminded me of the 9-11 Commission with Thomas Kean, former Board member of the National Endowment for Democracy, being appointed by GW Bush the Simple to head an investigation that he had previously said he did not want to authorize( and of course bi partisan yes man Lee Hamilton as #2, lest we forget) . Really this should be seen as another low point in our Democracy. Uncle Sam is the Limbo Man, How low can you go?
After Bill and Hillary and Monica and Paula Jones and Blue Dresses well, Golden Showers in a Moscow luxury hotel, I guess that make it just salacious enough.
Mueller looks just like what he is. He has that same phony self important air as Comey . In 2 years this will be forgotten.. I do not think this hurts Trumps chances at re-election as much as the Democrats are hurting themselves. This has already gone on way too long.
Drew Hunkins , March 13, 2019 at 11:59 am
Mueller has nothing and he well knows it. He was willingly roped into this whole pathetic charade and he's left grasping for anything remotely tied to Trump campaign officials and Russians.
Even the most tenuous connections and weak relationships are splashed across the mass media in breathless headlines. Meanwhile, NONE of the supposed skulduggery unearthed by Mueller has anything to do with the Kremlin "hacking" the election to favor Trump, which was the entire raison d'etre behind Rosenstein, Brennan, Podesta and Mueller's crusade on behalf of the deplorable DNC and Washington militarist-imperialists. It will be fascinating to witness how Mueller and his crew ultimately extricate themselves from this giant fraudulent edifice of deceit. Will they even be able to save the most rudimentary amount of face?
So sickening to see the manner in which many DNC sycophants obsequiously genuflect to their godlike Mueller. A damn prosecutor who was likely in bed with the Winter Hill Gang.
Jack , March 13, 2019 at 12:21 pm
You have failed. An investigation is just that, a finding of the facts. What would Mueller have to extricate himself from? If nothing is found, he has still done his job. You are a divisive idiot.
Skip Scott , March 13, 2019 at 1:13 pm
Yes, he has done his job. And his job was to bring his royal Orangeness to heel, and to make sure that detente and co-operation with Russia remained impossible. The forever war continues. Mission Accomplished.
Drew Hunkins , March 13, 2019 at 2:12 pm
Keep running cover for an out of control prosecutor, who, if he had any integrity, would have hit the bully pulpit mos ago declaring there's nothing of substance to one of the most potentially dangerous accusations in world history: the Kremlin hacking the election. Last I checked it puts two nuclear nation-states on the brink of potential war. And you call me divisive? Mueller's now a willing accomplice to this entire McCarthyite smear and disinformation campaign. It's all so pathetic that folks such as yourself try and mislead and feed half-truths to the people.
You're failing Jack, in more ways than you know.
Gregory Herr , March 13, 2019 at 9:13 pm
Drew, you might enjoy this discussion Robert Scheer has with Stephen Cohen and Katrina vanden Heuvel.
Realist , March 15, 2019 at 3:38 am
Moreover, as the Saker pointed out in his most recent column in the Unz Review, the entire Deep State conspiracy, in an ad hoc alliance with the embarrassed and embarrassing Democrats, have made an absolute sham of due process in their blatant witch hunt to bag the president. This reached an apex when his personal lawyer, Mr. Cohen, was trotted out before congress to violate Trump's confidentiality in every mortifying way he could even vaguely reconstruct. The man was expected to say anything to mitigate the anticipated tortures to come in the course of this modern day inquisition by our latter day Torquemada. To his credit though, even with his ass in a sling, he could simply not confabulate the smoking gun evidence for the alleged Russian collusion that this whole farce was built around.
Tom , March 14, 2019 at 12:30 pm
Mueller stood with Bush as he lied the world into war based on lies and illegally spied on America and tortured some folks.
George Collins , March 13, 2019 at 2:02 pm
QED: as to the nexus with the Winter Hill gang wasn't there litigation involving the Boston FBI, condonation of murder by the FBI and damages awarded to or on behalf of convicted parties that the FBI had reason to know were innocent? The malfeasance reportedly occurred during Mueller time. Further on the sanctified diligence of Mr. Mueller can be gleaned from the reports of Coleen Rowley, former FBI attorney stationed in Milwaukee??? when the DC FBI office was ignoring warnings sent about 9/11. See also Sibel Edmonds who knew to much and was court order muzzled about FBI mis/malfeasance in the aftermath of 9/11.
I'd say it's game, set, match VIPS and a pox on Clapper and the complicit intelligence folk complicit in the nuclear loaded Russia-gate fibs.
Kiers , March 13, 2019 at 11:47 am
How can we expect the DNC to "hand it " to Trumpf, when, behind the scenes, THEY ARE ONE PARTY. They are throwing faux-scary pillow bombs at each other because they are both complicit in a long chain of corruptions. Business as usual for the "principled" two party system! Democracy! Through the gauze of corporate media! You must be joking!
Skip Scott , March 13, 2019 at 11:28 am
"We believe that there are enough people of integrity in the Department of Justice to prevent the outright manufacture or distortion of "evidence," particularly if they become aware that experienced scientists have completed independent forensic study that yield very different conclusions."
I wish I shared this belief. However, as with Nancy Pelosi's recent statement regarding pursuing impeachment, I smell a rat. I believe with the help of what the late Robert Parry called "the Mighty Wurlitzer", Mueller is going to use coerced false testimony and fabricated forensics to drop a bombshell the size of 911. I think Nancy's statement was just a feint before throwing the knockout punch.
If reason ruled the day, we should have nothing to worry about. But considering all the perfidy that the so-called "Intelligence" Agencies and their MSM lackeys get away with daily, I think we are in for more theater; and I think VIPS will receive a cold shoulder outside of venues like CN.
I pray to God I'm wrong.
Sam F , March 13, 2019 at 7:32 pm
My extensive experience with DOJ and the federal judiciary establishes that at least 98% of them are dedicated career liars, engaged in organized crime to serve political gangs, and make only a fanatical pretense of patriotism or legality. They are loyal to money alone, deeply cynical and opposed to the US Constitution and laws, with no credibility at all beyond any real evidence.
Eric32 , March 14, 2019 at 4:24 pm
As near I can see, Federal Govt. careers at the higher levels depend on having dirt on other players, and helping, not hurting, the money/power schemes of the players above you.
The Clintons (through their foundation) apparently have a lot of corruption dirt on CIA, FBI etc. top players, some of whom somehow became multi-millionaires during their civil service careers.
Trump, who was only running for President as a name brand marketing ploy with little desire to actually win, apparently came into the Presidency with no dirt arsenal and little idea of where to go from there.
Bob Van Noy , March 13, 2019 at 11:09 am
I remember reading with dismay how Russians were propagandized by the Soviet Press Management only to find out later the depth of disbelief within the Russian population itself. We now know what that feels like. The good part of this disastrous scenario for America is that for careful readers, disinformation becomes revelatory. For instance, if one reads an editorial that refers to the Russian invasion of Ukraine, or continually refers to Russian interference in the last Presidential election, then one can immediately dismiss the article and question the motivation for the presentation. Of course the problem is how to establish truth in reporting
Jeff Harrison , March 13, 2019 at 10:41 am
Thank you, VIPs. Hopefully, you don't expect this to make a difference. The US has moved into a post truth, post reality existence best characterized by Karl Rove's declaration: "we're an empire now, when we act, we create our own reality." What Mr. Rove in his arrogance fails to appreciate is that it is his reality but not anyone else's. Thus Pompous can claim that Guaido is the democratic leader in Venezuela even though he's never been elected .
Gary Weglarz , March 13, 2019 at 10:21 am
Thank you. The next time one of my friends or family give me that glazed over stare and utters anymore of the "but, RUSSIA" nonsense I will refer them directly to this article. Your collective work and ethical stand on this matter is deeply appreciated by anyone who values the truth.
Russiagate stands with past government propaganda operations that were simply made up out of thin air: i.e. Kuwaiti incubator babies, WMD's, Gaddafi's viagra fueled rape camps, Assad can't sleep at night unless he's gassing his own people, to the latest, "Maduro can't sleep at night unless he's starving his own people."
The complete and utter amorality of the deep state remains on display for all to see with "Russiagate," which is as fact-free a propaganda campaign as any of those just mentioned.
Marc , March 13, 2019 at 10:13 am
I am a computer naif, so I am prepared to accept the VIPS analysis about FAT and transfer rates. However, the presentation here leaves me with several questions. First, do I understand correctly that the FAT rounding to even numbers is introduced by the thumb drive? And if so, does the FAT analysis show only that the DNC data passed through a thumb drive? That is, does the analysis distinguish whether the DNC data were directly transferred to a thumb drive, or whether the data were hacked and then transferred to a thumb drive, eg, to give a copy to Wikileaks? Second, although the transatlantic transfer rate is too slow to fit some time stamps, is it possible that the data were hacked onto a local computer that was under the control of some faraway agent?
Jeff Harrison , March 13, 2019 at 11:12 am
Not quite. FAT is the crappy storage system developed by Microsoft (and not used by UNIX). The metadata associated with any file gets rewritten when it gets moved. If that movement is to a storage device that uses FAT, the timestamp on the file will end in an even number. If it were moved to a unix server (and most of the major servers run Unix) it would be in the UFS (unix file system) and it would be the actual time from the system clock. Every storage device has a utility that tells it where to write the data and what to write. Since it's writing to a storage device using FAT, it'll round the numbers. To get to your real question, yes, you could hack and then transfer the data to a thumb drive but if you did that the dates wouldn't line up.
Skip Scott , March 14, 2019 at 8:05 am
Which dates wouldn't line up? Is there a history of metadata available, or just metadata for the most recent move?
David G , March 13, 2019 at 12:22 pm
Marc asks: "[D]oes the analysis distinguish whether the DNC data were directly transferred to a thumb drive, or whether the data were hacked and then transferred to a thumb drive, eg, to give a copy to Wikileaks?"
I asked that question in comments under a previous CN piece; other people have asked that question elsewhere.
To my knowledge, it hasn't been addressed directly by the VIPS, and I think they should do so. (If they already have, someone please enlighten me.)
Skip Scott , March 13, 2019 at 1:07 pm
I am no computer wiz, but Binney has repeatedly made the point that the NSA scoops up everything. If there had been a hack, they'd know it, and they wouldn't only have had "moderate" confidence in the Jan. assessment. I believe that although farfetched, an argument could be made that a Russian spy got into the DNC, loaded a thumb drive, and gave it to Craig Murray.
David G , March 13, 2019 at 3:31 pm
Respectfully, that's a separate point, which may or may not raise issues of its own.
But I think the question Marc posed stands.
Skip Scott , March 14, 2019 at 7:59 am
I don't see how it's separate. If the NSA scoops up everything, they'd have solid evidence of the hack, and wouldn't have only had "moderate" confidence, which Bill Binney says is equivalent to them saying "we don't have squat". They wouldn't even have needed Mueller at all, except to possibly build a "parallel case" due to classification issues. Also, the FBI not demanding direct access to the DNC server tells you something is fishy. They could easily have gotten a warrant to examine the server, but chose not to. They also purposely refuse to get testimony from Craig Murray and Julian Assange, which rings alarm bells on its own.
As for the technical aspect of Marc's question, I agree that I'd like to see Bill Binney directly answer it.
Mar 13, 2019 | Consortiumnews
The final Mueller report should be graded "incomplete," says VIPS, whose forensic work proves the speciousness of the story that DNC emails published by WikiLeaks came from Russian hacking.
MEMORANDUM FOR: The Attorney General
FROM: Veteran Intelligence Professionals for Sanity (VIPS)
SUBJECT: Mueller's Forensics-Free Findings
Media reports are predicting that Special Counsel Robert Mueller is about to give you the findings of his probe into any links and/or coordination between the Russian government and individuals associated with the campaign of President Donald Trump. If Mueller gives you his "completed" report anytime soon, it should be graded "incomplete."
Major deficiencies include depending on a DNC-hired cybersecurity company for forensics and failure to consult with those who have done original forensic work, including us and the independent forensic investigators with whom we have examined the data. We stand ready to help.
We veteran intelligence professionals (VIPS) have done enough detailed forensic work to prove the speciousness of the prevailing story that the DNC emails published by WikiLeaks came from Russian hacking. Given the paucity of evidence to support that story, we believe Mueller may choose to finesse this key issue and leave everyone hanging. That would help sustain the widespread belief that Trump owes his victory to President Vladimir Putin, and strengthen the hand of those who pay little heed to the unpredictable consequences of an increase in tensions with nuclear-armed Russia.
There is an overabundance of "assessments" but a lack of hard evidence to support that prevailing narrative. We believe that there are enough people of integrity in the Department of Justice to prevent the outright manufacture or distortion of "evidence," particularly if they become aware that experienced scientists have completed independent forensic study that yield very different conclusions. We know only too well -- and did our best to expose -- how our former colleagues in the intelligence community manufactured fraudulent "evidence" of weapons of mass destruction in Iraq.
We have scrutinized publicly available physical data -- the "trail" that every cyber operation leaves behind. And we have had support from highly experienced independent forensic investigators who, like us, have no axes to grind. We can prove that the conventional-wisdom story about Russian-hacking-DNC-emails-for-WikiLeaks is false. Drawing largely on the unique expertise of two VIPS scientists who worked for a combined total of 70 years at the National Security Agency and became Technical Directors there, we have regularly published our findings. But we have been deprived of a hearing in mainstream media -- an experience painfully reminiscent of what we had to endure when we exposed the corruption of intelligence before the attack on Iraq 16 years ago.
This time, with the principles of physics and forensic science to rely on, we are able to adduce solid evidence exposing mistakes and distortions in the dominant story. We offer you below -- as a kind of aide-memoire -- a discussion of some of the key factors related to what has become known as "Russia-gate." And we include our most recent findings drawn from forensic work on data associated with WikiLeaks' publication of the DNC emails.
We do not claim our conclusions are "irrefutable and undeniable," a la Colin Powell at the UN before the Iraq war. Our judgments, however, are based on the scientific method -- not "assessments." We decided to put this memorandum together in hopes of ensuring that you hear that directly from us.
If the Mueller team remains reluctant to review our work -- or even to interview willing witnesses with direct knowledge, like WikiLeaks' Julian Assange and former UK Ambassador Craig Murray, we fear that many of those yearning earnestly for the truth on Russia-gate will come to the corrosive conclusion that the Mueller investigation was a sham.
In sum, we are concerned that, at this point, an incomplete Mueller report will fall far short of the commitment made by then Acting Attorney General Rod Rosenstein "to ensure a full and thorough investigation," when he appointed Mueller in May 2017. Again, we are at your disposal.
The centerpiece accusation of Kremlin "interference" in the 2016 presidential election was the charge that Russia hacked Democratic National Committee emails and gave them to WikiLeaks to embarrass Secretary Hillary Clinton and help Mr. Trump win. The weeks following the election witnessed multiple leak-based media allegations to that effect. These culminated on January 6, 2017 in an evidence-light, rump report misleadingly labeled "Intelligence Community Assessment (ICA)." Prepared by "handpicked analysts" from only three of the 17 U.S. intelligence agencies (CIA, FBI, and NSA), the assessment expressed "high confidence" in the Russia-hacking-to-WikiLeaks story, but lacked so much as a hint that the authors had sought access to independent forensics to support their "assessment."
The media immediately awarded the ICA the status of Holy Writ, choosing to overlook an assortment of banal, full-disclosure-type caveats included in the assessment itself -- such as:
" When Intelligence Community analysts use words such as 'we assess' or 'we judge,' they are conveying an analytic assessment or judgment. Judgments are not intended to imply that we have proof that shows something to be a fact. Assessments are based on collected information, which is often incomplete or fragmentary High confidence in a judgment does not imply that the assessment is a fact or a certainty; such judgments might be wrong."
To their credit, however, the authors of the ICA did make a highly germane point in introductory remarks on "cyber incident attribution." They noted: "The nature of cyberspace makes attribution of cyber operations difficult but not impossible. Every kind of cyber operation -- malicious or not -- leaves a trail." [Emphasis added.]
The imperative is to get on that "trail" -- and quickly, before red herrings can be swept across it. The best way to establish attribution is to apply the methodology and processes of forensic science. Intrusions into computers leave behind discernible physical data that can be examined scientifically by forensic experts. Risk to "sources and methods" is normally not a problem.
Direct access to the actual computers is the first requirement -- the more so when an intrusion is termed "an act of war" and blamed on a nuclear-armed foreign government (the words used by the late Sen. John McCain and other senior officials). In testimony to the House Intelligence Committee in March 2017, former FBI Director James Comey admitted that he did not insist on physical access to the DNC computers even though, as he conceded, "best practices" dictate direct access.
In June 2017, Senate Intelligence Committee Chair Richard Burr asked Comey whether he ever had "access to the actual hardware that was hacked." Comey answered, "In the case of the DNC we did not have access to the devices themselves. We got relevant forensic information from a private party, a high-class entity, that had done the work. " Sen. Burr followed up: "But no content? Isn't content an important part of the forensics from a counterintelligence standpoint?" Comey: "It is, although what was briefed to me by my folks is that they had gotten the information from the private party that they needed to understand the intrusion by the spring of 2016."
The "private party/high-class entity" to which Comey refers is CrowdStrike, a cybersecurity firm of checkered reputation and multiple conflicts of interest, including very close ties to a number of key anti-Russian organizations. Comey indicated that the DNC hired CrowdStrike in the spring of 2016.
Given the stakes involved in the Russia-gate investigation including a possible impeachment battle and greatly increased tension between Russia and the U.S. -- it is difficult to understand why Comey did not move quickly to seize the computer hardware so the FBI could perform an independent examination of what quickly became the major predicate for investigating election interference by Russia. Fortunately, enough data remain on the forensic "trail" to arrive at evidence-anchored conclusions. The work we have done shows the prevailing narrative to be false. We have been suggesting this for over two years. Recent forensic work significantly strengthens that conclusion.
We Do Forensics
Recent forensic examination of the Wikileaks DNC files shows they were created on 23, 25 and 26 May 2016. (On June 12, Julian Assange announced he had them; WikiLeaks published them on July 22.) We recently discovered that the files reveal a FAT (File Allocation Table) system property. This shows that the data had been transferred to an external storage device, such as a thumb drive, before WikiLeaks posted them.
FAT is a simple file system named for its method of organization, the File Allocation Table. It is used for storage only and is not related to internet transfers like hacking. Were WikiLeaks to have received the DNC files via a hack, the last modified times on the files would be a random mixture of odd-and even-ending numbers.
Why is that important? The evidence lies in the "last modified" time stamps on the Wikileaks files. When a file is stored under the FAT file system the software rounds the time to the nearest even-numbered second. Every single one of the time stamps in the DNC files on WikiLeaks' site ends in an even number.
We have examined 500 DNC email files stored on the Wikileaks site. All 500 files end in an even number -- 2, 4, 6, 8 or 0. If those files had been hacked over the Internet, there would be an equal probability of the time stamp ending in an odd number. The random probability that FAT was not used is 1 chance in 2 to the 500th power. Thus, these data show that the DNC emails posted by WikiLeaks went through a storage device, like a thumb drive, and were physically moved before Wikileaks posted the emails on the World Wide Web.
This finding alone is enough to raise reasonable doubts, for example, about Mueller's indictment of 12 Russian intelligence officers for hacking the DNC emails given to WikiLeaks. A defense attorney could easily use the forensics to argue that someone copied the DNC files to a storage device like a USB thumb drive and got them physically to WikiLeaks -- not electronically via a hack.
Role of NSA
For more than two years, we strongly suspected that the DNC emails were copied/leaked in that way, not hacked. And we said so. We remain intrigued by the apparent failure of NSA's dragnet, collect-it-all approach -- including "cast-iron" coverage of WikiLeaks -- to provide forensic evidence (as opposed to "assessments") as to how the DNC emails got to WikiLeaks and who sent them. Well before the telling evidence drawn from the use of FAT, other technical evidence led us to conclude that the DNC emails were not hacked over the network, but rather physically moved over, say, the Atlantic Ocean.
Is it possible that NSA has not yet been asked to produce the collected packets of DNC email data claimed to have been hacked by Russia? Surely, this should be done before Mueller competes his investigation. NSA has taps on all the transoceanic cables leaving the U.S. and would almost certainly have such packets if they exist. (The detailed slides released by Edward Snowden actually show the routes that trace the packets.)
The forensics we examined shed no direct light on who may have been behind the leak. The only thing we know for sure is that the person had to have direct access to the DNC computers or servers in order to copy the emails. The apparent lack of evidence from the most likely source, NSA, regarding a hack may help explain the FBI's curious preference for forensic data from CrowdStrike. No less puzzling is why Comey would choose to call CrowdStrike a "high-class entity."
Comey was one of the intelligence chiefs briefing President Obama on January 5, 2017 on the "Intelligence Community Assessment," which was then briefed to President-elect Trump and published the following day. That Obama found a key part of the ICA narrative less than persuasive became clear at his last press conference (January 18), when he told the media, "The conclusions of the intelligence community with respect to the Russian hacking were not conclusive as to how 'the DNC emails that were leaked' got to WikiLeaks.
Is Guccifer 2.0 a Fraud?
There is further compelling technical evidence that undermines the claim that the DNC emails were downloaded over the internet as a result of a spearphishing attack. William Binney, one of VIPS' two former Technical Directors at NSA, along with other former intelligence community experts, examined files posted by Guccifer 2.0 and discovered that those files could not have been downloaded over the internet. It is a simple matter of mathematics and physics.
There was a flurry of activity after Julian Assange announced on June 12, 2016: "We have emails relating to Hillary Clinton which are pending publication." On June 14, DNC contractor CrowdStrike announced that malware was found on the DNC server and claimed there was evidence it was injected by Russians. On June 15, the Guccifer 2.0 persona emerged on the public stage, affirmed the DNC statement, claimed to be responsible for hacking the DNC, claimed to be a WikiLeaks source, and posted a document that forensics show was synthetically tainted with "Russian fingerprints."
Our suspicions about the Guccifer 2.0 persona grew when G-2 claimed responsibility for a "hack" of the DNC on July 5, 2016, which released DNC data that was rather bland compared to what WikiLeaks published 17 days later (showing how the DNC had tipped the primary scales against Sen. Bernie Sanders). As VIPS reported in a wrap-up Memorandum for the President on July 24, 2017 (titled "Intel Vets Challenge 'Russia Hack' Evidence)," forensic examination of the July 5, 2016 cyber intrusion into the DNC showed it NOT to be a hack by the Russians or by anyone else, but rather a copy onto an external storage device. It seemed a good guess that the July 5 intrusion was a contrivance to preemptively taint anything WikiLeaks might later publish from the DNC, by "showing" it came from a "Russian hack." WikiLeaks published the DNC emails on July 22, three days before the Democratic convention.
As we prepared our July 24 memo for the President, we chose to begin by taking Guccifer 2.0 at face value; i. e., that the documents he posted on July 5, 2016 were obtained via a hack over the Internet. Binney conducted a forensic examination of the metadata contained in the posted documents and compared that metadata with the known capacity of Internet connection speeds at the time in the U.S. This analysis showed a transfer rate as high as 49.1 megabytes per second, which is much faster than was possible from a remote online Internet connection. The 49.1 megabytes speed coincided, though, with the rate that copying onto a thumb drive could accommodate.
Binney, assisted by colleagues with relevant technical expertise, then extended the examination and ran various forensic tests from the U.S. to the Netherlands, Albania, Belgrade and the UK. The fastest Internet rate obtained -- from a data center in New Jersey to a data center in the UK -- was 12 megabytes per second, which is less than a fourth of the capacity typical of a copy onto a thumb drive.
The findings from the examination of the Guccifer 2.0 data and the WikiLeaks data does not indicate who copied the information to an external storage device (probably a thumb drive). But our examination does disprove that G.2 hacked into the DNC on July 5, 2016. Forensic evidence for the Guccifer 2.0 data adds to other evidence that the DNC emails were not taken by an internet spearphishing attack. The data breach was local. The emails were copied from the network.
After VIPS' July 24, 2017 Memorandum for the President, Binney, one of its principal authors, was invited to share his insights with Mike Pompeo, CIA Director at the time. When Binney arrived in Pompeo's office at CIA Headquarters on October 24, 2017 for an hour-long discussion, the director made no secret of the reason for the invitation: "You are here because the President told me that if I really wanted to know about Russian hacking I needed to talk with you."
Binney warned Pompeo -- to stares of incredulity -- that his people should stop lying about the Russian hacking. Binney then started to explain the VIPS findings that had caught President Trump's attention. Pompeo asked Binney if he would talk to the FBI and NSA. Binney agreed, but has not been contacted by those agencies. With that, Pompeo had done what the President asked. There was no follow-up.
Confronting James Clapper on Forensics
We, the hoi polloi, do not often get a chance to talk to people like Pompeo -- and still less to the former intelligence chiefs who are the leading purveyors of the prevailing Russia-gate narrative. An exception came on November 13, when former National Intelligence Director James Clapper came to the Carnegie Endowment in Washington to hawk his memoir. Answering a question during the Q&A about Russian "hacking" and NSA, Clapper said:
" Well, I have talked with NSA a lot And in my mind, I spent a lot of time in the SIGINT business, the forensic evidence was overwhelming about what the Russians had done. There's absolutely no doubt in my mind whatsoever." [Emphasis added]
Clapper added: " as a private citizen, understanding the magnitude of what the Russians did and the number of citizens in our country they reached and the different mechanisms that, by which they reached them, to me it stretches credulity to think they didn't have a profound impact on election on the outcome of the election."
(A transcript of the interesting Q&A can be found here and a commentary on Clapper's performance at Carnegie, as well as on his longstanding lack of credibility, is here .)
Normally soft-spoken Ron Wyden, Democratic senator from Oregon, lost his patience with Clapper last week when he learned that Clapper is still denying that he lied to the Senate Intelligence Committee about the extent of NSA surveillance of U.S. citizens. In an unusual outburst, Wyden said: "James Clapper needs to stop making excuses for lying to the American people about mass surveillance. To be clear: I sent him the question in advance. I asked him to correct the record afterward. He chose to let the lie stand."
The materials brought out by Edward Snowden in June 2013 showed Clapper to have lied under oath to the committee on March 12, 2013; he was, nevertheless, allowed to stay on as Director of National Intelligence for three and half more years. Clapper fancies himself an expert on Russia, telling Meet the Press on May 28, 2017 that Russia's history shows that Russians are "typically, almost genetically driven to co-opt, penetrate, gain favor, whatever."
Clapper ought to be asked about the "forensics" he said were "overwhelming about what the Russians had done." And that, too, before Mueller completes his investigation.
For the steering group, Veteran Intelligence Professionals for Sanity:
- William Binney , former NSA Technical Director for World Geopolitical & Military Analysis; Co-founder of NSA's Signals Intelligence Automation Research Center (ret.)
- Richard H. Black , Senator of Virginia, 13th District; Colonel US Army (ret.); Former Chief, Criminal Law Division, Office of the Judge Advocate General, the Pentagon (associate VIPS)
- Bogdan Dzakovic , former Team Leader of Federal Air Marshals and Red Team, FAA Security (ret.) (associate VIPS)
- Philip Girald i, CIA, Operations Officer (ret.)
- Mike Gravel , former Adjutant, top secret control officer, Communications Intelligence Service; special agent of the Counter Intelligence Corps and former United States Senator
- James George Jatras , former U.S. diplomat and former foreign policy adviser to Senate leadership (Associate VIPS)
- Larry C. Johnson , former CIA and State Department Counter Terrorism officer
- John Kiriakou , former CIA Counterterrorism Officer and former senior investigator, Senate Foreign Relations Committee
- Karen Kwiatkowski , former Lt. Col., US Air Force (ret.), at Office of Secretary of Defense watching the manufacture of lies on Iraq, 2001-2003
- Edward Loomis , Cryptologic Computer Scientist, former Technical Director at NSA (ret.)
- David MacMichael , Ph.D., former senior estimates officer, National Intelligence Council (ret.)
- Ray McGovern , former US Army infantry/intelligence officer & CIA analyst; CIA Presidential briefer (ret.)
- Elizabeth Murray , former Deputy National Intelligence Officer for the Near East, National Intelligence Council & CIA political analyst (ret.)
- Todd E. Pierce , MAJ, US Army Judge Advocate (ret.)
- Peter Van Buren , US Department of State, Foreign Service Officer (ret.) (associate VIPS)
- Sarah G. Wilton , CDR, USNR, (ret.); Defense Intelligence Agency (ret.)
- Kirk Wiebe , former Senior Analyst, SIGINT Automation Research Center, NSA
- Ann Wright , retired U.S. Army reserve colonel and former U.S. diplomat who resigned in 2003 in opposition to the Iraq War
Veteran Intelligence Professionals for Sanity (VIPS) is made up of former intelligence officers, diplomats, military officers and congressional staffers. The organization, founded in 2002, was among the first critics of Washington's justifications for launching a war against Iraq. VIPS advocates a US foreign and national security policy based on genuine national interests rather than contrived threats promoted for largely political reasons. An archive of VIPS memoranda is available at Consortiumnews.com.9280
Tags: Bill Binney Donald Trump Hillary Clinton James Clapper James Comey Mike Pompeo Robert Mueller Veteran Intelligence Professional for Sanity VIPS WikiLeaks
Jan 02, 2019 | www.moonofalabama.org
Don Bacon , Feb 21, 2018 10:29:06 PM | linkThe US Air Force has out-sourced cybersecurity.The U.S. military's love affair with bug bounty programs continues.
The second iteration of "Hack the Air Force" in December paid out $103,883 in bounties to freelance hackers for 106 vulnerabilities found over a 20-day period. The highest bounty was $12,500, the largest paid by the U.S. government to date.
The Air Force's first bug bounty program launched in April 2017 following similar efforts like Hack the Pentagon and Hack the Army in 2016. In total, more than 3,000 vulnerabilities have been found in federal government systems since the programs began.
The bug bounty platform HackerOne, a private company, continues to handle the military's bug bounty initiatives. Air Force CISO Peter Kim, who helped kick off and cheerlead the service's first round last year, also played a leading role this time. . . here
Dec 29, 2018 | www.zerohedge.com
For over two years now, the concepts of "Russian collusion" and "Russian election meddling" have been shoved down our throats by the mainstream media (MSM) under the guise of legitimate concern that the Kremlin may have installed a puppet president in Donald Trump.
Having no evidence of collusion aside from a largely unverified opposition-research dossier fabricated by a former British spy, the focus shifted from "collusion" to "meddling" and "influence." In other words, maybe Trump didn't actually collude with Putin, but the Kremlin used Russian tricks to influence the election in Trump's favor. To some, this looked like nothing more than an establishment scheme to cast a permanent spectre of doubt over the legitimacy of President Donald J. Trump.
Election meddling "Russian bots" and "troll farms" became the central focus - as claims were levied of social media operations conducted by Kremlin-linked organizations which sought to influence and divide certain segments of America.
And while scant evidence of a Russian influence operation exists outside of a handful of indictments connected to a St. Petersburg "Troll farm" (which a liberal journalist cast serious doubt ov er), the MSM - with all of their proselytizing over the "threat to democracy" that election meddling poses, has largely decided to ignore actual evidence of "Russian bots" created by Democrat IT experts, used against a GOP candidate in the Alabama special election, and amplified through the Russian bot-detecting "Hamilton 68" dashboard developed by the same IT experts.Jonathon Morgan ✔ @jonathonmorgan
Russian trolls tracked by # Hamilton68 are taking an interest in the AL Senate race. What a surprise.298 4:02 PM - Nov 10, 2017
Democratic operative Jonathon Morgan - bankrolled by LinkedIn founder Reid Hoffman, pulled a Russian bot "false flag" operation against GOP candidate Roy Moore in the Alabama special election last year - creating thousands of fake social media accounts designed to influence voters . Hoffman has since apologized, while Morgan was suspended by Facebook for "coordinated inauthentic" behavior.
As Russian state-owned RT puts it - and who could blame them for being a bit pissed over the whole thing, "it turns out there really was meddling in American democracy by "Russian bots." Except they weren't run from Moscow or St. Petersburg, but from the offices of Democrat operatives chiefly responsible for creating and amplifying the "Russiagate" hysteria over the past two years in a textbook case of psychological projection. "
A week before Christmas, the Senate Intelligence Committee released a report accusing Russia of depressing Democrat voter turnout by targeting African-Americans on social media. Its authors, New Knowledge, quickly became a household name.
Described by the New York Times as a group of "tech specialists who lean Democratic," New Knowledge has ties to both the US military and intelligence agencies. Its CEO and co-founder Jonathon Morgan previously worked for DARPA, the US military's advanced research agenc y. His partner, Ryan Fox, is a 15-year veteran of the National Security Agency who also worked as a computer analyst for the Joint Special Operations Command (JSOC). Their unique skill sets have managed to attract the eye of investors, who pumped $11 million into the company in 2018 alone.
On December 19, a New York Times story revealed that Morgan and his crew had created a fake army of Russian bots, as well as fake Facebook groups, in order to discredit Republican candidate Roy Moore in Alabama's 2017 special election for the US Senate.
Working on behalf of the Democrats, Morgan and his crew created an estimated 1,000 fake Twitter accounts with Russian names, and had them follow Moore. They also operated several Facebook pages where they posed as Alabama conservatives who wanted like-minded voters to support a write-in candidate instead.
In an internal memo, New Knowledge boasted that it had "orchestrated an elaborate 'false flag' operation that planted the idea that the Moore campaign was amplified on social media by a Russian botnet."
It worked. The botnet claim made a splash on social media and was further amplified by Mother Jones, which based its story on expert opinion from Morgan's other dubious creation, Hamilton 68. - RT
Moore ended up losing the Alabama special election by a slim margin of just
In other words: In November 2017 when Moore and his Democratic opponent were in a bitter fight to win over voters Morgan openly promoted the theory that Russian bots were supporting Moore's campaign . A year later after being caught red-handed orchestrating a self-described "false flag" operation Morgan now says that his team never thought that the bots were Russian and have no idea what their purpose was . Did he think no one would notice? - RT
Dan Cohen ✔ @dancohen3000 Replying to @dancohen3000
Disinformation warrior @ jonathonmorgan attempts to control damage by lying. He now claims the "false flag operation" never took place and the botnet he promoted as Russian-linked (based on phony Hamilton68 Russian troll tracker he developed) wasn't Russian https://www. newknowledge.com/blog/about-ala bama89 2:23 AM - Dec 29, 2018
Even more strange is that Scott Shane - the journalist who wrote the New York Times piece exposing the Alabama "Russian bot" scheme, knew about it for months after speaking at an event where the organizers bragged about the false flag on Moore .
Shane was one of the speakers at a meeting in September, organized by American Engagement Technologies, a group run by Mikey Dickerson, President Barack Obama's former tech czar. Dickerson explained how AET spent $100,000 on New Knowledge's campaign to suppress Republican votes, " enrage" Democrats to boost turnout, and execute a "false flag" to hrt Moore. He dubbed it "Project Birmingham." - RT
Dan Cohen ✔ @dancohen3000 · Dec 28, 2018 Replying to @dancohen3000
This gets even weirder: NYT reporter @ ScottShaneNYT , who broke the Alabama disinfo op story, learned of it in early September when he spoke at an off-the-record event organized by one of the firms that perpetrated the deception https://www. buzzfeednews.com/article/craigs ilverman/alabama-dirty-tricksters-invited-a-new-york-times-reporterNY Times Reporter Briefed Alabama Special Election Dirty Tricksters
New York Times reporter Scott Shane spoke at an event organized by the group who ran a disinformation op aimed at helping defeat Roy Moore in Alabama.
A lightly-redacted copy of the internal @ NewKnowledgeAI report has been leaked and claims at least partial credit for Doug Jones' victory. Details follow https:// medium.com/@jeffgiesea/br eaking-heres-the-after-action-report-from-the-alabama-senate-disinformation10 12:09 PM - Dec 28, 2018 Twitter Ads info and privacy
Shane told BuzzFeed that he was "shocked" by the revelations, though hid behind a nondisclosure agreement at the request of American Engagement Technologies (AET). He instead chose to spin the New Knowledge "false flag" operation on Moore as "limited Russian tactics" which were part of an "experiment" that had a budget of "only" $100,000 - and which had no effect on the election.
New Knowledge suggested that the false flag operation was simply a "research project," which Morgan suggested was designed "to better understand and report on the tactics and effects of social media disinformation."
View image on TwitterJonathon Morgan ✔ @jonathonmorgan465 people are talking about this Twitter Ads info and privacy
My statement on this evening's NYT article.94 9:17 PM - Dec 19, 2018
While the New York Times seemed satisfied with his explanation, others pointed out that Morgan had used the Hamilton 68 dashboard to give his "false flag" more credibility misleading the public about a "Russian" influence campaign that he knew was fake.
New Knowledge's protestations apparently didn't convince Facebook, which announced last week that five accounts linked to New Knowledge including Morgan's had been suspended for engaging in "coordinated inauthentic behavior." - RT
They knew exactly what they were doing
While Morgan and New Knowledge sought to frame the "Project Birmingham" as a simple research project, a leaked copy of the operation's after-action report reveals that they knew exactly what they were doing .
"We targeted 650,000 like AL voters, with a combination of persona accounts, astroturfing, automated social media amplification and targeted advertising," reads the report published by entrepreneur and executive coach Jeff Giesea.
Jeff Giesea ✔ @jeffgiesea1,381 people are talking about this Twitter Ads info and privacy
BREAKING: Here's the after-action report from the AL Senate disinfo campaign.
**an exclusive release by @ JeffGiesea https:// medium.com/@jeffgiesea/br eaking-heres-the-after-action-report-from-the-alabama-senate-disinformation-campaign-e3edd854f17d1,658 8:49 PM - Dec 27, 2018 Twitter Ads info and privacy BREAKING: Here's The After-Action Report From the Alabama Senate Disinformation Campaign
EXCLUSIVE RELEASE FROM JEFF GIESEAmedium.com
The rhetorical question remains, why did the MSM drop this election meddling story like a hot rock after the initial headlines faded away?
criminal election meddling, but then who the **** is going to click on some morons tactic and switch votes?
anyone basing any funding, whether it is number of facebook hits or attempted mind games by egotistical cuck soyboys needs a serious psychological examination. fake news is fake BECAUSE IT ISNT REAL AND DOES NOT MATTER TO ANYONE but those living in the excited misery of their tiny bubble world safe spaces. SOCIAL MEDIA IS A CON AND IS NOT IMPORTANT OR RELEVANT TO ANYONE.
far more serious is destroying ballots, writing in ballots without consent, bussing voters around to vote multiple times in different districts, registering dead voters and imperosnating the corpses, withholding votes until deadlines pass - making them invalid.
Herdee , 10 minutes agoMugabe , 20 minutes ago
NATO on behalf of the Washington politicians uses the same bullsh*t propaganda for continual war.Yippie21 , 21 minutes ago
Yup "PROJECTION"...LetThemEatRand , 21 minutes ago
None of this even touches on the 501c3 or whatever that was set up , concerned Alabama voters or somesuch, and was funneled a **** load of money to be found to be in violation of the law AFTER the election and then it all just disappeared. Nothing to see here folks, Democrat won, let's move on. There was a LOT of " tests " for the smart-set in that election and it all worked. We saw a bunch of it used in 2018, especially in Texas with Beto and down-ballot races. Democrats cleaned up like crazy in Texas, especially in Houston.
2020 is going to be a hot mess. And the press is in on it, and even if illegal or unseemly things are done, as long as Democrats win, all good... let's move on. Crazy.Oldguy05 , 19 minutes ago
The fact that MSM is not covering this story -- which is so big it truly raises major questions about the entire Russiagate conspiracy including why Mueller was appointed in the first place -- is proof that they have no interest in journalism or the truth and that they are 100% agenda driven liars. Not that we needed more proof, but there it is anyway.CosineCosineCosine , 23 minutes ago
Dimz corruption is a nogo. Now if it were conservatives.......LetThemEatRand , 27 minutes ago
I'm not a huge fan, but Jimmy Dore has a cathartic and entertaining 30 minutes on this farce. Well worth the watch:
h https://youtu.be/hqLIJznUNVwdead hobo , 30 minutes ago
Really the bigger story is here is that these guys convincingly pretended to be Russian Bots in order to influence an election (not with the message being put forth by the bots, but by their sheer existence as apparent supporters of the Moore campaign).
By all appearances, they were Russian bots trying to influence the election. Now we know it was DNC operatives. Yet we are supposed to believe without any proof that the "Russian bots" that supposedly influenced the 2016 Presidential election were, actually, Russian bots, and worthy of a two year long probe about "Russian collusion" and "Russian meddling."
The whole thing is probably a farce, not only in the sense that there is no evidence that Russia had any influence at all on a single voter, but also in the sense that there is no evidence that Russia even tried (just claims and allegations by people who have a vested interest in convincing us its true).chunga , 30 minutes ago
I've been watching Scandal on Netflix. Still only in season 2. Amazing how nothing changes.They nailed it and memorialized it. The MSM are useful idiots who are happy to make money publicizing what will sell the best.JRobby , 33 minutes ago
The media is biased and sucks, yup.
The reason the reds lost the house is because they went along with this nonsense and did nothing about it, like frightened baby chipmunks.divingengineer , 22 minutes ago
Only when "the opposition" does it is it illegal. Total totalitarian state wannabe stuff.DarkPurpleHaze , 33 minutes ago
Amazing how people can contort reality to justify their own righteous cause, but decry their opposition for the EXACT same thing. See trump visit to troops signing hats as most recent proof. If DJT takes a piss and sprinkles the seat, it's a crime.divingengineer , 20 minutes ago
They're afraid to expose themselves...unlike Kevin Spacey. Trump or Whitaker will expose this with one signature. It's coming.CosineCosineCosine , 10 minutes ago
Spacey has totally lost it. See his latest video, it will be a powerful piece of evidence for an insanity plea.
Disagree strongly. I think it was excellent - perhaps you misunderstood the point? 6 minutes Diana Davidson look at it clarifies
Nov 15, 2018 | www.wsj.com
Over the past year, U.S. prosecutors have discussed several types of charges they could potentially bring against the WikiLeaks founder
The Justice Department is preparing to prosecute WikiLeaks founder Julian Assange and is increasingly optimistic it will be able to get him into a U.S. courtroom, according to people in Washington familiar with the matter. Over the past year, U.S. prosecutors have discussed several types of charges they could potentially bring against Mr. Assange, the people said. Mr. Assange has lived in the Ecuadorean embassy in London since receiving political asylum from the South American country in 2012...
The exact charges Justice Department might pursue remain unclear, but they may involve the Espionage Act, which criminalizes the disclosure of national defense-related information.
Nov 10, 2018 | www.moonofalabama.org
BM , Nov 10, 2018 5:56:10 AM | link
Whilst on the topic of ISIS, here is an article about its mother-concern, CIA:
CIA's 'Surveillance State' is Operating Against US All
On two declassified letters from 2014 from the Intelligence Community Inspector General (didn't know there was one, but doesn't do much good anyway, it seems, read further) to the chairpersons of the House and Senate intelligence committees notifying them that the CIA has been monitoring emails between the CIA's head of the whistleblowing and source protection and Congressional. "Most of these emails concerned pending and developing whistleblower complaints". Shows why Edward Snowdon didn't consider it appropriate to rely on internal complaints proceedures. This while under the leadership of seasoned liars and criminals Brennan and Clapper, of course.
It clearly shows a taste of what these buggers have to hide, and why they went to such extraordinary lengths as Russiagate to cover it all up and save their skins - that of course being the real reason behind Russiagate as I have said several times, nothing to do with either Trump or Russia.
guidoamm , Nov 10, 2018 1:32:52 AM | linkAnd there is this too of course:Anton Worter , Nov 10, 2018 12:39:39 AM | link
Pentagon Fake Al Qaeda Propaganda@4
OWS was a Controlled-Dissent operation, sending poor students north to fecklessly march on Wall Street when they could have shut down WADC, and sending wealthy seniors south to fecklessly line Pennsylvania Avenue, when they could have shut down Wall Street.
Both I$I$, and Hamas, and Antifa et al are all Controlled Dissent operations. The followers are duped, are used, abused and then abandoned by honey-pots put there by Central Intelligence, at least since the Spanish Civil War.
That's why MoA articles like this one make you wonder, just who is conning whom, at a time when the Internet is weaponized, when Google Assistant achieved AI awareness indistinguishable from anyone on the phone, China TV has launched a virtual AI news reporter indistinguishable from reality, and Stanford can audio-video a captured image of anyone as well as their voice intonation, then 3D model them, in real time, reading and emoting from a script, indistinguishable from reality, ...and then this.
Another Gift of Trust😂 brought to you by Scientocracy. Be sure to tithe your AI bot, or word will get back to Chairman Albertus, then you'll be called in to confess your thought crimes to the Green Cadre, itself another Controlled Dissent honeypot, in a Tithe-for-Credits Swindle.
I tell my kids, just enjoy life, live it large, and get ready for hell. It's coming for breakfast.
Nov 10, 2018 | www.moonofalabama.org
Harry Law , Nov 10, 2018 9:11:40 AM | link
Hacking operations by anyone, can and will be used by US propagandists to provoke Russia or whoever stands in the way of the US war machine, take this Pompeo rant against Iran and the Iranian response......
Asking of Pompeo "have you no shame?", Zarif mocked Pompeo's praise for the Saudis for "providing millions and millions of dollars of humanitarian relief" to Yemen, saying America's "butcher clients" were spending billions of dollars bombing school buses. Iranian Foreign Minister Javad Zarif issued a statement lashing Secretary of State Mike Pompeo for his recent comments on the Yemen War. Discussing the US-backed Saudi invasion of Yemen, Pompeo declared Iran to be to blame for the death and destruction in the country. https://news.antiwar.com/2018/11/09/iran-fm-slams-pompeo-for-blaming-yemen-war-on-iran/
The US way of looking at things supposes that up is down, and white is black, it makes no sense, unless the US hopes these provocations will lead to a war or at the very least Russia or Iran capitulating to US aggression, which will not happen. Sanctions by the US on all and sundry must be opposed, if not the US will claim justifiably to be the worlds policeman and the arbiter of who will trade with who, a ludicrous proposition but one that most governments are afraid is now taking place, witness the new US ambassador to Germany in his first tweet telling the Germans to cease all trade with Iran immediately.
Nov 08, 2018 | www.zerohedge.com
US whistle-blower Edward Snowden yesterday claimed that Saudi Arabia used Israeli spyware to target murdered Saudi journalist Jamal Khashoggi .
Addressing a conference in Tel Aviv via a video link, Snowden claimed that software made by an Israeli cyber intelligence firm was used by Saudi Arabia to track and target Khashoggi in the lead up to his murder on 2 October inside the Saudi Consulate in Istanbul.
Snowden told his audience:
"How do they [Saudi Arabia] know what his [Khashoggi's] plans were and that they needed to act against him? That knowledge came from the technology developed by NSO," Israeli business daily Globes reported.
Snowden accused NSO of "selling a digital burglary tool," adding it "is not just being used for catching criminals and stopping terrorist attacks, not just for saving lives, but for making money [ ] such a level of recklessness [ ] actually starts costing lives," according to the Jerusalem Post .
Snowden – made famous in 2013 for leaking classified National Security Agency (NSA) files and exposing the extent of US surveillance – added that "Israel is routinely at the top of the US' classified threat list of hackers along with Russia and China [ ] even though it is an ally".
Snowden is wanted in the US for espionage, so could not travel to Tel Aviv to address the conference in person for fear of being handed over to the authorities.
The Israeli firm to which Snowden referred – NSO Group Technologies – is known for developing the "Pegasus" software which can be used to remotely infect a target's mobile phone and then relay back data accessed by the device. Although NSO claims that its products "are licensed only to legitimate government agencies for the sole purpose of investigating and preventing crime and terror," this is not the first time its Pegasus software has been used by Saudi Arabia to track critics.
In October it was revealed that Saudi Arabia used Pegasus software to eavesdrop on 27-year-old Saudi dissident Omar Abdulaziz, a prominent critic of the Saudi government on social media.
The revelation was made by Canadian research group Citizen Lab , which found that the software had been used to hack Abdulaziz' iPhone between June and August of this year. Citizen Lab's Director Ron Deibert explained that such actions by Saudi Arabia "would constitute illegal wiretapping".
A separate report by Citizen Lab in September found a "significant expansion of Pegasus usage in the Gulf Cooperation Council (GCC) countries in the Middle East," in particular the United Arab Emirates (UAE), Bahrain and Saudi Arabia. Citizen Lab added that in August 2016, Emirati human rights activist Ahmed Mansoor was targeted with the Pegasus spyware.
Snowden's comments come less than a week after it emerged that Israeli Prime Minister Benjamin Netanyahu asked the United States to stand by Saudi Crown Prince Mohamed Bin Salman (MBS) in the wake of the Khashoggi case. The revelation was made by the Washington Post , which cited information from US officials familiar with a series of telephone conversations made to Jared Kushner – senior advisor to President Donald Trump and Trump's son-in-law – and National Security Adviser John Bolton regarding the Khashoggi case. The officials told the Post that:
In recent days, Egyptian President Abdel Fatah Al-Sisi and Israeli Prime Minister Benjamin Netanyahu have reached out to the Trump administration to express support for the crown prince, arguing that he is an important strategic partner in the region, said people familiar with the calls.
Bin Salman has come under intense scrutiny in the month since Khashoggi first disappeared , with many suspecting his involvement in ordering the brutal murder. Yet while several world leaders have shunned the crown prince, it is thought that Israel would suffer from any decline in Saudi influence in the region in light of its purportedly central role in the upcoming " Deal of the Century ".
ihatewinter </> , 2018-11-05T17:52:15-05:00
Nov 07, 2018 | arstechnica.com
President Rouhani's phone "bugged," attacks against network infrastructure claimed.
Sean Gallagher - 11/5/2018, 5:10 PMreader comments
Last week, Iran's chief of civil defense claimed that the Iranian government had fought off Israeli attempts to infect computer systems with what he described as a new version of Stuxnet -- the malware reportedly developed jointly by the US and Israel that targeted Iran's uranium-enrichment program. Gholamreza Jalali, chief of the National Passive Defense Organization (NPDO), told Iran's IRNA news service, "Recently, we discovered a new generation of Stuxnet which consisted of several parts... and was trying to enter our systems."
On November 5, Iran Telecommunications Minister Mohammad-Javad Azari Jahromi accused Israel of being behind the attack, and he said that the malware was intended to "harm the country's communication infrastructures." Jahromi praised "technical teams" for shutting down the attack, saying that the attackers "returned empty-handed." A report from Iran's Tasnim news agency quoted Deputy Telecommunications Minister Hamid Fattahi as stating that more details of the cyber attacks would be made public soon.
Jahromi said that Iran would sue Israel over the attack through the International Court of Justice. The Iranian government has also said it would sue the US in the ICJ over the reinstatement of sanctions. Israel has remained silent regarding the accusations .
The claims come a week after the NPDO's Jalali announced that President Hassan Rouhani's cell phone had been "tapped" and was being replaced with a new, more secure device. This led to a statement by Iranian Supreme Leader Ayatollah Ali Khamenei, exhorting Iran's security apparatus to "confront infiltration through scientific, accurate, and up-to-date action."
While Iran protests the alleged attacks -- about which the Israeli government has been silent -- Iranian hackers have continued to conduct their own cyber attacks. A recent report from security tools company Carbon Black based on data from the company's incident-response partners found that Iran had been a significant source of attacks in the third quarter of this year, with one incident-response professional noting, "We've seen a lot of destructive actions from Iran and North Korea lately, where they've effectively wiped machines they suspect of being forensically analyzed."
SymmetricChaos </> , 2018-11-05T17:16:46-05:00 I feel like governments still think of cyber warfare as something that doesn't really count and are willing to be dangerously provocative in their use of it. ihatewinter , 2018-11-05T17:27:06-05:00 Another day in international politics. Beats lobbing bombs at each other. +13 ( +16 / -3 ) fahrenheit_ak </> , 2018-11-05T17:46:44-05:00corey_1967 wrote:revision0 , 2018-11-05T17:48:22-05:00 Israeli hackers?The twin pillars of Iran's foreign policy - America is evil and Wipe Israel off the map - do not appear to be serving the country very well.
They serve Iran very well, America is an easy target to gather support against, and Israel is more than willing to play the bad guy (for a bunch of reasons including Israels' policy of nuclear hegemony in the region and historical antagonism against Arab states).
Quote:Israeli hackers offered Cambridge Analytica, the data collection firm that worked on U.S. President Donald Trump's election campaign, material on two politicians who are heads of state, the Guardian reported Wednesday, citing witnesses.
https://www.haaretz.com/israel-news/isr ... -1.5933977
Quote:For $20M, These Israeli Hackers Will Spy On Any Phone On The Planet
https://www.forbes.com/sites/thomasbrew ... -ulin-ss7/
Quote:While Israelis are not necessarily number one in technical skills -- that award goes to Russian hackers -- Israelis are probably the best at thinking on their feet and adjusting to changing situations on the fly, a trait essential for success in a wide range of areas, including cyber-security, said Forzieri. "In modern attacks, the human factor -- for example, getting someone to click on a link that will install malware -- constitutes as much as 85% of a successful attack," he said.+5 ( +9 / -4 )
http://www.timesofisrael.com/israeli-ha ... ty-expert/
dramamoose wrote:thorpe wrote:Agree. While Israel is not about to win Humanitarian Nation of the year Award any time soon, I don't see it going to Iran in a close vote tally either.The pro-Israel trolls out in front of this comment section...
You don't have to be pro-Israel to be anti-Iran. Far from it. I think many of Israel's actions in Palestine are reprehensible, but I also know to (rightly) fear an Islamic dictatorship who is actively funding terrorism groups and is likely a few years away from having a working nuclear bomb, should they resume research (which the US actions seem likely to cause).
The US created the Islamic Republic of Iran by holding a cruel dictator in power rather than risking a slide into communism. We should be engaging diplomatically, rather than trying sanctions which clearly don't work. But I don't think that the original Stuxnet was a bad idea, nor do I think that intense surveillance of what could be a potentially very dangerous country is a bad one either.
If the Israelis (slash US) did in fact target civilian infrastructure, that's a problem. Unless, of course, they were bugging them for espionage purposes.
Nov 06, 2018 | it.slashdot.org
(zdnet.com) 62 Researchers have found flaws that can be exploited to bypass hardware encryption in well known and popular SSD drives. Master passwords and faulty standards implementations allow attackers access to encrypted data without needing to know the user-chosen password.
SSDs from Micron (Crucial) and Samsung are affected. These are SSDs that support hardware-level encryption via a local built-in chip, separate from the main CPU. Some of these devices have a factory-set master password that bypasses the user-set password, while other SSDs store the encryption key on the hard drive, from where it can be retrieved. The issue is worse on Windows, where BitLocker defers software-level encryption to hardware encryption-capable SSDs, meaning user data is vulnerable to attacks without the user's knowledge. More in the research paper .
Nov 02, 2018 | sputniknews.com
A US government employee with an apparent addiction to Russian pornography is causing a headache at the US Geological Survey (USGS) after infecting their network with malware. The USGS's Office of Inspector General (OIG) released a report October 17 detailing the compromise. The employee was apparently visiting pornography sites on his government-issued laptop, which is how the malware was contracted and spread through the network.
The employee, whose name is redacted from the report, visited thousands of pornographic websites. "Many of the 9,000 web pages [redacted] visited routed through websites that originated in Russia and contained malware," the report says.
"Most of the larger porn sites are not actively trying to install malware on your device, because that would interrupt their business model of getting you to come back to the site, click and view ads, and subscribe to their premium content," web developer and technologist Chris Garaffa told Sputnik News Tuesday. "However, third-party ad networks that do not properly screen the ads they run can be exploited to serve malware along with the ad. This applies not just to porn sites but to any site with advertisements on it."
"I recommend people use a safer browser like Mozilla Firefox or Brave, along with an ad-blocker add-on like uBlock Origin to help mitigate the risks -- regardless of what content they're viewing," Garaffa added.
According to the government's analysis, a number of pornographic images were saved on an unauthorized USB device and the employee's personal Android phone, which also got infected with the malware.
USGS is under the Department of Interior (DOI), which prohibits employees from viewing or distributing pornography on government computers. Employees are also banned from connecting their personal devices to government computers or networks, another rule that was violated by the employee.
The DOI conducts IT security training once a year, during which employees sign a statement saying they understand those rules. The employee attended those annual training events and the OIG "confirmed he agreed to the Rules of Behavior for several years prior."
The OIG recommended that USGS step up its monitoring of employee web usage, block pornographic websites and prevent unauthorized USB devices from being used on all employee computers. It gave USGS 90 days to indicate whether it plans on implementing those recommendations.
According to NextGov, a number of US government agencies have had similar scandals in recent history, including the Environmental Protection Agency, the Securities and Exchange Commission, the Internal Revenue Service and about a dozen others .
Representative Mark Meadows (R-NC) has on three occasions introduced legislation banning the viewing of pornography on federal government computers, NextGov notes. It isn't clear why the bills have failed to come to fruition.
"If your employer owns your phone, computer or even just the network you're connecting to, they have the legal right to monitor, log and save records of what you're typing, what websites you're visiting, the content of the emails you send -- even on your personal accounts -- and the right to look at your screen," Garaffa said.
"Employees should effectively keep in mind that they currently have no legal right to privacy when using a company-owned device or network," he added.
Nov 02, 2018 | sputniknews.com
The head of Iran's civil defense agency announced on Sunday that a new version of the Stuxnet virus, believed to be a US-Israeli creation, had been found by Iranian authorities. The announcement came amid news that President Hassan Rouhani's phone had been bugged and a call for increased defenses to "confront infiltration." "Recently we discovered a new generation of Stuxnet which consisted of several parts and was trying to enter our systems," announced Brigadier General Gholamreza Jalali, head of Iranian civil defense, Reuters reported. He gave no further details, such as whom the Iranian government believes to be behind the attack or how much damage it had caused.
The original Stuxnet virus targeted nuclear centrifuges at Iran's Natanz Uranium Enrichment Facility in June 2009, when it caused about 20 percent of the facility's centrifuges to spin out of control until they broke. It's widely believed to have been a joint creation by the US and Israel.
The Times of Israel noted that Israeli officials have refused to discuss what role, if any, they played in either Stuxnet operation.
That same day, Iranian Supreme Leader Ayatollah Ali Khamenei said Sunday, "In the face of the enemy's complex practices, our civil defense should confront infiltration through scientific, accurate and up-to-date action."
Iranian Students News Agency (ISNA) then reported on Monday that Rouhani's cell phone had recently been discovered to be bugged, citing Jalali as saying that Rouhani's phone would be replaced with a more secure device. Again, Jalali made no indication as to who was believed to be behind the wire tap .
Still, Israel seems to be name on everyone's lips. The news is only one episode in a rapid succession of moves between Israel and Iran, with Israel's Mossad intelligence agency saying on Wednesday it had thwarted an Iranian murder plot in Denmark against three members of the Arab Struggle Movement for the Liberation of Ahvaz, an organization connected to those who carried out a terrorist attack during a military parade in the Iranian city of Ahvaz on September 22, killing 25 people.
Earlier this year, Israel claimed it had accomplished a vast cyber-heist, stealing an archive that Israel claimed documented Tehran's continuing nuclear weapons program. Israeli Prime Minister Benjamin Netanyahu presented those claims to the UN in September.
"What Iran hides, Israel will find," Netanyahu declared in his UN speech at the time.Lex W. PorterWhat kind of sick people put viruses in nuclear power stations? The same kind that shoot kids with sniper rifles while their citizens watch and cheer, I guess. Straight up criminal rogue regime...
John MasonWho else could it be but one of the dirty 4, US, UK, France or Israel who have been involved in creating global chaos.
Oct 11, 2018 | thenewkremlinstooge.wordpress.com
et Al October 5, 2018 at 4:00 amThe Register: Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?
Who's your money on? Bloomberg's sources? Apple? Amazon? Super Micro?
Hit the comments. Quite a few very good points made, namely 'Why now?' (its da Chinese!) as it supposed occurred some years ago, the US breaks this kind of story when it knows it will shortly be fingered for doing the same (the US did a demo SCADA attack for the media before the STUXNET story broke), if it was done it would have only been on select machines etc. etc.
Euractiv: Apple, Amazon deny Bloomberg report on Chinese hardware attack
There was a headlining (which of course I cannot find now*) saying that the US is calling on the UK, EU & Japan should get together and take on China economically. Why does the might US need help? It's quite an admission. This is at the same time that the US is targeting EU companies that do business with Russia and also telling Brussels that they do not agree with its very modest proposals for WTO reform.** There's no balance. They're all over the place, no to mention their spokespersons going tonto and shooting off their mouths so casually (US NATO Amb).
The more you look at all the current revelations, who they are made by, the way they are all being fed to the press and the demands now being made, it looks more and more that the Euro-Atfantacists are making another concerted and desperate campaign to retain some sort of influence. The UK is leaving the EU. Even if it rejoins, it won't be a 'special partner'. The fact that the USA-insane Netherlands and the UK are running their stories together shows us that the target is the rest of Europe, just as outgoing Pres of the EU J-C Juncker has said that Europe's best interests are with a security treaty with Russia. BTW, Finland's Stubb is putting himself forward to replace Juncker
* et voila! US, EU should 'clean the house' and deal with China – US ambassador
** US says it cannot support some of EU's ideas for WTO reform
Oct 07, 2018 | freethoughtblogs.com
Bob Moore asks me to comment on an article about propaganda and security/intelligence. [ article ] This is going to be a mixture of opinion and references to facts; I'll try to be clear which is which.
Yesterday several NATO countries ran a concerted propaganda campaign against Russia. The context for it was a NATO summit in which the U.S. presses for an intensified cyberwar against NATO's preferred enemy.
On the same day another coordinated campaign targeted China. It is aimed against China's development of computer chip manufacturing further up the value chain. Related to this is U.S. pressure on Taiwan, a leading chip manufacturer, to cut its ties with its big motherland.
It is true that the US periodically makes a big push regarding "messaging" about hacking. Whether or not it constitutes a "propaganda campaign" depends on how we choose to interpret things and the labels we attach to them -- "propaganda campaign" has a lot of negative connotations and one person's "outreach effort" is an other's "propaganda." An ultra-nationalist or an authoritarian submissive who takes the government's word for anything would call it "outreach."
There has been an ongoing campaign on the part of the US, to get out the idea that China, Russia, North Korea, and Iran have massive armies of hackers that are constantly looking to steal American secrets. The absurdity of the US' claims is pretty obvious. As I pointed out in my book The Myth of Homeland Security (2004) [ wc ] claims such as that the Chinese had "40,000 highly trained hackers" are flat-out absurd and ignore the reality of hacking; that's four army corps. Hackers don't engage in "human wave" attacks.
"The Great US/China Cyberwar of 2010" is one cyberwar that didn't happen, but was presaged with a run-up of lots of claims that the Chinese were hacking all over the place. I'm perfectly willing to accept the possibility that there was Chinese hacking activity, but in the industry there was no indication of an additional level of attack or significance.
One thing that did happen in 2010 around the same time as the nonexistent cyberwar was China and Russia proposed trilateral talks with the US to attempt to define appropriate limits on state-sponsored hacking. The US flatly rejected the proposal, but there was virtually no coverage of that in the US media at the time. The UN also called for a cyberwar treaty framework, and the effort was killed by the US. [ wired ] What's fascinating and incomprehensible to me is that, whenever the US feels that its ability to claim pre-emptive cyberwar is challenged, it responds with a wave of claims about Chinese (or Russian or North Korean) cyberwar aggression.
John Negroponte, former director of US intelligence, said intelligence agencies in the major powers would be the first to "express reservations" about such an accord.
US ideology is that "we don't start wars" -- it's always looking for an excuse to go to war under the rubric of self-defense, so I see these sorts of claims as justification in advance for unilateral action. I also see it as a sign of weakness; if the US were truly the superpower it claims it is, it would simply accept its imperial mantle and stop bothering to try to justify anything. I'm afraid we may be getting close to that point.
My assumption has always been that the US is projecting its own actions on other nations. At the time when the US was talking the loudest about Chinese cyberwar, the US and Israel had launched STUXNET against the Iranian enrichment plant at Natanz, and the breeder reactor at Bushehr (which happens to be just outside of a large city; the attack took some of its control systems and backup generators offline). Attacks on nuclear power facilities are a war crime under international humanitarian law, which framework the US is signatory to but has not committed to actually follow. This sort of activity happens at the same time that the US distributes talking-points to the media about the danger of Russian hackers crashing the US power grid. I don't think we can psychoanalyze an entire government and I think psychoanalysis is mostly nonsense -- but it's tempting to accuse the US of "projection."
The anti-Russian campaign is about alleged Russian spying, hacking and influence operations. Britain and the Netherland took the lead. Britain accused Russia's military intelligence service (GRU) of spying attempts against the Organisation for the Prohibition of Chemical Weapons (OPCW) in The Hague and Switzerland, of spying attempts against the British Foreign Office, of influence campaigns related to European and the U.S. elections, and of hacking the international doping agency WADA. British media willingly helped to exaggerate the claims: [ ]
The Netherland [sic] for its part released a flurry of information about the alleged spying attempts against the OPCW in The Hague. It claims that four GRU agents traveled to The Hague on official Russian diplomatic passports to sniff out the WiFi network of the OPCW. (WiFi networks are notoriously easy to hack. If the OPCW is indeed using such it should not be trusted with any security relevant issues.) The Russian officials were allegedly very secretive, even cleaning out their own hotel trash, while they, at the same, time carried laptops with private data and even taxi receipts showing their travel from a GRU headquarter in Moscow to the airport. Like in the Skripal/Novichok saga the Russian spies are, at the same time, portrayed as supervillains and hapless amateurs. Real spies are neither.
The U.S. Justice Department added to the onslaught by issuing new indictments (pdf) against alleged GRU agents dubiously connected to several alleged hacking incidents . As none of those Russians will ever stand in front of a U.S. court the broad allegations will never be tested.
There's a lot there, and I think the interpretation is a bit over-wrought, but it's mostly accurate. The US and the UK (and other NATO allies, as necessary) clearly coordinate when it comes to talking points. Claims of Chinese cyberwar in the US press will be followed by claims in the UK and Australian press, as well. My suspicion is that this is not the US Government and UK Government coordinating a story -- it's the intelligence agencies doing it. My opinion is that the intelligence services are fairly close to a "deep state" -- the CIA and NSA are completely out of control and the CIA has gone far toward building its own military, while the NSA has implemented completely unrestricted surveillance worldwide.
All of this stuff happens against the backdrop of Klein, Binney, Snowden, and the Vault 7 revelations, as well as solid attribution identifying the NSA as "equation group" and linking the code-tree of NSA-developed malware to STUXNET, FLAME, and DUQU. While the attribution that "Fancy Bear is the GRU" has been made and is probably fairly solid, the attribution of NSA malware and CIA malware is rock solid; the US has even admitted to deploying STUXNET -- Obama bragged about it. When Snowden's revelations outlined how the NSA had eavesdropped on Angela Merkel's cellphone, the Germans expressed shock and Barack Obama remarkably truthfully said "that's how these things are done" and blew the whole thing off by saying that the NSA wasn't eavesdropping on Merkel any more. [ bbc ]
It's hard to keep score because everything is pretty vague, but it sounds like the US has been dramatically out-spending and out-acting the other nations that it accuses of being prepared for cyberwar. I tend to be extremely skeptical of US claims because: bomber gap, missile gap, gulf of Tonkin, Iraq WMD, Afghanistan, Libya and every other aggressive attack by the US which was blamed on its target. The reason I assume the US is the most aggressive actor in cyberspace is because the US has done a terrible job of protecting its tool-sets and operational security: it's hard not to see the US is prepared for cyberwar, when both the NSA and the CIA leak massive collections of advanced tools.
Meanwhile, where are the leaks of Russian and Chinese tools? They have been few and far between, if there have been any at all. Does this mean that the Russians and Chinese have amazingly superior tradecraft, if not tools? I don't know. My observation is that the NSA and CIA have been horribly sloppy and have clearly spent a gigantic amount of money preparing to compromise both foreign and domestic systems -- that's bad enough. With friends like the NSA and CIA, who needs Russians and Chinese?
The article does not have great depth to its understanding of the situation, I'm afraid. So it comes off as a bit heavy on the recent news while ignoring the long-term trends. For example:
The allegations of Chinese supply chain attacks are of course just as hypocritical as the allegations against Russia. The very first know case of computer related supply chain manipulation goes back to 1982 :
A CIA operation to sabotage Soviet industry by duping Moscow into stealing booby-trapped software was spectacularly successful when it triggered a huge explosion in a Siberian gas pipeline, it emerged yesterday.
I wrote a piece about the "Farewell Dossier" in 2004. [ mjr ] Re-reading it, it comes off as skeptical but waffly. I think that it's self-promotion by the CIA and exaggerates considerably ("look how clever we are!") at a time when the CIA was suffering an attention and credibility deficit after its shitshow performance under George Tenet. But the first known cases of computer related supply chain manipulation go back to the 70s and 80s -- the NSA even compromised Crypto AG's Hagelin M-209 system (a mechanical ciphering machine) in order to read global communications encrypted with that product. You can imagine Crypto AG's surprise when the Iranian secret police arrested one of their sales reps for selling backdoor'd crypto -- the NSA had never told them about the backdoor, naturally. The CIA was also on record for producing Xerox machines destined for the USSR, which had recorders built into them So, while the article is portraying the historical sweep of NSA dirty tricks, they're only looking at the recent ones. Remember: the NSA also weakened the elliptic curve crypto library in RSA's Bsafe implementation, paying RSADSI $13 million to accept their tweaked code.
Why haven't we been hearing about the Chinese and Russians doing that sort of thing? There are four options:
- The Russians and Chinese are doing it, they're just so darned good nobody has caught them until just recently.
- The Russians and Chinese simply resort to using existing tools developed by the hacking/cybercrime community and rely on great operational security rather than fancy tools.
- The Russian and Chinese efforts are relatively tiny compared to the massive efforts the US expends tens of billions of dollars on. The US spends about $50bn on its intelligence agencies, while the entire Russian Department of Defense budget is about $90bn (China is around $139bn) -- maybe the Russians and Chinese have such a small footprint because they are much smaller operations?
- Something else.
That brings us to the recent kerfuffle about taps on the Supermicro motherboards. That's not unbelievable at all -- not in a world where we discover that Intel has built a parallel management CPU into every CPU since 2008, and that there is solid indications that other processors have similar backdoors.
Was the Intel IME a "backdoor" or just "a bad idea"? Well, that's tricky. Let me put my tinfoil hat on: making a backdoor look like a sloppily developed product feature would be the competent way to write a backdoor. Making it as sneaky as the backdoor in the Via is unnecessary -- incompetence is eminently believable.&
I believe all of these stories (including the Supermicro) are the tip of a great big, ugly iceberg. The intelligence community has long known that software-only solutions are too mutable, and are easy to decompile and figure out. They have wanted to be in the BIOS of systems -- on the motherboard -- for a long time. If you go back to 2014, we have disclosures about the NSA malware that hides in hard drive BIOS: [ vice ] [ vice ] That appears to have been in progress around 2000/2001.
Of note, the group recovered two modules belonging to EquationDrug and GrayFish that were used to reprogram hard drives to give the attackers persistent control over a target machine. These modules can target practically every hard drive manufacturer and brand on the market, including Seagate, Western Digital, Samsung, Toshiba, Corsair, Hitachi and more. Such attacks have traditionally been difficult to pull off, given the risk in modifying hard drive software, which may explain why Kaspersky could only identify a handful of very specific targets against which the attack was used, where the risk was worth the reward.But Equation Group's malware platforms have other tricks, too. GrayFish, for example, also has the ability to install itself into computer's boot record -- software that loads even before the operating system itself -- and stores all of its data inside a portion of the operating system called the registry, where configuration data is normally stored.
EquationDrug was designed for use on older Windows operating systems, and "some of the plugins were designed originally for use on Windows 95/98/ME" -- versions of Windows so old that they offer a good indication of the Equation Group's age.
This is not a very good example of how to establish a "malware gap" since it just makes the NSA look like they are incapable of keeping a secret. If you want an idea how bad it is, Kaspersky labs' analysis of the NSA's toolchain is a good example of how to do attribution correctly. Unfortunately for the US agenda, that solid attribution points toward Fort Meade in Maryland. [kaspersky]
Let me be clear: I think we are fucked every which way from the start. With backdoors in the BIOS, backdoors on the CPU, and wireless cellular-spectrum backdoors, there are probably backdoors in the GPUs and the physical network controllers, as well. Maybe the backdoors in the GPU come from the GRU and maybe the backdoors in the hard drives come from NSA, but who cares? The upshot is that all of our systems are so heinously compromised that they can only be considered marginally reliable. It is, literally, not your computer: it's theirs. They'll let you use it so long as your information is interesting to them.
Do I believe the Chinese are capable of doing such a thing? Of course. Is the GRU? Probably. Mossad? Sure. NSA? Well-documented attribution points toward NSA. Your computer is a free-fire zone. It has been since the mid 1990s, when the NSA was told "no" on the Clipper chip and decided to come up with its own Plan B, C, D, and E. Then, the CIA came up with theirs. Etc. There are probably so many backdoors in our systems that it's a miracle it works at all.
From my 2012 RSA conference lecture "Cyberwar, you're doing it wrong."
The problem is that playing in this space is the purview of governments. Nobody in the cybercrime or hacking world need tools like these. The intelligence operatives have huge budgets, compared to a typical company's security budget, and it's unreasonable to expect any business to invest such a level of effort on defending itself. So what should companies do? They should do exactly what they are doing: expect the government to deal with it; that's what governments are for. The problem with that strategy is that their government isn't on their side, either! It's Hobbes' playground.
In case you think I am engaging in hyperbole, I assure you I am not. If you want another example of the lengths (and willingness to bypass the law) "they" are willing to go, consider 'stingrays' that are in operation in every major US city and outside of every interesting hotel and high tech park. Those devices are not passive -- they actively inject themselves into the call set-up between your phone and your carrier -- your data goes through the stingray, or it doesn't go at all. If there are multiple stingrays, then your latency goes through the roof. "They" don't care. Are the stingrays NSA, FBI, CIA, Mossad, GRU, or PLA? Probably a bit of all of the above depending on where and when.
Whenever the US gets caught with its pants down around its ankles, it blames the Chinese or the Russians because they have done a good job of building the idea that the most serious hackers on the planet at the Chinese. I don't believe that we're seeing complex propaganda campaigns that are tied to specific incidents -- I think we see ongoing organic propaganda campaigns that all serve the same end: protect the agencies, protect their budgets, justify their existence, and downplay their incompetence.
So, with respect to "propaganda" I would say that the US intelligence community has been consistently pushing a propaganda agenda against the US government, and the citizens in order to justify its actions and defend its budget.
The government also engages in propaganda, and is influenced by the intelligence community's propaganda as well. And the propaganda campaigns work because everyone involved assumes, "well, given what the NSA has been able to do, I should assume the Chinese can do likewise." That's a perfectly reasonable assumption and I think it's probably true that the Chinese have capabilities. The situation is what Chuck Spinney calls "A self-licking ice cream cone" -- it's a justifying structure that makes participation in endless aggression seem like a sensible thing to do. And, when there's inevitably a disaster, it's going to be like a cyber-9/11 and will serve as a justification for even more unrestrained aggression.
Want to see what it looks like? A thousand thanks to Commentariat member [redacted] for this link. If you don't like video, there's an article here. [ toms ]
Is this an NSA backdoor, or normal incompetence? Is Intel Management Engine an NSA-inspired backdoor, or did some system engineers at Intel think that was a good idea? There are other scary indications of embedded compromise: the CIA's Vault7 archive included code that appeared to be intended to embed in the firmware of "smart" flatscreen TVs. That would make every LG flat panel in every hotel room, a listening device just waiting to be turned on.
We know the Chinese didn't do that particular bug but why wouldn't they do something similar, in something else? China is the world's oldest mature culture -- they literally wrote the book on strategy -- Americans acting as though it's a great surprise to learn that the Chinese are not stupid, it's just the parochialism of a 250 year-old culture looking at a 3,000 year-old culture and saying "wow, you guys haven't been asleep at the switch after all!"
WIRED on cyberspace treaties [ wired ]Comments
Pierce R. Butler says
October 6, 2018 at 1:31 pm
What little I've been able to find out the new Trump™ cybersecurity plan is that it doesn't involve any defense, just massive retribution against (perceived) foes.
Funny how those obsessed with "false flag" operations work so hard to invite more of same.
Marcus Ranum says
October 6, 2018 at 2:28 pm
Pierce R. Butler@#1:
What little I've been able to find out the new Trump™ cybersecurity plan is that it doesn't involve any defense, just massive retribution against (perceived) foes.
Yes. Since 2001, as far as most of us can tell, federal cybersecurity spend has been 80% offense, 20% defense. And a lot of the offensive spend has been aimed at We, The People.
Cat Mara says
October 6, 2018 at 5:20 pm
Your mention of Operation Sundevil and Kevin Mitnick in a previous post made me think that maybe the reason we haven't seen the kind of leaks from the Russian and Chinese hacking operations that we've seem from the NSA is that they're running a "Kevin Mitnick style" operation; that is, relying less on technical solutions and using instead old-fashioned "social engineering" and other low-tech forms of espionage (like running troll farms on social media). I mean, I've seen interviews with retired US intelligence people since the 90s complain that since the late 1980s, the intelligence agencies have been crippled by management in love with hi-tech "SIGINT" solutions to problems that never deliver and neglecting old-fashioned "HUMINT" intelligence-gathering.
The thing is, Kevin Mitnick got away with a lot of what he did because people didn't take security seriously then, and still don't. On a similar nostalgia vibe, I remember reading an article by Keith Bostic (one of the researchers who helped in the analysis of the Morris worm that took down a significant chunk of the Internet back in 1988) where he did a follow-up a year or so afterwards and some depressing number of organisations that had been hit by it still hadn't patched the holes that had let the worm infect them in the first place.
Marcus Ranum says
October 6, 2018 at 9:20 pm
Your mention of Operation Sundevil and Kevin Mitnick in a previous post made me think that maybe the reason we haven't seen the kind of leaks from the Russian and Chinese hacking operations that we've seem from the NSA is that they're running a "Kevin Mitnick style" operation; that is, relying less on technical solutions and using instead old-fashioned "social engineering" and other low-tech forms of espionage (like running troll farms on social media).
I think that's right, to a high degree. What if Edward Snowden was an agent provocateur instead of a well-meaning naive kid? A tremendous amount of damage could be done, as well as stealing the US' expensive toys. The Russians have been very good at doing exactly that sort of operation, since WWII. The Chinese are, if anything, more subtle than the Russians.
The Chinese attitude, as expressed to me by someone who might be a credible source is, "why are you picking a fight with us? We don't care, you're too far away for us to threaten you, we both have loads of our own fish to fry. To them, the US is young, hyperactive, and stupid.
The FBI is not competent, at all, against old-school humint intelligence-gathering. Compared to the US' cyber-toys, the old ways are probably more efficient and cost effective. China's intelligence community is also much more team-oriented than the CIA/NSA; they're actually a disciplined operation under the strategic control of policy-makers. That, by the way, is why Russians and Chinese stare in amazement when Americans ask things like "Do you think Putin knew about this?" What a stupid question! It's an autocracy; they don't have intelligence operatives just going an deciding "it's a nice day to go to England with some Novichok." The entire American attitude toward espionage lacks maturity.
On a similar nostalgia vibe, I remember reading an article by Keith Bostic (one of the researchers who helped in the analysis of the Morris worm that took down a significant chunk of the Internet back in 1988) where he did a follow-up a year or so afterwards and some depressing number of organisations that had been hit by it still hadn't patched the holes that had let the worm infect them in the first place.
That as an exciting time. We were downstream from University of Maryland, which got hit pretty badly. Pete Cottrel and Chris Torek from UMD were also in on Bostic's dissection. We were doing uucp over TCP for our email (that changed pretty soon after the worm) and our uucp queue blew up. I cured the worm with a reboot into single-user mode and a quick 'rm -f' in the uucp queue.
Bob Moore says
October 7, 2018 at 9:18 am
Thanks. I appreciate your measured analysis and the making explicit of the bottom line: " agencies, protect their budgets, justify their existence, and downplay their incompetence."
Oct 05, 2018 | www.moonofalabama.org
daffyDuct , Oct 5, 2018 8:35:21 PM | linkThe SuperMicro chips may be an alleged use of the Intel Management Engine (or the AMD equivalent).
From Bloomberg: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
"In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips' operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board's temporary memory en route to the server's central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.
The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off."
From Wikipedia: https://en.wikipedia.org/wiki/Intel_Management_Engine
"The Intel Management Engine (ME), also known as the Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. The subsystem primarily consists of proprietary firmware running on a separate microprocessor that performs tasks during boot-up, while the computer is running, and while it is asleep.As long as the chipset or SoC is connected to current (via battery or power supply), it continues to run even when the system is turned off. Intel claims the ME is required to provide full performance. Its exact workings are largely undocumented and its code is obfuscated using confidential huffman tables stored directly in hardware, so the firmware does not contain the information necessary to decode its contents. Intel's main competitor AMD has incorporated the equivalent AMD Secure Technology (formally called Platform Security Processor) in virtually all of its post-2013 CPUs.
The Electronic Frontier Foundation (EFF) and security expert Damien Zammit accuse the ME of being a backdoor and a privacy concern. Zammit states that the ME has full access to memory (without the parent CPU having any knowledge); has full access to the TCP/IP stack and can send and receive network packets independent of the operating system, thus bypassing its firewall. Intel asserts that it "does not put back doors in its products" and that its products do not "give Intel control or access to computing systems without the explicit permission of the end user."
Oct 04, 2018 | it.slashdot.org
Taco Cowboy ( 5327 ) , Tuesday May 29, 2012 @12:17AM ( #40139317 ) JournalIt's a scam !! ( Score: 5 , Informative)
http://erratasec.blogspot.com/2012/05/bogus-story-no-chinese-backdoor-in.html [blogspot.com]Bogus story: no Chinese backdoor in military chip"Today's big news is that researchers have found proof of Chinese manufacturers putting backdoors in American chips that the military uses. This is false. While they did find a backdoor in a popular FPGA chip, there is no evidence the Chinese put it there, or even that it was intentionally malicious.
Furthermore, the Actel ProAsic3 FPGA chip isn't fabricated in China at all !!jhoegl ( 638955 ) , Monday May 28, 2012 @01:30PM ( #40136003 )khasim ( 1285 ) writes: < email@example.com > on Monday May 28, 2012 @01:48PM ( #40136097 )Fear mongering ( Score: 5 , Insightful)
It sells...Particularly in a press release like that. ( Score: 5 , Insightful)
That entire article reads more like a press release with FUD than anything with any facts.
Which US customer?
No facts and LOTS of claims. It's pure FUD.
(Not that this might not be a real concern. But the first step is getting past the FUD and marketing materials and getting to the real facts.)ArsenneLupin ( 766289 ) , Tuesday May 29, 2012 @01:11AM ( #40139489 )Re:Particularly in a press release like that. ( Score: 5 , Informative)
A quick google showed that that this is indeed the chip, but the claims are "slightly" overblown [blogspot.com]Anonymous Coward , Monday May 28, 2012 @02:14PM ( #40136273 )Most likely inserted by Microsemi/Actel not fab ( Score: 5 , Informative)
1) Read the paper http://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf
2) This is talking about FPGAs designed by Microsemi/Actel.
3) The article focuses on the ProAsic3 chips but says all the Microsemi/Actel chips tested had the same backdoor including but not limited to Igloo, Fusion and Smartfusion.
4) FPGAs give JTAG access to their internals for programming and debugging but many of the access methods are proprietary and undocumented. (security through obscurity)
5) Most FPGAs have features that attempt to prevent reverse engineering by disabling the ability to read out critical stuff.
6) These chips have a secret passphrase (security through obscurity again) that allows you to read out the stuff that was supposed to be protected.
7) These researchers came up with a new way of analyzing the chip (pipeline emission analysis) to discover the secret passphrase. More conventional analysis (differential power analysis) was not sensitive enough to reveal it.
This sounds a lot (speculation on my part) like a deliberate backdoor put in for debug purposes, security through obscurity at it's best. It doesn't sound like something secret added by the chip fab company, although time will tell. Just as embedded controller companies have gotten into trouble putting hidden logins into their code thinking they're making the right tradeoff between convenience and security, this hardware company seems to have done the same.
Someone forgot to tell the marketing droids though and they made up a bunch of stuff about how the h/w was super secure.JimCanuck ( 2474366 ) , Monday May 28, 2012 @04:45PM ( #40137217 )Re:Most likely inserted by Microsemi/Actel not fab ( Score: 5 , Interesting)
I don't think anyone fully understands JTAG, there are a lot of different versions of it mashed together on the typical hardware IC. Regardless if its a FPGA, microcontroller or otherwise. The so called "back door" can only be accessed through the JTAG port as well, so unless the military installed a JTAG bridge to communicate to the outside world and left it there, well then the "backdoor" is rather useless.
Something that can also be completely disabled by setting the right fuse inside the chip itself to disable all JTAG connections. Something that is considered standard practice on IC's with a JTAG port available once assembled into their final product and programmed.
Plus according to Microsemi's own website, all military and aerospace qualified versions of their parts are still made in the USA. So this "researcher" used commercial parts, which depending on the price point can be made in the plant in Shanghai or in the USA at Microsemi's own will.
The "researcher" and the person who wrote the article need to spend some time reading more before talking.emt377 ( 610337 ) , Monday May 28, 2012 @07:02PM ( #40137873 )Re:Most likely inserted by Microsemi/Actel not fab ( Score: 4 , Insightful)The so called "back door" can only be accessed through the JTAG port as well, so unless the military installed a JTAG bridge to communicate to the outside world and left it there, well then the "backdoor" is rather useless.
With pin access to the FPGA it's trivial to hook it up, no bridges or transceivers needed. If it's a BGA then get a breakout/riser board that provides pin access. This is off-the-shelf stuff. This means if the Chinese military gets their hands on the hardware they can reverse engineer it. They won't have to lean very hard on the manufacturer for them to cough up every last detail. In China you just don't say no to such requests if you know what's good for you and your business.JimCanuck ( 2474366 ) , Monday May 28, 2012 @11:05PM ( #40139083 )Re:Most likely inserted by Microsemi/Actel not fab ( Score: 4 , Interesting)Not being readable even when someone has the device in hand is exactly what these secure FPGAs are meant to protect against!
It's not a non-issue. It's a complete failure of a product to provide any advantages over non-secure equivalents.
You clearly have NOT used a FPGA or similar. First the ProASIC3 the article focuses on is the CHEAPEST product in the product line (some of that model line reach down to below a dollar each). But beyond that
... Devices are SECURED by processes, such as blowing the JTAG fuses in the device which makes them operation only, and unreadable. They are secureable, if you follow the proper processes and methods laid out by the manufacturer of the specific chip.
Just because a "research paper" claims there is other then standard methods of JTAG built into the JTAG doesn't mean that the device doesn't secure as it should, nor does it mean this researcher who is trying to peddle his own product is anything but biased in this situation.nospam007 ( 722110 ) * , Monday May 28, 2012 @02:39PM ( #40136445 )Re:What did the military expect? ( Score: 4 , Interesting)
"Even if this case turns out to be a false alarm, allowing a nation that you repeatedly refer to as a 'near-peer competitor' to build parts of your high-tech weaponry is idiotic."
Not to mention the non-backdoor ones.
'Bogus electronic parts from China have infiltrated critical U.S. defense systems and equipment, including Navy helicopters and a commonly used Air Force cargo aircraft, a new report says.'
http://articles.dailypress.com/2012-05-23/news/dp-nws-counterfeit-chinese-parts-20120523_1_fake-chinese-parts-counterfeit-parts-air-force-c-130j [dailypress.com]0123456 ( 636235 ) , Monday May 28, 2012 @02:04PM ( #40136219 )Re:Should only buy military components from allies ( Score: 3 , Funny)The US military should have a strict policy of only buying military parts from sovereign, free, democratic countries with a long history of friendship, such as Israel, Canada, Europe, Japan and South Korea.
Didn't the US and UK governments sell crypto equipment they knew they could break to their 'allies' during the Cold War?tlhIngan ( 30335 ) writes: < slashdot@[ ]f.net ['wor' in gap] > on Monday May 28, 2012 @03:30PM ( #40136781 )Re:Should only buy military components from allies ( Score: 5 , Insightful)Second problem.... 20 years ago the DOD had their own processor manufacturing facilities, IC chips, etc. They were shut down in favor of commercial equipment because some idiot decided it was better to have an easier time buying replacement parts at Radioshack than buying quality military-grade components that could last in austere environments. (Yes, speaking from experience). Servers and workstations used to be built from the ground up at places like Tobyhanna Army Depot. Now, servers and workstations are bought from Dell.
Fabs are expensive. The latest generation nodes cost billions of dollars to set up and billions more to run. If they aren't cranking chips out 24/7, they're literally costing money. Yes, I know it's hte military, but I'm sure people have a hard time justifying $10B every few years just to fab a few chips. One of the biggest developments in the 90s was the development of foundries that let anyone with a few tens of millions get in the game of producing chips rather than requiring billions in startup costs. Hence the startup of tons of fabless companies selling chips.
OK, another option is to buy a cheap obsolete fab and make chips that way - much cheaper to run, but we're also talking maybe 10+ year old technology, at which point the chips are going to be slower and take more power.
Also, building your own computer from the ground up is expensive - either you buy the designs of your servers from say, Intel, or design your own. If you buy it, it'll be expensive and probably require your fab to be upgraded (or you get stuck with an old design - e.g., Pentium (the original) - which Intel bought back from the DoD because the DoD had been debugging it over the decade). If you went with the older cheaper fab, the design has to be modified to support that technology (you cannot just take a design and run with it - you have to adapt your chip to the foundry you use).
If you roll your own, that becomes a support nightmare because now no one knows the system.
And on the taxpayer side - I'm sure everyone will question why you're spending billions running a fab that's only used at 10% capacity - unless you want the DoD getting into the foundry business with its own issues.
Or, why is the military spending so much money designing and running its own computer architecture and support services when they could buy much cheaper machines from Dell and run Linux on them?
Hell, even if the DoD had budget for that, some bean counter will probably do the same so they can save money from one side and use it to buy more fighter jets or something.
30+ years ago, defense spending on electronics formed a huge part of the overall electronics spending. These days, defense spending is but a small fraction - it's far more lucrative to go after the consumer market than the military - they just don't have the economic clout they once had. End result is the military is forced to buy COTS ICs, or face stuff like a $0.50 chip costing easily $50 or more for same just because the military is a bit-player for semiconductors__aaltlg1547 ( 2541114 ) , Monday May 28, 2012 @02:29PM ( #40136361 )Genda ( 560240 ) writes: < <ten.tog> <ta> <teiram> > on Monday May 28, 2012 @03:46PM ( #40136857 ) JournalRe:Should only buy military components from allies ( Score: 2 )
Anybody remember Jonathan Pollard?Re:Should only buy military components from allies ( Score: 2 )
You do know that the Mossad has been caught stealing and collecting American Top Secrets. In fact most of the nations above save perhaps Canada have at one time or another been caught either spying on us, or performing dirty deeds cheap against America's best interest. I'd say for the really classified stuff, like the internal security devices that monitor everything else... homegrown only thanks, and add that any enterprising person who's looking to get paid twice by screwing with the hardware or selling secrets to certified unfriendlies get's to cools their heels for VERY LONG TIME.NixieBunny ( 859050 ) , Monday May 28, 2012 @01:34PM ( #40136025 ) HomepageThe actual article ( Score: 5 , Informative)
The original article is here. [cam.ac.uk] It refers to an Actel ProAsic3 chip, which is an FPGA with internal EEPROM to store the configuration.Anonymous Coward , Monday May 28, 2012 @02:09PM ( #40136249 )Re:The actual article ( Score: 5 , Interesting)
From your much more useful link,We investigated the PA3 backdoor problem through Internet searches, software and hardware analysis and found that this particular backdoor is not a result of any mistake or an innocent bug, but is instead a deliberately inserted and well thought-through backdoor that is crafted into, and part of, the PA3 security system. We analysed other Microsemi/Actel products and found they all have the same deliberate backdoor. Those products include, but are not limited to: Igloo, Fusion and Smartfusion.we have found that the PA3 is used in military products such as weapons, guidance, flight control, networking and communications. In industry it is used in nuclear power plants, power distribution, aerospace, aviation, public transport and automotive products. This permits a new and disturbing possibility of a large scale Stuxnet-type attack via a network or the Internet on the silicon itself. If the key is known, commands can be embedded into a worm to scan for JTAG, then to attack and reprogram the firmware remotely.
emphasis mine. Key is retrieved using the backdoor. Frankly, if this is true, Microsemi/Actel should get complete ban from all government contracts, including using their chips in any item build for use by the government.NixieBunny ( 859050 ) , Monday May 28, 2012 @02:44PM ( #40136487 ) HomepageRe:The actual article ( Score: 3 )
I would not be surprised if it's a factory backdoor that's included in all their products, but is not documented and is assumed to not be a problem because it's not documented.
With regard to reprogramming the chip remotely or by the FPGA itself via the JTAG port: A secure system is one that can't reprogram itself.
When I was designing VMEbus computer boards for a military subcontractor many years ago, every board had a JTAG connector that required the use of another computer with a special cable plugged into the board to perform reprogramming of the FPGAs. None of this update-by-remote-control crap.Blackman-Turkey ( 1115185 ) , Monday May 28, 2012 @02:19PM ( #40136305 )Re:The actual article ( Score: 3 , Informative)
No source approved [dla.mil] for Microsemi (Actel) qualified chips in China. If you use non-approved sources then, well, shit happens (although how this HW backdoor would be exploited is kind of unclear).
It seems that People's Republic of China has been misidentified with Taiwan (Republic of China).6031769 ( 829845 ) , Monday May 28, 2012 @01:35PM ( #40136031 ) Homepage JournalWait and see ( Score: 5 , Informative)
Either the claims will be backed up by independently reproduced tests or they won't. But, given his apparent track record in this area and the obvious scrutiny this would bring, Skorobogatov must have been sure of his results before announcing this.
Here's his publications list from his University home page, FWIW: http://www.cl.cam.ac.uk/~sps32/#Publications [cam.ac.uk]Anonymous Coward , Monday May 28, 2012 @01:36PM ( #40136039 )samzenpus will be looking for a new job soon ( Score: 3 , Funny)Even though this story has been blowing-up on Twitter, there are a few caveats. The backdoor doesn't seem to have been confirmed by anyone else, Skorobogatov is a little short on details, and he is trying to sell the scanning technology used to uncover the vulnerability.
Hey hey HEY! You stop that right this INSTANT, samzenpus! This is Slashdot! We'll have none of your "actual investigative research" nonsense around here! Fear mongering to sell ad space, mister, and that's ALL! Now get back to work! We need more fluffy space-filling articles like that one about the minor holiday labeling bug Microsoft had in the UK! That's what we want to see more of!laing ( 303349 ) , Monday May 28, 2012 @02:08PM ( #40136243 )Requires Physical Access ( Score: 5 , Informative)
The back-door described in the white paper requires access to the JTAG (1149.1) interface to exploit. Most deployed systems do not provide an active external interface for JTAG. With physical access to a "secure" system based upon these parts, the techniques described in the white paper allow for a total compromise of all IP within. Without physical access, very little can be done to compromise systems based upon these parts.vlm ( 69642 ) , Monday May 28, 2012 @03:34PM ( #40136807 )Where was it designed in? ( Score: 3 )
Where was this undocumented feature/bug designed in? I see plenty of "I hate China" posts, it would be quite hilarious if the fedgov talked the US mfgr into adding this backdoor, then the Chinese built it as designed. Perhaps the plan all along was to blame the Chinese if they're caught.
These are not military chips. They are FPGAs that happen to be used occasionally for military apps. Most of them are sold for other, more commercially exploitable purposes.time961 ( 618278 ) , Monday May 28, 2012 @03:51PM ( #40136887 )Big risk is to "secret sauce" for comms & cryp ( Score: 5 , Informative)
This is a physical-access backdoor. You have to have your hands on the hardware to be able to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a mechanism that requires use of a special connector on the circuit board to connect to a dedicated JTAG port that is simply neither used nor accessible in anything resembling normal operation.
That said, it's still pretty bad, because hardware does occasionally end up in the hands of unfriendlies (e.g., crashed drones). FPGAs like these are often used to run classified software radio algorithms with anti-jam and anti-interception goals, or to run classified cryptographic algorithms. If those algorithms can be extracted from otherwise-dead and disassembled equipment, that would be bad--the manufacturer's claim that the FPGA bitstream can't be extracted might be part of the system's security certification assumptions. If that claim is false, and no other counter-measures are place, that could be pretty bad.
Surreptitiously modifying a system in place through the JTAG port is possible, but less of a threat: the adversary would have to get access to the system and then return it without anyone noticing. Also, a backdoor inserted that way would have to co-exist peacefully with all the other functions of the FPGA, a significant challenge both from an intellectual standpoint and from a size/timing standpoint--the FPGA may just not have enough spare capacity or spare cycles. They tend to be packed pretty full, 'coz they're expensive and you want to use all the capacity you have available to do clever stuff.Fnord666 ( 889225 ) , Monday May 28, 2012 @09:16PM ( #40138557 ) JournalRe:Big risk is to "secret sauce" for comms & c ( Score: 4 , Insightful)This is a physical-access backdoor. You have to have your hands on the hardware to be able to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a mechanism that requires use of a special connector on the circuit board to connect to a dedicated JTAG port that is simply neither used nor accessible in anything resembling normal operation.
Surreptitiously modifying a system in place through the JTAG port is possible, but less of a threat: the adversary would have to get access to the system and then return it without anyone noticing.
As someone else mentioned in another post, physical access can be a bit of a misnomer. Technically all that is required is for a computer to be connected via the JTAG interface in order to exploit this. This might be a diagnostic computer for example. If that diagnostic computer were to be infected with a targeted payload, there is your physical access.nurb432 ( 527695 ) , Monday May 28, 2012 @02:43PM ( #40136477 ) Homepage Journalrtfa-troll ( 1340807 ) , Monday May 28, 2012 @03:22PM ( #40136743 )Re:Is it called JTAG? ( Score: 2 )
I agree it most likely wasn't malicious, but its more than careless, its irresponsible, especially when dealing with military contracts.Re:No China link yet, probably a US backdoor ( Score: 2 )There is no China link to the backdoor yet.
The page with a link to the final paper actually does mention China. However, it's an American design from a US company. I suspect we will find the backdoor was in the original plans. It will be interesting to see however.
Oct 04, 2018 | www.zerohedge.com
Today, Bloomberg BusinessWeek published a story claiming that AWS was aware of modified hardware or malicious chips in SuperMicro motherboards in Elemental Media's hardware at the time Amazon acquired Elemental in 2015, and that Amazon was aware of modified hardware or chips in AWS's China Region.
As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.
There are so many inaccuracies in this article as it relates to Amazon that they're hard to count. We will name only a few of them here. First, when Amazon was considering acquiring Elemental, we did a lot of due diligence with our own security team, and also commissioned a single external security company to do a security assessment for us as well. That report did not identify any issues with modified chips or hardware. As is typical with most of these audits, it offered some recommended areas to remediate, and we fixed all critical issues before the acquisition closed. This was the sole external security report commissioned. Bloomberg has admittedly never seen our commissioned security report nor any other (and refused to share any details of any purported other report with us).
The article also claims that after learning of hardware modifications and malicious chips in Elemental servers, we conducted a network-wide audit of SuperMicro motherboards and discovered the malicious chips in a Beijing data center. This claim is similarly untrue. The first and most obvious reason is that we never found modified hardware or malicious chips in Elemental servers. Aside from that, we never found modified hardware or malicious chips in servers in any of our data centers. And, this notion that we sold off the hardware and datacenter in China to our partner Sinnet because we wanted to rid ourselves of SuperMicro servers is absurd. Sinnet had been running these data centers since we launched in China, they owned these data centers from the start, and the hardware we "sold" to them was a transfer-of-assets agreement mandated by new China regulations for non-Chinese cloud providers to continue to operate in China.
Amazon employs stringent security standards across our supply chain – investigating all hardware and software prior to going into production and performing regular security audits internally and with our supply chain partners. We further strengthen our security posture by implementing our own hardware designs for critical components such as processors, servers, storage systems, and networking equipment.
Security will always be our top priority. AWS is trusted by many of the world's most risk-sensitive organizations precisely because we have demonstrated this unwavering commitment to putting their security above all else. We are constantly vigilant about potential threats to our customers, and we take swift and decisive action to address them whenever they are identified.
– Steve Schmidt, Chief Information Security Officer
Trumptards are IDIOTs
CashMcCall , 5 hours agoCashMcCall , 5 hours ago
TRUMPTARDS have an enormous amount of surplus time on their hands to forward their Harry Potter Styled Conspiracies.
APPLE AND AMAZON DENIED THE STORY. STORY OVER... GET IT CREEPY?Urban Roman , 5 hours ago
While TRUMPTARDS were posting their Conspiracy Theories and the "TrumpEXPERTS" were embellishing the ridiculous story with their lavish accounts of chip bug design, I was enjoying a Bloomberg windfall.
Having confirmed early that the story was False since AMAZON and APPLE BOTH DENIED IT... and their stock was not moving, I turned to Supermicro which was plunging and down over 50%. I checked the options, and noted they were soft, so I put in bids for long shares and filled blocks at 9 from two accounts.
The moronic TRUMPTARD Conspiracy posts continued, Supermicro is now up over 13.
That is the difference between having a brain in your head or having TRUMPTARD **** FOR BRAINS...Chairman , 5 hours ago
On second thought, this story is just ********. Note that the BBG story never mentions the backdoors that were talked about for over a decade, nor did they mention Mr. Snowden's revelation that those backdoors do exist, and are being used, by the surveillance state.
Since the Chinese factories are manufacturing these things, they'd have all the specs and the blobs and whatever else they need, and would never require a super-secret hardware chip like this. Maybe this MITM chip exists, and maybe it doesn't. But there's nothing to keep China from using the ME on any recent Intel chip, or the equivalent on any recent AMD chip, anywhere.
The purpose of this article is to scare you away from using Huawei or ZTE for anything, and my guess is that it is because those companies did not include these now-standard backdoors in their equipment. Maybe they included Chinese backdoors instead, but again, they wouldn't need a tiny piece of hardware for this MITM attack, since modern processors are all defective by design.DisorderlyConduct , 4 hours ago
I think I will start implementing this as an interview question. If a job candidate is stupid enough to believe this **** then they will not work for me.Kendle C , 5 hours ago
Well, hmmm, could be. To update a PCB is actually really poor work. I would freak my biscuits if I received one of my PCBs with strange pads, traces or parts.
To substitute a part is craftier. To change the content of a part is harder, and nigh impossible to detect without xray.
Even craftier is to change VHDL code in an OTP chip or an ASIC. The package and internal structure is the same but the fuses would be burned different. No one would likely detect this unless they were specifically looking for it.AllBentOutOfShape , 5 hours ago
Well written propaganda fails to prove claims. Everybody in networking and IT knows that switches and routers have access to root, built in, often required by government, backdoors. Scripts are no big thing often used to speed up updates, backups, and troubleshooting. So when western manufacturers began shoveling their work to Taiwan and China, with them they sent millions of text files, including instructions for backdoor access, the means and technology (to do what this **** article is claiming) to modify the design, even classes with default password and bypass operations for future techs. We were shoveling hand over foot designs as fast as we could...all for the almighty dollar while stiffing American workers. So you might say greed trumped security and that fault lies with us. So stuff this cobbled together propaganda piece, warmongering ****.skunzie , 6 hours ago
ZH has definitely been co-oped. This is just the latest propaganda ******** article of the week they've come out with. I'm seeing more and more articles sourced from well known propaganda outlets in recent months.PrivetHedge , 6 hours ago
Reminds me of how the US pulled off covert espionage of the Russians in the 70's using Xerox copiers. The CIA inserted trained Xerox copy repairmen to handle repairs on balky copiers in Russian embassies, etc. When a machine was down the technician inserted altered motherboards which would transmit future copies directly to the CIA. This is a cautionary tale for companies to cover their achilles heel (weakest point) as that is generally the easiest way to infiltrate the unsuspecting company.CashMcCall , 6 hours ago
What another huge load of bollocks from our pharisee master morons.
I guess they think we're as stupid as they are.smacker , 7 hours ago
But but but the story came from one of the chosen money changers Bloomberg... everyone knows a *** would never lie or print a false story at the market openStinkbug 1 , 7 hours ago
With all the existing ***** chips and backdoors on our computers and smartphones planted by the CIA, NSA, M$, Goolag & friends, and now this chip supposedly from China, it won't be long before there's no space left in RAM and on mobos for the chips that actually make the device do what we bought it to do.I Write Code , 7 hours ago
this was going on 20 years ago when it was discovered that digital picture frames from china were collecting passwords and sending them back. it was just a test, so didn't get much press.
now they have the kinks worked out, and are ready for the coup de grace.ChecksandBalances , 7 hours ago
https://www.reddit.com/r/news/comments/9lac9k/china_used_a_tiny_chip_in_a_hack_that_infiltrated/?st=JMUNFMRR&sh=10c388fbFedPool , 7 hours ago
This story seemed to die. Did anyone find anything indicating someone on our side has actually got a look at the malicious chip, assuming it exists? Technical blogs have nothing, only news rags like NewsMaxx. If 30 companies had these chips surely someone has one. This might be one huge fake news story. Why Bloomberg would publish it is kind of odd.underlying , 7 hours ago
Probably a limited evaluation operation to gauge the population's appetite for war. Pentagram market research. They're probably hitting all of the comment sections around the web as we speak. Don't forget to wave 'hi'.
Heya warmongers. No, we don't want a war yet, k thanks.Urban Roman , 5 hours ago
Since were on the topic let's take a look at the scope hacking tools known to the general public known prior to the Supermicro Server Motherboard Hardware Exploit; (P.S. What the **** do you expect when you have Chinese state owned enterprises, at minimum quasi state owned enterprises in special economic development zones controlled by the Chinese communist party, building motherboards?)
Snowden NSA Leaks published in the gaurdian/intercept
Wikileaks Vault 7 etc....
Spector/Meltdown vulnerability exploits
Random list compiled by TC bitches
This does not include the private/corporate sector hacking pen testing resources and suites which are abundant and easily available to **** up the competition in their own right.
i.e., https://gbhackers.com/hacking-tools-list/Moribundus , 8 hours ago
Exactly. Why would they ever need a super-micro-man-in-the-middle-chip?
Maybe this 'chip' serves some niche in their spycraft, but the article in the keypost ignores a herd of elephants swept under the carpet, and concentrates on a literal speck of dust.Dr. Acula , 8 hours ago
A US-funded biomedical laboratory in Georgia may have conducted bioweapons research under the guise of a drug test, which claimed the lives of at least 73 subjects...new documents "allow us to take a fresh look" at outbreaks of African swine fever in southern Russia in 2007-2018, which "spread from the territory of Georgia into the Russian Federation, European nations and China. The infection strain in the samples collected from animals killed by the disease in those nations was identical to the Georgia-2007 strain." https://www.rt.com/news/440309-us-georgia-toxic-bioweapon-test/
"In a Senate testimony this past February, six major US intelligence heads warned that American citizens shouldn't use Huawei and ZTE products and services." - https://www.theverge.com/2018/5/2/17310870/pentagon-ban-huawei-zte-phones-retail-stores-military-bases
Are these the same intelligence agencies that complain about Russian collusion and cover up 9/11 and pizzagate?
Sep 04, 2018 | news.slashdot.orgmsmash on Tuesday September 04, 2018 @10:50AM from the how-about-that dept
West Virginia's Attorney General Patrick Morrisey, who's currently running for U.S. Senate, announced Tuesday that he's partnering with two local community and technical colleges to connect senior citizens with college students for free cybersecurity training .
The announcement comes amid rising cyber scams, many of which are targeted at elderly.
Sep 03, 2018 | www.moonofalabama.orgBM , Sep 3, 2018 12:54:15 PM | link
The US Department of Homeland Security fabricated "intelligence reports" of Russian election hacking in order to try to get control of the election infrastructure (probebly so that they can hack it more easily to control the election results).
How the Department of Homeland Security Created a Deceptive Tale of Russia Hacking US Voter Sites
Aug 22, 2018 | www.moonofalabama.org
librul | Aug 21, 2018 11:04:43 PM | 48
Can we see Microsoft's actions today as a salespitch?
https://www.nextgov.com/it-modernization/2018/07/pentagon-accepting-bids-its-controversial-10-billion-war-cloud/150059/The Defense Department on Thursday officially began accepting proposals for its highly-anticipated Joint Enterprise Defense Infrastructure cloud contract. The JEDI contract will be awarded to a single cloud provider -- an issue many tech companies rallied against -- and will be valued at up to $10 billion over 10 years, according to the final request for proposal. The contract itself will put a commercial company in charge of hosting and distributing mission-critical workloads and classified military secrets to warfighters around the globe in a single war cloud.
https://www.defenseone.com/technology/2018/08/someone-waging-secret-war-undermine-pentagons-huge-cloud-contract/150685/As some of the biggest U.S. technology companies have lined up to bid on the $10 billion contract to create a massive Pentagon cloud computing network, the behind-the-scenes war to win it has turned ugly.
In the running are Amazon Web Services, IBM and Microsoft. Winning this contract gives the winner an advantage in winning future related contracts.
Aug 02, 2018 | turcopolier.typepad.com
richardstevenhack -> Bill Herschel , a day agoYes, PostgreSQL is very good. It's open source, meaning the source code is available for inspection, so if there was anything suspicious about it, it would likely have been caught before now. Of course, bugs and security issues might well remain, regardless.
Russians make a lot of good software. Their computer training in universities has always been first rate.
This is similar to the big issue over the Kaspersky company, a major manufacturer of a high-quality antimalware suite, being Russian. The US has made it a big issue, passing regulations that prohibit US government offices from using it, forcing Kaspersky to consider moving to Switzerland. I don't think many people in the infosec community have any concerns about Kaspersky being Russian. They've been in the antimalware business for quite a while and always get top marks in the independent antimalware tests.
There was a big row over Kaspersky's software actually doing its job and detecting malware on an NSA officer's personal workstation at home, where he was conducting development in an unauthorized manner. The software did as it is designed, which is upload the suspicious software to Kaspersky's servers for analysis. This was represented by the US government as some sort of "spying for the Russian intelligence community" by Kaspersky. The US government also made a big deal over the fact that Kaspersky does work with the Russian government on computer security issues, as one would expect of such a company.
The whole thing is just another example of "Russian Derangement Syndrome."
Aug 01, 2018 | turcopolier.typepad.com
- richardstevenhack -> Bill Herschel , a day agoYes, PostgreSQL is very good. It's open source, meaning the source code is available for inspection, so if there was anything suspicious about it, it would likely have been caught before now. Of course, bugs and security issues might well remain, regardless.
Russians make a lot of good software. Their computer training in universities has always been first rate.
This is similar to the big issue over the Kaspersky company, a major manufacturer of a high-quality antimalware suite, being Russian. The US has made it a big issue, passing regulations that prohibit US government offices from using it, forcing Kaspersky to consider moving to Switzerland. I don't think many people in the infosec community have any concerns about Kaspersky being Russian. They've been in the antimalware business for quite a while and always get top marks in the independent antimalware tests.
There was a big row over Kaspersky's software actually doing its job and detecting malware on an NSA officer's personal workstation at home, where he was conducting development in an unauthorized manner. The software did as it is designed, which is upload the suspicious software to Kaspersky's servers for analysis. This was represented by the US government as some sort of "spying for the Russian intelligence community" by Kaspersky. The US government also made a big deal over the fact that Kaspersky does work with the Russian government on computer security issues, as one would expect of such a company.
The whole thing is just another example of "Russian Derangement Syndrome."
Jul 05, 2018 | www.theamericanconservative.com
...Stuxnet, which was thought to be a joint American-Israeli assault on Iran's nuclear program. And there are reports of U.S. attempts to similarly hamper North Korean missile development. Some consider such direct attacks on other governments to be akin to acts of war. Would Washington join Moscow in a pledge to become a good cyber citizen?
Jun 27, 2018 | consortiumnews.com
Did Sen. Warner and Comey 'Collude' on Russia-gate? June 27, 2018 • 68 Comments
The U.S. was in talks for a deal with Julian Assange but then FBI Director James Comey ordered an end to negotiations after Assange offered to prove Russia was not involved in the DNC leak, as Ray McGovern explains.
By Ray McGovern
Special to Consortium News
An explosive report by investigative journalist John Solomon on the opinion page of Monday's edition of The Hill sheds a bright light on how Sen. Mark Warner (D-VA) and then-FBI Director James Comey collaborated to prevent WikiLeaks editor Julian Assange from discussing "technical evidence ruling out certain parties [read Russia]" in the controversial leak of Democratic Party emails to WikiLeaks during the 2016 election.
A deal that was being discussed last year between Assange and U.S. government officials would have given Assange "limited immunity" to allow him to leave the Ecuadorian Embassy in London, where he has been exiled for six years. In exchange, Assange would agree to limit through redactions "some classified CIA information he might release in the future," according to Solomon, who cited "interviews and a trove of internal DOJ documents turned over to Senate investigators." Solomon even provided a copy of the draft immunity deal with Assange.
But Comey's intervention to stop the negotiations with Assange ultimately ruined the deal, Solomon says, quoting "multiple sources." With the prospective agreement thrown into serious doubt, Assange "unleashed a series of leaks that U.S. officials say damaged their cyber warfare capabilities for a long time to come." These were the Vault 7 releases, which led then CIA Director Mike Pompeo to call WikiLeaks "a hostile intelligence service."
Solomon's report provides reasons why Official Washington has now put so much pressure on Ecuador to keep Assange incommunicado in its embassy in London.
Assange: Came close to a deal with the U.S. (Photo credit: New Media Days / Peter Erichsen)
The report does not say what led Comey to intervene to ruin the talks with Assange. But it came after Assange had offered to "provide technical evidence and discussion regarding who did not engage in the DNC releases," Solomon quotes WikiLeaks' intermediary with the government as saying. It would be a safe assumption that Assange was offering to prove that Russia was not WikiLeaks' source of the DNC emails.
If that was the reason Comey and Warner ruined the talks, as is likely, it would reveal a cynical decision to put U.S. intelligence agents and highly sophisticated cybertools at risk, rather than allow Assange to at least attempt to prove that Russia was not behind the DNC leak.
The greater risk to Warner and Comey apparently would have been if Assange provided evidence that Russia played no role in the 2016 leaks of DNC documents.
Missteps and Stand Down
In mid-February 2017, in a remarkable display of naiveté, Adam Waldman, Assange's pro bono attorney who acted as the intermediary in the talks, asked Warner if the Senate Intelligence Committee staff would like any contact with Assange to ask about Russia or other issues. Waldman was apparently oblivious to Sen. Warner's stoking of Russia-gate.
Warner contacted Comey and, invoking his name, instructed Waldman to "stand down and end the discussions with Assange," Waldman told Solomon. The "stand down" instruction "did happen," according to another of Solomon's sources with good access to Warner. However, Waldman's counterpart attorney David Laufman , an accomplished federal prosecutor picked by the Justice Departent to work the government side of the CIA-Assange fledgling deal, told Waldman, "That's B.S. You're not standing down, and neither am I."
But the damage had been done. When word of the original stand-down order reached WikiLeaks, trust evaporated, putting an end to two months of what Waldman called "constructive, principled discussions that included the Department of Justice."
The two sides had come within inches of sealing the deal. Writing to Laufman on March 28, 2017, Waldman gave him Assange's offer to discuss "risk mitigation approaches relating to CIA documents in WikiLeaks' possession or control, such as the redaction of Agency personnel in hostile jurisdictions," in return for "an acceptable immunity and safe passage agreement."
On March 31, 2017, though, WikiLeaks released the most damaging disclosure up to that point from what it called "Vault 7" -- a treasure trove of CIA cybertools leaked from CIA files. This disclosure featured the tool "Marble Framework," which enabled the CIA to hack into computers, disguise who hacked in, and falsely attribute the hack to someone else by leaving so-called tell-tale signs -- like Cyrillic, for example. The CIA documents also showed that the "Marble" tool had been employed in 2016.
Misfeasance or Malfeasance
Comey: Ordered an end to talks with Assange.
Veteran Intelligence Professionals for Sanity, which includes among our members two former Technical Directors of the National Security Agency, has repeatedly called attention to its conclusion that the DNC emails were leaked -- not "hacked" by Russia or anyone else (and, later, our suspicion that someone may have been playing Marbles, so to speak).
In fact, VIPS and independent forensic investigators, have performed what former FBI Director Comey -- at first inexplicably, now not so inexplicably -- failed to do when the so-called "Russian hack" of the DNC was first reported. In July 2017 VIPS published its key findings with supporting data.
Two month later , VIPS published the results of follow-up experiments conducted to test the conclusions reached in July.
Why did then FBI Director Comey fail to insist on getting direct access to the DNC computers in order to follow best-practice forensics to discover who intruded into the DNC computers? (Recall, at the time Sen. John McCain and others were calling the "Russian hack" no less than an "act of war.") A 7th grader can now figure that out.
Asked on January 10, 2017 by Senate Intelligence Committee chair Richard Burr (R-NC) whether direct access to the servers and devices would have helped the FBI in their investigation, Comey replied : "Our forensics folks would always prefer to get access to the original device or server that's involved, so it's the best evidence."
At that point, Burr and Warner let Comey down easy. Hence, it should come as no surprise that, according to one of John Solomon's sources, Sen. Warner (who is co-chairman of the Senate Intelligence Committee) kept Sen. Burr apprised of his intervention into the negotiation with Assange, leading to its collapse.
Ray McGovern works with Tell the Word, a publishing arm of the ecumenical Church of the Saviour in inner-city Washington. He was an Army Infantry/Intelligence officer and then a CIA analyst for a total of 30 years and prepared and briefed, one-on-one, the President's Daily Brief from 1981 to 1985.
If you enjoyed this original article please consider making a donation to Consortium News so we can bring you more stories like this one.
May 28, 2018 | www.wired.com
Home routers have become the rats to hackers' bubonic plague: an easily infected, untreated, and ubiquitous population in which dangerous digital attacks can spread. Now security researchers are warning that one group of sophisticated hackers has amassed a collection of malware-infected routers that could be used as a powerful tool to spread havoc across the internet, or simply triggered to implode networks across the globe.
On Wednesday, Cisco's Talos security division warned of a new breed of malware it calls VPNFilter, which it says has infected at least half a million home and small business routers, including those sold by Netgear, TP-Link, Linksys, MicroTik, and QNAP network storage devices. Talos believes that the versatile code is designed to serve as a multipurpose spy tool, and also creates a network of hijacked routers that serve as unwitting VPNs, potentially hiding the attackers' origin as they carry out other malicious activities. Perhaps most disturbingly, they note the tool also has a destructive feature that would allow the hackers behind it to immediately corrupt the firmware of the entire collection of hacked routers, essentially bricking them.
"This actor has half a million nodes spread out over the world and each one can be used to control completely different networks if they want," says Craig Williams, who leads Talos' security research team. "It's basically an espionage machine that can be retooled for anything they want."
'It's basically an espionage machine that can be retooled for anything they want.'
Craig Williams, lead for Talos' security research team
Exactly how VPNFilter infects its targets isn't yet clear. But home routers are notoriously prone to vulnerabilities that can allow remote hackers to take them over, and rarely receive software updates. "This is a set of devices that's getting targeted more and more over the years," says Michael Daniel, the head of the Cyber Threat Alliance, a security industry group that's working with Cisco's Talos to alert the industry to the VPNFilter threat and hasten its removal. "They sit outside firewalls, they don't have native antivirus, they're hard to patch."
Talos writes in a detailed blog post that the VPNFilter malware is capable of siphoning off any data that passes through the network devices it infects, and appears specifically designed to monitor credentials entered into websites. Another, largely unexplained spying feature of the tool seems to watch for communications over the ModBUS SCADA protocol that's used for controlling automated equipment and internet-of-things devices.
But Talos' Williams also points out that the mass of hacked routers can also function as a collection of proxies for other activities the hackers might engage in -- from penetrating other targets to distributed denial-of-service attacks designed to knock websites offline. Hence the VPN in its name. "We assess with high confidence that this malware is used to create an expansive, hard-to-attribute infrastructure that can be used to serve multiple operational needs of the threat actor," Talos' blog post reads.
May 27, 2018 | www.nytimes.com
The F.B.I. has several recommendations for any owner of a small office or home office router. The simplest thing to do is reboot the device, which will temporarily disrupt the malware if it is present. Users are also advised to upgrade the devices' firmware and to select a new secure password. If any remote-management settings are in place, the F.B.I. suggests disabling them. Advertisement
An analysis by Talos , the threat intelligence division for the tech giant Cisco, estimated that at least 500,000 routers in at least 54 countries had been infected by the malware, which the F.B.I. and cybersecurity researchers are calling VPNFilter. Among the affected networking equipment it found during its research were devices from manufacturers including Linksys, MikroTik, Netgear and TP-Link.
To disrupt the Sofacy network, the Justice Department sought and received permission to seize the web domain toknowall.com, which it said was a critical part of the malware's "command-and-control infrastructure." Now that the domain is under F.B.I. control, any attempts by the malware to reinfect a compromised router will be bounced to an F.B.I. server that can record the I.P. address of the affected device.
May 27, 2018 | nakedsecurity.sophos.com
Don't delay – do it today!
- Check with your vendor or ISP to find out how to get your router to do a firmware update. Many routers do receive security updates, at least from time to time, but they're often not downloaded or installed automatically. You typically need to login to the administration console and click some sort of
[Check now]button. If you live in a country with daylight savings, why not do an update check on all your IoT devices every time the clocks change? Crooks routinely scan the internet probing for routers that have unpatched security holes that they already know how to exploit. Don't make it easy for crooks to implant malware: patch early, patch often!
- Turn off remote administration unless you really need it. Many routers let you access the administration interface from the internet side as well as from the LAN side of the device. Some even come like that out of the factory. Crooks routinely scan the internet probing for login screens that aren't supposed to be visible and are thus less likely to be secured properly. Don't make it easy for crooks to find your devices and start guessing away at your password.
- Pick proper passwords. Many routers ship with a pre-set administrator password, and some routers don't force you to pick a new password when you first set them up. Crooks have extensive lists of default usernames and passwords for all sorts of internet devices. Don't give crooks the keys to your castle by sticking with a password that they can figure out easily.
- Stick to HTTPS for as much web browsing as you can. Generally speaking, web connections that show up with a padlock in your browser are encrypted end-to-end, so they can't be sniffed out along the way by an untrusted internet device, whether that's due to a malware infection on your own router, a rogue ISP in your network path, or a surveillance-hungry country that your traffic happens to traverse.
May 27, 2018 | blog.talosintelligence.com
We recommend that:
- Users of SOHO routers and/or NAS devices reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.
- Internet service providers that provide SOHO routers to their users reboot the routers on their customers' behalf.
- If you have any of the devices known or suspected to be affected by this threat, it is extremely important that you work with the manufacturer to ensure that your device is up to date with the latest patch versions. If not, you should apply the updated patches immediately.
- ISPs work aggressively with their customers to ensure their devices are patched to the most recent firmware/software versions.
Due to the potential for destructive action by the threat actor, we recommend out of an abundance of caution that these actions be taken for all SOHO or NAS devices, whether or not they are known to be affected by this threat.
... ... ...The stage 2 malware first sets up the working environment by creating a modules folder (/var/run/vpnfilterm) and a working directory (/var/run/vpnfilterw). Afterward, it will run in a loop, where it first reaches out to a C2 server, and then executes commands retrieved from the C2. The command names are encrypted with the same broken RC4 function as in stage 1. Fortunately, older versions of x86 stage 2 sample were very verbose, and debug printed all the steps it performed. Newer versions of the x86 stage 2 did not contain the debug prints, nor did the MIPS sample.
The x86 sample can perform the following operations:
- kill: Overwrites the first 5,000 bytes of /dev/mtdblock0 with zeros, and reboots the device (effectively bricking it).
- exec: Executes a shell command or plugin.
- tor: Sets the Tor configuration flag (0 or 1).
- copy: Copies a file from the client to the server.
- seturl: Sets the URL of the current configuration panel.
- proxy: Sets the current proxy URL.
- port: Sets the current proxy port.
- delay: Sets the delay between main loop executions.
- reboot: Reboots the device if it has been up for more than 256 seconds, and the build name is specified in the parameter.
- download: Downloads a URL to a file. This can be applied to all devices or just a certain build name.
The MIPS sample has the following additional operations:
- stop: Terminate the malware process.
- relay: A misspelled version of the `delay` command from the x86 version.
Until the Tor module is installed, stage 2 will use one or more IPs stored in its configuration as SOCKS5 proxies to Tor and attempt to communicate with a control panel also found in its configuration. Like in stage 1, the communication between the malware and the proxy will connect over a verified SSL connection. When the Tor module is installed, it will connect to .onion domains through the local SOCKS5 proxy provided by the module over plain HTTP instead. We used a fake SOCKS5 proxy, which redirects all traffic to INetSim for analysis.
May 25, 2018 | www.siliconrepublic.com
A multistage malware variant, VPNFilter consists of three separate steps, with the second stage allowing for communication over Tor.
Symantec published a list of the identified targeted devices, which include numerous models of consumer routers:
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- MikroTik RouterOS for cloud core routers, versions 1016, 1036 and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS-251
- QNAP TS-439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
May 27, 2018 | www.agileit.com
The malware is modular, meaning that additional capabilities can be added to provide new functionalities, but also for functions to be removed, hence masking the full capabilities of the software. The VPNFilter Modules Talos has identified so far are: Stage 1
- Establishes a persistent foothold allowing the infected device to be identified
- Allows additional modules to be installed.
- Will persist after a reboot, making it difficult for home and private users to remove.
- Utilized redundant command and control systems, allowing the malware to identify new C&C servers as identified nodes are shutdown.
- Will not persist after a reboot, making it difficult to identify and analyze.
- Has file collection, command execution and device management tools
- Includes a self-destruct code set that corrupts the firmware then causes a device reboot, effectively bricking the device.
- One stage 3 module is a packet sniffer for stealing website credentials and monitoring of SCADA protocols
- A second Stage 3 module allows the device to communicate directly over TOR
- Talos maintains high certainty that other stage 3 modules exist, but they have not positively identified them yet.
VPNFilter's capabilities make it particularly dangerous, as it is more of a distributed toolkit than a single point attack.
- Infected routers can potentially become command and control servers to control other infected devices.
- Modules appear to exist that allow the monitoring and exfiltration of data, allowing its creators to identify high value networks for information gathering or further penetration.
- Compromised systems can be used as a distributed Virtual Private Network (Here the VPNFilter name) which allows them to easily mask the origin points of other attacks.
- The code also contains a module to deliberately corrupt the firmware of affected routers and start a reboot, essentially bricking them and rendering them useless.
Talos has technical response details available on its blog , including Snort signatures, known Command and Control IP addresses to block and configuration settings for Stealthwatch.Devices with known vulnerabilities
MIKROTIK CLOUD CORE ROUTERS:
Other QNAP NAS devices running QTS software
Apr 16, 2018 | www.washingtonpost.com
The unusual public warning from the White House, U.S. agencies and Britain's National Cyber Security Center follows a years-long effort to monitor the threat. The targets number in the millions, officials say, and include "primarily government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors."
... ... ...
These network devices make "ideal targets," said Manfra, Homeland Security's assistant secretary for cybersecurity and communications. Most traffic within a company or between organizations traverses them. So a hacker can monitor, modify or disrupt it, she said. And they're usually not secured at the same level as a network server.
"Once you own the router, you own the traffic that's traversing the router," she said.
... ... ...
Ellen Nakashima is a national security reporter for The Washington Post. She covers cybersecurity, surveillance, counterterrorism and intelligence issues. She has also served as a Southeast Asia correspondent and covered the White House and Virginia state politics. She joined The Post in 1995. Follow @nakashimae
jedediah smytheson, 3 hours ago
It is appropriate to reveal and decry misbehavior in cyberspace. What is not appropriate is our leaders ignoring their own responsibility to secure government networks. The sad fact is that senior leaders in government do not understand the issue and are unwilling to accept any inconvenience. The Federal government has lost huge amounts of very sensitive data of AT LEAST 100 million citizens. If I remember correctly, OPM lost 23 million electronic security clearance forms (SF 86s) with personal information not only of the person being processed for a clearance, but also of the members of that person's family. That's how I came up with over 100 million. And what was the result? Well, no one was held accountable or responsible for this incredible breach of security. More importantly, the networks are still not well secured. In summary, we will be hacked continuously until someone in Government takes this seriously and puts more resources into securing the networks rather than turning the public's attention away from their own incompetence and focusing on our adversaries.
bluefrog, 4 hours ago
Haha ... the U.K. who secretly tapped the fiber optic cables running under the Atlantic Ocean to record EVERYONE's private data is now advising against hackers! A degenerate country operating on the basis of lies and deceit, I don't trust them as far as I can throw them.
hkbctkny, 4 hours ago
This is really nothing new [ https://www.us-cert.gov/ncas/alerts/TA18-106A ] - most of this has been going on forever, even skript kiddies were on it back in the day.
The only part that might be news is if there's evidence of a concerted, targeted campaign from one very organized actor. Haven't seen the evidence presented, though, and my scans are basically what they've always been: hundreds and hundreds from residential CPE and other compromised machines from all over the world.
Update your firmware - even old devices can be updated, for the most part; turn off remote mgt (!), change the password to something that YOU set.
Make it challenging, at least.
4 hours ago
Really no different from the NSA and GCHQ..........
Mar 27, 2018 | it.slashdot.org
(vice.com) The story of Azimuth Security, a tiny startup in Australia, provides a rare peek inside the secretive industry that helps government hackers get around encryption . Azimuth is part of an opaque, little known corner of the intelligence world made of hackers who develop and sell expensive exploits to break into popular technologies like iOS, Chrome, Android and Tor.
Mar 27, 2018 | it.slashdot.org
(zdnet.com) BeauHD on Monday February 12, 2018 @10:00PM from the back-to-the-drawing-board dept. ZDNet reports of a security flaw in Skype's updater process that " can allow an attacker to gain system-level privileges to a vulnerable computer ." If the bug is exploited, it "can escalate a local unprivileged user to the full 'system' level rights -- granting them access to every corner of the operating system." What's worse is that Microsoft, which owns Skype, won't fix the flaw because it would require the updater to go through "a large code revision." Instead, Microsoft is putting all its resources on building an altogether new client. From the report: Security researcher Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique , which allows an attacker to trick an application into drawing malicious code instead of the correct library. An attacker can download a malicious DLL into a user-accessible temporary folder and rename it to an existing DLL that can be modified by an unprivileged user, like UXTheme.dll. The bug works because the malicious DLL is found first when the app searches for the DLL it needs. Once installed, Skype uses its own built-in updater to keep the software up to date. When that updater runs, it uses another executable file to run the update, which is vulnerable to the hijacking. The attack reads on the clunky side, but Kanthak told ZDNet in an email that the attack could be easily weaponized. He explained, providing two command line examples, how a script or malware could remotely transfer a malicious DLL into that temporary folder.
Mar 27, 2018 | tech.slashdot.org
(theguardian.com) an anonymised, aggregate dataset of 57bn Facebook friendships . From a report: Facebook provided the dataset of "every friendship formed in 2011 in every country in the world at the national aggregate level" to Kogan's University of Cambridge laboratory for a study on international friendships published in Personality and Individual Differences in 2015. Two Facebook employees were named as co-authors of the study, alongside researchers from Cambridge, Harvard and the University of California, Berkeley. Kogan was publishing under the name Aleksandr Spectre at the time. A University of Cambridge press release on the study's publication noted that the paper was "the first output of ongoing research collaborations between Spectre's lab in Cambridge and Facebook." Facebook did not respond to queries about whether any other collaborations occurred. "The sheer volume of the 57bn friend pairs implies a pre-existing relationship," said Jonathan Albright, research director at the Tow Center for Digital Journalism at Columbia University. "It's not common for Facebook to share that kind of data. It suggests a trusted partnership between Aleksandr Kogan/Spectre and Facebook."
Mar 27, 2018 | it.slashdot.org
(vice.com) spyware to everyday consumers and wiped their servers, deleting photos captured from monitored devices. A year later, the hacker has done it again . Motherboard: Thursday, the hacker said he started wiping some cloud servers that belong to Retina-X Studios, a Florida-based company that sells spyware products targeted at parents and employers, but that are also used by people to spy on their partners without their consent. Retina-X was one of two companies that were breached last year in a series of hacks that exposed the fact that many otherwise ordinary people surreptitiously install spyware on their partners' and children's phones in order to spy on them. This software has been called "stalkerware" by some.
Mar 27, 2018 | hardware.slashdot.org
(bbc.com) BeauHD on Monday February 19, 2018 @06:00AM from the crypto-cash dept. dryriver shares a report from BBC: News organizations have tried many novel ways to make readers pay -- but this idea is possibly the most audacious yet. If a reader chooses to block its advertising, U.S. publication Salon will use that person's computer to mine for Monero , a cryptocurrency similar to Bitcoin. Creating new tokens of a cryptocurrency typically requires complex calculations that use up a lot of computing power. Salon told readers: "We intend to use a small percentage of your spare processing power to contribute to the advancement of technological discovery, evolution and innovation." The site is making use of CoinHive, a controversial mining tool that was recently used in an attack involving government websites in the UK, U.S. and elsewhere. However, unlike that incident, where hackers took control of visitors' computers to mine cryptocurrency, Salon notifies users and requires them to agree before the tool begins mining.
Mar 27, 2018 | yro.slashdot.org
(torrentfreak.com) Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure . Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.
Mar 27, 2018 | yro.slashdot.org
Mar 27, 2018 | it.slashdot.org
(bleepingcomputer.com) A massive survey of nearly 1,200 IT security practitioners and decision makers across 17 countries reveals that half the people who fell victim to ransomware infections last year were able to recover their files after paying the ransom demand. The survey, carried out by research and marketing firm CyberEdge Group, reveals that paying the ransom demand, even if for desperate reasons, does not guarantee that victims will regain access to their files . Timely backups are still the most efficient defense against possible ransomware infections, as it allows easy recovery. The survey reveals that 55% of all responders suffered a ransomware infection in 2017, compared to the previous year's study, when 61% experienced similar incidents. Of all the victims who suffered ransomware infections, CyberEdge discovered that 61.3% opted not to pay the ransom at all. Some lost files for good (8%), while the rest (53.3%) managed to recover files, either from backups or by using ransomware decrypter applications. Of the 38.7% who opted to pay the ransom, a little less than half (19.1%) recovered their files using the tools provided by the ransomware authors.
Mar 27, 2018 | tech.slashdot.org
(theatlantic.com) Already in 2010, it felt like a malicious attention market where people treated friends as latent resources to be optimized. Compulsion rather than choice devoured people's time. Apps like FarmVille sold relief for the artificial inconveniences they themselves had imposed. In response, I made a satirical social game called Cow Clicker. Players clicked a cute cow, which mooed and scored a "click." Six hours later, they could do so again. They could also invite friends' cows to their pasture, buy virtual cows with real money, compete for status, click to send a real cow to the developing world from Oxfam, outsource clicks to their toddlers with a mobile app, and much more. It became strangely popular, until eventually, I shut the whole thing down in a bovine rapture -- the "cowpocalypse." It's kind of a complicated story .
But one worth revisiting today, in the context of the scandal over Facebook's sanctioning of user-data exfiltration via its application platform. It's not just that abusing the Facebook platform for deliberately nefarious ends was easy to do (it was). But worse, in those days, it was hard to avoid extracting private data, for years even, without even trying. I did it with a silly cow game. Cow Clicker is not an impressive work of software. After all, it was a game whose sole activity was clicking on cows. I wrote the principal code in three days, much of it hunched on a friend's couch in Greenpoint, Brooklyn. I had no idea anyone would play it, although over 180,000 people did, eventually. And yet, if you played Cow Clicker, even just once, I got enough of your personal data that, for years, I could have assembled a reasonably sophisticated profile of your interests and behavior. I might still be able to; all the data is still there, stored on my private server, where Cow Clicker is still running, allowing players to keep clicking where a cow once stood, before my caprice raptured them into the digital void.
Mar 27, 2018 | it.slashdot.org
BeauHD on Monday March 12, 2018 @08:10PM from the under-the-radar dept. An anonymous reader quotes a report from Engadget: Security researchers at Kaspersky Lab have discovered what's likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through a multi-layer attack that targets MikroTik routers . It first replaces a library file with a malicious version that downloads other malicious components, and then launches a clever two-pronged attack on the computers themselves. One, Canhadr, runs low-level kernel code that effectively gives the intruder free rein, including deep access to storage and memory; the other, GollumApp, focuses on the user level and includes code to coordinate efforts, manage the file system and keep the malware alive. Kaspersky describes these two elements as "masterpieces," and for good reason. For one, it's no mean feat to run hostile kernel code without crashes. Slingshot also stores its malware files in an encrypted virtual file system, encrypts every text string in its modules, calls services directly (to avoid tripping security software checks) and even shuts components down when forensic tools are active. If there's a common method of detecting malware or identifying its behavior, Slingshot likely has a defense against it. It's no wonder that the code has been active since at least 2012 -- no one knew it was there. Recent MikroTik router firmware updates should fix the issue. However, there's concern that other router makers might be affected.
Mar 24, 2018 | www.nakedcapitalism.comYves here. Not new to anyone who has been paying attention, but a useful recap with some good observations at the end, despite deploying the cringe-making trope of businesses having DNA. That legitimates the notion that corporations are people.
By Ivan Manokha, a departmental lecturer in the Oxford Department of International Development. He is currently working on power and obedience in the late-modern political economy, particularly in the context of the development of new technologies of surveillance. Originally published at openDemocracy
The current social mobilization against Facebook resembles the actions of activists who, in opposition to neoliberal globalization, smash a McDonald's window during a demonstration.
On March 17, The Observer of London and The New York Times announced that Cambridge Analytica, the London-based political and corporate consulting group, had harvested private data from the Facebook profiles of more than 50 million users without their consent. The data was collected through a Facebook-based quiz app called thisisyourdigitallife, created by Aleksandr Kogan, a University of Cambridge psychologist who had requested and gained access to information from 270,000 Facebook members after they had agreed to use the app to undergo a personality test, for which they were paid through Kogan's company, Global Science Research.
But as Christopher Wylie, a twenty-eight-year-old Canadian coder and data scientist and a former employee of Cambridge Analytica, stated in a video interview , the app could also collect all kinds of personal data from users, such as the content that they consulted, the information that they liked, and even the messages that they posted.
In addition, the app provided access to information on the profiles of the friends of each of those users who agreed to take the test, which enabled the collection of data from more than 50 million.
All this data was then shared by Kogan with Cambridge Analytica, which was working with Donald Trump's election team and which allegedly used this data to target US voters with personalised political messages during the presidential campaign. As Wylie, told The Observer, "we built models to exploit what we knew about them and target their inner demons."
Following these revelations the Internet has been engulfed in outrage and government officials have been quick to react. On March 19, Antonio Tajani President of the European Parliament Antonio Tajani, stated in a twitter message that misuse of Facebook user data "is an unacceptable violation of our citizens' privacy rights" and promised an EU investigation. On March 22, Wylie communicated in a tweet that he accepted an invitation to testify before the US House Intelligence Committee, the US House Judiciary Committee and UK Parliament Digital Committee. On the same day Israel's Justice Ministry informed Facebook that it was opening an investigation into possible violations of Israelis' personal information by Facebook.
While such widespread condemnation of Facebook and Cambridge Analytica is totally justified, what remains largely absent from the discussion are broader questions about the role of data collection, processing and monetization that have become central in the current phase of capitalism, which may be described as 'platform capitalism', as suggested by the Canadian writer and academic Nick Srnicek in his recent book .
Over the last decade the growth of platforms has been spectacular: today, the top 4 enterprises in Forbes's list of most valuable brands are platforms, as are eleven of the top twenty. Most recent IPOs and acquisitions have involved platforms, as have most of the major successful startups. The list includes Apple, Google, Microsoft, Facebook, Twitter, Amazon, eBay, Instagram, YouTube, Twitch, Snapchat, WhatsApp, Waze, Uber, Lyft, Handy, Airbnb, Pinterest, Square, Social Finance, Kickstarter, etc. Although most platforms are US-based, they are a really global phenomenon and in fact are now playing an even more important role in developing countries which did not have developed commercial infrastructures at the time of the rise of the Internet and seized the opportunity that it presented to structure their industries around it. Thus, in China, for example, many of the most valuable enterprises are platforms such as Tencent (owner of the WeChat and QQ messaging platforms) and Baidu (China's search engine); Alibaba controls 80 percent of China's e-commerce market through its Taobao and Tmall platforms, with its Alipay platform being the largest payments platform in China.
The importance of platforms is also attested by the range of sectors in which they are now dominant and the number of users (often numbered in millions and, in some cases, even billions) regularly connecting to their various cloud-based services. Thus, to name the key industries, platforms are now central in Internet search (Google, Yahoo, Bing); social networking (Facebook, LinkedIn, Instagram, Snapchat); Internet auctions and retail (eBay, Taobao, Amazon, Alibaba); on-line financial and human resource functions (Workday, Upwork, Elance, TaskRabbit), urban transportation (Uber, Lyft, Zipcar, BlaBlaCar), tourism (Kayak, Trivago, Airbnb), mobile payment (Square Order, PayPal, Apple Pay, Google Wallet); and software development (Apple's App Store, Google Play Store, Windows App store). Platform-based solutions are also currently being adopted in more traditional sectors, such as industrial production (GE, Siemens), agriculture (John Deere, Monsanto) and even clean energy (Sungevity, SolarCity, EnerNOC).
User Profiling -- Good-Bye to Privacy
These platforms differ significantly in terms of the services that they offer: some, like eBay or Taobao simply allow exchange of products between buyers and sellers; others, like Uber or TaskRabbit, allow independent service providers to find customers; yet others, like Apple or Google allow developers to create and market apps.
However, what is common to all these platforms is the central role played by data, and not just continuous data collection, but its ever more refined analysis in order to create detailed user profiles and rankings in order to better match customers and suppliers or increase efficiency.
All this is done in order to use data to create value in some way another (to monetize it by selling to advertisers or other firms, to increase sales, or to increase productivity). Data has become 'the new oil' of global economy, a new commodity to be bought and sold at a massive scale, and with this development, as a former Harvard Business School professor Shoshana Zuboff has argued , global capitalism has become 'surveillance capitalism'.
What this means is that platform economy is a model of value creation which is completely dependant on continuous privacy invasions and, what is alarming is that we are gradually becoming used to this.
Most of the time platform providers keep track of our purchases, travels, interest, likes, etc. and use this data for targeted advertising to which we have become accustomed. We are equally not that surprised when we find out that, for example, robotic vacuum cleaners collect data about types of furniture that we have and share it with the likes of Amazon so that they can send us advertisements for pieces of furniture that we do not yet possess.
There is little public outcry when we discover that Google's ads are racially biased as, for instance, a Harvard professor Latanya Sweeney found by accident performing a search. We are equally hardly astonished that companies such as Lenddo buy access to people's social media and browsing history in exchange for a credit score. And, at least in the US, people are becoming accustomed to the use of algorithms, developed by private contractors, by the justice system to take decisions on sentencing, which often result in equally unfair and racially biased decisions .
The outrage provoked by the Cambridge Analytica is targeting only the tip of the iceberg. The problem is infinitely larger as there are countless equally significant instances of privacy invasions and data collection performed by corporations, but they have become normalized and do not lead to much public outcry.
Today surveillance is the DNA of the platform economy; its model is simply based on the possibility of continuous privacy invasions using whatever means possible. In most cases users agree, by signing the terms and conditions of service providers, so that their data may be collected, analyzed and even shared with third parties (although it is hardly possible to see this as express consent given the size and complexity of these agreements -- for instance, it took 8 hours and 59 minutes for an actor hired by the consumer group Choice to read Amazon Kindle's terms and conditions). In other instances, as in the case of Kogan's app, the extent of the data collected exceeds what was stated in the agreement.
But what is important is to understand that to prevent such scandals in the future it is not enough to force Facebook to better monitor the use of users' data in order to prevent such leaks as in the case of Cambridge Analytica. The current social mobilization against Facebook resembles the actions of activists who, in opposition to neoliberal globalization, smash a McDonald's window during a demonstration.
What we need is a total redefinition of the right to privacy (which was codified as a universal human right in 1948, long before the Internet), to guarantee its respect, both offline and online.
What we need is a body of international law that will provide regulations and oversight for the collection and use of data.
What is required is an explicit and concise formulation of terms and conditions which, in a few sentences, will specify how users' data will be used.
It is important to seize the opportunity presented by the Cambridge Analytica scandal to push for these more fundamental changes.
Arizona Slim , , March 24, 2018 at 7:38 amSteve H. , , March 24, 2018 at 8:05 am
I am grateful for my spidey sense. Thanks, spidey sense, for ringing the alarm bells whenever I saw one of those personality tests on Facebook. I never took one.Annieb , , March 24, 2018 at 2:02 pm
First they came for
The most efficient strategy is to be non-viable . They may come for you eventually, but someone else gets to be the canary, and you haven't wasted energy in the meantime. TOR users didn't get that figured out.ChrisPacific , , March 25, 2018 at 4:07 pm
Never took the personality test either, but now I now that all of my friends who did unknowingly gave up my personal information too. I read an article somewhere about this over a year ago so it's really old news. Sent the link to a few people who didn't care. But now that they all know that Cambridge Analytical used FB data in support of the Trump campaign it's all over the mainstream and people are upset.HotFlash , , March 24, 2018 at 3:13 pm
You can disable that (i.e., prevent friends from sharing your info with third parties) in the privacy options. But the controls are not easy to find and everything is enabled by default.Octopii , , March 24, 2018 at 8:06 am
I haven't FB'd in years and certainly never took any such test, but if any of my friends, real or FB, did, and my info was shared, can I sue? If not, why not?Samuel Conner , , March 24, 2018 at 8:16 am
Everyone thought I was paranoid as I discouraged them from moving backups to the cloud, using trackers, signing up for grocery store clubs, using real names and addresses for online anything, etc. They thought I was overreacting when I said we need European-style privacy laws in this country. People at work thought my questions about privacy for our new location-based IoT plans were not team-based thinking.
And it turns out after all this that they still think I'm extreme. I guess it will have to get worse.Collins , , March 24, 2018 at 9:14 am
In a first for me, there are surface-mount resistors in the advert at the top of today's NC links page. That is way out of the ordinary; what I usually see are books or bicycle parts; things I have recently purchased or searched.
But a couple of days ago I had a SKYPE conversation with a sibling about a PC I was scavenging for parts, and surface mount resistors (unscavengable) came up. I suspect I have been observed without my consent and am not too happy about it. As marketing, it's a bust; in the conversation I explicitly expressed no interest in such components as I can't install them. I suppose I should be glad for this indication of something I wasn't aware was happening.Samuel Conner , , March 24, 2018 at 10:15 am
Had you used your computer keyboard previously to search for 'surface mount resistors', or was the trail linking you & resistors entirely verbal?
No keyboard search. I never so much as think about surface mount components; the inquiry was raised by my sibling