Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Adapting Windows for needs of system administrators

News

Unix Command Line Tools and Unix protocols (X11, NFS) in Windows

Recommended Books Recommended Links Microsoft Windows Keyboard remapping

Microsoft IntelliType Macros

Windows Powershell

Windows Slow Startup and Shutdown Windows 7 XP mode Windows 7 Tips Controlling path in windows 7 Burn ISO Images Natively in Win7 Windows Process Viewers Windows Data Recovery
Windows XP Windows XP Slow Startup and Shutdown Reinstallation of Windows XP Performance tuning exFAT Formatting partition as exfat in windows 7 Selected Utilities
Windows 10     Windows 8 Tips Windows 8    
Windows bulk file copy tools Hard drive Click of Death crash recovery Windows Terminal Services Network Tools for Windows Free Registry Tools    
Windows Keyboard and Mouse Utilities Clipboard managers Macrorecoders and Keyloggers Microsoft IntelliType Macros Keyboard remapping Recovery Unable to Access Hotmail or Microsoft account
Undeleting files under Windows Norton Ghost Alternatives to Norton Ghost FAT32 Partitions Data Recovery Resizing Windows partitions Fighting spyware Windows Integrity Checkers
Alternatives to Norton Utilities Windows Powershell WSH Scripting in Windows      
Working with ISO Images Office NetDrive Windows Security Windows Tips Humor Etc

Introduction

Microsoft is the king of software complexity and Windows becomes more complicated with each new version. Features get added. The UI gets "improved". Privacy disappears. Security gets tightened.  Windows 10 is this respect is a disaster and I do not recommend upgrade to it from Windows 7 unless you are using your PC purely for entertainment.

Typically in enterprise environment you get Windows laptop with the "'standard" for a given enterprise version of Windows (typically one version down  from the current). Now you need to adapt it to the needs of system administration. Which is challenging, especially if you administer mostly Unix/Linux servers.

Windows 7 is also not without problems and in comparison with XP SP3 was the fist OS when Microsoft went (slightly) downhill and while all features were provided without significantly increasing power consumption or decreasing performance it essentially accomplished little over Windows XP. As for the ease of recognizing, recognizing and working with new devices was a definite step back. It was far more capricious.  Propensity to self-destruct with age in this version of Windows is less pronounced then in case of Windows XP

Windows 10 marks at important stage in Microsoft OS development -- Microsoft lost control of the complexity and was essentially buried under avalanche of created complex subsystems and wrong architectural decisions. The removal off start menu was probably the greatest blunder. This is the first in a long line of Microsoft operating systems which can be called one step forward -- two steps back.  Problems with subsystems due to patches are systemic. Looking at system messages log gives impression that in Microsoft left hand no longer knows what right hand is doing and no amount of testing now can help.

As touch is unimportant for a laptop and mostly useless for desktop,  I will also say that a decent Windows 7 laptop still holds it own against newer version of Windows (both 8.1 -- the most common in  enterprise environment as of 2017, and Windows 10). Also with Windows 10 Microsoft became really intrusive in privacy space.  In customer version starting from Windows 8 the default is to login to your Hotmail account.

One interesting feature of Windows that makes it more Unix like is Powershell which is modelled on Korn shell.

Another is possibility to install Ubuntu or OpenSuse in Win 10 Install the Linux Subsystem on Windows 10

The most important enhancements

This page contains the recommendations for the enhancement "default" Windows installation  with some additional, mostly command line, utilities.  Sometimes your corporate policy is restrictive and you need to jump through the hoops to get those listed below. In some case may be installing Virtual Machine with Linux might be the path of less resistance.

Anyway here is the recommended list:

  1. Get the best keyboard and mouse and set of supporting drivers/applictions you can: Capral tunnel syndrome is a real threat for sysadmins, especially if you are over forty.
  2. Get good terminal emulator and file transfer program. Terminal emulator should be able to use different backgrounds for different sessions to help to avoid "performing operation of the wrong server" blunder (see Sysadmin Horror Stories). Macro capabilities are a plus as they allow you to automate routine tasks. 
  3. Install Cygwin.  It provide Unix command line tools. 32 bit version recommended: Teraterm does not work correctly with 64-bit versions.  Please note that In Windows 10 you can install Ubuntu of OpenSuse as well, but they have some limitations  as for access to partitions (only C partition is visible by default).
  4. Install OFM managers are really superior file manager for advanced users then Windows Explorer. Two leading OFM are Windows 7 compatible:
  5. Install better editors. For example:
  6. Create C:\Utils directory and install  archivers including  info-zip in it (Note zip and unzip are also available in Cygwin)
  7. Correct PATH env variable to include C:\Utils directory and Perl. You can use pathed.exe to do that

Some other possibilities

  1. Install tools for working with ISO
    1. Windows 10 can work with ISO archives out of the box
    2. Windows 7 support burning ISO images out of the box
    3. Microsoft Virtual CD-ROM Control Panel This is a self-extracting Zip archive. Download the file and execute it. Click Unzip and select any appropriate folder to extract the contents. Before using this tool, read the readme.txt file and follow its instructions for installation and use.
      • alternative is Virtual Clone Drive That latter utility lets you mount  not only .ISO, but also  .CCD, .DVD, .IMG, .UDF and .BIN files. Download the utility and select the necessary associations. Now you should be able to mount any ISO image by just double-clicking on the file. You can also right-click on the cd-rom drive to mount or unmount an image.
    4. You can also install ISO Recorder Power Toy  -- the tool that was popular with Windows XP. The tool that can create ISO images from CD/DVD disks as well as burn CD/DVD ISO images to media. The tool was written by Alex Feinman
  2. Install clip.exe from Windows 2003 server

    Quickly Copy Error and Display Messages

    ...copy the CLIP.EXE file from a Windows Server 2003 into your system's path (best if placed in %systemroot%\system32 folder). You can also get the file from HERE (14kb)

For Windows XP and Windows 7 only:

  1. PasswdFinder Magical Jelly Bean Similar to previous but extract passwords stored by Windows. Running it is a useul exersize. Should be done without netwroking and program should be deinstalled immediately after run. Just in case. This is an interesting exercise to see what can be stolen from your computer ;-)
  2. For windows XP only: Tweak look and feel using built-in ClearType text tuning utility by typing cttune in the Start Menu search field and opening the search result.

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Jun 12, 2021] The ins and outs of data recovery in Windows 10 - Computerworld

Jun 09, 2021 | www.computerworld.com

The third step to data recovery: Windows File Recovery

Microsoft offers a good, basic file recovery utility called Windows File Recovery (winfr.exe) for Windows 10 version 2004 and higher. It's available in the Microsoft Store.

This utility launches in an administrative command prompt session and runs at the command line. I tried the command to recover download files, as shown in Figure 2. There is a learning curve involved in using this tool, but the user manual is available online and very much worth reading and exploring for those willing to tackle file and folder recovery at the command line. If you know what's missing and where it resided, you can use it to recover files quickly and easily using specific filters (the more specific, the better, as I learned when recovering my old download files).

data recovery win10 fig2 windows file recovery app IDG

Figure 2: Windows File Recovery is a basic, bare-bones command-line recovery toolset. Even so, it's surprisingly capable. (Click image to enlarge it.)

The winfr tool also supports what's called "extensive mode," which offers more comprehensive and far-reaching repair capabilities. Regular mode is turned on by default; you must use the /extensive parameter to access extensive mode's capabilities. It's good at handling non-NTFS file sytems (e.g., FAT and exFAT), and can find more files deleted longer ago. Extensive mode can also attempt repairs after formatting a disk" which takes us into territory for the next topic, partition repairs" and it is better able to cope with disk corruption than regular mode.

Those who prefer to undelete files using a graphical interface instead of working at the command line should try the free but good Piriform tool Recuva .

The fourth step to data recovery: partition recovery

There are plenty of good third-party data recovery tools available for Windows 10. That said, those that can recover entire drives" especially big ones" or that offer partition and formatting recovery are usually not available at low or no cost.

For example, upgrading from the free version of Recuva to the Professional version means gaining more advanced file recovery, including partition recovery, recovery from damaged or reformatted disks, and more extensive recovery for long-deleted files and folders. The same is true for MiniTool Partition Wizard , which offers excellent partition handling and modest partition recovery in its free version, but adds extensive file, folder, and partition recovery capabilities to its Pro version.

Once partition recovery is effected, you can then tackle file and folder recovery from the newly restored partitions (if needed). In cases where accidental reformatting or partitioning mistakes have been self-inflicted" I've done this to myself on at least two occasions when I targeted the wrong drive" successfully restoring the old partitioning scheme usually brings all the old files and folders back, too.

If you successfully recover data yourself: perform a disk health check

Something had to cause the issues that led you down the recovery road. If you've managed to recover data through chkdsk, Windows File Recovery, or another data recovery tool, it's a good idea to give the problem disk a thorough checkup.

Hard drive and SSD makers often offer such tools as downloads for the drives they sell, and there are plenty of free and for-a-fee tools available for disk health checks. I'm partial to CrystalDiskInfo because it provides a good overview of a disk's SMART data (self-monitoring, analysis and reporting technology, which includes error counts that often signal impending disk failures).

Other tools such as HD Tune Pro ($35, occasionally available for free) and Hard Disk Sentinel (free trial available, $20 for the standard version, $30 for the pro version) offer more detailed disk diagnosis and surface/media scans to provide better information on disk health and condition. The former took 10 minutes to scan my 9-year-old OCZ Vertex 3 SSD (nominal 120GB, actual 119GB) before giving it a clean bill of health despite advanced age and heavy usage, as shown in Figure 3.

data recovery win10 fig3 hdtunepro IDG

Figure 3: HD Tune Pro analyzes disk health and condition, including SMART data and a sector-by-sector media scan. The error scan shows all sectors green here; any damaged sectors would show in red. (Click image to enlarge it.)

If a disk shows questionable health or more than 10% of its sectors are damaged, it's time to replace it. Make a backup while you still can, order a new device, and you'll be able to restore the backup when the replacement arrives.

The fifth and final step to data recovery: call in the professionals

If steps 1 through 4 fail, you'll need to seek outside help. Here's Software Testing Help's list of the top dozen data recovery services for those who must travel this road.

Hopefully, you'll never need to send a drive to a professional data recovery service. If you do, be prepared to pay handsomely for their work. Charges of $300 and up are typical. (Bigger drives cost more, as you might expect.) And it can take weeks or months to get through their service queue.

Some companies will let you send them a replacement drive on which to restore what they find. Others will insist on selling you such a drive, sometimes at above-market prices. But sometimes, there is no alternative, and you'll pay what you must to get precious or irreplaceable files and data back.

Be sure to work out as much of the cost picture as you can before sending a drive off for recovery. You don't want the bill, however big it turns out to be, to come as a surprise.

In my 30-plus years of working with personal computers, I've never had to send a drive off for professional recovery. Even so, it's good to know such services exist should I ever need them.

I learned the value of backups in 1989, when a 300MB SCSI drive attached to a Macintosh cratered and I lost a book manuscript as a result. I've never been caught unprotected again, nor should you be. Happy computing!

[Jun 08, 2021] PowerShell For Beginners Full Course - PowerShell Beginner tutorial Full Course

YouTube video
Apr 21, 2021 | www.youtube.com

Windows PowerShell [01] Introduction - YouTube

[Jun 06, 2021] PowerShell script to empty recycle.bin on all drives

Jun 04, 2021 | technet.microsoft.com

I would not recommend deleting files in system folders, but rather use the APIs that are designed for this purpose.

For example, EmpyRecycleBin.exe is a command-line tool that uses the correct APIs. Even then, I would argue that files in the recycle bin should be considered as user data, and should not be deleted without their consent.

Bill

Question Sign in to vote 0 Sign in to vote

Hello, Here's some code that uses the API as Bill_Stewart suggests. Hope this helps:

http://stackoverflow.com/questions/22871595/clear-recycle-bin-programmatically-with-powershell


Friday, July 25, 2014 5:34 PM scruff410 0 Po

[Jun 06, 2021] Clean $RECYCLE BIN Directory from command line

Jun 05, 2021 | www.get-itsolutions.com

Clean $RECYCLE.BIN from system drive:

  1. Open command prompt by going to Start "" Search "CMD" "" Open as administrator
  2. Run the following command "" rd /s /q %systemdrive%\$RECYCLE.BIN

This procedure clears out the $Recycle.bin directory from the system partition. You can do this for each hard disk partition in your system like below.

https://c69da4bf7fe4d1ebb1403f95c0f8b6a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Clean $RECYCLE.BIN from other drives:
  1. Open command prompt as administrator
  2. Run the following command "" rd /s /q d:\$RECYCLE.BIN

Note! The cmd command will delete the folder $Recycle.bin permanently.

[Jun 06, 2021] How to clean recycle bins using powershell script-

Jun 05, 2021 | technet.microsoft.com

Question Sign in to vote 0 Sign in to vote

You just adapt that code a bit.

#hard coded drive letters
$names = @{"C","D","E"}

#Loop through the drives
 Foreach ($drive in $names)
 {
    #Get the path for the recycle bin, the ugly format is to keep the $
    $dir = "$drive:" +'\$recycle.bin'
    #remove the content
    remove-item $dir -force -recurse 
 }

Not tested but it might work.
Question Sign in to vote 1 Sign in to vote

[Jun 06, 2021] Microsoft to launch new version of Windows on 24 June

Jun 05, 2021 | computing.co.uk

Nadella's remark about the 'next generation' of Windows came just a week after Microsoft disclosed it was ending development on Windows 10X and some of its features will come to Windows 10 in an update.

Microsoft announced Windows 10X - a lightweight version of the Windows 10 - in 2019 as an operating system designed for use on dual-screen devices. However, the company changed its mind in 2020, announcing a pivot to focus on single-screen devices.

In a blog post last month, John Cable, the head of Windows servicing and delivery, wrote that "the technology of Windows 10X could be useful in more ways and serve more customers than we originally imagined."

Cable said that the best bits of Windows 10X would be integrated into the main version of Windows 10.

Microsoft launched Windows 10 in July 2015 with a one-year free offer for users of Windows Vista and Windows 7. In March 2019, the company announced that its PC operating system was running on 800 million machines.

For Microsoft, Windows 10 is the source of 14 per cent of its total revenue, and it has received two updates each year since its launch in 2015. The latest Windows 10 update, which was rolled out last month, came with only a few changes.

[Jun 06, 2021] How to get rid of bloatware and clean your Windows 10 Start menu (without crapware cleanup tools) - ZDNet

Jun 05, 2021 | www.zdnet.com

Windows is powerful, but it often arrives on your PC as a bloated, crapware-filled mess. Here's how to remove the bloatware and clean it up, without making things worse with more crapware-filled helper apps.

[Jun 06, 2021] 14 reasons why you shouldn't upgrade to Windows 10 - Windows Central

Jun 05, 2021 | www.windowscentral.com

Microsoft has recently reported that Windows 10 is now running on over 75 million computers around the world, which signals a great jump start for the new operating system that will be part of our life for years to come.

Previously, I have share with you a number of good reasons to why you should upgrade to Windows 10 , which included new technologies under the hood, the return the Start menu, Cortana, Action Center, Settings app, and many new features and changes. However, with the good there is always the bad. Today we're going to go through fourteen reasons you should consider to halt the upgrade until a later feature packed update gets released.

Let's look at some of the reasons why you should stay on your current version of the operating system.

https://imasdk.googleapis.com/js/core/bridge3.462.0_en.html#goog_2115411100

VPN Deals: Lifetime license for $16, monthly plans at $1 & more Top 14 reasons not to upgrade to Windows 10 1. Upgrade problems

While the software giant has managed to fix many of the issues that cause the upgrade process to fail, many users have been reporting failures to upgrade to Windows 10 due to different number of reasons. Some people are finding compatibility issues with hardware and software, and there are situations where the operating system can't complete the upgrade process. One of the most common issues has been the problem activating Windows 10.

2. It's not a finished product

Microsoft is changing the way it builds Windows, with the release of Windows 10, the company will no longer release major upgrades. Instead, Microsoft is now offering "Windows as a Service." Technically, Windows will never be considered complete, which means that the operating system will continue to be a work in progress. As a result, we are likely to see more bugs and other issues in the regular basis. Additionally, because we're in the early days, you will see some missing features and inconsistency.

In my personal experience, I've seen some issues including bugs in the Start menu where parts of the menu will just randomly disappear. Some Live Tiles also won't change accent color automatically, and the Start menu will suddenly lose its color scheme.

The file picker doesn't render its background color correctly and picking one or more files won't highlight what you're selecting.

Sometimes hovering over an app in the taskbar will display an empty preview, even though the app is running.

Windows apps will suddenly crash or freeze more often than in Windows 8.1.

If you perform a clean install your email accounts won't migrate automatically to the new Mail app, you'll have to set all your emails manually.

However, the good thing about the new update model is that the company will be releasing new patches, fixes, and features as soon as they are ready.

3. The user interface still a work in progress

While the new operating system offers an updated user interface, it fails short to be a complete design. For example, there is a big inconsistency around the context menus. Right-clicking on the desktop, using Start menu, taskbar, Mail app, and Microsoft Edge, just to name a few scenarios, you will be presented with a different context menu style.

Image source Twittter

Note: Microsoft has heard your feedback loud and clear and is working to improve the context menu in Windows 10 in future updates .

Also, Windows apps also show user interface fragmentation, as they offer different flyout menu styles. On the Maps app, the menu will appear the left side of the screen, Microsoft Edge on the right, and other apps such as Weather, Movie & TV, News, and others feature a settings page that takes the entire real estate of the app.

Not only the settings are inconsistent among apps, but you will also find different rail styles while clicking the hamburger menu. Some apps will overlay the menu on top of the app and others will simply push the app content to the right.

Although these are small issues that shouldn't slow down your productivity, together with other inconsistencies, can affect the user experience.

4. The automatic update dilemma

In the new operating system, Microsoft is also introducing a new way to update. Moving forward out-of-the-box users are required to install every update the company pushes out. On the good side of things, automatic updates are a good thing because it ensures that all users (technical and non-technical) are always running the most up to date version of Windows 10 with the latest security patches.

However, on the bad side of things, pushing an update even after being fully tested can cause a serious headache to the end user. For example, there could be issues with graphic drivers, or a new patch wasn't fully tested on certain configurations. These and other scenarios can happen anytime, and if you're not a technical user, chances are it will be very frustrating trying to go back to the last known good configuration.

5. Two places to configure your settings

Windows 10 includes the Settings app, which is the new unified place to change and configure many aspects of the operating system. It's also an upgrade to the PC settings in Windows 8, and a feature that will eventually replace the Control Panel.

While the Settings app brings an easy way to manage your settings in Windows 10, the feature is not complete. You're still required to jump to Control Panel to configure certain options of the operating system.

For example, you can change your desktop background through the Settings app, but you'll need to use the Control Panel when you need to change your Theme settings.

You can change your mouse settings via the Settings app, but you need to jump to Control Panel to change the mouse pointer.

You can configure your Wi-Fi connection in the Settings app, but you still need go to Control Panel to manage your network adapter settings.

As you can see in its current stage, Windows 10 doesn't have a consistent experience to configure different options.

6. No more Windows Media Center or DVD playback

Microsoft is trying to build an operating system that is ready for the future. This also involves retiring features it believes are not necessary. This is the case of Windows Media Center and DVD playback features as the company continues to push its Xbox One as the Windows entertainment hub for the biggest screen in the house.

As such, if you upgrade to Windows 10, you'll soon find out that Windows Media Center and the ability to play DVDs are no longer available.

However, the removal of Windows Media Center shouldn't come to a surprise. The company has not updated the feature in years, but there still many fans out there that feel the pain of seeing WMC go away.

The removal of DVD playback was a decision Microsoft made because we're consuming more online content than ever before. Also, adding the codecs to play DVDs adds extra cost to licensing. The company now offers Windows DVD Player in the Store , but you probably don't want to spend $14.99 on something that you can get for free when using other applications such as VLC.

7. Problems with built-in Windows apps

In the new operating system, Microsoft seems to be adding everything as an app. Now, we have the Calculator, Alarms & Clock, Calendar, Camera, Cortana , Mail, Maps, and other apps. However, if you don't like these apps, you can't uninstall them.

Another example is if you're running Windows 10, but you are a PlayStation 4 user. The Xbox app for Windows 10 is pretty much useless and it's another app you can't uninstall.

Also, some of the apps feel half way cooked with missing features. You will see this with the OneNote app, which doesn't offer any options to configure spell checking. You can see what words are wrong, but it won't suggest any alternatives.

The Mail app is headed in the right direction, but it lacks many features found in the Mail app for Windows 8.1. For example, with the new Mail app, I'm unable to view at a glance how many new emails I have to go through on all my accounts. Also, previous accounts you have setup on the Windows 8.1 Mail won't configure automatically in the new app. Many newsletter emails also won't render HTML correctly, there aren't notifications when sending or syncing emails, and you can't change the default conversation view of emails.

Additionally, other apps such as People are very basic with limited functionality or the user interface just feels incomplete.

8. Cortana is limited to some regions

Cortana is one of the biggest features you can find in Windows 10, it's a very useful tool, you can quickly search online or files locally and on OneDrive. Additional, functionality includes the ability to track flights, packages, and keep you inform on anything you like.

You can use voice commands to control the assistant and even compose and send an email to any of your contact hands-free.

There is no doubt that it's a true digital personal assistant that will only get better with time. However, Cortana is only available in China, France, Germany, Italy, Spain, United Kingdom, and the United States. As such, for users outside of the supported regions, this could be considered another reason not to upgrade.

Note: Because Cortana is personal to you and to a region its being released, it takes time for Microsoft to make the assistant available on different countries, but be sure that the company is proactively working to bring Cortana to more regions.

9. Shutdown and reboot take a long time

Perhaps is not a big deal for many users, but it's to me. One of many things I liked from Windows 8.1 was the ability to reboot or shutdown in just a few seconds. I have a fairly new Intel Core i7 and 16GB of RAM machine, and I don't know what's going on with Windows 10, but now it can take minutes to reboot or shutdown.

Obviously, it's a problem that Microsoft have to address.

10. Devices with limited storage are still limited

Microsoft is building Windows 10 to be an operating system that runs everywhere; your phone, tablet, laptop, desktop, and even IoT devices. This is a great accomplishment that also allows developers to build apps once and target millions of devices without much effort. However, at this point, there is one important missing feature, which is the ability for devices with limited space to use an external storage to install new apps to free up space.

The software giant already added an entry on the Settings app to allow users to use an external storage to install new apps, but the feature isn't yet ready. As such, if you're planning to upgrade a device with limited storage, you should consider this current limitation.

11. OneDrive selective sync problem

In Windows 8, the software maker began integrating OneDrive in the operating system, which also included the concept of placeholders. It's a feature that allowed users to browse OneDrive files locally on the computer, but without downloading the file entirely. The placeholder included some metadata information and a thumbnail, then if you needed to open the file, you simply double-click the file to download and open with the default application.

One of the biggest advantages was the ability to have hundreds of gigabytes of files at your fingertips without using much of your local storage. However, this brought the issue where many people didn't know which files were available offline. As a result, Microsoft introduced selective sync, which allows users to select which files are available in Windows 10. However, the new sync functionality isn't very effective for users with many gigabytes of documents in OneDrive and limited local storage.

While selective sync solves the problem of which files are available to the end users, many other users see this as a problem. Microsoft should have added the two options, or come up with a different approach.

12. Microsoft Edge isn't ready to replace your default web browser (yet)

Microsoft Edge is the new default web browser for Windows 10, it the software that finally replaces Internet Explorer, and takes on Google Chrome and Mozilla Firefox. However, the browser still in the very early days.

You'll see that the user interface feels incomplete , the current version doesn't include support for touch gestures. Extensions is another feature the company has promised, but it will come on a later update. Also, many users have reported that the browser crashes quite often. If you're not running Windows 10 on fairly new hardware, you'll notice that the browser is very slow and even slower on sites with many ads.

13. Continuum is not enough

Continuum is a new feature in Windows 10 that allows users on 2-in-1 devices to move from a keyboard and mouse to a touch experience, while trying to keep the same level of productivity.

https://www.youtube.com/embed/sPWqowLh4Ok?modestbranding=0&html5=1&rel=0&autoplay=0&wmode=opaque&loop=0&controls=1&autohide=0&showinfo=0&theme=dark&color=red&enablejsapi=1

While it's a great useful feature, it falls short on customization, many users will even argue that the Tablet mode and touch gestures in Windows 10 are inferior to the Start screen in Windows 8.

Also, the full screen Start menu is now on a vertical orientation and wastes valuable space on the sides. You can't access the desktop unless you have a shortcut tile on Start to access File Explorer.

If you're using virtual desktops, and you switch to Tablet mode, all your apps will then arrange on a single group instead of different desktops. And the menu and apps buttons on the Start screen can be a little confusing for some users.

14. Privacy concerns

Since the operating system launched on July 29th, there has been a lot controversy of what information Microsoft collects to improve its services and functionality in Windows 10. If you agree to install Window 10 on your computer, you will be giving Microsoft consent to collect, by default, information about you, devices, application, search queries, application usage, and even when you use voice input such as speech-to-text.

So, if you don't feel comfortable with the information the company collects, probably Windows 10 isn't for you. However, keep in mind that Microsoft is very clear on what it collects and Windows 10 provides some ways to control your privacy .

Conclusion

As I previously wrote, there are a lot of good reasons to upgrade to Windows 10, but there are also other reasons, such as the ones we looked at today. You may want to consider and hold off the installation of the operating system until the next significant update or even Redstone, which is a major update that should arrive in two parts in 2016.

Overall, Windows 10 works very well and seems stable to run on your primary device. However, it feels that Microsoft may have rushed the operating system to get it out to the masses as quick as possible.

In my opinion, the operating system can be considered a good upgrade for technical users because there are great new features and tech savvy users can quickly think outside of the box to resolve pretty much any problem. For regular users, it feels that Windows 10 needs to mature a little bit more.

Have you encountered any issues in Windows 10? Will you recommend Windows 10 to your parents or grandparents in its current stage? Let us know what you think in the comments below.

[Jun 06, 2021] How To Stop The -Microsoft Account Problem- Notification - Bruceb Consulting

Jun 01, 2021 | www.bruceb.com

Bruceb Consulting

How To Get Rid Of The "Microsoft Account Problem" Notification

Sep 15, 2019 | Android , Microsoft , Windows tips , Windows10 | 124 comments

If you get a notification that you have a "Microsoft account problem," you don't have a problem and you don't have to fix anything. You haven't been hacked and you don't have a virus. Microsoft is testing your patience.

(Update 09/2020: Try the tips in this article but they may not work. For some people "" including on my own computers for the last few months "" this notice still appears even after turning everything off. The only suggestion I have left is to ignore it.)


How to stop the notifications

Click on Start / Settings (the gear in the left column).

Click on System .

Click on Shared Experiences in the left column.

Turn off Nearby Sharing and Share across devices .

That should turn off the notifications. (Sometimes they keep popping up even after those switches have been turned off. I can't explain that.)

Trust me "" you won't miss "shared experiences."


Background

The message reads: " Microsoft account problem "" We need to fix your Microsoft account (most likely your password changed). Select here to fix it in Shared experiences settings."

If you see that message and you know you haven't changed any passwords lately, you will worry that your Microsoft account has been hacked. Four people called me on the same day last week about the scary message. They had been putting in every password they could think of, trying to resolve their "account problem." Nothing worked.

Out of curiosity, I have tried to fix the "problem" for several different clients. I tested the credentials for their personal and work accounts to make sure we had up to date passwords, then fed every variation into the prompt at Shared Experiences, trying to satisfy it. Nothing worked.

I'm pretty confident, then, that these two things are true for most people:

  • There is nothing that needs to be "fixed." There appears to be a bug in the way Microsoft has set up "Shared experiences" that brings up an incorrect error message.
  • More importantly: "Shared experiences" is an obscure, nearly useless Windows feature that should never call attention to itself. You aren't using it, you won't use it, and it should be polite and shut up.

This is not a new problem. When the new "Shared Experiences" setting first appeared in Windows 10 two years ago , there were two variations on similarly scary messages.

Message 1: " Microsoft Account "" You need to fix your Microsoft Account for apps on your other devices to be able to launch apps and continue experiences on this device."

Message 2: " Work or school account problem "" We need to fix your work or school account before you can use shared experiences. Select this message to open Settings and fix things."

I wrote this article two years ago about those messages, which were just as wrong then as the scary message you see today.


What are Windows 10 "Shared experiences"?

Let's zoom up to 36,000 feet and get the big picture.

Microsoft was badly burned when it missed the transition to mobile devices. It wasn't for lack of trying! Before 2007 Microsoft had made valiant efforts to develop handheld Windows devices. It was so unsuccessful that when Apple introduced the iPhone, the world forgot about Microsoft's mobile efforts. Today, most people think Apple invented mobile computing.

After fumbling and flailing for a few more years, Microsoft launched a new push to break into the iPhone/Android phone duopoly, redoubling its efforts to develop a phone operating system and spending billions to acquire Nokia and sell its own phones. The result: embarrassing failure, layoffs, and huge write-downs.

Microsoft still has its dominant place in computer operating systems and has brilliantly pivoted to enterprise services. It is embracing open standards and has been avoiding the spotlight now being shone on other tech companies for privacy and antitrust issues. As a result, Microsoft is arguably the most successful tech company on the planet right now.

But Microsoft can't let go of its disappointment about being excluded from the mobile world. The future belongs to the connections among our devices, mostly mobile devices. Since Microsoft doesn't have its own mobile platform, the company risks becoming irrelevant to consumers unless they can be convinced to use Microsoft services to link their devices together.

Thus the insistent push to store files in OneDrive, which with luck will lead you to use OneDrive and the Office apps on your phone. (OneDrive is doing pretty well.) Microsoft is retooling its Edge browser and will be touting its ability to sync your bookmarks and preferences to the Edge mobile app so that you can go back and forth between your computer and your phone. (Edge has a user base of forty-three. That's not a percentage, it's the number of people worldwide using Edge. I don't see anything coming up that will change that.) Microsoft is putting finishing touches on a new Windows app, Your Phone , which will sync your Android phone to your computer and be Fabulously Useful β„’. (The Your Phone app will go nowhere "" some loyal users, roundly ignored by everyone else.)

Shared Experiences is yet another halfhearted effort to create links between our devices. As I wrote two years ago :

In theory you can push your open web pages from your desktop computer to your laptop, or transfer your work in a program on your computer to the same program on your phone or tablet. "Shared experiences" can be synced through the cloud as well as Bluetooth. In addition to syncing your place in an app, it has the potential to turn a mobile device into a remote control for, say, media playback on the computer. There is also the chance to "invite others to use apps with me," whatever that means.

The Shared Experiences feature was completely useless when it was introduced two years ago. Nothing supported it. At best, it was only going to be relevant if we used Microsoft apps on our phone that matched the Microsoft programs on our computers "" and we don't. In any case, for the most part, Microsoft apps were not ready to support Shared Experiences, and third party developers showed no interest in supporting it.

Today, two years later, I cannot find any evidence whatsoever that anything has changed. If Microsoft is supporting this feature with its own apps, it is not advertising that in anything I can turn up in a Google search. I find zero evidence of any developer interest. It looks like a feature begging to be abandoned.

Which makes the error message all the more infuriating. Microsoft has had two years either to make this work smoothly or to get its feature to shut up .

This story ends in precisely the same place it did two years ago:

Microsoft showed you an unexplained error message instructing you to fix your Microsoft account, which wasn't broken, for a feature that does nothing now and might never do anything interesting ever.

← Previous Post Next Post β†' 124 Comments

  1. Thomas Thomas on May 15, 2021 at 7:36 pm

    I use a laptop and a PC simultaneously however only my browser is in sync. I use my mobile for not much more than a telephone. My partner has a windows 10 laptop also.

    If I want to share between computers I use Bluetooth, upload and download using my website, use a USB stick, or email to myself. I do not want or need one drive. I do not need to use my Microsoft account to share anything however I also get this harassment every day when I boot up. I have spent untold unpaid hours searching for a way to block it

    I remember when Yahoo had a service where people uploaded stuff and when Yahoo cancelled the service there was nowhere else for the stuff to go.

    Nothing is broken which needs fixing, no password relevant to Microsoft has been changed, however I think the reference to "password" is the clue.

    Possibly Microsoft wants windows users to sync their local computer log on password and their Microsoft account password so that when you boot up your device, you will also log into your Microsoft account.

    Added to this is the persistent blocking by Microsoft of features in its Office Suite trying to force me to change from a password to a PIN or something called "˜hello'. If you click to "˜fix' this non-existent problem the only option offered is to use "˜hello'.

    All this has achieved is I will not renew my Office 365 subscription next year.

    Reply
    • Bruce Berls Bruce Berls on May 15, 2021 at 9:10 pm

      I don't know the details yet but I've recently come to think that MS is pushing the Windows Hello system (single-device PIN/fingerprint/camera) as a preferred alternative to password login. I ran across a PC recently that asked for a PIN but didn't seem to have the option to use a password instead, even though it had originally been set up with a password. Seemed strange. Windows Hello is very secure "" it's good technology and the goal of authenticating with something more secure than passwords is good. I'm keeping my eye out to see where MS takes this.

      Reply
  2. Ravindra K. Banthia Ravindra K. Banthia on March 7, 2021 at 11:47 am

    I started getting a notification since I reinstalled Win 10 20H2 in January 2021.

    The notification is as follows:

    "Microsoft account problem

    "We need to fix your Microsoft account (your password has probably been changed). Select here to fix it in the Shared experiences settings."

    Earlier, on December 30, 2018, I had installed Win 10 Home Version 1809 (32-bit version) because my so-called local computer expert had warned that I might face driver problems with the 64-bit version.

    I updated up my Win 10 32-bit installation up to Win 10 20H2.

    All these years, I never once got the above (or similar) notification.

    Finally, this January, I took the leap and did a fresh install of the Win 10 Home 20H2 (64-bit version).

    The installation went very smoothly, and I did not encounter any driver problems.

    But soon after the fresh installation, I began to get frequent notifications that I have mentioned above.

    What did I do differently?

    The first time (when I had installed the 32-bit version), I had entered the Windows product key.

    The second time (in January 2021), I opted not to put in the Windows product key (as advised by some tech sites) and opted to activate using my Microsoft account.

    I have tried many of the solutions proposed above (and by the Microsoft site listed below), but to no avail.

    I wonder if the notification from Microsoft are related to the fact that I did not use the Windows product key and instead opted to activate my account with my Microsoft account.

    Is anyone who installed Windows with the product key getting these notifications?

    Thanks in advance.

    Please note: I am posting this message on the following sites:

    1) https://www.trickyways.com/2019/06/fix-microsoft-account-problem-we-need-you-to-fix-your-microsoft-account/

    2) https://www.bruceb.com/2019/09/how-to-get-rid-of-the-microsoft-account-problem-notification/

    3) https://windowsreport.com/you-need-to-fix-your-microsoft-account/

    4) https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings/

    I have also seen these threads (all of which are locked):

    1) https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings/microsoft-account-problem/2f977223-e1d7-4c06-9749-ba69d1da4ece

    2) https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings/seeing-the-microsoft-account-problem-pop-up/eba096d0-752c-436c-81ca-24247e56c867#:~:text=To%20fix%20it%2C%20please%20try,password%2F%20Microsoft%20account%20password%20again

    3) https://answers.microsoft.com/en-us/windows/forum/all/microsoft-account-problem/e943d084-4710-4f35-a98e-0feb1eca5fa8

    Reply
    • Bruce Berls Bruce Berls on March 7, 2021 at 5:44 pm

      Good question. I haven't done an install with a product key for years. In the last year or so, I've seen this password popup frequently and it's become harder or impossible to make it stop. I tell people to ignore it "" a pretty weak answer but the best I've got.

      Reply
      • Ravindra Ravindra on March 22, 2021 at 2:19 am

        Hi Bruce,

        Sorry for this late response.

        I had expected, but did not get, an email notification when there was a reply.

        It seems I have managed to get rid of this notification problem.

        Based on a suggestion, I did the following:

        "Share across devices" was off.

        I turned it ON and then OFF, and then, as suggested, I restarted (not shutdown) the PC.

        I stopped receiving the notification, so it seemed the matter has been resolved.

        Then, after the "Optional quality update" KB5001567 on March 17, 2021, I seemed to be back to square one.

        The notification was back.

        I again turned "Share across devices" (which was OFF) ON and then OFF, and then restarted the PC.

        The notification has not come since then.

        So it does seem that the problem has been resolved (fingers crossed).

        Best regards,
        Ravindra

        Reply
  3. ella ella on January 8, 2021 at 6:23 pm

    This has been annoying me for months. Thank you for giving me something to try. Not even sure why I had shared experiences on as I'm not trying to share anything with other devices.

    Reply
  4. dingus dingus on January 5, 2021 at 3:23 pm

    I constantly get this notification on my desktop but not my on laptop which are both on the same Microsoft account tried everything but it pops up at least once a week very annoying and strange.

    Reply
  5. Mike c Mike c on December 24, 2020 at 4:28 pm

    Just use /chkdsk /f that will fix it

    Reply
    • Bruce Berls Bruce Berls on December 24, 2020 at 4:41 pm

      Well, no, it won't, not this problem. Fun fact: Windows does hard drive diagnostics behind the scenes and drives have become more reliable "" I haven't had to pull out chkdsk in a long time.

      Reply
      • somedude somedude on January 5, 2021 at 3:26 pm

        It was a malicious joke chkdsk has been bricking computers lately.

        Reply
        • Bruce Berls Bruce Berls on January 5, 2021 at 3:44 pm

          (laughing) Ah, that's right "" I saw references to that recently, should have had it in mind.

          Reply
  6. Albert van Leeuwen Albert van Leeuwen on December 23, 2020 at 3:54 am

    Run regedit
    Go to:
    Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Identity\Identities
    Clear string value FriendlyName
    Export \identities and save as NoFriendlyName.reg

    Make batch file containing this text:
    REG IMPORT C:\Users\amvla\Documents\RegImportNoFriendlyName.bat
    Save batch file as RegImportNoFriendlyName.bat

    In Task Scheduler make task to launch RegImportNoFriendlyName.bat at log on.

    Reply
  7. Ron Dahl Ron Dahl on December 18, 2020 at 9:59 am

    Is it possible to notify Microsoft of all these sorts of problems? I'd sure like to inform them of how incredibly annoying everything involved with their Microsoft Accoumt is.

    Reply
  8. Steve Steve on December 18, 2020 at 7:18 am

    I have found Mail prompting like this, and uninstalling Mail And Calendar will make it go away.

    Reply
  9. M Reilrod M Reilrod on December 2, 2020 at 7:26 pm

    I get the notification- need to fix account but I think the prompt is due to not being signed into Microsoft account as it does not exist anymore. I closed it maybe two years ago. I try not to use Microsoft anything much. No email, no Office, Edge, etc. Just stuff that I don't need to be logged in for once in a while. No way to stop it buggin me as far as I can figure out. I use a local account and password or at least I guess that's what I do but I don't use much of Windows that I can help. Pretty much Chrome and stuff. Thanks for allowing me the space to ramble.

    Reply
  10. cristobal molina cristobal molina on October 27, 2020 at 6:48 am

    windows is saying that my gmail is out dated but i can sign with google chrome can you please help get away from windows

    Reply
  11. Shah Mohammad Polash Shah Mohammad Polash on October 21, 2020 at 9:27 pm

    Hello
    Thanks for giving a solution of this issue. I found out your site. I can fix it following your step by step guide. Keep up the great work.

    Reply
  12. k. bouse k. bouse on October 5, 2020 at 7:29 pm

    This seems to also be tied into Windows Update. I had to search for a "fixed" driver to use my Samsung S10+ as a hotspot on Saturday because the default NDIS driver wouldn't work" and this has been happening every day since.

    I have no sharing options turned on, no accounts linked in the "View apps and services "¦", etc. I simply have no need to share with other devices, since in order for search queries to *not* be customized (I hate reinforcement bias limiting my results) I have my browsers set to always delete history. This is a new machine, never had any accounts on it other than mine, so there are no hidden ids from a previous user.

    And FWIW in my experience you *can't* delete a Microsoft account; it is the only way to enable updates, and if you don't get updates it will eventually break, because in Microsoft's eagerness to "be mobile" that's one model they've followed perfectly: don't allow the user to refuse updates and keep what they have that's working just fine, force them to participate in the madness.

    Don't get me started on Samsung's little attempt at trickery "¦ suffice to say my next phone "" after 6 Samsungs in a row" will *not* be a Samsung. Troo dat.

    Reply
    • Billy Rogers Billy Rogers on October 13, 2020 at 6:59 pm

      Those fields are already turned off, and yet, I get that stupid message 3, 4 times a day.

      Reply
  13. WP WP on September 29, 2020 at 7:14 pm

    Thanks. This has been occuring on my MS Win10 box, and gets annoying "" part of the reason why it's still an optional box, not my main one. (I use Linux on the desktop. πŸ™‚ And being "Linux-bred" as one might say, I did take the chance to disable as many of the unnecessary options in Settings as I felt necessary, and it's still turning up! πŸ™‚

    Reply
  14. Jack Crompton Jack Crompton on September 18, 2020 at 3:38 am

    Thank you for this: I just hope it works! This is yet another irritation which I think was just introduced with Windows 10. What a disaster! I'm being driven into the arms of Linux "" I should have done it years ago. Again, thank you for your help.

    Reply
    • Fred Blackstone Fred Blackstone on September 27, 2020 at 4:41 pm

      Turning off "Nearby Sharing" and "Share across devices" has no effect on the notification "We need to fix . . .". I have 1 Hotmail account I use and no other apps and devices I want to share. I still get this error message every time I start my PC.

      Reply
  15. Marcia Marcia on September 8, 2020 at 1:49 pm

    I get this damn message every day. I have several accounts I use for different things (for example, it's the only I can play the same game with two different accounts). I click "fix" and put in all the passwords, and the message goes away "" till the next day. I already have shared experiences turned off. I am so SICK of this!

    Reply
  16. Nick Nick on September 7, 2020 at 7:17 pm

    I keep getting it too. On the PC that uses outlook email account, it will not operate the email unless I fix the account which I do by confirming the MS login & password. I disables all the sharing options "" no effect

    Reply
  17. Rob Rob on August 17, 2020 at 11:57 am

    This WORKS !
    I used 3 = Users can't add or log on with Microsoft accounts.

    https://www.isunshare.com/windows-10/2-ways-to-disable-or-block-microsoft-account-in-windows-10.html#way2

    Method 1 gpedit was not found, but method 2 using regedit and create a DWORD value and name it "NoConnectedUser". .. setting it to 3 worked for me.

    Reply
    • Tony Tony on August 20, 2020 at 8:11 am

      At last, I'm rid of that infuritating notification. Gpedit worked for me. Wish Windows would quit trying to be a Mac.

      Reply
  18. Niamh Peters Niamh Peters on August 11, 2020 at 7:17 am

    I keep getting these notifications from Microsoft about fixing my husband's account . He passed away last year and I deleted his email account. Our email accounts were linked. When I try to amend this, Microsoft say his account no longer exists, but then I get daily notifications to say his account needs to be fixed! I tried the help line and requested to speak to a person not a computer. I waited and waited to be connected and then gave up. Any suggestions?

    Reply
    • Bruce Berls Bruce Berls on August 11, 2020 at 9:43 am

      Although there might be other things that need to be addressed about his account, the easiest thing (and possibly the only thing) to do with these notifications is ignore them.

      Reply
      • Michael Long Michael Long on August 13, 2020 at 3:55 pm

        yep that's why she was having to me but I called the lawn if my sister-in-law she backed off my accounts and now I got my came back and my coach and I like they're showing up stuff at me for I got to relearn it. She blocked me and stop me and kept me out of all my phones in my computer's she has control and access to all my stuff and I didn't give her access to it I still got a credit card in my phone I can't get it off I do know if you can help me I have I know I got bitches out there I know that I started and then she put them in there and do whatever she asks him to it ok I don't know none of the name don't know how to get to names so I can claim company back and I do not know what domain she's using stocking do I got to do to get it off my I get it off my accounts and out of my name I'll get it to where is transferred and only my name is she can get access to it

        Reply
        • Steve Barnhill Steve Barnhill on August 22, 2020 at 11:08 am

          Are you Joe Biden?

          Reply
          • Nancy M Nancy M on April 14, 2021 at 8:47 am

            Good question!

        • English English on March 30, 2021 at 10:24 am

          What on earth are you trying to say?

          You called the lawn? What did it say? Did it help you with the annoying notification Windows is displaying? If so, can I have that lawn's email so I can ask it some more indepth questions please?

          Cheers

          Reply
          • Nancy M Nancy M on April 14, 2021 at 8:49 am

            Thank you! I laughed out loud. I too wondered what the "lawn's" Email address would be!!

  19. rmhartman rmhartman on August 6, 2020 at 10:54 am

    What I am more interested in is what happens if you press the [Fix Now] button? I sure as heck am not going to blindly press a box that lets Microsoft do whatever the heck they think needs to be done to "fix" whatever situation they _think_ is happening. Tell me what's wrong, darn it, and let me take care of it. But a blind "let us fix it for you"? Hell no.
    So "¦ do you have any idea what this button actually does when pressed?

    Reply
    • Bruce Berls Bruce Berls on August 6, 2020 at 11:39 am

      Microsoft has an elaborate collection of troubleshooting tools built into Windows 10 "" look in Settings / Update & Security / Troubleshoot. I haven't used many of them but occasionally they turn out to be quite helpful. One of them may be what's launched by that Fix It button. There's a similar elaborate set of troubleshooting tools for Office 365 "" Microsoft Support & Recovery Assistant for Office 365 . There's no way to know what any of these tools do, but the Office 365 tool is frequently the only way to fix problems with licenses, connectivity, or whatever.

      So it's Microsoft roulette. Will it fix the problem, miss the point, or make things worse? That's a familiar game these days.

      Reply
    • David David on August 24, 2020 at 5:15 pm

      I have clicked the Fix Now button multiple times and it always comes back with the error message to the extent of "You need internet for that. You are not connected to the internet". Followed by a code #

      Reply
    • Michael Michael on September 14, 2020 at 10:42 pm

      I tried the "fix" button and I got a pop-up saying "OOPS something went wrong "¦ connect to account.live.com "¦" which was useless. I suspect that the message will go away once I hand over my Visa card #, but I won't.

      Reply
      • Bruce Berls Bruce Berls on September 14, 2020 at 10:45 pm

        I've lost track of what's going on with this message. The fixes I suggested in the article don't seem to work any more. I can't find a pattern to it "" I saw it for a while, didn't change anything, and now it hasn't popped up for a while on my own computers. Frustrating problem!

        Reply
    • Adam Adam on October 16, 2020 at 6:37 am

      I know what happens! It tells you that your account name "is ALREADY a Microsoft domain name" and there is NO password that I gave to MS that will allow me to access my account (or domain). I've only tried 6-7 times to "˜fix' something that wasn't broken. No more. I get the "˜problem' message a few times a week and I just ignore it.

      Reply
  20. John John on July 30, 2020 at 10:04 am

    I have been battling this infuriating message for months. I tried everything else, including turning off "Shared Experiences". No joy. I added a new local account and started using that. No joy.

    Below is what seems to be working for me. It was really simple so maybe worth a try"¦

    I deleted my Windows Hello PIN here:

    Settings >Accounts>Sign-in options>Windows Hello PIN

    And changed to use the local account password here:

    Settings >Accounts>Sign-in options>Password

    Probably too good to be true, but so far no "Microsoft Account Problem" notifications. I will update here if it recurs.

    JM

    Reply
    • John John on August 4, 2020 at 8:01 am

      Following up"¦ I have not seen this notification since I deleted my Windows Hello PIN and started using a local account. I am calling my particular flavor of this nuisance resolved. Good luck to everyone still battling this.

      Reply
    • mel jeter mel jeter on August 14, 2020 at 8:01 am

      I've been having this problems for months. Im trying Shared Experiences method. Thank you. I did notice every time another country tried to sync my email, unsuccessfully, the next day I got this message to fix my account. don't know if that's a trigger too.

      Reply
    • somedude somedude on January 5, 2021 at 3:37 pm

      Thanks I'll try that I'm using a pin also.

      Reply
  21. 3DClayman 3DClayman on July 28, 2020 at 1:04 pm

    I have four computers and two e-mails work and home. My switches referenced here are turned off. Microsoft seems to want me t have a separate e-mail for each computer which I think is rather stupid. Two of the computers are running BOINC and I don't need to check them very often. It appears if I succumb to the stupidity and let them create a Microsoft e-mail for each machine I can get rid of the error.

    Reply
  22. HelenH HelenH on July 20, 2020 at 7:58 pm

    > (Sometimes they keep popping up even after those switches have been turned off. I can't explain that.)

    I can.
    It's because the message are NOT being turned on or off by your instructions.

    Reply
    • Bruce Berls Bruce Berls on July 20, 2020 at 10:34 pm

      Something has changed. I'm getting that message nonstop on my computers in the last thirty days, with both of the sharing options set firmly off.

      Reply
    • bill harshbarger bill harshbarger on July 22, 2020 at 11:52 pm

      Worked for me, well at least for this moment. Thanks much!

      Reply
  23. Bill Bill on July 18, 2020 at 5:35 am

    How about just delete the account. Who needs it? I sure don't want to by anything else.

    Reply
    • Rdavison Rdavison on August 12, 2020 at 9:14 am

      But then just try deleting the account"¦! Might happen in 60 days, or not.
      They have no precaution for a hacked account, which should never have been hackable in the first place"¦"¦"¦"¦"¦

      Reply
  24. anon anon on June 24, 2020 at 3:43 pm

    For what it's worth one tech told me that this occurs when you inherit a machine from another user, and some functions require the old userid. When the old user changes their password, this "your password changed" stupidly nonspecific error message appears.
    I know, not much of an answer, and particularly frustrating since you are not told WHICH function is trying to log in with the old userid. Just giving you guys one more avenue to consider.

    Reply
    • Ken Wyldes Ken Wyldes on July 10, 2020 at 6:35 pm

      I started getting the error message when I voluntarily changed my password, which makes no sense. Why would they ask me to change my password for changing my password? That creates an endless cycle. I will not change it again.

      Reply
      • Bruce Berls Bruce Berls on July 10, 2020 at 10:38 pm

        I've been seeing this notification pop up on machines where there is simply no good explanation. It's maddening and my tips don't always work "" even on my own laptop! Makes me crazy.

        Reply
  25. baazack chisanga baazack chisanga on June 23, 2020 at 10:57 am

    Hi have the problem to sign my account the response am get is bad receiption please help to solve this problem to all fellow users.

    Reply
  26. Jean Chevalier Jean Chevalier on June 9, 2020 at 5:18 pm

    Nothing works. It just keeps coming back. I wasn't even sure I had a microsoft account until this started happening. Apparently it's not important to have an account if they can notify you that it has problems and the problems make no difference whatsoever to the functioning of your computer.

    Reply
  27. Jimmy Jimmy on June 9, 2020 at 5:11 pm

    Am having a problem to open my micro account and I don't know what to do,especially when I am trying to download eg facebook lite and any application.downloading music 🎢 and streaming is actually working so please I need your help now in order for me to open a store

    Reply
  28. Derek Bell Derek Bell on May 29, 2020 at 6:23 am

    Hi! Thank you for doing this. Same problem here, also with Shared Experience insisting FIX NOW. And this, while share options are, and stay, OFF. The Microsoft account for this email address had its password changed 3 months ago "" 3 months of that notification aarrgghh, but seems to function ok. I am sure, by a hacker. Because it coincided with definite hacking via this email address of my Facebook, Amazon, GoDaddy. All three now fixed but Microsoft is less helpful. I ask for a OTP but it wants to send it to a gmail address I don't recognise (the hacker's?). I complete the required form to get in. A dozen ways, a dozen rejection emails. Even though I've given additionally loads of Skype info "" that only I could know "" that's linked to the email address and Mic account. And it's old enough to have a unique Skype name alongside the unique email address. Insult to inury .. the rejection emails offer the fact that emails on this address/account, their subject and addressee, would help "¦ but I am never given the option or any method of providing these on the form that gets assessed. Help!! Anything I've not tried, but should?! Thank you again .. DB

    Reply
  29. Daniel Daniel on May 24, 2020 at 10:23 am

    I have tried RichH's Feb 1 suggestion above on my PC and so far it seems to be working. I simply switched from PIN Microsoft login authentication to local login (windows settings->accounts->sign-in options). I then switched it back to my usual PIN. So far so good. Thanks, Rich and Bruce. Fingers crossed!

    Reply
    • Steve Steve on February 6, 2021 at 1:20 pm

      This worked for me also.

      It was a problem with the stored PIN (which was working fine).

      Sign-in options / Windows Hello PIN
      says "˜"this PIN isn't working for your organization's resources" "Click here to Fix"
      It did.

      Reply
  30. Donald Maase Donald Maase on May 16, 2020 at 1:34 pm

    I have had much the same frustrations and annoyances, using my MS Surface Pro4. However, I continue to act on its prompts, as I have associated it (right or wrong) with my "Inbox's lagging up to three days in recording messages received. These are later confirmed, when it finally "catches-up". (After "Fixing" my "need to up-date my Account". I too puzzle, with all this long history "" why wont/doesn't MS just FIX the problem?? It would seem a matter of its "integrity"!

    Reply
  31. David N David N on May 15, 2020 at 8:14 pm

    I'm trying your fix first, but while checking notifications I noticed 2 things. First, no notification for Microsoft Account (no real surprise) but second, the app Nearby Sharing is listed twice. Nothing else is.

    But I'm prepared to use the old IT solution of chicken entrails on the keyboard at midnight, if need be.

    Reply
    • Bruce Berls Bruce Berls on May 15, 2020 at 9:16 pm

      Keep the chicken entrails handy "" you might need them.

      Reply
  32. Gerry Gerry on May 12, 2020 at 3:18 pm

    I've been running into this issue, turning off sharing to no avail. Whenever I clicked Fix Now, I'd go to a login dialog with my work account that uses Office 365. After months, I then did a search in the Windows search bar for work account, and came to an "˜Access Work or School'. Found my work account there, removed it, and the notifications have gone. For now"¦ I've probably changed my work or office 365 password in the past, and the preserved old password on my own Win 10 machine has been out of synch as a result.

    Steps:

    Go to Settings, Accounts, Access work or School. There is a option to remove Office 365 accounts that way.

    Reply
  33. Jay Jay on May 8, 2020 at 5:05 pm

    Hope this helps someone else"¦ I too had the issue with the pop-up despite me disabling shared experience.
    I went to action center and told it I didn't want to see this again. As soon as I did I got a new message in AC telling me that an account in "mail" needed attention. I haven't used mail in years now that I use Outlook. So I opened mail and lo and behold my work email account for which the password would have expired many moons ago. I deleted this account from mail and went back to shared experiences. I clicked the "fix account" and rather than it pop up with a password prompt it instantly changed to "all accounts are working properly"
    Sounds promising. Fingers crossed. Maybe be worth others looking at Win10 apps they may have once sync'd with an external account that has since had a password change.

    Reply
  34. Grant Collinsworth Grant Collinsworth on April 23, 2020 at 4:54 pm

    Total BS None of these suggestions work.. Nobody here has identified the cause, obviously. I know the cause"¦ MS has dropped the ball on the quality of their developers"¦ End of story.

    Reply
    • tom tom on July 4, 2020 at 10:08 am

      your correct, i downloaded version 1204, and now i have the same issue, that i previously had in the last version.. it seems to folow the updates

      Reply
      • A Binnion A Binnion on July 6, 2020 at 8:43 am

        Your'e correct, NOT Your correct. The contraction of "˜you are' is you're, NOT the pronoun your. Think about it.

        Reply
        • Bruce Berls Bruce Berls on July 6, 2020 at 9:30 am

          Good point! Your right. Also see my article, Grammar Are For Winners!

          Reply
          • Jan Roclawski Jan Roclawski on July 21, 2020 at 5:16 am

            Incorrect. It should read " you're correct"

          • Bruce Berls Bruce Berls on July 21, 2020 at 10:18 am

            Oh, its so embarrassing when I make simple grammar mistakes! Their's really no excuse. Thanks for a feedbacks!

  35. Reiko Reiko on April 13, 2020 at 5:21 am

    The most annoying thing is each time I went to fix it I lost my language setting, my documents in folders, even my photo folder on the desk top! So I have to save files and photos into WD before trying fixing the warning message. I have been doing this once a week!, which is too much! Each time my desk top are swiped out. I wonder if this relates that I use Chrome instead of Microsoft Edge.

    Reply
    • Karen E Karen E on June 25, 2020 at 8:58 pm

      That sounds like a bigger problem than just the notification. ε€§ε€‰γ§γ™γ­οΌοΌˆη§γ‚‚ζ -- ₯本γ"すγ‚"でいます。)No, using a different browser will not cause such things. I use both Firefox and Chrome, and I never use Edge.

      It sounds like your user settings are getting lost or confused. Documents, Pictures, etc. are folders specific to the logged-in user, and language setting is also unique to each user. So if you create a new user, or log in as a different user, those things will seem to disappear. It is important to log in as the same user every time.

      Reply
  36. Mark Rosenberg Mark Rosenberg on March 30, 2020 at 4:48 am

    I can't believe that I didn't notice that the Microsoft Account problem notifications were coming from the Settings notification. I will turn that off and see if those notifications stop.

    Reply
  37. Mark Rosenberg Mark Rosenberg on March 25, 2020 at 5:36 pm

    Turning off the Microsoft Account notification did not stop the problem after all. The notification still shows up from time to time.
    Also, to Bruce Berls, I don't have the option to tell the admin to change the policy. It was quite a few years ago that one of my son's college professors gave the class the Office 365 pro -plus download with a permanent subscription. He can't be contacted anymore.

    Reply
  38. neo neo on March 24, 2020 at 2:32 pm

    Hi,

    Just thanks for taking the time to post. Thanks!

    That -nonsense- has been irritating me for too long. I deleted the "˜I don't know how it got there' account today. "¦and am waiting with bated breath to see how long before MS puts it back.

    A comment about where mobile madness began: General Magic.
    No, not a magic show, tho' in those days the ideas that came from that group of people might have been seen as magic(or insanity). It was startup company and is a movie/Documentary that has quite an amazing story to tell.
    [FYI, IMDb has a trailer for it via `https://www.imdb.com/title/tt6849786/?ref_=fn_al_tt_1` if interested.]

    c-ya

    Reply
  39. Mark Rosenberg Mark Rosenberg on March 23, 2020 at 5:44 pm

    Turning off the Microsoft Account in the Notifications & actions list definitely stopped the Microsoft account problem notifications. It seems like a lot of people don't have the Microsoft Account setting in the Notifications & actions list. In my case one my son's professors gave his class a lifetime subscription to Microsoft Office 365 Pro-Plus a few years back. Roughly every 3 months the password has to be changed. I get a notification from Microsoft Work or School account 2 weeks prior to the password expiration. After changing the password I would get the Microsoft Account Shared Experiences notification. In Shared experiences it would say Fix account . It was simply a matter of updating the password then it would say all accounts are working properly again. At some point however the Microsoft Account problem notifications kept coming for whatever reason. So in the future I'll check the Shared experiences after updating the Work or School account password to see if it needs to be fixed since I now have the Microsoft Account notification turned off. Hope this is helpful to someone.

    Reply
    • Bruce Berls Bruce Berls on March 23, 2020 at 6:08 pm

      Fun fact about password changes: In the early days of Office 365, accounts were set up by default with a 90-day password expiration policy. For a short while, it was effectively impossible to change that; then for a while it could be set to longer periods or set to never require changes, but it could only be done with Powershell commands.

      As time went on, the conventional wisdom changed and now it's widely believed that frequent password changes make you LESS safe "" because people choose new passwords poorly (adding a number to the end of the password, say), or they write passwords down on post-its attached to their monitor.

      Now Microsoft puts up a big notice in the Office 365 admin dashboard urging admins to change the password policy to "never expire."

      So if you're being prompted to change your password every 90 days, tell your admin to change the policy and give you a break.

      Reply
  40. Mark Rosenberg Mark Rosenberg on March 22, 2020 at 10:42 am

    Hi. Turning off Shared experiences didn't work. I just checked the System/Notifications &actions list and I do have a Microsoft Account on the list. I just turned it off and have to wait and see if that stops those annoying notifications. I'll post back if this worked for me or not.

    Reply
  41. Daniel Daniel on March 6, 2020 at 1:59 am

    Microsoft seem to have managed to make it even worse"¦ the fix of disabling Shared Experiences worked for me for a few months, but now I'm getting the notification on every boot again, despite Shared Experiences still being disabled. The behaviour is the same as before, as soon as I click the notification about supposed account problems, I get to the Settings page for Shared Experiences, which says that all accounts are working correctly.

    I'm not sure if it was a Windows 10 feature update I might have installed in the meanwhile that broke things even more, but I'm currently on Windows 10 Pro version 1909 build 18363.657. I didn't write down the build I was on when the fix still worked.

    Reply
    • Bruce Berls Bruce Berls on March 6, 2020 at 8:54 am

      Interesting! I haven't seen that yet. FWIW, on my own computer I turned off all Windows notifications. It's very peaceful. (Settings / System / Notifications & actions / turn off "Get notifications from apps and other senders")

      Reply
  42. Tiny Tim Tiny Tim on March 1, 2020 at 2:32 pm

    My solution was to throw my laptop in the garbage but I still keep getting these annoying notifications.

    Reply
    • Bruce Berls Bruce Berls on March 1, 2020 at 2:58 pm

      I think now if you die, your children start getting the notifications. (grin)

      Reply
  43. Philip Baker Philip Baker on February 25, 2020 at 4:20 am

    I have followed various recommendations for solving this problem, and nothing makes any difference. Having followed Microsoft's own instructions for "˜fixing' it, I got the message "˜All accounts are working correctly' "" but I still get the "˜Microsoft account problem we need to fix your Microsoft account' notification many times throughout each day.

    Reply
  44. John Handley John Handley on February 20, 2020 at 2:22 pm

    Thank you Bruce, and other commenters. I have tried your settings. Fingers crossed. FWIW I actually DID go through the laborious process of changing my password for an account I never use! Still get the stupid message.

    I guess you know the joke about the helicopter pilot lost in fog over Seattle. Edges up to a building, holds a sign in the window: "Where am I?"
    People in the building hold up a sign: "You are in a helicopter"
    The pilot then had his orientation. It was clear he was at the Microsoft Building.

    Reply
  45. RichH RichH on February 1, 2020 at 8:11 am

    I had this problem for about a month and managed to fix it last week. In my case it had nothing to do with Shared Experiences or waiting for network connections to become available. The problem was related to the process by which the *locally stored* PIN or Picture Password is used to authenticate against the *real* MS account password when you sign-in. I can't find a detailed technical explanation of exactly how this process works, but in my case that mechanism seems to have become corrupted. Thankfully though, the solution was to simply switch to a different sign-in method i.e. instead of using a Picture Password, set up a PIN or vice-versa. This seems to reset and fix the authentication mechanism so that it now works correctly and I can successfully sign-in using either a Picture Password or PIN without those infuriating notifications popping up"¦ at least until it breaks again!

    Reply
    • Bruce Berls Bruce Berls on February 1, 2020 at 10:38 am

      Wow, nice sleuthing! I hadn't heard of that but it makes sense, I guess. Good work!

      Reply
      • RichH RichH on July 25, 2020 at 2:07 am

        UPDATE "" After six months of peace and quiet the dreaded notification returned! And, this time, no amount of switching back and forth between different sign-in options fixed the problem, so clearly something else was at play. But after a bit of digging I found the culprit.

        In Settings, Accounts, Sign-in Options, there is a Privacy section at the bottom with a switch to enable/disable the following setting:

        "Use my sign-in info to automatically finish setting up my device and reopen my apps after an update or restart".

        After disabling this setting the "account problem" notification was banished once more. Re-enabling the setting caused the notification to re-appear.

        Disabling this setting prevents many Start-up programs from starting until AFTER you log in (just like Windows XP used to do), including OneDrive synchronisation which I think is the problem application here. If, like me, you have a lot of Start-up programs, I'm guessing that OneDrive synchronisation times out whilst all those other programs are starting up, logging in and doing their stuff. Even though the syncronisation service (OneSyncSvc / Sync Host) is set to a delayed start, I'd guess that the system is still too busy for OneDrive Sync to get a look in and, when it fails, that triggers the "account problem" notification. By preventing many of the Start-up programs from starting until after you log in, the system is at least a bit less busy and OneDrive Sync is then able to complete its task successfully.

        I'm going to try disabling a few Start-up programs that I don't really need (eg. Skype, Send to OneNote Tool, Spotify etc.) and then try re-enabling the setting above to see if OneDrive Sync then has sufficient time and resources to complete its Start-up routine successfully.

        Reply
        • Bruce Berls Bruce Berls on July 25, 2020 at 7:26 am

          Oh, nice detective work! The notice has also been popping up on my computers in the last month or so. I've never seen that setting and the explanation is opaque about what it does. I'm going to play a bit and see if I can replicate what you describe. Thanks!

          Reply
  46. Jeff Jeff on January 29, 2020 at 9:09 pm

    I was having this problem on my Desktop but not my Notebook or Tablet. I think I finally fixed it.

    When I went to Shared Experiences, those two BluTooth options did not appear, so I couldn't verify that they were off, or turn them off if there were on. I only have BT on my Desktop via one of those USB plug in thingies. When not in use, which is almost always, I don't have it pushed in all the way so it's not seen by the system. I pushed it in and the Shared Experiences options came up. Lo and behold, Share Across Devices was turned on. I turned it off and I haven't seen the problem message since, even with the BT device pulled out.

    Reply
  47. Jeff Russell Jeff Russell on January 27, 2020 at 8:44 am

    Brilliant, thank you. I'll try the various approaches "" yours and commenters. But just knowing this is corporate wishful thinking run amok and I can blissfully ignore is valuable information. Found you on Google search, I just subscribed.

    Reply
  48. Sebastian Helm Sebastian Helm on January 27, 2020 at 4:53 am

    Forgot to say that I only use a local account now.

    Reply
  49. Sebastian Helm Sebastian Helm on January 27, 2020 at 4:49 am

    Thank you for this intelligent and empathetic write-up.

    In my case, unfortunately, changing the "Shared experiences" settings has not done away with the nuisance. The only difference I see from your description is that the settings dialog, instead of saying "all accounts are working properly", says (in red) "Some of your accounts require attention 【Fix nowγ€'" I am using Win 10 Pro, 64-bit, version 1903, OS build 18362.592.

    Reply
  50. Nigel O. Nigel O. on January 12, 2020 at 2:27 pm

    Just began receiving the annoying "Microsoft account problem" notification about three days ago. Have turned off the Shared Experiences, but unfortunately, I am still receiving the notifications. Have read that switching to a local account, as opposed to a Microsoft account, may resolve the issue, but I have yet to do that. Will give that a go and see if I am still pestered by the notifications. Really, enough to drive anyone absolutely barmy.

    Reply
  51. TrevPlatt TrevPlatt on January 12, 2020 at 3:03 am

    Hi Bruce,
    Don't know if this helps, but I get the "Microsoft account problem" notification every single time I boot up my PC. I've noticed that every time I open the Microsoft "Mail" app it tells me "Your account settings are out of date" and it gives me three options:
    *A "Learn more" link, which is a link to a Microsoft "help" page (it's useless by the way)
    *A "Fix account" button
    *A "Dismiss" button.
    Selecting "Fix account" brings up a Pop-up box titled "Attention required" (the rest of the box is blank), a second pop-up comes up (no title "" completely blank) and a third pop-up comes up titled "Windows Security" where I enter my PC's Login Password. After entering my password the third box disappears, the second box displays a message but disappears too quickly and the Third box says the problem is fixed. My email account then starts downloading messages.
    It's as if the PC settings are forgetting that the built in mail app is connected to my account and is flagging it "" hence the "Microsoft account problem" notification?
    For info, I've never had "Nearby sharing" or "Share across devices" turned on. The pop-up used to be once every so often and it's gradually gotten more and more persistant, until now "" it's every single time!
    If I find anything else about this I'll come back and share it.
    Good luck everyone.

    Reply
    • Bruce Berls Bruce Berls on January 12, 2020 at 12:03 pm

      Microsoft's password prompts are out of control. I'm running into them constantly for Office programs that demand proof that there's a license in force. So frustrating!

      Reply
      • Mike Kovacevic Mike Kovacevic on October 25, 2020 at 4:18 am

        I forgot my PIN. when i went under "˜chang your PIN"
        i note that when i went into that section, the message was as follows:

        "are you sure you want to change your PIN"¦apps might require you to sign in again, and any data that's managed by an organization could be lost."

        What data can be lost? just worried if i change PIN there may be important data lost?

        Reply
        • Bruce Berls Bruce Berls on October 25, 2020 at 12:29 pm

          I'm honestly not sure why that warning exists. It would take a rather bizarre sequence of events to disconnect from a business account or disrupt your data.

          But for what it's worth, if you think you can't log in, make sure you know that you can switch to your password "" click on Sign-In Options below the prompt. There shouldn't be any danger to changing your PIN while you're signed in.

          Reply
  52. Zoe Zoe on January 7, 2020 at 5:08 pm

    I had a good chuckle at your article, which was most helpful by the way. Thanks!

    Reply
  53. Ron Ron on January 7, 2020 at 11:39 am

    I get the same problem. Started when MS sent my account number to a corrupted email address. naturally I did not receive it. The instructions to correct it did not work, just went round in a never ending circle. Re-applied with my correct address and things went through ok. But the old one is still there and impossible to remove. I've given up now.

    Reply
  54. James James on January 7, 2020 at 1:25 am

    MS made some mistakes but mainly by not following-thru with their ideas and being late with others. The sturdy Nokia Windows Phone was a breakthru as a sandbox device, not having to worry about virus infections, but was let down by poor and few applications and timing to market.
    The concept of shared devices is important today for me in business and will be in the future for many where you can get/use your data anywhere and on any device. Someone needs to design a secure application that works cross-platform seemlessly, securely and quickly and for (ideally) free. If MS can do this then I am one of the Shared Experience guys that would use it and their platforms. I already use MS Launcher on Android and find it works resonably well apart from this annoyng bug which is the subject of this article. Waiting patiently..

    Reply
  55. Jeffers Jeffers on December 30, 2019 at 1:40 pm

    I bought a new Win 10 laptop for a grandson. I set it up without the need to log in on start up. Almost straight away I started getting the "Microsoft Account Problem" Notification"¦

    Reply
  56. GNM GNM on December 27, 2019 at 9:26 am

    Hello,

    I've tried the method above regarding Shared Experiences with no luck. I've also changed my password and attempted to address the problem through the settings area with no results.
    Is there any way that someone could communicate with the "suits" at Microsoft and ask them why they are sending this message? I get it ion the Action Center every time I start the computer. It's really annoying.

    Reply
  57. Michael Benton Michael Benton on December 19, 2019 at 4:35 am

    hi I am 57 and not computer savvy. I keep getting the message. could it be that it is because I have just been using an old computer for somethings. it says the old account is and wont take my old pass word. please help an old fart lol

    Reply
  58. Nathan Nathan on December 18, 2019 at 10:32 am

    I think the message for me might be related to something different. I set up a Surface tablet for a friend and installed an old version of Office on it and logged in with my MS account. I have since changed my password and I think that person never set up their own MS account so the old account info is trying to update"¦..I could be wrong tho

    Reply
  59. Michael GW Michael GW on December 14, 2019 at 6:58 am

    Today there is no problem; no daft messages about passwords and my MS Account:

    For some reason W10 suddenly asked for my Pincode under Settings/Accounts. as evidence of my identity. "" even though I have been logging on with the same Pincode umpteen times during my efforts to solve the MS Account problem.
    I have no idea when this demand for Confirmation of identity appeared.
    I may have provoked it underways "¦ ?

    1 "" I have now confirmed my identity under Settings/Accounts.

    2- I have logged on to my MS Outlook account. directly online, and in Office, and left them open.

    3 "" I have incidentally reloaded a reader extension for Chrome which was messing up my virus updates and/or messages.
    It may have no relevance to the MS Account issue of course. Just mentioning it.

    Reply
  60. Michael GW Michael GW on December 11, 2019 at 4:38 am

    Many thanks for some perspective and a reset of my sanity.

    W7 is so much better, but I only have a month now before W7 updates cease.

    I have had both Shared experience options turned off for a while:
    It doesn't stop the messages, but the options do stay off.

    Yes, I have the same suspicion that the lack of network connection is freaking it out (Daniel november 12):

    I had to log into a Microsoft account, to use a one-time code from Gmail, so I could link my Gmail to Outlook. (There was the irony that the one-time code was rejected, wheras using the MS account password again worked, )
    Since then I have logged off the MS account, and I suspect the problem (for me) is due to the lack of immediate network connection.
    But I ignore the demands for pincode and just open Outlook anyway.

    I have also removed Onedrive (although the folder remains), which may have MS account issues.

    The correct perspective is perhaps afterall to hide the symptom and don't try to cure W10, (Karen E november2).
    Just to get closure "" on this issue.

    Don't expect MS to solve this W10 issue any time soon. I have just left a string going back to 2013 and W8 with just this problem.
    There were 100 entries "" on this one string "" so this is truly a Shared Experience.

    i would like to have one password, rather than having to remove the need for any passwords.

    Reply
  61. gm gm on December 9, 2019 at 11:36 am

    it just keeps coming back.
    it is a microsoft update feature to show you why you should get away from microsoft. fallen from innovation to cheap privacy theft.

    Reply
  62. Gene Gene on December 4, 2019 at 6:14 am

    Sharing is "Off" but the notification keeps popping up"¦ πŸ™‚

    Reply
  63. Tim Farley Tim Farley on December 3, 2019 at 4:15 pm

    I was receiving the same message to fix shared experiences across devices. I ignored message, than one day I clicked on it and decided to turn off nearby sharing and share across devices. When I did that my PC became much faster and I felt that shared experiences is worthless. But almost every time I turn on my PC the notice pops up again and when I go back to shared experiences the nearby sharing was off but the share across devices was turned back on again so I turned it off again. Now every time I turn on my computer share across devices is back on, so I keep shutting it off where I enjoy a faster internet. Every time I turn on my computer share across devices is always somehow turned back on so the first thing I do is turn it off before using it . Very frustrating. I don't know why it keeps turning back on and if anyone else is still getting notices to fix shared experiences after you turned everything off, chances are nearby sharing is turned back on.

    Reply
  64. Herb Carruthers Herb Carruthers on November 19, 2019 at 5:17 pm

    Thanks for posting this "FIX" information. Exactly what I needed.

    Reply
  65. Fabienne Wolf Fabienne Wolf on November 19, 2019 at 3:07 am

    Thank you for this very helpful (and very funny) article that puts things into a proper perspective. In addition to the mentioned problems, I've been receiving phone calls in which a female voice from India haltingly announces, "Hello, I'm from Microsoft and we are receiving worrying signals from your computer "¦"
    At first I assumed this was a simple scam and put down the phone, then I thought it might be connected with the problem-message of the Microsoft account, and now I wonder what to say if they call again. They seem very persistent "" any thoughts?

    Reply
    • Bruce Berls Bruce Berls on November 19, 2019 at 12:08 pm

      It's a scam! Microsoft does not call to fix your PC. In fact, I wrote a whole article about that "" Microsoft Does Not Call To Fix Your PC . And there's a bigger issue "" the volume of robocalls is steadily increasing, from criminals and scammers. Here's more info about that . Here's my advice from that article:

      "The most effective thing you can do is: don't answer calls from numbers you don't recognize. Leave messages when you call people you know, and count on real people leaving messages for you if you don't pick up.

      "If you answer the phone and discover it's a telemarketer, don't engage a live person in any kind of conversation and don't hit 1 "to be added to our Do Not Call list." Any response will confirm that it's a live number, which moves the number to a list that is called more often."

      Hang up, shake your head about the state of the world, and move on. Be careful out there!

      Reply
  66. David Paul David Paul on November 14, 2019 at 7:17 am

    Totally agreed with your article on Microsoft. My clients frequently gnash their collective teeth at them.

    There is a verse in the Bible that includes the phrase "let not your right hand know what your left is doing". I suspect Microsoft view that as direction to them, not a verse about giving alms to the poor"¦.

    Reply
  67. DIANA DIANA on November 13, 2019 at 8:01 am

    I, also get the same notification. I would simply delete it but have now decided to just leave it up and ignore it.
    Wonder if whom/what ever will be aware of it and just give up. I will leave it up for 2 months and see what happens.
    Yes, it is a PIA. Guess it's just another annoyance.

    Reply
  68. Daniel Daniel on November 12, 2019 at 10:48 am

    Thank you for the quick solution, and thank you for the amusing write-up to go along with it!

    When the Settings page opens after clicking the notification, there's a message saying "All accounts are working correctly," which makes me believe that this might be a timing issue. I get this notification after every boot, so it might be freaking out about not being able to log in while the network connection is not even available yet. Software testing is hard. I initially also thought that clicking the notification might simply open the wrong Settings page, because it's so confusingly worded.

    If I had to think of a feature name that most offensively sounds like it does absolutely nothing of any use, "Shared Experiences" might be something I'd have come up with.

    Reply
    • Bruce Berls Bruce Berls on November 12, 2019 at 10:54 am

      I wonder if you're right about the timing! That makes sense.

      Reply
  69. Izzy Izzy on November 9, 2019 at 9:52 am

    Hey Bruce. It's funny how Microsoft Windows 10 is a whole different from system to system even with the same software version. The one i'm using don't have either the "Microsoft Account" switch under notifications (like your) but also in "Nearby Sharing" it's only two sections: 1) Accounts 2) Share Across Devices. It doesn't have the whole "Nearby Sharing" section. So i ALREADY had "shared across devices" turned off and it's still pestering me with the messages. πŸ™

    Reply
    • Bruce Berls Bruce Berls on November 10, 2019 at 4:33 pm

      At this point I've lost track of what to expect. My laptop is set up with a local account, not a personal MS account, and it's been updated to version 1903. I've got the same sharing options, including Nearby Sharing. So I have no idea why you're not seeing it. Oh, Microsoft!

      Reply
  70. Karen E Karen E on November 2, 2019 at 12:12 am

    I also am still getting the notifications even with those two settings off. [I also get a complaint from Calendar (which I don't use) saying that my Outlook account (which I don't have) settings are out of date "" I suspect the two are related.]

    But Gina's suggestion to turn off notifications for Microsoft Account and Calendar seems the wrong way to go about this "" I want to fix the root cause, not just prevent Windows from telling me about it.

    [BTW: Bruce, I'm sure you have that option. Under System -> Notifications & actions, as long as the main switch right under "Notifications" is on, you can scroll farther down to "Get notifications from these senders" and there should be a list of apps and services whose notifications you can silence individually.]

    Reply
    • Bruce Berls Bruce Berls on November 2, 2019 at 9:48 am

      I love this mystery! I don't have "Microsoft Account" listed in System / Notifications & actions / Get notifications from these senders . This just occurred to me "" I don't have my PCs linked to an individual Microsoft account. ( More about that here .) One is linked to a business Office 365 account, one isn't linked to any online account. I bet the "Microsoft Account" option has something to do with that connection. That doesn't tell us what you're being notified about, though.

      Reply
  71. Gina J Gina J on October 31, 2019 at 2:51 am

    Hello. I have had this problem for a while, turned off the shared experiences option several times without success.
    The message always came back.
    So I did Settings/Systems/Notifications and actions. Scrolled down to "˜Get notificatons from these apps'.
    I turned off notifications from Microsoft Account. Nothing has come back so far. Fingers crossed. Not sure why I would need notifications from my Microsoft accoun anyway, the only one I've ever had is this irritating "˜Fix it', pointless warning,

    Reply
    • Bruce Berls Bruce Berls on October 31, 2019 at 10:53 am

      You have a slider to turn notification on/off from "Microsoft Account"? That's fascinating. I don't think I've ever seen that. I don't have it on my PCs. I wonder what that's about?

      Reply
Trackbacks/Pingbacks
  1. microsoft account login problems - ["¦] 11. How To Stop The "Microsoft Account Problem" Notification "¦ ["¦]
  2. How To Stop The "Microsoft Account Problem" Notification | Bruceb News | Sound Bytes - ["¦] Source: How To Stop The "Microsoft Account Problem" Notification | Bruceb News ["¦]
Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe to
Bruceb News



Amazon Popular Articles Categories Archives

bruceb@bruceb.com "’ (707) 703-1601 "’ Disclaimer

Β© 1997 - 2021 Bruceb Consulting | All Rights Reserved | Website by Smart Monkey

https://madmimi.com/signups/8be5a9234fc248f7ad54f19fb525ec4d/iframe Γ --


[Jun 06, 2021] Microsoft outlook.com idiotism

First of all those idiots assume that each phone have test capability. Second the whole idea of binding your PC to microsoft email account is extremely idiotic and smell with total surveillance.
Jun 01, 2021 | answers.microsoft.com
LO LoLOuT Created on February 9, 2019 Login Problem Call us overprotective...

...but we need to make sure you can receive a security code if you ever lose access to this account. (idiotism)

Where should we send your code? and shows my **** old email which i had 20 years ago and i dont remember it i think its dead by now. also i changed my email from here

Contact details Edit profile

We use your contact details to deliver important information about your account. It also helps friends to find you on Skype and Skype for Business.

Add Email address then i changed old email to myfuckingnewemail.gmail.com its just example :D gave it Primary Email status but i still get old email from login what should i do with this bug

i have this account from my lifetime so i dont want lose it for some childish developers

This thread is locked. You can follow the question or vote as helpful, but you cannot reply to this thread. I have the same question (5) Subscribe | Report abuse Replies (1) îœ RA Rain_A

Replied on February 9, 2019

Hi LoLOuT,

Greetings from Skype!

While it's great to hear that you've never had problems with your account, it's still important to have insurance against accidents and that's what security info is.

Also, while you might be good at remembering your passwords, you never know when someone might try to compromise your account. Having up-to-date security info helps protect against that too. Also, security info is the key to getting back into an account if you ever forget your password or if someone tries to break into your account. Without that info, you could permanently lose access to your account, your games, apps, subscriptions, email, photos, and files so we occasionally ask customers to confirm their info is accurate so that doesn't happen.

I also sent you a private message which you can via this link: https://answers.microsoft.com/en-us/privatemessage/inbox?tm=1549741139506

This is for us to further investigate the issue.

Thanks and I look forward to your reply!

[May 28, 2021] Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom

May 13, 2021 | it.slashdot.org

(bloomberg.com) 141

paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country's largest fuel pipeline, Bloomberg reported Thursday, citing two people familiar with the transaction. From the report:

The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company's efforts said.

[May 28, 2021] 'Significant' Ransomware Attack Forces Ireland's Health Service To Shut Down IT Systems

May 27, 2021 | tech.slashdot.org

(therecord.media) 53 Ireland's national health service, the Health Service Executive (HSE), temporarily shut down its IT systems today after suffering a ransomware attack overnight. The organization, which is in the mid of its COVID-19 vaccination program, said the attack did not impact its ability to provide urgent medical care but that some routine checks and services might be delayed or canceled. The HSE described the ransomware incident as "significant" and "human-operated," a term used to describe high-end sophisticated ransomware groups which orchestrate targeted attacks against carefully big organizations. In a morning radio show with public broadcaster RTE, HSE Chief Executive Paul Reid said the agency's IT teams are currently investigating the incident to find out its breadth. In a different radio show, Reid identified the ransomware gang behind the attack as Conti, a ransomware gang that started operating in the summer of 2020.

[May 28, 2021] Microsoft To Add Support for Linux GUI Apps on Windows 10 Later This Year

May 26, 2021 | linux.slashdot.org

(zdnet.com) 102 as of the next Windows 10 release , officials said on May 25.

Microsoft officials made the announcement on Day 1 of its virtual Build 2021 developers conference. From a report: During his Day 1 keynote, CEO Satya Nadella basically acknowledged there will be another event "soon" about the next Windows. He said: ""And soon we will share one of the most significant updates of Windows of the past decade." He said he has been self-hosting it over the past several months and called it "the next generation of Windows."

Microsoft released a preview of Linux GUI apps on the Windows Subsystem for Linux (WSL) in April, 2021. This capability is meant to allow developers to run their preferred Linux tools, utilities and apps directly on Windows 10. With GUI app support, users can now run GUI apps for testing, development and daily use without having to set up a virtual machine.

[May 28, 2021] Microsoft Launches personal version of Teams with free all-day video calling

Highly recommended!
May 16, 2021 | slashdot.org
(theverge.com) 59

Posted by msmash on Monday May 17, 2021 @12:02PM from the how-about-that dept. Microsoft is launching the personal version of Microsoft Teams today. After previewing the service nearly a year ago, Microsoft Teams is now available for free personal use amongst friends and families . From a report:

The service itself is almost identical to the Microsoft Teams that businesses use, and it will allow people to chat, video call, and share calendars, locations, and files easily. Microsoft is also continuing to offer everyone free 24-hour video calls that it introduced in the preview version in November.

You'll be able to meet up with up to 300 people in video calls that can last for 24 hours. Microsoft will eventually enforce limits of 60 minutes for group calls of up to 100 people after the pandemic, but keep 24 hours for 1:1 calls.

While the preview initially launched on iOS and Android, Microsoft Teams for personal use now works across the web, mobile, and desktop apps. Microsoft is also allowing Teams personal users to enable its Together mode -- a feature that uses AI to segment your face and shoulders and place you together with other people in a virtual space. Skype got this same feature back in December.

[May 28, 2021] The Windows 21H1 update, and why I won't miss Windows 10X

May 27, 2021 | www.computerworld.com

Bifurcating Windows is a bad idea

Microsoft has bifurcated Windows several times over the years, and every time it did, the decision to do so ended badly. First, there was OS/2 vs. Dos/Windows, then Windows 95. OS/2 was ahead of its time; the desktop hardware wasn't yet capable of running a heavy OS. Even at IBM, the primary backer of OS/2, many departments avoided it like the plague for compatibility and slow-boot reasons, though it was arguably more reliable. Then came Windows NT, an updated, clean room version of NT, and Windows 9x.

Secure Cloud Products and Services with New AWS CIS Benchmarks

SponsoredPost Sponsored by CIS

Secure Cloud Products and Services with New AWS CIS Benchmarks

Amazon Web Services (AWS) continues to expand with new cloud products and services. The Center for Internet Security (CIS) responded with more resources to help secure these AWS cloud offerings.

Windows NT went from being an alternative to UNIX to becoming the "corporate" desktop OS. Windows 9x focused on consumers, but in-fighting between the two groups was ugly, and when Windows 2000 (the follow on to NT) and Windows Millennium came out, neither OS was loved. Millenium, in fact, was a train wreck.

Windows 2000 became Windows XT, but there were embedded versions of Windows and versions that worked on an ARM that sucked as the failed Windows Mobile and Phone platforms. Every time Microsoft tried to have multiple desktop versions of its OS, things ended badly.

I expected Windows 10X to continue that trend. Fortunately for us, someone at Microsoft got tired of dealing with new Windows variants and decided to roll many of the Windows 10X features into a full Windows 10 update. Thus, we got Windows 10 21H1.

[May 28, 2021] How Should a Company Handle a Ransomware Attack?

The key here is backup op the data, not how the attack is handled
May 26, 2021 | it.slashdot.org

(itwire.com) 68

how Norwegian firm Volue Technology handled a ransomware attack that began on May 5th: The company has set up a Web page with information about the attack and also links to frequent updates about the status of its systems. There was no obfuscation about the attack, none at all. The company said: "The ransomware attack on Volue Technology ('Powel') was caused by Ryuk, a type of malware usually known for targeting large, public-entity Microsoft Windows systems."

What is even more remarkable about this page is that it has provided the telephone number and email address of its chief executive, Trond Straume, and asked for anyone who needs additional information to contact him. Not some underling.
ITWire argues this response "demonstrated to the rest of the world how a ransomware attack should be handled."

[May 28, 2021] Hacker Group Behind Colonial Pipeline Attack Claims It Has Three New Victims

May 27, 2021 | it.slashdot.org

(cnbc.com) 56 BeauHD on Thursday May 13, 2021 @09:00AM from the there's-more-where-that-came-from dept. PolygamousRanchKid shares a report from CNBC: The hacker group DarkSide claimed on Wednesday to have attacked three more companies , despite the global outcry over its attack on Colonial Pipeline this week, which has caused shortages of gasoline and panic buying on the East Coast of the U.S. Over the past 24 hours, the group posted the names of three new companies on its site on the dark web, called DarkSide Leaks. The information posted to the site includes summaries of what the hackers appear to have stolen but do not appear to contain raw data. DarkSide is a criminal gang, and its claims should be treated as potentially misleading.

The posting indicates that the hacker collective is not backing down in the face of an FBI investigation and denunciations of the attack from the Biden administration. It also signals that the group intends to carry out more ransom attacks on companies, even after it posted a cryptic message earlier this week indicating regret about the impact of the Colonial Pipeline hack and pledging to introduce "moderation" to "avoid social consequences in the future." One of the companies is based in the United States, one is in Brazil and the third is in Scotland. None of them appear to engage in critical infrastructure. Each company appears to be small enough that a crippling hack would otherwise fly under the radar if the hackers hadn't received worldwide notoriety by crippling gasoline supplies in the United States. In a separate report from The Associated Press, the East Coast pipeline company was found to have "atrocious" information management practices and "a patchwork of poorly connected and secured systems," according to an outside audit from three years ago. Slashdot reader wiredmikey shares an excerpt from the report: "We found glaring deficiencies and big problems," said Robert F. Smallwood, whose consulting firm delivered an 89-page report in January 2018 after a six-month audit. "I mean an eighth-grader could have hacked into that system." Colonial said it initiated the restart of pipeline operations on Wednesday afternoon and that it would take several days for supply delivery to return to normal.

[May 28, 2021] Powershell Video Tutorials "" CodingBee

May 24, 2021 | codingbee.net

Powershell Video Tutorials

The following courses are available at Pluralsight. You can sign up for a 10 day free trial!

Announcement You can find all my latest posts on medium .

PowerShell Remoting Fundamentals

PowerShell Toolmaking Fundamentals

Building PowerShell GUIs in WPF for Free

Working with CSV Data in PowerShell

Your First Day with PowerShell

PowerShell: Getting Started

Putting PowerShell to Work

PowerShell on the Network

What's New in PowerShell v5.0

PowerShell Cmdlet Development in C# "" The Ins and Outs

Reporting with PowerShell HTML and Enhanced HTML

Accessing SQL Server Databases from PowerShell

Debugging PowerShell in VS Code

Working with XML Data in PowerShell

Windows Server Administration Fundamentals Using PowerShell

PowerShell and SQL Server

Play by Play: Microsoft Open Source PowerShell on Linux and Mac

Client-Side PowerShell Scripting for Reliable SCCM Deployments

Creating GUIs Using PowerShell Studio 2015 "" The Essentials

PowerShell & DevOps Global Summit 2016 Sessions

Beginning PowerShell Scripting for Developers

Windows Workflows with PowerShell

Managing Azure IaaS with PowerShell

Implementing Microsoft PowerShell Just Enough Administration (JEA)

Using WMI and CIM in PowerShell

Windows PowerShell Desired State Configuration Fundamentals

Advanced Windows PowerShell Desired State Configuration

Managing DHCP With PowerShell

Administering Active Directory Objects with PowerShell

[May 28, 2021] Was the Colonial Pipeline Co. ransomware attack a false flag operation ?

Probably it was not a false flag. First of all the state of IT security at Colonial Pipeline was so dismal that it was strange that this did not happened before. And there might be some truth that they try to exploit this hack to thier advantage as maintenance of the pipeline is also is dismal shape.
Notable quotes:
"... "As for the money-nobody really knows where it really went." If you are right about the perpetrators, my guess would be that it went into the black-ops fund, two birds one stone. ..."
"... I have become so used to false flags, I am going to be shocked when a real intrusion happens! ..."
"... an in depth article researching solarwinds hack - looks like it was Israel, not a great leap to see that colonial was a false flag https://unlimitedhangout.com/2021/01/investigative-reports/another-mega-group-spy-scandal-samanage-sabotage-and-the-solarwinds-hack/ ..."
"... Regarding the ownership of Colonial Pipeline: 'IFM Investors, which is owned by 27 Australian union- and employer-backed industry superannuation funds, owns a 16 per cent stake in Colonial Pipeline, which the infrastructure manager bought in 2007 for $US651 million.' ..."
"... 'The privately held Colonial Pipeline is valued at about $US8 billion, based upon the most recent sale of a 10 per cent stake to a unit of Royal Dutch Shell in 2019.' ..."
May 19, 2021 | www.moonofalabama.org

Blackhat , May 19 2021 18:51 utc | 6

The Colonial Pipeline Co.,ransomware attack was a false flag. They wanted to blame Russian hackers so they could derail Nordstream II

It is common knowledge that the only real hackers that are able of such sabotage is CIA and Israeli. It's the same attack types they do to Iranian infrastructure on a regular basis.

The Russians are not that stupid to do something they know will be blamed on them and is of no political use to them. And could derail Nordstream2.

As for the money-nobody really knows where it really went. CEO is ultra corrupt. They never ever invested in their infrastructure so when it went down they came up with a profitable excuse. Just look at their financials/balance sheet over the years. No real investment in updating and maintaining infrastructure. Great false flag. Corruption and profiteering.


MarkU , May 19 2021 19:04 utc | 7

@ Blackhat | May 19 2021 18:51 utc | 6

"As for the money-nobody really knows where it really went." If you are right about the perpetrators, my guess would be that it went into the black-ops fund, two birds one stone.

james , May 19 2021 19:08 utc | 9

@ 6 blackhat..

I have become so used to false flags, I am going to be shocked when a real intrusion happens!

abee , May 19 2021 19:21 utc | 10

@ blackhat 6

an in depth article researching solarwinds hack - looks like it was Israel, not a great leap to see that colonial was a false flag https://unlimitedhangout.com/2021/01/investigative-reports/another-mega-group-spy-scandal-samanage-sabotage-and-the-solarwinds-hack/

vinnieoh , May 19 2021 20:05 utc | 15

Blackhat | May 19 2021 18:51 utc | 6

I'm not familiar with your handle - hello. IMO, it would be counterproductive for Russia to initiate such a hack. What really affects and debilitates US oil and gas interests is low prices, both at the pump and on the stock exchange. The hack helped jack up prices (which were already being jacked-up despite demand still lagging behind supply) which only HELPS those energy interests. It has long been known, the math isn't complicated, what level crude must trade at for US domestic oil & gas operations to be profitable. Remember that just as the pandemic was emerging Russia and Saudi Arabia once again sent the global crude market into the depths of despair.

I do agree the hack can be interpreted in light of the desperation of US energy interests to try to kill NS2. I have not yet read the recent articles discussing Biden's recent moves in that regard. If these moves are a recognition that US LNG to Europe (and elsewhere) are diametrically opposed to climate responsibility, I'd welcome those moves. As is usually the case though, environmental responsibility is probably the least likely reason.

vk , May 19 2021 22:31 utc | 35

Colonial Pipeline CEO confirms paying $4.4 million ransom to hackers, says he did it for America

This is USSR-of-the-1980s level of propaganda. Either way, give that man a statue in D.C.!

P.S.: this is the quotation of what the CEO really said, so you don't accusing me of just reading the headline:

"[it was very hard, difficult to me etc. etc.] But it was the right thing to do for the country," Blount, who leads the company since 2017, added.

--//--

No shit, Sherlock:

Russian Sputnik V Covid-19 vaccine hasn't been approved by EU due to political pressure from top officials – Moscow's spy chief

Paul , May 19 2021 23:42 utc | 42

Posted By Oldhippy @28

Thanks for your comment.

Regarding the ownership of Colonial Pipeline: 'IFM Investors, which is owned by 27 Australian union- and employer-backed industry superannuation funds, owns a 16 per cent stake in Colonial Pipeline, which the infrastructure manager bought in 2007 for $US651 million.'

also

'The privately held Colonial Pipeline is valued at about $US8 billion, based upon the most recent sale of a 10 per cent stake to a unit of Royal Dutch Shell in 2019.'

see Australian Financial Review 6 days ago.

Koch may well own another multi million $ stake.

[May 28, 2021] Cryptocurrency Miners Are Now Abusing the Free Tiers of Cloud Platforms

May 26, 2021 | news.slashdot.org

(therecord.media) 73

Posted by EditorDavid on Saturday May 22, 2021 @10:34AM from the cloud-kingdoms dept. An anonymous reader shares a report:

Over the course of the last few months, some crypto-mining gangs have switched their modus operandi from attacking and hijacking unpatched servers to abusing the free tiers of cloud computing platforms .

Gangs have been operating by registering accounts on selected platforms, signing up for a free tier, and running a cryptocurrency mining app on the provider's free tier infrastructure.

After trial periods or free credits reach their limits, the groups register a new account and start from the first step, keeping the provider's servers at their upper usage limit and slowing down their normal operations...

The list of services that have been abused this way includes the likes of GitHub, GitLab, Microsoft Azure, TravisCI, LayerCI, CircleCI, Render, CloudBees CodeShip, Sourcehut, and Okteto.

GitLab and Sourcehut have published blog posts detailing their efforts to curtail the problem, with Sourcehut complaining cryptocurrency miners are "deliberately circumventing our abuse detection," which "exhausts our resources and leads to long build queues for normal users."

In the article an engineer at CodeShip acknowledges "Our team has been swamped with dealing with this kind of stuff."

[May 11, 2021] Complexity and connectivity are the Achilles heel of industrial civilization

May 11, 2021 | peakoilbarrel.com

HOLE IN HEAD IGNORED 05/09/2021 at 2:09 pm

Too add ,
https://www.zerohedge.com/technology/clocks-ticking-colonial-pipeline-restart-after-72-hours-it-gets-really-tough
Complexity and connectivity are the Achilles heel of industrial civilization . REPLY STEPHEN HREN IGNORED 05/09/2021 at 8:36 pm

Good BBC article

Biden declares state of emergency over fuel cyber-attack https://www.bbc.co.uk/news/business-57050690 REPLY LONGTIMBER IGNORED 05/10/2021 at 12:36 pm

Who are the Vendors for the SCADA systems? Rockwell, Honeywell, Siemens? Think twice about public facing gear from publicly listed companies, it's too costly to be honest about many exploits. I deploy routers from MikroTik, Tools built in to watch connections/traffic live. Simple to re-flash everything if you get suspicious. Lessons learned from the latest exploits of Solarwinds and M$ Exchange is the more you know you realize the wider the net. Blaming nation states for your own stupidity could result TEOTWAWKI. Building fault tolerant systems can reduce downtime, but who holds the keys? Covid wars is now ramping up into I N F R A W A R S REPLY LONGTIMBER IGNORED 05/10/2021 at 12:43 pm

"Complexity and connectivity are the Achilles heel of industrial civilization ."
How about foolish interdependence?
-Using Grid Power for refinery & pipelines
-UL1741 Grid Inter-tie Prevents most Solar Customers from using his own "System"
Fukushima survived the events just fine. The Final outcome was due to loss of power.

[Apr 22, 2021] PowerShell For Beginners Full Course - PowerShell Beginner tutorial Full Course - YouTube

Apr 22, 2021 | www.youtube.com

Windows PowerShell [01] Introduction - YouTube

[Apr 13, 2021] Stuxnet sibling theory surges after Iran says nuke facility shut down by electrical fault The Register

Apr 13, 2021 | www.theregister.com

Evidence is thin, but Natanz enrichment facility is offline Simon Sharwood, APAC Editor Mon 12 Apr 2021 // 06:57 UTC SHARE


Iran has admitted that one of its nuclear facilities went offline over the weekend, and a single report claiming Israeli cyber-weapons were the cause has been widely accepted as a credible explanation for the incident.

Iran on Sunday published this announcement that said an "accident" impacted the "electricity distribution network" at its Natanz enrichment facility.

The facility was inaugurated the previous day, and is thought to have the capability to enrich Uranium and to represent capacity for uses prohibited under the US/Iran nuclear deal. The Trump administration tore up that deal, but the Biden administration hoped to revisit the pact.

Iranian officials have said that whatever hit Natanz was an act of "nuclear terrorism". The Register can find no indication that any radioactive material has been exposed.

Few nations like the idea of anyone in the Gulf region obtaining nuclear capabilities, but Israel is implacably opposed to the idea. In 1981 Israel bombed a nuclear plant in the early stages of construction in Iraq and is thought to have collaborated on the Stuxnet worm, discovered in 2010, that eventually damaged centrifuges used to refine nuclear materials at Iran's Natanz.

Iranian contractor named as Stuxnet 'patient zero' READ MORE

Not long after the news of this weekend's electrical incident, the Israeli Public Broadcasting Corporation reported that intelligence sources had told its reporters the accident was in fact a cyber-attack. The corporation is an independent public broadcaster.

But the say-so of just one of the corporation's shows is all the evidence that Israel had any hand in the attack. While Israel does not comment on such matters officially, Israeli politicians have claimed that Natanz was more badly damaged than Iran is letting on. And now the New York Times reports the event was a "detonation of explosives."

Iran says it is investigating the cause of the incident and will announce its findings in due course. ®

[Mar 20, 2021] Fix Windows 10 Privacy can disable approximately 130 rules to protect your privacy.

Mar 20, 2021 | www.majorgeeks.com

 download Fix Windows 10 Privacy Fix Windows 10 Privacy 1.1.1.2 \New Fix Windows 10 Privacy can disable approximately 130 rules to protect your privacy.

[Feb 14, 2021] A Windows Defender vulnerability lurked undetected for 12 years

Feb 14, 2021 | arstechnica.com

Just because a vulnerability is old doesn't mean it's not useful. Whether it's Adobe Flash hacking or the EternalBlue exploit for Windows , some methods are just too good for attackers to abandon, even if they're years past their prime. But a critical 12-year-old bug in Microsoft's ubiquitous Windows Defender antivirus was seemingly overlooked by attackers and defenders alike until recently. Now that Microsoft has finally patched it, the key is to make sure hackers don't try to make up for lost time.

The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender -- renamed Microsoft Defender last year -- uses to delete the invasive files and infrastructure that malware can create. When the driver removes a malicious file, it replaces it with a new, benign one as a sort of placeholder during remediation. But the researchers discovered that the system doesn't specifically verify that new file. As a result, an attacker could insert strategic system links that direct the driver to overwrite the wrong file or even run malicious code.

Windows Defender would be endlessly useful to attackers for such a manipulation, because it ships with Windows by default and is therefore present in hundreds of millions of computers and servers around the world. The antivirus program is also highly trusted within the operating system, and the vulnerable driver is cryptographically signed by Microsoft to prove its legitimacy. In practice, an attacker exploiting the flaw could delete crucial software or data, or even direct the driver to run their own code to take over the device.

"This bug allows privilege escalation," says Kasif Dekel, senior security researcher at SentinelOne. "Software that's running under low privileges can elevate to administrative privileges and compromise the machine."

SentinelOne first reported the bug to Microsoft in mid-November, and the company released a patch on Tuesday. Microsoft rated the vulnerability as a "high" risk, though there are important caveats. The vulnerability can only be exploited when an attacker already has access -- remote or physical -- to a target device. This means it isn't a one-stop shop for hackers and would need to be deployed alongside other exploits in most attack scenarios. But it would still be an appealing target for hackers who already have that access. An attacker could take advantage of having compromised any Windows machine to bore deeper into a network or victim's device without having to first gain access to privileged user accounts, like those of administrators.

SentinelOne and Microsoft agree there is no evidence that the flaw was discovered and exploited prior to the researchers' analysis. And SentinelOne is withholding specifics on how the attackers could leverage the flaw to give Microsoft's patch time to proliferate. Now that the findings are public, though, it's only a matter of time before bad actors figure out how to take advantage. A Microsoft spokesperson noted that anyone who installed the February 9 patch, or has auto-updates enabled, is now protected.

[Jan 04, 2021] The patching conundrum- When is good enough good enough- - Computerworld

Jan 04, 2021 | www.computerworld.com
  1. Limit third-party security software. I limit mine, so if I have a machine that's going to be on the latest feature release when it comes out, I only use Windows Defender. If you use third-party antivirus or multiple antivirus products (such as an antivirus and an anti-malware) I recommend you Windows 10 Professional version and defer feature releases. Always check with your antivirus vendor to see what Windows 10 version they support. Don't assume they will support a new release on day one.
  2. Don't overclock the machine or use any third party software that boosts the performance (or claims to). Often, I see interaction with performance-enhancing software that causes issues.
  3. Computer games. If you play computer games, also be aware of potential unwelcome In particular, I have seen issues related to game licensing or anti-cheating software .
  4. Dual booting. As much as many of us love to create dual-boot machines, this is something that can trigger issues. I recommend only doing dual booting if you are an expert user -- and ensure you have a backup of the system.
  5. Watch for other updates that could be impacting your system. Windowslatest reports that KB4592438 when installed with Intel Driver & Software Assistant Tool (DSA) may trigger high CPU usage. Always remember what else you've installed along with the main Windows patch and see if it's the other thing that's triggered an issue.
  6. Install video driver updates and BIOS updates. At one point, I would install BIOS updates when I first purchased a computer or laptop and never ever installed BIOS updates after that point. Now, before each feature release, I make sure that my systems have up-to-date BIOS patches installed. I have not had a failure in installing BIOS updates.
  7. Coincidences do occur. From my experience, sometimes when a system reboots, it can expose and trigger an underlying issue. The problem may not be the update but rather a reboot. For many years, the best practice -- especially for servers -- was to reboot a system before installing updates to ensure that the system was healthy before the update is installed.

[Dec 21, 2020] Boomerang returns: methods pioneered in Stuxnet and Flame return and bite the USA in the butt

CISA is an agency full of bureaucrats, not computer specialists. So any judgement is highly suspect. In my view "computer security bureaucrat" is typically a parasite or a charlatan. Traditionally computer security departments in large corporations often serve as a place to exile incompetent wannabes. I do not think the government is different. Real high quality programmers usually prefer to write their own software not to spend their time analyzing some obtuse malware code. Often high level honchos in such department are so obviously incompetent that it hurts. This is the same agency that declared Presidential election 2020 to be the most secure in history. So their statements are not worth the electrons used to put them on the screen, so say nothing about a ppar , if they manage to get into such rags as NYT or WaPo.
We need clear-eyed assessment from a real Windows OS specialists like for Stuxnet was Mark Russinovich , which is difficult in current circumstances.
Dec 21, 2020 | arstechnica.com

The supply chain attack used to breach federal agencies and at least one private company poses a "grave risk" to the United States, in part because the attackers likely used means other than just the SolarWinds backdoor to penetrate networks of interest, federal officials said on Thursday. One of those networks belongs to the National Nuclear Security Administration, which is responsible for the Los Alamos and Sandia labs, according to a report from Politico .

"This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks," officials with the Cybersecurity Infrastructure and Security Agency wrote in an alert . "It is likely that the adversary has additional initial access vectors and tactics, techniques, and procedures (TTPs) that have not yet been discovered." CISA, as the agency is abbreviated, is an arm of the Department of Homeland Security.

Elsewhere, officials wrote: "CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations."

Reuters, meanwhile, reported that the attackers breached a separate major technology supplier and used the compromise to get into high-value final targets. The news services cited two people briefed on the matter.

FURTHER READING Premiere security firm FireEye says it was breached by nation-state hackers The attackers, whom CISA said began their operation no later than March, managed to remain undetected until last week when security firm FireEye reported that hackers backed by a nation-state had penetrated deep into its network . Early this week, FireEye said that the hackers were infecting targets using Orion, a widely used network management tool from SolarWinds. After taking control of the Orion update mechanism, the attackers were using it to install a backdoor that FireEye researchers are calling Sunburst. Advertisement

me title=

FURTHER READING Russian hackers hit US government using widespread supply chain attack Sunday was also when multiple news outlets, citing unnamed people, reported that the hackers had used the backdoor in Orion to breach networks belonging to the Departments of Commerce, Treasury, and possibly other agencies. The Department of Homeland Security and the National Institutes of Health were later added to the list. Bleak assessment

Thursday's CISA alert provided an unusually bleak assessment of the hack; the threat it poses to government agencies at the national, state, and local levels; and the skill, persistence, and time that will be required to expel the attackers from networks they had penetrated for months undetected.

"This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions," officials wrote in Thursday's alert. "CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations."

The officials went on to provide another bleak assessment: "CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated. CISA will update this Alert as new information becomes available."

The advisory didn't say what the additional vectors might be, but the officials went on to note the skill required to infect the SolarWinds software build platform, distribute backdoors to 18,000 customers, and then remain undetected in infected networks for months.

"This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks," they wrote. "It is likely that the adversary has additional initial access vectors and tactics, techniques, and procedures that have not yet been discovered."

Among the many federal agencies that used SolarWinds Orion, reportedly, was the Internal Revenue Service. On Thursday, Senate Finance Committee Ranking Member Ron Wyden (D-Ore.) and Senate Finance Committee Chairman Chuck Grassley (R-Iowa) sent a letter to IRS Commissioner Chuck Rettig asking that he provide a briefing on whether taxpayer data was compromised.

Advertisement

me title=

They wrote:

The IRS appears to have been a customer of SolarWinds as recently as 2017. Given the extreme sensitivity of personal taxpayer information entrusted to the IRS, and the harm both to Americans' privacy and our national security that could result from the theft and exploitation of this data by our adversaries, it is imperative that we understand the extent to which the IRS may have been compromised. It is also critical that we understand what actions the IRS is taking to mitigate any potential damage, ensure that hackers do not still have access to internal IRS systems, and prevent future hacks of taxpayer data.

IRS representatives didn't immediately return a phone call seeking comment for this post.

The CISA alert said the key takeaways from its investigation so far are:

This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged Not all organizations that have the backdoor delivered through SolarWinds Orion have been targeted by the adversary with follow-on actions Organizations with suspected compromises need to be highly conscious of operational security, including when engaging in incident response activities and planning and implementing remediation plans

What has emerged so far is that this is an extraordinary hack whose full scope and effects won't be known for weeks or even months. Additional shoes are likely to drop early and often.

[Dec 21, 2020] PowerPoint Presentation

Dec 21, 2020 | video.ch9.ms

video.ch9.ms /sessions/teched/na/2013/ATC-B308_Russinovich.pptx Stuxnet . Discovered June 2010 after it had spread for year. Exploited 4 zero day Windows vulnerabilities. Print spooler for remote code execution. ... Written by Mark Russinovich andAaron Margosis. Full chapters on the major tools: Process Explorer. Process Monitor. Autoruns.

[Dec 20, 2020] Siemens was ntimately involved in sabotage of Iran centrifuges

Dec 20, 2020 | www.moonofalabama.org

chu teh , Dec 18 2020 22:49 utc | 116

Canadian Cents | Dec 17 2020 21:00 utc | 38

Just WOW.Thanks referral to https://www.youtube.com/watch?v=EgzB4_Zw3RE

I worked electrical/nuclear with early Programmable controllers/and at maintenance at Nuc Pwr Generators and alongside Westinghouse and Alstom personnel, etc. and could not make sense of , for example,

1. Big rush job to "upgrade" nuc electrical control and s/ware at a pwr plant
2.Suddenly GE buys Alstom
3. Siemens intimately involved in sabotage of Iran centrifuges ;[BTW was at U. when Jesse Beams was spinning at 1 million rps., so I paid attention]

Well, reference link just explained a whole lot!

chu teh , Dec 18 2020 23:09 utc | 117

add to my # 116, above, a point "4."...

4. Mitsubishi Heavy Ind. sells 4 unique steam generators to US nuc plant, , they all fail, and 2 operating nuc pwr plants are suddenly shut down...forever [SONGS]. The entire reasons for failure are true, but absurd in how the failures were "allowed" to happen. E.g., the certification process was grossly inept and failure was invited, if not assured.

[Dec 17, 2020] Media Blame Russia For Cyber Intrusions Without Providing Evidence

Reminds me the attack on Iranian uranium enrichment infrastructure, which also used patches as the way to inject malware into the system. And who were the players in this attack?
Notable quotes:
"... Moon of Alabama ..."
"... Next to the NSA and Britain's GHCQ there are at least Israel, China and maybe Russia which do have such capabilities. But whoever had the chutzpah to intrude the cybersecurity company FireEye ..."
"... 'People familiar with the issue' say 'Russia is believed to be responsible'. Well, some kids familiar with wobbly teeth believe in the tooth fairy. What is that 'believe' based on? ..."
"... Associated Press ..."
"... Atlantic Council ..."
Dec 17, 2020 | www.moonofalabama.org
To keep Moon of Alabama up and running is a significant effort. Please help me to sustain it . - b

As soon as someone hacked something the media start to blame Russia. This even when there is no evidence that Russia hacked anything.

On Tuesday, December 8, the network security company FireEye reported of a recent attack on its network :

Based on my 25 years in cyber security and responding to incidents, I've concluded we are witnessing an attack by a nation with top-tier offensive capabilities. This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.

We are actively investigating in coordination with the Federal Bureau of Investigation and other key partners, including Microsoft. Their initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques.

Intruding a cybersecurity company is a mistake as the chance of getting caught is significantly higher that during an intrusion into other environments. The intruders allegedly made off with some tools which likely can also be found in the wild.

On Sunday FireEye updated its analysis and provided technical details . This really was a sophisticated operation that must have cost significant resources :

We have identified a global campaign that introduces a compromise into the networks of public and private organizations through the software supply chain. This compromise is delivered through updates to a widely-used IT infrastructure management software -- the Orion network monitoring product from SolarWinds . The campaign demonstrates top-tier operational tradecraft and resourcing consistent with state-sponsored threat actors.

Based on our analysis, the attacks that we believe have been conducted as part of this campaign share certain common elements:

Based on our analysis, we have now identified multiple organizations where we see indications of compromise dating back to the Spring of 2020, and we are in the process of notifying those organizations. Our analysis indicates that these compromises are not self-propagating; each of the attacks require meticulous planning and manual interaction.

Neither FireEye nor Microsoft named any suspected actor behind the 'difficult-to-attribute' intrusion effort. Next to the NSA and Britain's GHCQ there are at least Israel, China and maybe Russia which do have such capabilities. But whoever had the chutzpah to intrude the cybersecurity company FireEye also blew up their own operation against many targets of much higher value. Years of work and millions of dollars went to waste because of that one mistake.

Despite the lack of evidence that points to a specific actor 'western' media immediately blamed Russia for the spying attempt.

As Reuters reported on Sunday :

Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments, according to people familiar with the matter, adding they feared the hacks uncovered so far may be the tip of the iceberg.

The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter.
...
The U.S. government has not publicly identified who might be behind the hacking , but three of the people familiar with the investigation said Russia is currently believed to be responsible for the attack . Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.

In a statement posted here to Facebook, the Russian foreign ministry described the allegations as another unfounded attempt by the U.S. media to blame Russia for cyberattacks against U.S. agencies.

'People familiar with the issue' say 'Russia is believed to be responsible'. Well, some kids familiar with wobbly teeth believe in the tooth fairy. What is that 'believe' based on?

The Associated Press reported on the wider aspect of the intrusions and also blamed Russia:

Hackers broke into the networks of the Treasury and Commerce departments as part of a monthslong global cyberespionage campaign revealed Sunday, just days after the prominent cybersecurity firm FireEye said it had been breached in an attack that industry experts said bore the hallmarks of Russian tradecraft.

I have read FireEye's and Microsoft's detailed technical analysis of the intrusion and took a look at the code . As a (former) IT professional very familiar with network management, I have seen nothing in it that points to Russia. Who are those 'industry experts' who make such unfounded claims?

In response to what may be a large-scale penetration of U.S. government agencies, the Department of Homeland Security's cybersecurity arm issued an emergency directive calling on all federal civilian agencies to scour their networks for compromises.

The threat apparently came from the same cyberespionage campaign that has afflicted FireEye, foreign governments and major corporations, and the FBI was investigating.

"This can turn into one of the most impactful espionage campaigns on record," said cybersecurity expert Dmitri Alperovitch .

Ah - the AP talked to Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike . The company which in 2016 claimed that Russia had stolen emails from the Democratic National Council but could not provide any evidence of that to the FBI. The company that admitted in Congress testimony that it did not see any exfiltration of emails from the DNC and had no evidence that Russia was involved. Alperovitch is also the 'industry expert' who falsely claimed that Russia hacked into an application used by the Ukrainian artillery. The same Alperovich who is a Senior Fellow of the anti-Russian lobbying organization Atlantic Council . Alperovitch apparently has never seen a software bug or malware that was not made by Russia.

Quoting an earlier version of the above AP story Max Abrams predicted:

Max Abrahms @MaxAbrahms - 3:20 UTC · Dec 14, 2020

"The U.S. government did not publicly identify Russia as the culprit behind the hacks, first reported by Reuters, and said little about who might be responsible."

You know this story will be retold as all 17 intel agencies 100% certain Putin is behind it.

That is indeed likely to happen.

Even while there is no hint in the intrusion software where it might have come from the media all started to blame Russia.

On Sunday, in its first report on the attack, the New York Times headlined:

Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect

Its chief propagandist David Sanger wrote:

The Trump administration acknowledged on Sunday that hackers acting on behalf of a foreign government -- almost certainly a Russian intelligence agency, according to federal and private experts -- broke into a range of key government networks, including in the Treasury and Commerce Departments, and had free access to their email systems.
...
News of the breach, reported earlier by Reuters , came less than a week after the National Security Agency, which is responsible for breaking into foreign computer networks and defending the most sensitive U.S. national security systems, issued a warning that "Russian state-sponsored actors" were exploiting flaws in a system broadly used in the federal government.

That warning by the NSA was about a known vulnerability in VMware, a software issue that is completely unrelated to the intrusions FireEye had detected and which targeted multiple government agencies.

Not bothering with facts the NYT continued its insinuations :

At the time, the N.S.A. refused to give further details of what had prompted the urgent warning. Shortly afterward, FireEye announced that hackers working for a state had stolen some of its prized tools for finding vulnerabilities in its clients' systems -- including the federal government's. That investigation also pointed toward the S.V.R., one of Russia's leading intelligence agencies. It is often called Cozy Bear or A.P.T. 29, and it is known as a traditional collector of intelligence.

No, the investigation by FireEye does not point in any direction. The company did not name a suspected actor and it did not mention Russia or the S.V.R. at all. The intrusion is also in no way similar to those phishing attempts that some have named Cozy Bear or APT 29.

The Times then further discredits itself by quoting the anti-Russian nutter Alperovich.

On Monday another NYT piece, co-written by Sanger, describes the wider attack and includes the word 'Russia' 23 times! But it does not provide any evidence for any Russian involvement in the case. This is the nearest it comes to:

The early assessments of the intrusions -- believed to be the work of Russia's S.V.R., a successor to the K.G.B. -- suggest that the hackers were highly selective about which victims they exploited for further access and data theft.

'Believed to be' the tooth fairy?

The piece also falsely insinuates that FireEye has linked the attack to Russia:

FireEye said that despite their widespread access, Russian hackers exploited only what was considered the most valuable targets.

Nowhere did FireEye say anything about Russian hackers. It only stated that the intrusions were specifically targeted. The implication of Russia only happened in the NYT writers' heads.

Reuters reports today :

On Monday, SolarWinds confirmed that Orion - its flagship network management software - had served as the unwitting conduit for a sprawling international cyberespionage operation. The hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers.

And while the number of affected organizations is thought to be much more modest, the hackers have already parlayed their access into consequential breaches at the U.S. Treasury and Department of Commerce.

Three people familiar with the investigation have told Reuters that Russia is a top suspect, although others familiar with the inquiry have said it is still too early to tell.

As of now no one but the people behind the intrusion know where it has come from.

SolarWinds , the company behind the network management software that was abused to intrude agencies and companies, is known for a lack of security:

SolarWinds' security, meanwhile, has come under new scrutiny.

In one previously unreported issue, multiple criminals have offered to sell access to SolarWinds' computers through underground forums, according to two researchers who separately had access to those forums.

One of those offering claimed access over the Exploit forum in 2017 was known as "fxmsp" and is wanted by the FBI "for involvement in several high-profile incidents," said Mark Arena, chief executive of cybercrime intelligence firm Intel471. Arena informed his company's clients, which include U.S. law enforcement agencies.

Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds' update server by using the password "solarwinds123"

"This could have been done by any attacker, easily," Kumar said.

And that's it.

Any significant actor with the necessary resources could have used the publicly known SolarWinds' password to sneak some malware into the Orion software update process to thereby intrude SolarWinds' customers and spy on them. Without further definitive evidence there is no reason to attribute the intrusions to Russia.

If anyone is to blame it is surely SolarWinds which has learned nothing from the attack. Monday night, days after it was warned, its infected software was still available on its servers . It seems that the SolarWinds people were busy with more important issues than their customers' security:

Top investors in SolarWinds, the Texas-based company whose software was breached in a major Russian cyberattack, sold millions of dollars in stock in the days before the intrusion was revealed.

The timing of the trades raises questions about whether the investors used inside information to avoid major losses related to the attack. SolarWinds's share price has plunged roughly 22 percent since the company disclosed its role in the breach Sunday night.

Note the casual use of 'Russian cyberattack', for which there is no evidence, in the very first sentence.

Silver Lake, a Silicon Valley investor with a history of high-profile tech deals including Airbnb, Dell and Twitter, sold $158 million in shares of SolarWinds on Dec. 7 -- six days before news of the breach became public. Thoma Bravo, a San Francisco-based private equity firm, also sold $128 million of its shares in SolarWinds on Dec. 7.

Together, the two investment firms own 70 percent of SolarWinds and control six of the company's board seats, giving the firms access to key information and making their stock trades subject to federal rules around financial disclosures.

Well, grifters are gonna grift.

And 'western' mainstream writers will blame Russia for anything completely independent of what really happened.

Posted by b on December 16, 2020 at 19:07 UTC | Permalink


Hoyeru , Dec 16 2020 19:24 utc | 1

since when has USA needed evidence? They blamed Saddam for years that he had "weapons of mass distraction". And back in 1990, they created the famous "Iraq solders took babies out fo incubators " lies. Some of us have lived longer than 30 years and we remember all the lies USA has said.

all part of the plan to cut Russia from the SWIFT in 2021.
once Biden becomes a president, he will call on all "democracies" to stand up to Russia. He and other "Western democracies" will hold a joint meeting sometime in 2021 where they will "condemn Russia for all the malign things Russia has done" and will press Belgium to cut Russia fro the SWIFT.
Whats wore, instead of doing anything, Russia is just sitting and watching them instead of warming Europe that this will mean Europe will freeze their collective asses next winter when they won't be able to get Russia gas. Even Iran is warning Russia that they will be cut off from the SWIFT.
Putin is getting old and sick, Russia desperately needs a leader who will stand up to those assholes and warn them to stop. Oh well, it's NOT my problem. Russia better get its asshole oiled up, it will need it. Putin is a weak and inefficient leader, and the SAker IS full of shit.

TH , Dec 16 2020 19:24 utc | 2
I believe that there are a few golden rules that can be applied to news stories:

1) If the first sentence contains a variation of the words "according to," then the story is at least partially bullsh*t
2) If a variation of "according to" is in the headline, then every word of the story is a lie

Roger , Dec 16 2020 19:39 utc | 3
@Hoyeru,

I have to agree with you, the deep state just cannot get over losing Russia to Putin and nationalism after the thought that they had turned it into their playground in the 1990s. They are hot to trot to take out Russia and make it bend the knee, whatever the risks are. Would not put it past them to pull the SWIFT option, although that would have huge implications for the Europeans who buy so much oil and gas from Russia.

It could end up as an own goal, as the Europeans join the Russian payments network and start paying in Euros convertible directly into Rubles (especially with Nordstream 2 in place). The Indians and Chinese are already setup for payments in local currencies. Right now China needs Russia as an ally, so they would also probably re-source oil imports to take more from Russia.

Russia has already made itself self sufficient in food etc., and has been working on payments in local currencies. They are not stupid, and see such a move coming.

iv> Since Wikileaks first publicised its hacking of the infamous Vault 7 emails demonstrating that the CIA had the ability to attach certain metadata to its own hacking activities, to insinuate that Russian or Chinese hackers were responsible (and thus put future investigators on a wrong trail away from the actual culprits), I don't rule out that the CIA and possibly other intel agencies chummy with it may have penetrated FireEye. Especially as these hacking attempts appear to have specific targets and some investors in the companies affected by these hacking attempts seem to employ crystal ball gazers so they were able to divest themselves of huge numbers of shares and make tidy profits before news of the hacking came out which would have sent these hacked companies' share prices down into an abyss. Could some of the hackers themselves be shareholders in the hacked firms?

Posted by: Jen , Dec 16 2020 19:44 utc | 4

Since Wikileaks first publicised its hacking of the infamous Vault 7 emails demonstrating that the CIA had the ability to attach certain metadata to its own hacking activities, to insinuate that Russian or Chinese hackers were responsible (and thus put future investigators on a wrong trail away from the actual culprits), I don't rule out that the CIA and possibly other intel agencies chummy with it may have penetrated FireEye. Especially as these hacking attempts appear to have specific targets and some investors in the companies affected by these hacking attempts seem to employ crystal ball gazers so they were able to divest themselves of huge numbers of shares and make tidy profits before news of the hacking came out which would have sent these hacked companies' share prices down into an abyss. Could some of the hackers themselves be shareholders in the hacked firms?

Posted by: Jen | Dec 16 2020 19:44 utc | 4

William Gruff , Dec 16 2020 19:46 utc | 5
Meanwhile in East Flatrock Tennessee a group of teens is laughing.

"They said our hack was 'an attack by a nation with top-tier offensive capabilities'! You hear that? We're a nation now! With 'top-tier offensive capabilities' at that! How awesome is that?"

gottlieb , Dec 16 2020 19:46 utc | 6
The CIA remains firmly in charge of US policy and the mainstream media.
Jen , Dec 16 2020 19:51 utc | 7
Hoyeru @ 1:

I believe the Russian President's annual Q&A session is taking place on 17 December 2020. It will be televised and probably videos of it will be uploaded to Youtube and other platforms over the next few days. The President's own website will feature transcripts of the session in Russian and English, and probably sevetal other languages. The Q&A session is usually a marathon affair running several hours. If you watch it, you will find out how ill Putin appears to be.

james , Dec 16 2020 19:54 utc | 8
b - master propaganda buster, lol... go get em b! i am surprised they aren't coming after you! maybe they figure you are a relatively obscure presence that will remain irrelevant for all intensive purposes... and they haven't figured out how to pull an assange or snowden on you - yet.... you better have some protection with the kgb and know how to speak a little russian!
vk , Dec 16 2020 19:55 utc | 9
Based on my 25 years in cyber security and responding to incidents, I've concluded we are witnessing an attack by a nation with top-tier offensive capabilities.

Translation: we fucked up and we're gonna blame either China or Russia, depending on the customer's preference (Republican or Democrat), in order to avoid blame and keep our stock prices from falling.

If you go to Fox News et al, I'm sure they'll be blaming China.

karlof1 , Dec 16 2020 20:14 utc | 10
If you've followed Lavrov's trail for the month of December, he's been in top form in his denunciations of the United States of Voldemort and its neverending illegalities and immoral actions. For the curious, the most recent are on the week in review thread. IMO, what constitutes the Outlaw US Empire's mainstream media lacks credibility across the spectrum of potential topics just as does the federal government. The planet will be a happier place if those two entities are just cast away and allowed to drift upon the endless sea of filth they generate daily.
JohninMK , Dec 16 2020 20:21 utc | 11
From what I have read there does not appear to be any malicious intent at any of the targeted organisations, but that might be wrong.

Maybe the attack on FireEye was an intentional way of exposing what they had done. It created some interesting press.

fyi , Dec 16 2020 20:24 utc | 12
Dear All:

The Russian Federation can annihilate the United States and US has no defenses against that.

So they indulge in such self-propaganda exercise, puffing up themselves and their population, and then they go home, knowing that RF can destroy them.

On the other hand, US can annihilate Iran and Iran cannot do anything about that either.

So they indulge in such self-propaganda exercise, puffing up themselves and their population, and then they go home, knowing that US can destroy them.

The only difference between Iran and Russia is that Iran is not a nuclear-armed state, targeting US cities.

I wonder what percentage of Americans are willing to nuke the Russian Federation - in contradistinction to the 59% who are willing to nuke Iran - per this M.I.T. report

https://www.mitpressjournals.org/doi/pdf/10.1162/ISEC_a_00284.

Framarz , Dec 16 2020 20:24 utc | 13
SL Ayatollah Khamenei by audience of General Soleimani family

"Ayatollah Khamenei said: The funeral of millions of martyrs of Soleimani was the first severe slap in the face to the Americans, but the more severe slap is "software overcoming the absurd hegemony of arrogance" and "expelling the United States from the region". It is definite whenever possible." Fars News Agency 16.12.20

iv> To be honest, this isn't even worth talking about. A non-story that doesn't deserve any oxygen at all.

Posted by: Clifton , Dec 16 2020 20:29 utc | 14

To be honest, this isn't even worth talking about. A non-story that doesn't deserve any oxygen at all.

Posted by: Clifton | Dec 16 2020 20:29 utc | 14

fyi , Dec 16 2020 20:31 utc | 15
Mr. Framarz

The funerals of the late Abu Mehdi Mohandess, the late Brigadier General Solimani and their companions have been unprecedent in the history of Shia Islam - to my knowledge.

Americans carried out an act that betrayed the extent of their hatred for Iran (as a country) and Shia (as a religion).

It was not the act of a sane sovereign - but as I have maintained for a long time - those of a Mad King.

That action, in my opinion, ended the possibility of the United States staying in Iraq, in Afghanistan, in Syria, or in Lebanon.

I wonder how the Shia would react, overtime, in the Azerbaijan Republic, in Kuwait, in Bahrain to the United States in the future.

powerandpeople , Dec 16 2020 20:34 utc | 16
"Neither FireEye nor Microsoft named any suspected actor behind the 'difficult-to-attribute' intrusion effort. Next to the NSA and Britain's GHCQ there are at least Israel, China and maybe Russia which do have such capabilities. But whoever had the chutzpah to intrude the cybersecurity company FireEye also blew up their own operation against many targets of much higher value. Years of work and millions of dollars went to waste because of that one mistake."

Well if software+SolarWind+elections = manipulation => proven[before date]

then a country, either from the list of those with 'capabilities', or another whose capablities were until now unknown, will have invalidated the US election.

BIG - IF true.

A big IF.

fyi , Dec 16 2020 20:34 utc | 17
Mr. Clifton

Perhaps it may be not worthwhile to discuss the main topic of this thread but I think it is worthwhile to note it as an indication of the unwillingness to face the World as it is by many in the United States at all levels.

willie , Dec 16 2020 20:56 utc | 18
Now der spiegel,le monde and le figaro have info from Bellingcat about a team of eight FSB spies and chemical specialist following Navalny for years to take him out,yet not succeeding.Even the most gullible "Russia,Russia,Russia" consumers start to find this ridiculous,judging by the comments.Some indeed start to have concerns about a new war on russia ,that will obviously obliterate all of western-europe.

https://www.spiegel.de/politik/ausland/fall-alexej-nawalny-mutmassliche-taeter-eines-geheimdienstkommandos-enttarnt-a-19e6378b-1726-4fce-9058-f78adb197828

https://www.spiegel.de/politik/ausland/alexej-nawalny-der-kreml-und-der-anschlag-auf-wladimir-putins-angstgegner-a-00000000-0002-0001-0000-000172728796

https://www.spiegel.de/politik/ausland/alexej-nawalny-kreml-medien-verschweigen-neue-erkenntnisse-zum-giftanschlag-a-1f9bcbec-c454-48fd-9ed7-e9021e74651d

They had four articles about this in two days.Mockingbird in full speed.It is very clear to me now that Spiegel ex-journo Udo Ulfkotte was "heartattacked" for outing CIA mastering der Spiegel in his book.

Mao Cheng Ji , Dec 16 2020 21:04 utc | 19
"This attack is different from the tens of thousands of incidents we have responded to throughout the years.[...] ...this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques"

"Incidents we have responded to"? Meh. Also, this "attack" may or may not be different from the (likely) tens of thousands of incidents that they've never detected.

willie , Dec 16 2020 21:13 utc | 20
Facebook discovered and neutralized a troll farm's accounts related to the french army in Central African Republic and Mali,working against russian st.petersburg related trollfarm accounts,that they neutralized as well.This is all about the french countering russians (and chinese) getting foothold amongst africans,you know the people they threw napalm on in the fifties,like they did in Vietnam way before the americans,to pacify those people.

https://www.01net.com/actualites/facebook-demantele-un-reseau-de-trolls-de-l-armee-francaise-en-afrique-2019443.html

https://www.lefigaro.fr/secteur/high-tech/afrique-facebook-ferme-de-faux-comptes-de-desinformation-lies-a-l-armee-francaise-20201216


https://www.lefigaro.fr/international/l-ombre-des-services-secrets-russes-derriere-l-affaire-navalny-20201215

Norwegian , Dec 16 2020 21:14 utc | 21
Their initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques.

So just fake or the CIA.

This is getting boring.

willie , Dec 16 2020 21:20 utc | 22
And of course Navalny is such a hot item that bellingcats's video on youtube got 10 million viewers within 48 hours.War on Russia,who is marching on Moscou,any volunteers?The germans and the french were not very lucky with that in the past,let the united americans have a try,after all its only europe that is meant for destruction either way.The Rotschilds will be proud of you.
Framarz , Dec 16 2020 21:21 utc | 23
@Norwegian 21

For me it was enough to read in the news that U.S. Treasury and Commerce department was among the targets to know who stand behind this operation. It must be very humiliating for US government, that's why the synchronous chorus about the "Russian Cyberattack", they know well that it was not Russia ...

U.S. Treasury and Commerce department is the driving force behind "maximum pressure" sanctions against Iran, terrorizing the Iranian population even blocking trade of medicine necessary for the treatment of kids with chronically illness.

Now Iranians sit with a complete list of U.S. Treasury and Commerce executives and their secrets, that would make it difficult for these economical terrorists to have a relaxing sleep at night. The extra bonus is what Iran got from all other US departments, useful for the future.
US need to restructure a whole lot of their IT network. protocols, hardware, even administrators at government and security level to repair at least part of the damage done.

Khameneie calls it a "sever slap" for the assassination of general Soleimani, one must agree a mind-blowing one indeed ...

uncle tungsten , Dec 16 2020 21:28 utc | 24
b reports FireEye saying
"We are actively investigating in coordination with the Federal Bureau of Investigation and other key partners, including Microsoft. Their initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques."

Interpreted as "we screwed up, that Microsoft Defender software is a POS and to think FireEye AND FBI relied on their crap upgrades - we had better blame Russia and save our total embarrassment.

uncle tungsten , Dec 16 2020 21:36 utc | 25
willie #18
They had four articles about this in two days.Mockingbird in full speed.It is very clear to me now that Spiegel ex-journo Udo Ulfkotte was "heartattacked" for outing CIA mastering der Spiegel in his book.

Thank you and I fully agree - 'heartbreaker herb' is native to a few eastern countries and known as an end of life choice of tea that is used by malign actors for centuries. Hard to find a reference to it these days as most search engines have hidden it. One used to be able to read of it.

karlof1 , Dec 16 2020 21:36 utc | 26
willie @22--

The "united americans" had their try during Russia's Civil War but didn't get very far. Then they tried carpetbagging neoliberal parasites, and they failed too, although they did considerable damage. Currently within the Outlaw US Empire, about as many people are out of work as reside within all of Russia, and their government cares not a whit what happens to them. On the other hand, President Putin has made it clear on many occasions that every Russian life is treasured by him and the Russian government, with more support given Russians than at any previous time by the USSR.

karlof1 , Dec 16 2020 21:41 utc | 27
Framarz @23--

The Outlaw US Empire is woeful when it comes to IT. Medicare today still runs on DOS, and it's likely many other departments do as well.

William Gruff , Dec 16 2020 21:42 utc | 28
Just so that everyone knows that what this => Framarz @23 poster says is entirely possible, back in the olden days when I was helping with Linux kernel space stuff Iran was one of the top five countries where code was being submitted from. Iran has more than just a few very sharp codesmiths.
Rob , Dec 16 2020 21:50 utc | 29
Regarding the David Sanger fantasy piece published in the NYT, I commented on the Times's website that Sanger made the claim of Russian culpability without providing a shred of actual evidence. Much to my surprise, my comment was accepted for publication. Shortly thereafter, it mysteriously vanished into the ether, no doubt having been read and removed by some editor or even by slimeball Sanger himself. Now that was not a surprise.
Framarz , Dec 16 2020 21:53 utc | 30
Thanks for your contribution but it's crystal clear that Khamenei took the responsibility for this operation today, looking at the eyes of Soleimani's daughter and saying what he said: (english text)

fna(dot)ir/f1cm2o

- looks like use of (ir) domain causing the text to be blocked, convert the dot

c1ue , Dec 16 2020 22:21 utc | 31
Indeed - if there's anything to be learned, it is that cyber security even in government intel agencies (Snowden), the military (Manning), political parties (Clinton emails) and now FireEye plus numerous other Solarwinds customers - is marked more for what it isn't than for what it is.
This on top of the damage caused by NotPetya and WannaCry - both of which did so much damage because clearly even Fortune 50 companies don't bother to segment their networks even between countries.
Incompetence and CYA rules the day.
iv> framarz link might show up later.. i just posted it, but it is in the cue to be released later, or not..

Posted by: james , Dec 16 2020 22:58 utc | 32

framarz link might show up later.. i just posted it, but it is in the cue to be released later, or not..

Posted by: james | Dec 16 2020 22:58 utc | 32

gm , Dec 16 2020 23:05 utc | 33
Re: They had four articles about this in two days.Mockingbird in full speed.It is very clear to me now that Spiegel ex-journo Udo Ulfkotte was "heartattacked" for outing CIA mastering der Spiegel in his book.

-Posted by: willie | Dec 16 2020 20:56 utc | 18

Didn't know that until you shared just now. Really terrible if true, but not that surprising given recent events. Wikipedia sez he died 13 January 2017 (aged 56). That would have happened during the Obama/Brennan period.

Lurk , Dec 16 2020 23:11 utc | 34
@ uncle tungsten | Dec 16 2020 21:36 utc | 25

If I understand correctly what you're hinting at, then I'll add that the alps and the nordic countries are also rife with it. It's principle active alkaloid is easily to determine port-mortem and if you're lucky, a good clinician will also diagnose it correctly before it's too late..

Less easy to pinpoint are the effects of targeted exposure with masers.

Peter AU1 , Dec 16 2020 23:37 utc | 35
"But whoever had the chutzpah to intrude the cybersecurity company FireEye also blew up their own operation against many targets of much higher value. Years of work and millions of dollars went to waste because of that one mistake."

yankistan propaganda always inserts a clause to show that hackers are bumblers. Reading the very short one sentence report in Reuters, the yanks got hit hard. pompus had to fly home and cut short his cold/hot war rabble rousing efforts.

arby , Dec 16 2020 23:56 utc | 36
Peter AU1 @ 35

I read that sentence as well and I assumed that b wrote that.

Michael , Dec 17 2020 0:31 utc | 37
@35 Peter

Thank you so much for "Yankistan". That sums it up nicely.

b's observation also gives a clue that it may very well be a white hat attack by the NSA. Lucky for us they could go the extra mile and give it some "positive" spin. Snark.

Bemildred , Dec 17 2020 0:34 utc | 38
The Register has some info on the hack:

US Treasury, Dept of Commerce hacks linked to SolarWinds IT monitoring software supply-chain attack

chu teh , Dec 17 2020 0:44 utc | 39
[This post not appear, so here it is without links]

Whatever is the definition of "intelligence", certainly it must be inclusive of this example, from Khamenei:

"Lifting sanctions is up to the enemy, but nullifying them is up to us'"

Also, he said "We must be strong in all areas, including economy, science, technology and defense, because as long as we do not grow strong, the enemies will not give up greed and aggression."

Now, compare that last to JV Stalin's 1931 speech in the run-up to WW 2:

"One feature of the history of old Russia was the continual beatings she suffered because of her backwardness. ... All beat her -- because of her backwardness, because of her military backwardness, cultural backwardness, political backwardness, industrial backwardness, agricultural backwardness. They beat her because it was profitable and could be done with impunity..."

Interesting, eh?

Hat-tip to Framarz | Dec 16 2020 21:53 utc | 30 for Khamenei link.
Stalin's speech link to follow...if it posts.

chu teh , Dec 17 2020 0:48 utc | 40
Here is link to JV Stalin speech in #40, above.


https://www.marxists.org/reference/archive/stalin/works/1931/02/04.htm

_K_C_ , Dec 17 2020 0:53 utc | 41
This cyber attack has NSA written all over it. Either that or the attackers had access to the tools that were leaked from the NSA trove. The tactics at least are very similar in some ways.

@willie - I posted a link to CNN's joint investigation with Bellingcat, Der Spiegel, and "The Insider" the other day in the open thread. Nobody seemed to have noticed. Looks like Russia has responded to them.

Quote: This report is funny to read.

I didn't have time to delve into all the different pages that comprise Bellingcat's allegations nor did I see anywhere in their stated methodology how they got access to these phone records that they're claiming correspond to the agents tailing Navalny. At least they didn't call him "opposition leader" this time - just "opposition activist" or something like that. LOL I'll be interested to see b's take on this affair once he's had time to digest it - and there is a lot to digest.

Clifton , Dec 17 2020 1:14 utc | 42
What is so cynical is that during the last three years of fake "Russian Collusion" certain politicians were colluding with the Chinese CCP, ie in actuality doing what they were accusing Trump of doing. Inevitable now that there is big trouble brewing in the US, I don't see how all the fraud evidence on every level can be disregarded, let alone apparent foreign involvement in the voting machines.
iv> Russians get blamed for everything:
https://fair.org/home/a-cia-officer-has-a-headache-media-blame-russia/
and via the lobster,
https://www.lobster-magazine.co.uk/free/lobster80/lob80-view-from-the-bridge.pdf?cache=228
the killing of Gareth Williams of MI6
< https://tinyurl.com/y4t3dmuj>
We are very close to the point at which the lies http://www.informationclearinghouse.info/56040.htm
become so ridiculous that they lose their power to confuse.
And there is bellingcat who now leads the front page of The Guardian with his fairy tales.
Luckily in addition to b we have http://johnhelmer.net/

Posted by: bevin , Dec 17 2020 1:30 utc | 43

Russians get blamed for everything:
https://fair.org/home/a-cia-officer-has-a-headache-media-blame-russia/
and via the lobster,
https://www.lobster-magazine.co.uk/free/lobster80/lob80-view-from-the-bridge.pdf?cache=228
the killing of Gareth Williams of MI6
< https://tinyurl.com/y4t3dmuj>
We are very close to the point at which the lies http://www.informationclearinghouse.info/56040.htm
become so ridiculous that they lose their power to confuse.
And there is bellingcat who now leads the front page of The Guardian with his fairy tales.
Luckily in addition to b we have http://johnhelmer.net/

Posted by: bevin | Dec 17 2020 1:30 utc | 43

bevin , Dec 17 2020 1:32 utc | 44
Sorry KC@41 I missed your comment which puts the point much better
snake , Dec 17 2020 1:40 utc | 45
western' mainstream writers will blame Russia for anything completely independent of what really happened.

can we get a list of these writers.. and store their names and aliases somewhere. a db.. is needed.


b - master propaganda buster, lol... go get em b! i am surprised the oligarch wealth and its minions haven't
figured out how to pull an assange or snowden on you - yet.... you better have some protection with the kgb
and know how to speak a little russian! by: james @ 8

James I think the propaganda monsters have discovered how to take b down, they
probably plan to ask B to self inject himself with one of their Gene Modifying
Vaccines(GMVs) with expectation that a mental giant will vegetate to a wimp.
.....
The CIA remains firmly in charge of US policy and the mainstream media. by: gottlieb @ 6

Not really, the people who support and control the CIA have firm control over politics,
finance, CIA, and media, remember the nine layers of control consist of but two layers
that are public. The CIA is the leg breaker arm of that oligarch cartel. .. .. but mr gottlieb
please list who in the CIA is the leg breaker in charge over US Policy and explain
how US Policy, CIA leg breaking, mainstream media, wall street execution are financed
marketed and coordinated. I suggest to you these are not government people but private
party marketers.

Just saying a bunch of puppets dressed in CIA suits are in charge is useless.. I will
bet when you identify to us, who it is you are talking about, it will be discovered the
person you think is in charge is not, but instead that person is executing orders given
by a private party someone else. Its the private party some one else that needs media exposure.

who (by name) do the puppets work for,
how can the string pullers be identified, and
Ill bet because the string pullers are not government at all, but private exploitative
persons, that can be legally tracked?

To Norwegian @ 21 fascinating The private parties most likely responsible (PPMLR) for the
cyber attack have been asked to investigate the victim of the cyber attack. The PPMLR's
initial findings support the victim pre investigation conclusion made before the investigation
was complete that the cyber attack was the work of a highly sophisticated state
sponsored attacker utilizing novel techniques? Not all of us were born yesterday?

psychohistorian , Dec 17 2020 2:14 utc | 46
What I haven't seen reported yet is that the voting machine company Dominion is a Solarwinds customer.....
....
....
think of the implications of that
J W , Dec 17 2020 2:41 utc | 47
If the Russians did it, usual sore loser antics by the US.
If the Russians didn't, usual propaganda lies by the US.

Either way, Yankistan still sucks.

gottlieb , Dec 17 2020 2:45 utc | 48
Snake@45..

You're not wrong... points taken. The nexus between the moneyed elite and 'intelligence' has always been there. Cheers.

[Jul 15, 2020] Trump Authorized CIA To Wage Cyberwar On Iran And Others

"I haven't looked at the kernel sources for any significant amount of time for years. It would be interesting to make a tally of what kind of patches were brought in by Iranian contributors. That is to say, if at any time fixes were made to 'bugs' brought/left in by the likes of IBM, Intel, Nvidia et al. Would be a nice holiday project."
Jul 15, 2020 | www.moonofalabama.org

William Gruff , Jul 15 2020 18:39 utc | 11

A number of years back I used to contribute patches for inclusion in the Linux kernel and stayed up to date on day to day submissions. One thing that surprised me back then was how many were coming from Iran. Iran was one of the top ten countries where fixes and new features for Linux were coming from.

After the CIA's Stuxnet attack on Iran back in 2010, Iran began to transition away from using Windows operating system towards using Linux. This is because it was clear that Microsoft played a part in distributing the Stuxnet code to computers in Iran embedded within otherwise normal OS updates.

Presumably the version of Linux authorized for use in Iran by the military and in strategic infrastructure is a custom distribution that has be heavily audited for security. Iran certainly has the domestic talent to accomplish this so I have no doubt that the rumors of it are true. This dramatically increases the difficulty the CIA faces in launching their cyber attacks. Most of the CIA's tools use backdoors that software vendors design into their products just for that purpose, but since you can build Linux from source code it is difficult to hide backdoors that competent programmers cannot find in that source code.

Basically, the biggest impact of letting the CIA go wild like this is that it will encourage more people, institutions, and countries to ditch Microsoft products. That is a very good thing.

vk , Jul 15 2020 19:45 utc | 21

The big danger here is that all sides can play such games. The U.S. does not have a monopoly or even a large advantage in waging cyber wars. It is in fact more vulnerable than others. Edward Snowden provided proof that the NSA is unable to protect its own secrets. Wikileaks published Vault 7, the CIA's own secret cyber attack tool collection. If even the NSA and the CIA can not protect their systems one can only imagine how bad the security situation is in private institutions like U.S. banks, media organizations, charities, religious institutions or businesses.

If the CIA targets such institutions in other countries counter attacks on similar U.S. entities become legitimate.

There may be a method to this madness. Last "Open Thread", I linked this op-ed from an American columnist for Bloomberg (via The Japan Times):

The upside of a new cold war with China

Fortunately, this is only a very partial history of Cold War America. The fever of McCarthyism broke by the mid-1950s; the country's institutions proved stronger than the challenge that movement posed to them. On the whole, the superpower rivalry was a force for constructive change.

It seems there's an eschatological thesis among many post-war American intellectuals (many of whom are certainly working for the CIA, in one position or another) that constant (perpetual) warfare against foreign enemies can solve the USA's own inner capitalist contradictions. That, if America's enemies attack it with all their guile and force of will, America will inherently develop its own means of repelling their attack and, at the same time, develop itself.

Certainly, this "theory" arose, in part, by necessity: as liberal democracy became less and less compatible with capitalism, the USG had to resort more and more to foreign events and States of Emergency to pass the legislation needed to satisfy the interests of its own elite (bourgeoisie). The most illustrative example of this was the Patriot Act, born from the ashes of the Twin Towers.

But I don't think it is just that. The author mentions many legitimate episodes during the Cold War where the USA reformed directly because of pressure exerted by the USSR (the Civil Rights Act of 1968). He could be even more eloquent and simply mentioned the concept of Welfare State in Western Europe - which was only invented because of the shadow of the USSR, cast from the other side of Berlin.

So, in this case, I think there is a significant portion of the American intelligentsia who genuinely believe in this mad thesis that perpetual war will always solve positively all the domestic problems of the USA. I don't think this is pure cynicism: many of those Cold War living fossils really envision an even better America for their children and grandchildren by promoting an all-out war against China, Russia, Iran, North Korea et al - even in the stances where USA proper is attacked and Americans directly die because of it.

One Too Many , Jul 15 2020 20:08 utc | 22

@William Gruff | Jul 15 2020 18:39 utc | 11

"Iran was one of the top ten countries where fixes and new features for Linux were coming from."

Well Microsoft tried to put the kibosh on Iranian software developers when they purchased Github, but it's rather trivial to get around that.

S , Jul 15 2020 21:26 utc | 35

@William Gruff #11:

Presumably the version of Linux authorized for use in Iran by the military and in strategic infrastructure is a custom distribution that has be heavily audited for security.

Similar to Russian Astra Linux .

[Mar 23, 2020] How To Record And Play Mouse And Keyboard Events Using Atbswp Macro Recorder

Notable quotes:
"... The application is an open source clone of the Windows-only TinyTask utility, which runs on both Windows and Linux with Xorg, with Wayland support "coming soon". ..."
Mar 23, 2020 | www.linuxuprising.com

Atbswp is a new graphical utility (Python3) that can be used to record the mouse and keyboard events. You can then reproduce (play) them identically as many times as you want by either clicking a button, or save the mouse and keyboard actions as a script and run it without having to relay on Atbswp.

The application is an open source clone of the Windows-only TinyTask utility, which runs on both Windows and Linux with Xorg, with Wayland support "coming soon".

This application can be useful to automate some demo for example, or to perform long tasks that require clicking on the same items over and over again. In case you want to automate repetitive typing (text expansion), I recommend AutoKey instead.

Atbswp desktop automation tool features:

[Feb 14, 2020] On vulnerable Windows versions the attacker can spoof a Windows-trusted root certificate that can be used to mint any individual certificate used for authentication of websites, software, and other sensitive properties.

Feb 14, 2020 | www.moonofalabama.org

Petri Krohn , Feb 11 2020 20:38 utc | 16

The reason European customers trust Huawei is because Huawei uses open-source software or at least makes their code available for inspection by customers.

Closed-source software cannot provide secrecy or security. This was vividly demonstrated last month when NSA revealed a critical vulnerability in Windows 10 that rendered any cryptographic security worthless.

Critical Windows 10 vulnerability used to Rickroll the NSA and Github

Rashid's simulated attack exploits CVE-2020-0601, the critical vulnerability that Microsoft patched on Tuesday after receiving a private tipoff from the NSA. As Ars reported, the flaw can completely break certificate validation for websites, software updates, VPNs, and other security-critical computer uses. It affects Windows 10 systems, including server versions Windows Server 2016 and Windows Server 2019. Other versions of Windows are unaffected.

The flaw involves the way the new versions of Windows check the validity of certificates that use elliptic-curve cryptography. While the vulnerable Windows versions check three ECC parameters, they fail to verify a fourth, crucial one, which is known as a base point generator and is often represented in algorithms as 'G.' This failure is a result of Microsoft's implementation of ECC rather than any flaw or weakness in the ECC algorithms themselves.

The attacker examines the specific ECC algorithm used to generate the root-certificate public key and proceeds to craft a private key that copies all of the certificate parameters for that algorithm except for the point generator. Because vulnerable Windows versions fail to check that parameter, they accept the private key as valid. With that, the attacker has spoofed a Windows-trusted root certificate that can be used to mint any individual certificate used for authentication of websites, software, and other sensitive properties.

I do not believe this vulnerability was a bug. It is more likely a backdoor intentionally left in the code for NSA to utilize. Whatever the case, NSA must have known about it for years. Why did they reveal it now? Most likely someone else had discovered the back door and may have been about to publish it.

(I commented on these same issues on Sputnik a few weeks ago.)

[Jan 12, 2020] How to create and run a PowerShell script file on Windows 10 Windows Central

Jan 12, 2020 | www.windowscentral.com

Are you new to PowerShell? Use this guide to create and run your first script file on Windows 10. Mauro Huculak 9 Oct 2019 8 <img src="https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/01/run-script-file-powershell-remotesigned-windows-10_.jpg?itok=uUp-wanV" width="800" height="600" alt="">

On Windows 10, PowerShell is a command-line tool that allows you to run commands and scripts to change system settings and automate tasks. It's similar to Command Prompt. Still, PowerShell is a more capable command-line interface (CLI) that provides an extensive set of tools and offers more flexibility and control (especially for scripting).

A script is just a collection of commands saved into a text file (using the .ps1 extension) that PowerShell can understand and execute in sequence to perform one or multiple actions. The only caveat is that unlike Command Prompt, the default security protocol always prevents all scripts from running on your device.

This means that when double-clicking a ".ps1" file on Windows 10 nothing will happen, and if you try to execute the script within PowerShell, you'll get the "cannot be loaded because running scripts is disabled on this system" error message. However, it's not impossible to run scripts. You just need to enable the correct execution policy.

Our favorite VPN service is more affordable now than ever before

In this Windows 10 guide , we walk you through the steps to successfully run your first script file on PowerShell.

How to create a PowerShell script file on Windows 10

On Windows 10, you can create PowerShell script files using virtually any text editor or the Integrated Scripting Environment (ISE) console that comes preinstalled on every installation.

Creating a script using Notepad

To create a PowerShell script using Notepad on Windows 10, use these steps:

  1. Open Start .
  2. Search for Notepad , and click the top result to open the app.
  3. Write a new or paste your script on the text file -- for example:

    Write-Host "Congratulations! Your first script executed successfully"

    <img src="https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/01/write-host-script-text-powershell_.jpg?itok=RV6AyLZE" width="800" height="454" alt="">

    The above script will output the phrase "Congratulations! Your first script executed successfully" on the screen.

  4. Click the File menu.
  5. Select the Save as option.
  6. Type a name for the script -- for example, first_script.ps1 .

    <img src="https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/01/notepad-ps1-save.jpg?itok=GebEhNib" width="800" height="454" alt="">

  7. Click the Save button.
Creating a script using Integrated Scripting Environment

Alternatively, you can use the built-in PowerShell ISE console to code your scripts on Windows 10.

The Integrated Scripting Environment is a complex tool, but you can get started using these steps:

  1. Open Start .
  2. Search for Windows PowerShell ISE , right-click the top result, and select the Run as administrator option.
  3. Click on File .
  4. Select the New option to create a new empty .ps1 file.

    <img src="https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/10/create-new-sp1-file-powershell.jpg?itok=WRgzqFRQ" width="800" height="503" alt="">

  5. Write a new or paste the script you want to run -- for example:

    Write-Host "Congratulations! Your first script executed successfully"

    <img src="https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/01/powershell-ise-script-windows-10_.jpg?itok=_90-6cei" width="800" height="470" alt="">

  6. Click the File menu.
  7. Click the Save option.
  8. Type a name for the script. For example, first_script.ps1 .

    <img src="https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/01/save-ps1-ise-script-windows-10.jpg?itok=waXgx8z3" width="800" height="502" alt="">

  9. Click the Save button.

Once you complete the steps using Notepad or PowerShell ISE, the script is ready to run, but it will fail by default. This is because the default PowerShell settings are always set to block the execution of any script.

How to run a PowerShell script file on Windows 10

If you want to run a script file on PowerShell, you have to change the execution policy on Windows 10.

To change the execution policy to run PowerShell scripts, use these steps:

  1. Open Start .
  2. Search for PowerShell , right-click the top-result and click the Run as administrator option.
  3. Type the following command to allow scripts to run and press Enter :

    Set-ExecutionPolicy RemoteSigned

  4. Type A and press Enter (if applicable).

    <img src="https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/01/powershell-set-executionpolicy-windows-10.jpg?itok=4_RbekrE" width="800" height="367" alt="">

  5. Type the following command to run the script and press Enter :

    & "C:\PATH\TO\SCRIPT\first_script.ps1"

    <img src="https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/01/running-script-filies-powershell-windows-10_.jpg?itok=NY6tqO2Y" width="800" height="348" alt="">

    In the above command, make sure to change "PATH\TO\SCRIPT" to the location of your script.

After you complete the steps, the script will run, and if it was crafted correctly, you should see its output without issues.

On Windows 10, PowerShell includes four execution policies, including:

In the above steps, we use the command to allow local scripts to run on Windows 10. However, if you're not planning to execute scripts regularly, you can restore the default settings to prevent running scripts that you don't trust using the same instructions, but on step No. 4 , make sure to use the Set-ExecutionPolicy Restricted command.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

[Jan 08, 2020] Something is really fishy with Paul Krugman: he complained that someone used his IP address to download child porn

Something is really fishy here. Dynamic IP address is reassigned only if you do not switch on you computer on for several days, which is not very probable for Krugman. Otherwise it is glued to this device and is difficult to highjack without installing malware on the computer or router. and he should have static IP anyway, he is not some poor shmuck and can afford extra $10 a month to have.
Two devices with the same IP on the network are usually automatically detected and it is difficult to use them for download, as during this time the second device will lose Internet connection completely and the problem will be detected by the ISP support.
So the only option is that somebody installed backdoor malware on Krugman computer and used his harddrive for storage. That's an extremely improbable scenario, unless he visited some grey site himself.
Jan 08, 2020 | www.zerohedge.com

Death2Fiat , 5 minutes ago link

No doubt Krugman has dirt on him for blackmail. No one gets his kind of job without being compromised.

The Last Sasquatch , 12 minutes ago link

These aren't my pants

Johann Gelbwesten , 25 minutes ago link

Probably happened when he clicked on an email from Prince Andrew.

theWHTMANN , 25 minutes ago link

C'mon that guy's face screams...

CosmoJoe , 31 minutes ago link

Getting ahead of it quickly eh Paul?

WP82 , 32 minutes ago link

Gee. Maybe it's nobody other than Krugman using His IP address.

Covering his a$$?

Captain Phoebus , 33 minutes ago link

Don't we believe him?

Jackprong , 35 minutes ago link

Typical ... to blame his actions on his perceived enemies.

[Oct 22, 2019] Windows 10 Testers Can Now Answer Android Phone Calls and Text Messages

Oct 22, 2019 | tech.slashdot.org

(venturebeat.com) 21

Posted by EditorDavid on Saturday October 12, 2019 @04:34PM from the Microsoft-Android dept. An anonymous reader quotes VentureBeat:

At Samsung's Galaxy Unpacked 2019 in August and the Surface hardware event last week, Microsoft talked about Windows 10's Your Phone app getting a new "Calls" feature. Today, the company is letting Windows Insiders start testing an early preview of Android calling on Windows 10 .

Having given up on Windows Phone, Microsoft has increasingly poured more resources into Android as its mobile platform of choice. The company offers plenty of Android apps and features, including some that it can't match on Apple's more restricted iOS platform. Last week, Microsoft even unveiled the dual-screen Surface Neo Android phone , coming in holiday 2020.

Your Phone is part of Microsoft's "Continue on PC" functionality, which lets you send a task from your Android or iOS device to Windows 10. The app's main purpose is to let you access your phone's content -- like text messages, photos, and notifications -- right on your PC. The feature first arrived with the Windows 10 Fall Creators Update in October 2017, and Microsoft has been broadening it ever since. Calling support means you no longer have to grab your Android phone to answer a call when you're at your computer. You can interact with the call using your PC's speakers, microphone, and screen.

[Oct 22, 2019] Ransomware Gang's Victim Cracks Their Server and Releases All Their Decryption Keys

Oct 22, 2019 | it.slashdot.org

(zdnet.com) 55

ccnafr shared their report: One of the gang's victims was Tobias Frömel , a German software developer. Frömel was one of the victims who paid the ransom demand so he could regain access to his files. However, after paying the ransom, Frömel also analyzed the ransomware, gained insight into how Muhstik operated, and then retrieved the crooks' database from their server . "I know it was not legal from me," the researcher wrote in a text file he published online on Pastebin earlier Monday, containing 2,858 decryption keys. "I'm not the bad guy here," Frömel added.

Besides releasing the decryption keys, the German developer also published a decrypter that all Muhstik victims can use to unlock their files. The decrypter is available on MEGA [ VirusTotal scan ], and usage instructions are avaiable on the Bleeping Computer forum.

In the meantime, Frömel has been busy notifying Muhstik victims on Twitter about the decrypter's availability, advising users against paying the ransom.

[Sep 13, 2019] The NSA and Unit 8200 possibly have collaborated on the Stuxnet virus as well as the Duqu malware

Sep 13, 2019 | www.unz.com

Originally from: How the CIA, Mossad and "the Epstein Network" are Exploiting Mass Shootings to Create an Orwellian Nightmare, by Whitney Webb

... ... ...

Carbyne's current CEO, Amir Elichai, served in Unit 8200 and tapped former Unit 8200 commander and current board member of AIPAC Pinchas Buchris to serve as the company's director and on its board. In addition to Elichai, another Carbyne co-founder, Lital Leshem , also served in Unit 8200 and later worked for Israeli private spy company Black Cube. The only Carbyne co-founder that didn't serve in Unit 8200 is Alex Dizengof, who previously worked for Israel's Prime Minister's office.

As MintPress noted in a past report detailing Israeli military intelligence's deep ties to American tech giant Microsoft, Unit 8200 is an elite unit of the Israeli Intelligence corps that is part of the IDF's Directorate of Military Intelligence and is involved mainly in signal intelligence (i.e., surveillance), cyberwarfare and code decryption. It is frequently described as the Israeli equivalent of the NSA and Peter Roberts, senior research fellow at Britain's Royal United Services Institute, characterized the unit in an interview with the Financial Times as "probably the foremost technical intelligence agency in the world and stand[ing] on a par with the NSA in everything except scale."

Notably, the NSA and Unit 8200 have collaborated on numerous projects, most infamously on the Stuxnet virus as well as the Duqu malware . In addition, the NSA is known to work with veterans of Unit 8200 in the private sector, such as when the NSA hired two Israeli companies , to create backdoors into all the major U.S. telecommunications systems and major tech companies, including Facebook, Microsoft and Google.

Both of those companies, Verint and Narus, have top executives with ties to Israeli intelligence and one of those companies, Verint (formerly Comverse Infosys), has a history of aggressively spying on U.S. government facilities.

Unit 8200 is also known for spying on civilians in the occupied Palestinian territories for "coercion purposes" -- i.e., gathering info for blackmail -- and also for spying on Palestinian-Americans via an intelligence-sharing agreement with the NSA.

[Sep 03, 2019] Revealed: How a secret Dutch mole aided the US-Israeli Stuxnet cyberattack on Iran by Kim Zetter and Huib Modderkolk

So before MH17 Dutch intelligence was involved with Stuxnet. Nice, if we can believe the author... It is possible that this is a plated story with fake facts and dates designed to cover something up. Iranians now probably know a lot more, but they are not talking.
BTW the following completely discredits the article exposing the authors as frauds: " AIVD's cyber capabilities are well known now -- last year it was revealed that AIVD was responsible for tipping off the FBI to the 2016 hack of the Democratic National Committee, knowledge it had acquired because its operatives had hacked into computers belonging to the Russian hacking group known as Cozy Bear in 2014 and were watching in 2015 when the Russians broke into computers at the U.S. State Department and the DNC. "
DNC was most probably an internal leak (possibly by Seth Rich), not a hack and any intelligence agency. Which makes any authors who claims that it was hack a part of the cover-up operation.
Comments are very interesting, much more then the article itself, as they reveals unprecedented level of distrust among commenters toward Israel (who was the main beneficiary of the sabotage of the Iran nuclear program, as it complete with Iran for regional hegemony) and by extension the USA.
Notable quotes:
"... An Iranian engineer recruited by the Dutch intelligence agency AIVD provided critical data that helped the U.S. developers target their code to the systems at Natanz, according to four intelligence sources. That mole then provided much-needed inside access when it came time to slip Stuxnet onto those systems using a USB flash drive. ..."
"... The Dutch were asked in 2004 to help the CIA and Mossad get access to the plant, but it wasn't until three years later that the mole, who posed as a mechanic working for a front company doing work at Natanz, delivered the digital weapon to the targeted systems. "[T]he Dutch mole was the most important way of getting the virus into Natanz," one of the sources told Yahoo. ..."
"... The Olympic Games operation was primarily a joint U.S.-Israel mission that involved the NSA, the CIA, the Mossad, the Israeli Ministry of Defense and the Israeli SIGINT National Unit, Israel's equivalent of the NSA. But the U.S. and Israel had assistance from three other nations, according to sources, hence the covert codename that gave nod to the five-ring symbol of the world's most famous international sporting event. Two of the three participating players were the Netherlands and Germany. The third is believed to be France, although U.K. intelligence also played a role. ..."
"... The Dutch intelligence agency, known as AIVD, along with U.S. and British intelligence, infiltrated Khan's supply network of European consultants and front companies who helped build the nuclear programs in Iran and Libya. That infiltration didn't just involve old-school tradecraft but also employed offensive hacking operations being developed as part of the burgeoning field of digital espionage. ..."
"... The Dutch intelligence agency already had an insider in Iran, and after the request from the CIA and Mossad came in, the mole decided to set up two parallel tracks -- each involving a local front company -- with the hope that one would succeed getting into Natanz. ..."
"... it wasn't until February 2007 that they formally launched the enrichment program by installing the first centrifuges in the main halls at Natanz. ..."
"... A sabotage test was conducted with centrifuges some time in 2006 and presented to President George Bush, who authorized the covert operation once he was shown it could actually succeed. ..."
"... sometime before the summer of 2007, the Dutch mole was inside Natanz. ..."
"... they made final changes to the code on Sept. 24, 2007, modifying key functions that were needed to pull off the attack, and compiled the code on that date. Compiling code is the final stage before launching it. ..."
"... Engineers at Natanz programmed the control systems with code loaded onto USB flash drives, so the mole either directly installed the code himself by inserting a USB into the control systems or he infected the system of an engineer, who then unwittingly delivered Stuxnet when he programmed the control systems using a USB stick. ..."
"... the malware worked its sabotage throughout 2008. In 2009 the attackers decided to change tactics and launched a new version of the code in June that year and again in March and April 2010. This version, instead of closing valves on the centrifuges, varied the speed at which the centrifuges spun, alternatively speeding them up to a level beyond which they were designed to spin and slowing them down. ..."
"... But their later tactic had a different drawback. The attackers added multiple spreading mechanisms to this version of the code to increase the likelihood that it would reach the target systems inside Natanz. This caused Stuxnet to spread wildly out of control, first to other customers of the five contractors, and then to thousands of other machines around the world, leading to Stuxnet's discovery and public exposure in June 2010. ..."
"... Gen. Michael Hayden, former head of the CIA and the NSA, acknowledged its groundbreaking nature when he likened the Stuxnet operation to the atomic bombs dropped on Hiroshima and Nagasaki. "I don't want to pretend it's the same effect," he said, "but in one sense at least, it's August 1945." ..."
"... Could it be that the story itself has been planted by intelligence operatives? Well, yeah. Okay. Now we have a story with a potential epiphany. ..."
"... The assassination of civilian scientists fall under the same umbrella but as a crime of murder. The malware move does not bother me but could have caused the release of toxic radiation throughout the world. Killing civilians is wrong. ..."
"... Interesting how Israel planted a virus to help "not to destroy Iran's nuclear program outright but to set it back for a while to buy time for sanctions and diplomacy to take effect." And now Israel is so adamant in trying to derail it. ..."
"... Lot's of misinformation out there about Iran and Nuclear power, they have never tried to put a nuke BOMB together. They may not like Israel but they have never threatened them with Nukes either ..."
"... Israel has provoked so many neighbors, their troubles are on them. They are bullies in the region and the world protects them even when they mistreat and attack others. They always claim they are going after enemies who are plotting against them, but the truth is they are stealing more land. ..."
"... The Mossad is spying on US citizens ..."
"... We're supposed to believe these sources? This piece is typical of the Huff who makes up sensational conspiracies, revelations, showing them as be a or facts. Laughable ..."
"... As always, if we turn the situation around, the major news media would be screaming bloody murder and calling for war with Iran. ..."
"... One of the top American generals, Smedley Butler, was correct when he called war nothing but a racket. ..."
"... to help Israel achieve its demented goal, Stuxnet, ultimately, has come back to bite the US in the >ssa<. Good going morons. How to teach the enemy defeat you in your own game. ..."
"... Yet, as a signatory to the NNPT, Iran has every right to pursue nuclear energy, for civilian purpose ..."
"... Meanwhile, India, Pakistan and Israel couldn't legally sign the NNPT, as they refused to divulge how many nukes they had... ..."
"... This article glorifies the typical USA interference in other countries affairs, the hate and mistrust toward the USA is 100% founded, that country through out its history has shown his neighbors and the the rest of the world that they are friends of no one and always try to undermine other nations. ..."
"... They practically exterminated the native Americans, stole half of Mexico, sponsored coups all over the world, promoted wars and became the biggest producer of arms. All historical facts that no one can denied, and so much more, karma will eventually catch up with the USA, is already starting ..."
"... Another propaganda by YAHOO. Nothing about the 6 billion Obama gave them ??? What do you thing that money went towards. Yahoo should be investigated for treason. ..."
"... The Neocons (and NeoLiberals) opened Pandora's box when they came up with the plan to destabilize the Middle East. Instead they destabilized our planet.. ..."
"... Did you know the UK and Australia worked with Clapper and Brennan to spy on Trump and his campaign team? ..."
"... Zionist are finally losing their propaganda war little by little. American people are fed up ..."
"... "Stuxnet was pretty much dead as a spreading worm a month after it was discovered," he added. "Every antivirus company worth its salt had Stuxnet detection signatures out quickly. It was a worm designed to never be found in the 1st place. Once it was uncovered, it was defenseless." ..."
"... How is this story any more than gossip with international security ramifications? ..."
Sep 02, 2019 | www.yahoo.com

The first-of-its-kind virus, designed to sabotage Iran's nuclear program, effectively launched the era of digital warfare and was unleashed some time in 2007, after Iran began installing its first batch of centrifuges at a controversial enrichment plant near the village of Natanz.

The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad, according to sources who spoke with Yahoo News.

An Iranian engineer recruited by the Dutch intelligence agency AIVD provided critical data that helped the U.S. developers target their code to the systems at Natanz, according to four intelligence sources. That mole then provided much-needed inside access when it came time to slip Stuxnet onto those systems using a USB flash drive.

The Dutch were asked in 2004 to help the CIA and Mossad get access to the plant, but it wasn't until three years later that the mole, who posed as a mechanic working for a front company doing work at Natanz, delivered the digital weapon to the targeted systems. "[T]he Dutch mole was the most important way of getting the virus into Natanz," one of the sources told Yahoo.

Neither the CIA nor the Mossad responded to inquiries from Yahoo News about the information. The AIVD declined to comment on its involvement in the operation.

The now famous covert operation known as "Olympic Games" was designed not to destroy Iran's nuclear program outright but to set it back for a while to buy time for sanctions and diplomacy to take effect. That strategy was successful in helping to bring Iran to the negotiating table, and ultimately resulted in an agreement with the country in 2015.

The revelation of Dutch involvement harkens back to a time when there was still extensive cooperation and strong, multilateral agreement among the U.S. and its allies about how to deal with the Iranian nuclear program -- a situation that changed last year after the Trump administration pulled out of the hard-won nuclear accord with Tehran.

withdrawal from the Iran nuclear deal, May 8, 2018. (Photo: Saul Loeb/AFP/Getty Images)

The Olympic Games operation was primarily a joint U.S.-Israel mission that involved the NSA, the CIA, the Mossad, the Israeli Ministry of Defense and the Israeli SIGINT National Unit, Israel's equivalent of the NSA. But the U.S. and Israel had assistance from three other nations, according to sources, hence the covert codename that gave nod to the five-ring symbol of the world's most famous international sporting event. Two of the three participating players were the Netherlands and Germany. The third is believed to be France, although U.K. intelligence also played a role.

Germany contributed technical specifications and knowledge about the industrial control systems made by the German firm Siemens that were used in the Iranian plant to control the spinning centrifuges, according to sources. France is believed to have provided intelligence of a similar sort.

But the Dutch were in a unique position to perform a different role -- delivering key intelligence about Iran's activities to procure equipment from Europe for its illicit nuclear program, as well as information about the centrifuges themselves. This is because the centrifuges at Natanz were based on designs stolen from a Dutch company in the 1970s by Pakistani scientist Abdul Qadeer Khan. Khan stole the designs to build Pakistan's nuclear program, then proceeded to market them to other countries, including Iran and Libya.

The Dutch intelligence agency, known as AIVD, along with U.S. and British intelligence, infiltrated Khan's supply network of European consultants and front companies who helped build the nuclear programs in Iran and Libya. That infiltration didn't just involve old-school tradecraft but also employed offensive hacking operations being developed as part of the burgeoning field of digital espionage.

AIVD's cyber capabilities are well known now -- last year it was revealed that AIVD was responsible for tipping off the FBI to the 2016 hack of the Democratic National Committee, knowledge it had acquired because its operatives had hacked into computers belonging to the Russian hacking group known as Cozy Bear in 2014 and were watching in 2015 when the Russians broke into computers at the U.S. State Department and the DNC.

But during the early days of Iran's nuclear program, AIVD's hacking team was small and still developing.

The Iranian program, which had been on the back burner for years, kicked into high gear in 1996, when Iran secretly purchased a set of blueprints and centrifuge components from Khan. In 2000, Iran broke ground at Natanz with plans to build a facility that would hold 50,000 spinning centrifuges for enriching uranium gas. That same year, AIVD hacked the email system of a key Iranian defense organization in an effort to obtain more information about Iran's nuclear plans, according to sources.

Israeli and Western intelligence agencies secretly monitored the progress at Natanz over the next two years, until August 2002, when an Iranian dissident group publicly exposed the Iranian program at a press conference in Washington, D.C., using information provided by the intelligence agencies. Inspectors for the International Atomic Energy Agency, the United Nations body that monitors nuclear programs around the world, demanded access to Natanz and were alarmed to discover that the Iranian program was much further along than believed.

Iran was pressed into agreeing to halt all activity at Natanz while the IAEA sought to obtain more information about the nuclear program, and the suspension continued throughout all of 2004 and most of 2005. But it was only a matter of time before operations at Natanz resumed, and the CIA and the Mossad wanted to be inside when they did.

The request to the Dutch for help with this came toward the end of 2004, when a Mossad liaison working out of the Israeli Embassy in the Hague and a CIA official based at the U.S. Embassy met with a representative from AIVD. There was no talk yet about inserting a digital weapon into the control systems at Natanz; the aim at that time was still just intelligence.

But the timing wasn't random. In 2003, British and U.S. intelligence had landed a huge coup when they intercepted a ship containing thousands of centrifuge components headed to Libya -- components for the same model of centrifuges used at Natanz. The shipment provided clear evidence of Libya's illicit nuclear program. Libya was persuaded to give up the program in exchange for the lifting of sanctions, and also agreed to relinquish any components already received.

By March 2004, the U.S., under protest from the Dutch, had seized the components from the ship and those already in Libya and flown them to the Oak Ridge National Lab in Tennessee and to a facility in Israel. Over the next months, scientists assembled the centrifuges and studied them to determine how long it might take for Iran to enrich enough gas to make a bomb. Out of this came the plot to sabotage the centrifuges.

The Dutch intelligence agency already had an insider in Iran, and after the request from the CIA and Mossad came in, the mole decided to set up two parallel tracks -- each involving a local front company -- with the hope that one would succeed getting into Natanz.

Establishing a dummy company with employees, customers and records showing a history of activity, takes time, and time was in short supply. In late 2005, Iran announced it was withdrawing from the suspension agreement, and in February 2006 it began to enrich its first batch of uranium hexaflouride gas in a pilot plant in Natanz. The Iranians ran into some problems that slowed them down, however, and it wasn't until February 2007 that they formally launched the enrichment program by installing the first centrifuges in the main halls at Natanz. [ in 2007 it is still Bush administration (which means Cheney) at the helm]

By then, development of the attack code was already long under way. A sabotage test was conducted with centrifuges some time in 2006 and presented to President George Bush, who authorized the covert operation once he was shown it could actually succeed.

By May 2007, Iran had 1,700 centrifuges installed at Natanz that were enriching gas, with plans to double that number by summer. But sometime before the summer of 2007, the Dutch mole was inside Natanz.

The first company the mole established had failed to get into Natanz -- there was a problem with the way the company was set up, according to two of the sources, and "the Iranians were already suspicious," one explained.

The second company, however, got assistance from Israel. This time, the Dutch mole, who was an engineer by training, managed to get inside Natanz by posing as a mechanic. His work didn't involve installing the centrifuges, but it got him where he needed to be to collect configuration information about the systems there. He apparently returned to Natanz a few times over the course of some months.

"[He] had to get in several times in order to collect essential information [that could be used to] update the virus accordingly," one of the sources told Yahoo News.

The sources didn't provide details about the information he collected, but Stuxnet was meant to be a precision attack that would only unleash its sabotage if it found a very specific configuration of equipment and network conditions. Using the information the mole provided, the attackers were able to update the code and provide some of that precision.

There is, in fact, evidence of updates to the code occurring during this period. According to the security firm Symantec, which reverse-engineered Stuxnet after it was discovered, the attackers made updates to the code in May 2006 and again in February 2007, just as Iran began installing the centrifuges at Natanz. But they made final changes to the code on Sept. 24, 2007, modifying key functions that were needed to pull off the attack, and compiled the code on that date. Compiling code is the final stage before launching it.

The code was designed to close exit valves on random numbers of centrifuges so that gas would go into them but couldn't get out. This was intended to raise the pressure inside the centrifuges and cause damage over time and also waste gas.

This version of Stuxnet had just one way to spread -- via a USB flash drive. The Siemens control systems at Natanz were air-gapped, meaning they weren't connected to the internet, so the attackers had to find a way to jump that gap to infect them. Engineers at Natanz programmed the control systems with code loaded onto USB flash drives, so the mole either directly installed the code himself by inserting a USB into the control systems or he infected the system of an engineer, who then unwittingly delivered Stuxnet when he programmed the control systems using a USB stick.

Once that was accomplished, the mole didn't return to Natanz again, but the malware worked its sabotage throughout 2008. In 2009 the attackers decided to change tactics and launched a new version of the code in June that year and again in March and April 2010. This version, instead of closing valves on the centrifuges, varied the speed at which the centrifuges spun, alternatively speeding them up to a level beyond which they were designed to spin and slowing them down. The aim was to both damage the centrifuges and undermine the efficiency of the enrichment process. Notably, the attackers had also updated and compiled this version of the attack code back on Sept. 24, 2007, when they had compiled the code for the first version -- suggesting that intelligence the Dutch mole had provided in 2007 may have contributed to this version as well.

By the time this later version of the code was unleashed, however, the attackers had lost the inside access to Natanz that they had enjoyed through the mole -- or perhaps they simply no longer needed it. They got this version of Stuxnet into Natanz by infecting external targets who brought it into the plant. The targets were employees of five Iranian companies -- all of them contractors in the business of installing industrial control systems in Natanz and other facilities in Iran -- who became unwitting couriers for the digital weapon.

"It's amazing that we're still getting insights into the development process of Stuxnet [10 years after its discovery]," said Liam O'Murchu, director of development for the Security Technology and Response division at Symantec. O'Murchu was one of three researchers at the company who reversed the code after it was discovered. "It's interesting to see that they had the same strategy for [the first version of Stuxnet] but that it was a more manual process. ... They needed to have someone on the ground whose life was at risk when they were pulling off this operation."

O'Murchu thinks the change in tactics for the later version of Stuxnet may be a sign that the capabilities of the attackers improved so that they no longer needed an inside mole.

"Maybe back in 2004 they didn't have the ability to do this in an automated way without having someone on the ground," he said. "Whereas five years later they were able to pull off the entire attack without having an asset on the ground and putting someone at risk."

But their later tactic had a different drawback. The attackers added multiple spreading mechanisms to this version of the code to increase the likelihood that it would reach the target systems inside Natanz. This caused Stuxnet to spread wildly out of control, first to other customers of the five contractors, and then to thousands of other machines around the world, leading to Stuxnet's discovery and public exposure in June 2010.

Months after Stuxnet's discovery, a website in Israel indicated that Iran had arrested and possibly executed several workers at Natanz under the belief that they helped get the malware onto systems at the plant. Two of the intelligence sources who spoke with Yahoo News indicated that there indeed had been loss of life over the Stuxnet program, but didn't say whether this included the Dutch mole.

While Stuxnet didn't significantly set back the Iranian program -- due to its premature discovery -- it did help buy time for diplomacy and sanctions to bring Iran to the negotiating table. Stuxnet also changed the nature of warfare and launched a digital arms race. It led other countries, including Iran, to see the value in using offensive cyber operations to achieve political aims -- a consequence the U.S. has been dealing with ever since.

Gen. Michael Hayden, former head of the CIA and the NSA, acknowledged its groundbreaking nature when he likened the Stuxnet operation to the atomic bombs dropped on Hiroshima and Nagasaki. "I don't want to pretend it's the same effect," he said, "but in one sense at least, it's August 1945."

Kim Zetter is a journalist and the author of Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon . Huib Modderkolk is a journalist with the Dutch newspaper de Volkskrant who broke the story last year of AIVD's hack of Cozy Bear; he is also the author of Het is oorlog: maar niemand die het ziet (The Invisible War), to be published this week in the Netherlands.


American

Operation Ajax seem to be forgotten by the West, but well remembered, by the Iranian folks. Gary

"The now famous covert operation known as "Olympic Games" was designed not to destroy Iran's nuclear program outright but to set it back for a while to buy time for sanctions and diplomacy to take effect."

REALITY CHECK 2 hours ago

General Michael Hayden (ex CIA and NSA head) "In other words, there were many of us in government who thought the purpose of the [Israeli threatened air] raid wasn't to destroy the Iranian nuclear system but the purpose of the raid was to put us at war with Iran." -in "Zero Days" 2016 documentary about the Stuxnet attack on Iran

From the 'Zero days' documentary on Stuxnet: "Inside the ROC (NSA Remote Operations Center] we were furious. The Israelis took our code for the [Stuxnet] delivery system and changed it. Then, on their own, without our agreement they just ****ing launched it. 2010, around the same time they started killing Iranian scientists, [unintelligble] ****ed up the code, Instead of hiding, the code started shutting down computers, so naturally people noticed. Because they [Israel] were in a hurry, they opened Pandora's Box. They let it out, and it spread all over the world. ... The problem was that the Israelis, Unit 8200, were always pushing us to be more aggressive ----

Our "friends" in Israel took a weapon that we jointly developed, in part to keep Israel from doing something crazy, and then used it on their own in a way that blew the cover of the operation and could have led to war. And we can't talk about that?" But my concern, and the reason I'm talking, is because when you shut down a country's power grid, it doesn't just pop back up. It's more like Humpty Dumpty. and if all the King's men can't turn the lights back on, or filter the water for weeks, then lots of people die. And something we can do to others, they can do too. Is that something we should keep quiet? Or should we talk about it? ---- R

REALITY CHECK 1 hour ago

@potz.. Nice try at the diversion. In fact it's already well known that the "jewish state" funds your internet propaganda operations. In fact I'll give readers a little insight to your operation. Ever wondered why Mid East comments are so overwhelmingly anti-Muslim, anti-Iran, anti-Palestinians and pro-israel? A new propaganda app sponsored by the Israeli Strategic Affairs Ministry for israel's thousands of internet trolls, Act.il : "A new app 'arms' thousands of motivated civilians worldwide, defending Israel's image online" ... ... ..

"We had about 1,000 volunteers, most of them students from the IDC, who created pro- Israel PR content in 35 different languages, reaching some 40 million web users."... we started working from the operations room on a regular basis. We had a database of student volunteers from dozens of countries, and it became more and more organized. We started setting up departments: One department created pro-Israeli marketing content, another department found and marked online articles that required our attention, and a third department dealt with finding and reporting pages that incite against Israel."...

Within only two weeks, it was downloaded by over 6,000 people in 27 countries around the world ... "In the months before the app's launch, we ran it a pilot among a group of some 800 students, most of them Americans,"...

During the pilot period, we were able to remove 2-5 inciting pages or videos every week. We re working with the IDF [Israeli Defense Forces] and the Shin Bet [Israeli version of theFBI], who are giving us information on such inciting content, and even they couldn't keep uswith how fast we were getting things removed."

"Companies, such as Facebook, remove content following reports from the community," Ben-Yosefexplains. "If there is only one person reporting it, he usually gets told by Facebook the content doesn't meet the criteria for removal. If300 report it-the content is removed immediately. As soon as content inciting against "Companies, such as Facebook, remove content following reports from the community," Ben-Yosefexplains. "If there is only one person reporting it, he usually gets told by Facebook the content doesn't meet the criteria for removal. If300 report it-the content is removed immediately. As soon as content inciting against Israel is posted online, we send a message through the app and all of its subscribers immediately report it." ...

"Students from the University of California (UC), where there are a lot of anti-Israel activists, came to us for help," Briga says. "We organized a joint campaign, in which we opened Skype chats at the IDC and at UC campuses and we let random students just sit down and have a conversation with someone from here [Israel].

https://www.israelandstuff.com/want-to-defend-israel-heres-a-lesson-in-hasbara

LaoShur yesterday •••

People need to research just how much the Zionist jew state skrewed the U.S. and the world with this Stuxnet, and many OTHER computer viruses.

Unit 8200 is a cyber terrorist training facility just outside Jerusalem. https://www.forbes.com/sites/startupnationcentral/2018/05/28/rise-of-computer-vision-brings- obscure-israeli-intelligence-unit-into-spotlight/#7530b9743c19

The accelerating shift toward technologies like autonomous driving, satellite navigation, image recognition, and augmented and virtual reality, are bringing to the fore Israeli intelligence unit 9900, whose grads are starting to make a name for The accelerating shift toward technologies like autonomous driving, satellite navigation, image recognition, and augmented and virtual reality, are bringing to the fore Israeli intelligence unit 9900, whose grads are starting to make a name for them

www.forbes.com

korok malfesio, 2 hours ago

If the CIA, Mossad, and AIVD have refused to comment on the veracity of this story, where did the information come from, and how did the reporters verify the story? The Dutch mole, who was actually an Iranian citizen, is a possibility, but another insider is needed for confirmation. This cyber sortie has more leaks in it than the Titanic.

Could it be that the story itself has been planted by intelligence operatives? Well, yeah. Okay. Now we have a story with a potential epiphany.

rod, 8 hours ago

A little bit of disinformation here on this story. The article refers to "enrich its first batch of uranium hexaflouride gas" This is incorrect. You can not enrich Hexaflouride gas. You can however, use a radioactive gas such as Irridium gas,

or any other gas that is radioactive in nature such as xenon gas which will bind to the raw uranium molecule and make it bigger. Therefor allowing the refinement process to become more efficient. This is why Baghdad calls their bahgatrons, an improvement from a traditional centerfuge.

Also, I remember how the U.S. infiltrated the Iraq military command by installing special chips inside printers to get into their command and control systems. Not much was talked about in this article about the torture of the people who were suspected of being #$%$. sympathizer.

NativeRedemption, yesterday

The assassination of civilian scientists fall under the same umbrella but as a crime of murder. The malware move does not bother me but could have caused the release of toxic radiation throughout the world. Killing civilians is wrong.

True Blue, yesterday

Former Ohio Congressman James Traficant ~ "Israel Owns the Congress and the Senate" ...

ChrisP.Bacon, yesterday

We had an agreement that stopped Iranian development of Nukes. It was verified by international inspectors that Iran was and is living up to the agreement. America didn't live up to their end of the bargain. Because Trump walked away from the agreement after America gave their word, now Iran has been given a green light to restart their program courtesy of Donald Trump.

True Blue, yesterday

AIPAC is an organization holding our elected government officials hostage to their foreign policy directives ! Before Israel we had no enemies in the Middle East... fact !

Ryan, yesterday

Just sayin...It was a combination of the CIA, Mossad, Meyer Lansky, and Israel that killed JFK, Israel wanted nuclear weapons, Kennedy would have none of it. Lansky wanted his properties back that Castro nationalized when he took over Cuba, and the Jewish James 'Jesus' Angleton was an Israeli 'mole' who rose to be the 3rd ranked member of the CIA. The book 'Finale Judgement' lays out all the connections extremely well, there's no doubt than David Ben Gurion and Israel were a part of the scheme to take out an American president...

Ally M, yesterday

ALL my Congressmen and ALL my Senators have ASSURED me that they will make certain that America provides Israel with all the Military Intelligence and Military equipment that they should require not only to Defend themselves, but to ensure that they will Defeat their enemies in any major conflict.

Thank you to ALL our C.I.A. and Military Intelligence officials in Iraq, Syria, Lebanon, Egypt, Qatar, and, yes, Iran who are providing our Israel friends with Real-time Intelligence information!

AliMD, 18 hours ago

Interesting how Israel planted a virus to help "not to destroy Iran's nuclear program outright but to set it back for a while to buy time for sanctions and diplomacy to take effect." And now Israel is so adamant in trying to derail it.

vani, 9 hours ago

Lot's of misinformation out there about Iran and Nuclear power, they have never tried to put a nuke BOMB together. They may not like Israel but they have never threatened them with Nukes either.

Israel has provoked so many neighbors, their troubles are on them. They are bullies in the region and the world protects them even when they mistreat and attack others. They always claim they are going after enemies who are plotting against them, but the truth is they are stealing more land.

The Mossad is spying on US citizens, they are as bad as Russia on interfering with our sovereign rights to fair elections, and a threat to our constitutional rights.

Mike, 4 hours ago

We're supposed to believe these sources? This piece is typical of the Huff who makes up sensational conspiracies, revelations, showing them as be a or facts. Laughable

idiocracynowi, yesterday

As always, if we turn the situation around, the major news media would be screaming bloody murder and calling for war with Iran.

This hypocrisy by the American media has been going on since the early 1900s, and is the reason America gets into so many unnecessary wars. One of the top American generals, Smedley Butler, was correct when he called war nothing but a racket.

Mark Paris, yesterday

"While Stuxnet didn't significantly set back the Iranian program - due to its premature discovery - it did help buy time for diplomacy and sanctions to bring Iran to the negotiating table." - Or they have to say that since there has been loss of innocent lives as they say, themselves. - _

"Stuxnet also changed the nature of warfare and launched a digital arms race. It led other countries, including Iran, to see the value in using offensive cyber operations to achieve political aims - a consequence the U.S. has been dealing with ever since."

Otherwise, to help Israel achieve its demented goal, Stuxnet, ultimately, has come back to bite the US in the >ssa<. Good going morons. How to teach the enemy defeat you in your own game.

Kate, yesterday

What comes around, often goes around...

Everyman, 21 hours ago

Operation Talpiot is the back door data pipeline from your computer/cell phone to Israel. Everything you communicate electronically is stored and analyzed by Israel...

sam spade, 17 hours ago

So this why you stay in the nuclear deal. They know we did it. They signed the deal anyway. They have no reason to trust us, yet they signed the deal. Can we get back into the deal?

TommyGun, 22 hours ago

This is a nice story-cloak and dagger and all that. Why would anyone want to expose this? ..and endanger the lives of those involved as there will always be retributions.

Eli, yesterday

Israel will always have people around the world willing to help because if you believe in God and the Bible then helping Israel is an easy decision against the evil Ishmaelite's. God will forever protect Israel against her enemies those who want to destroy Israel are on a collision with God, just look at all the countries who hate Israel, they are the worse human rights countries on the planet, no mans land.

Loyal Tribune, 15 hours ago

Stuxnet haven't had much affect on Iranian side. I read, they through out all infected centrifuges and replaced with brand new ones in matter of a news weeks. although to them it was like nothing important happened, but a few life are gone for not much to gain.

IrishAmericanPsycho, 7 hours ago

Yet, as a signatory to the NNPT, Iran has every right to pursue nuclear energy, for civilian purposes.

Meanwhile, India, Pakistan and Israel couldn't legally sign the NNPT, as they refused to divulge how many nukes they had....YET THE US SHARED NUCLEAR TECH with those countries anyway.....

Censored, 11 hours ago

US and Israel have tried everything to topple Iran: malware terrorism, sanctions, oil embargo, supporting Wahhabi terrorists, financial terrorism, economic war, sanctioning any country who does business with Iran, disinformation, sabotage, threats, disallowing Red Cross to help flood victims, pirating... yet, Iran stands tall and grows. The only reason they didn't attack Iran is simple: they can't.

American, yesterday

Famous act of war. Imagine if Iran had done this? Amazing how restrained the Iranians have been in the face of all the attacks.

anatoly, 16 hours ago

betcha stuff like this is still going on!

P KP K, 4 hours ago

Stuxnet was working fine until Israel decided without US knowledge to increase the effects of the virus and it was caught by the Iranians. Then it was subsequently used by the Iranians on attacks against Saudi and the US.

Funny how that part of the story was left out

Shekel_Trader, 4 hours ago

If the US had put in half the effort back in the '60's to stop Israel's illicit nuke program, as they did with Stuxnet, we'd all be a much happier and healthier society today, without Israel threatening its neighbors with one hand while waving the "Sampson option" in the other.

-S/T

Alex, 17 hours ago

This article glorifies the typical USA interference in other countries affairs, the hate and mistrust toward the USA is 100% founded, that country through out its history has shown his neighbors and the the rest of the world that they are friends of no one and always try to undermine other nations.

They practically exterminated the native Americans, stole half of Mexico, sponsored coups all over the world, promoted wars and became the biggest producer of arms. All historical facts that no one can denied, and so much more, karma will eventually catch up with the USA, is already starting

Tony, 22 hours ago

Another propaganda by YAHOO. Nothing about the 6 billion Obama gave them ??? What do you thing that money went towards. Yahoo should be investigated for treason.

Collapsing Society, 20 hours ago

Fact: Iran has not attacked any country since the year 1798. Why does the West so bent on bringing Iran down? Answer: https://youtu.be/HP7L8bw5QF4

rene, yesterday

If Eisenhower hadn't overthrew Iran's government and put our puppet, the Shah, in its place, and if Reagan hadn't shot down an Iranian civilian jet killing 250 people they'd still be our ally.

William, 23 hours ago

Now that the details are coming out, it doesn't sound like it was a terribly effective operation.

Antiestablishmentarian, 2 hours ago

The Neocons (and NeoLiberals) opened Pandora's box when they came up with the plan to destabilize the Middle East. Instead they destabilized our planet..

----------10 hours ago

This is a fictitious article. Another fake news from liberal Yahoo-Verizon. It's purpose is to falsely attack President Trump as someone who has permanently damaged relations with all of our allies. Complete lie.

Did you know the UK and Australia worked with Clapper and Brennan to spy on Trump and his campaign team? Trump is weeding out all the bad leaders of the world who supported the terrorist state called Iran and threatened his Presidency with a silent coup. Those people are not allies, they are the Obama era monsters. Yahoo-Verizon liberals want Iran to have nuclear weapons to destroy the planet. Liberals cry over plastic in the ocean, yet support the most destructive device on earth being sold to violent, homosexual murdering, muslim terrorists?

Everyman, 21 hours ago

Zionist are finally losing their propaganda war little by little. American people are fed up. In Dickenson Texas, if you need Federal relief assistance after Hurricane Harvey, you have to sign an unconditional pledge to support Israel. Will Floridians who slaves or destroyed by Hurricane Dorian be forced to do the same? Will we have to sign an unconditional oath to support Israel or be refused Federal disaster relief funds?

You're free to be a Zionist if you wish. The rest of us are free to criticize those beliefs. If you wish to push those beliefs into the public domain and include them in political discourse, they WILL be criticized harshly, rightly so.

Ruban, 18 hours ago

If Russians or Chines has done something like this then, western media would whine for months and call for new sanctions against them

copy, 23 hours ago

https://news.yahoo.com/reports-israeli-army-faked-casualties-173606194.html?.tsrc=jtc_news_index

Bob, yesterday

Can anyone read this article, and NOT understand that the Zionist faction CONTROLS America? And that this incident is just more proof of it?

Rob, yesterday

So all the fuss about "Russian hacking" was crocodile tears western propaganda.

Sheri, yesterday

And when they repay in kind, don't scream terrorism.

Brook, 13 hours ago

No one wants to mention that the coup was pulled off during the Bush administration.

Jax,15 hours ago

The Stuxnet operation transferred malware technology from Israel to Iran and Russia. This is the unintended consequence. Now Iran can update the malware and distribute it to attack targets anywhere.

Wallstreet, 6 hours ago

The success of this virus attack spurred on a gold rush for Israel. They now get extra billions per year in funding from USA to keep developing their security software activities which turned commercial and now allows spying around the world. Israel now has access to most of the world's governments secrets and is turning that access into gold.

SamS, 22 hours ago

I am truly glad that its only patriotic defense, when we use our computers and hackers to hack into things in Iran, China or NK and not espionage hacking, as when they do the same exact thing, in reverse!

bez22, yesterday

NSA designed... June 24, 2012, as Big Sleep day for the infamous malware. On that day, it stopped replicating. Its more like neutered, rather than dead," Eric Byres, CTO and vp for engineering at Tofino Security, told TechNewsWorld.

"The 6/24 date stops it from replicating, but if it has infected your uranium centrifuge, it will still be doing its destructive work in the PLCs & the drive controllers.

"Stuxnet was pretty much dead as a spreading worm a month after it was discovered," he added. "Every antivirus company worth its salt had Stuxnet detection signatures out quickly. It was a worm designed to never be found in the 1st place. Once it was uncovered, it was defenseless."

Susie, 11 hours ago

Dutch pirates continue to work at the destruction of other nations. The Dutch East India company created the skull and cross bones flag for its' vessels. That flag soon meant violent pirate ship and continues today as the same warning.

Will, 22 hours ago

Thankfully the Apartheid government of Israel with their "Samson Option" is on our side. They held back information about the impending 9/11 attacks (then celebrated afterwards and were arrested) then gave us false intelligence about Iraq having WMDs. But yes they are our closest allies and we should continue giving them billions in cash and openly allow their spies into top secret facilities.

John, yesterday

Israel has an arsenal of nuclear weapons estimated at 200 to 300 war heads. Yet Israel has refused to sign the Nuclear Non Proliferation Treaty or the Chemical Weapons Conventions. And the US says NOTHING about that.

Rudolph, 16 hours ago

If you Turn the Tables and If Iran does the same thing to Israel,why is that considered "Terrorism" ? Because they OWN the media?

opaw, 10 hours ago

we should allow every nation to develop their own nuclear programs in the spirit of competition, deterrence and mutually assured destruction. nobody has the right to say that "you can't have nuclear weapons you are not democracy." the moment that you lay your hands on nukes you already lost the moral decency. plus the more the merrier.

dan, 6 hours ago

The worlds greatest hack of all time is Israeli agents steeling US Nuclear secrets and developing a vast nuclear arsenal. Once the hack was found, Israeli influences dramatically changed to that of soft hacking of the US congress and all other political branches. The greatest 'check and mate'!

Singl, 6 hours ago

So, this secret operation took place from 2004 thru 2015 initiated by the Netherlands and Germany, with an assist from France.....under the ObAMA administration (who also went along with it) .

So Iran development was stalled ...so the agreement could be hammered out.

But it was an OBAMA admin agreement...so it HAD TO be destroyed by the Trump administration.... a crisis created ,...so that the TRUMP administration could,-- one way or another -- "resolve" , the crisis. SICK. This man Trump,...is SICK....and MUST be removed.

MatthewL, yesterday

How is this story any more than gossip with international security ramifications?

Juan, 4 hours ago

Great! We just put a target on the back of every Dutch in a Muslim nation. Sounds to me like payback for not wanting to join the current Israel/US effort against Iran.

ccc, 22 minutes ago

And when other nations attack us using cyber We claim it's a declaration of war

Anonymous, yesterday

Wondering what these other countries are doing to us and we dont know?

HC, 7 hours ago

About the last successful thing the CIA's ever done in Iran.

JASON, 6 hours ago

I remember when my parents told me to mind my own business. It seems like the U.S. and Israeli government can't mind their own business. It seems like they are the problem for world peace.

[Sep 03, 2019] Stuxnet l>aunched the era of digital warfare

So Dutch government participated is Stuxnet and MH17 false flag operation. Nice...
Notable quotes:
"... The first-of-its-kind virus, designed to sabotage Iran's nuclear program, effectively launched the era of digital warfare and was unleashed some time in 2007, after Iran began installing its first batch of centrifuges at a controversial enrichment plant near the village of Natanz. ..."
"... The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad, according to sources who spoke with Yahoo News ..."
Sep 03, 2019 | www.unz.com

anon [412] Disclaimer , says: September 3, 2019 at 9:30 am GMT

@Lot Iran is also involving into Israel-India relationship. Netanyhooo has cancelled his visit just 2 weeks before the election – Haaretz.

And now we don't hear much about terrorism on Europe soil but bit by bit we hear the terrorism committed by Dutch Norwegian Danish against Iran . Justice ? It will arrive one day . Dutch will be supposed so will be the numerous pundits . Why Dutch? Yes that question will find its answer "why Afghanistan ?" after 911.

"Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran --

For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran's nuclear program: How did the U.S. and Israel get their malware onto computer systems at the highly secured uranium-enrichment plant?

The first-of-its-kind virus, designed to sabotage Iran's nuclear program, effectively launched the era of digital warfare and was unleashed some time in 2007, after Iran began installing its first batch of centrifuges at a controversial enrichment plant near the village of Natanz.

The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad, according to sources who spoke with Yahoo News."

https://www.yahoo.com/news/revealed-how-a-secret-dutch-mole-aided-the-us-israeli-stuxnet-cyber-attack-on-iran-160026018.html

[Aug 06, 2019] How to Flash-burn an OS Image with Etcher on Ubuntu by Karim Buzdar

Images deleted...
Aug 05, 2019 | vitux.com

How to Flash/burn an OS Image with Etcher on Ubuntu Etcher, now named balenaEtcher, is a free and open-source application used for burning ISO and IMG files, and also zipped folders to USB drives and SD cards. This tool is available for Linux, Windows and macOS and that too with the same UI so that you get the same user experience everywhere. So, whenever you want to burn a flash drive or even a microSD card, you can rely on Etcher as your go-to tool. We have tried to explain a step-by-step process for installing and using Etcher so that the USB burning/flashing process becomes even simpler for you. We are taking the Ubuntu 18.04 LTS ISO file as an example, downloaded from the Internet, to describe the entire process for you.

We have run the commands and procedures mentioned in this article on a Ubuntu 18.04 LTS system.

Please follow these steps in order to easily write an ISO image to a flash/USB drive:

Step 1: Download the Etcher .zip file

The Etcher download package is available on the official Balena website at this link:

https://www.balena.io/etcher/

rd-image-122-768x502.png 768w, https://vitux.com/wp-content/uploads/2019/06/word-image-122.png 1039w" sizes="(max-width: 750px) 100vw, 750px" />

The website provides App images for both 64-bit and 32-bit flavors of Ubuntu.

You can use the lscpu command in order to check your flavor of Linux. It fetches details from the files sysfs and /proc/cpuinfo:

$ lscpu

This command will display the following output:

<img src="https://vitux.com/wp-content/uploads/2019/06/word-image-123.png" alt="lscpu result" width="734" height="488" srcset="https://vitux.com/wp-content/uploads/2019/06/word-image-123.png 734w, https://vitux.com/wp-content/uploads/2019/06/word-image-123-300x199.png 300w" sizes="(max-width: 734px) 100vw, 734px" />

The CPU op-mode(s) entry tells you about the flavor of Ubuntu you are running on your system; 32-bit means you are running a 32-bit Linux OS, 32-bit, 64-bit signifies that you are running a 64-bit OS.

Since mine is a 64-bit system, I will click on the 'Download for Linux x64' link. The following dialog will display:

Select the Save File option and then click OK. The .zip package will be saved to your Downloads folder.

Step 2: Extract AppImage from the downloaded .zip file

The Etcher package that we just downloaded is in .zip format. We now need to extract the AppImage file so that we can install and use the software.

Open your Ubuntu command line, the Terminal, either through the Ubuntu Application Launcher search or by using the Ctrl+Alt+t shortcut.

Then, use the following unzip command to extract the AppImage file to your current(home) folder from the Downloads folder:

$ unzip ~/Downloads/balena-etcher-electron-1.5.47-linux-x64.zip

Use the ls command to verify that the AppImage file is now located in your current directory.

Step 3: Run the Etcher AppImage

You can now easily run Etcher by executing its AppImage. You can do so through the following command:

$ ./balenaEtcher-1.5.47-x64.AppImage

This will open the Etcher application in the following view:

Note: Whenever you want to uninstall Etcher from your system, simply delete this AppImage. You do not need to run any other download procedures with AppImages.

Step 4: Flashing an ISO file

Click on the Select image button; this lets you browse to the ISO image you want to select for writing. I have selected Ubuntu 18.04 ISO image downloaded from the official Ubuntu website.

Now you will see the Select target button highlighted. Insert a USB drive; if a single device is connected to your system, you will see it selected as follows:

Otherwise, you will be given an option to select from the available devices. You will then see the Flash button highlighted. Click on it so that Etcher starts to write the ISO file on the USB. You will also be presented with an Authentication dialog as only an authorized user can Flash a USB.

The writing process will start and you will be able to see a progress bar as follows:

On successful completion of image writing, you will be able to see the following view:

Close the window and your process is complete!

This is how you can make use of this efficient flashing tool to write OS images on your USB and also microSD cards. The process is pretty much the same when writing images on an SD card.

How to Flash/burn an OS Image with Etcher on Ubuntu Karim Buzdar August 5, 2019 August 5, 2019 Desktop , Linux , Ubuntu

[Jul 30, 2019] Louisiana Governor Declares State Emergency After Local Ransomware Outbreak

Ransomware can be fatal for badly managed IT infrastructure, such as often is found in school, hospitals and even medium size manufacturing companies. Often there are not enough firewalled segments and there is not distinction in the access of vital data and semi-useless employees generated files.
BTW Microsoft offers some level of ransomware protection with its Microsoft Drive.
This interesting discussion which points out like like infections in nature, ransomware typically successfully attack badly managed (or completely screwed up) IT systems. But why NSA does not catch such guys almost instantly is beyond me. Payment can be traced by NSA for sure and that a death sentence for malware authors.
Notable quotes:
"... Earlier today, some residents of Johannesburg have been left without electricity after a ransomware infection. ..."
"... If something a student clicks can fuck your whole network, you have bigger problems ..."
"... It has impacted three school districts as in every school in each district, so clearly this is a high level admin security failure and not something happening at school level. At least one benefit, find what is common with those three districts and you are on the path to tracking the insider who did it ..."
"... Can confirm. Myself and my 2 best friends in high school where the admins for my junior and senior year. Dunno who got the job when we graduated. ..."
Jul 30, 2019 | it.slashdot.org

Louisiana Governor Declares State Emergency After Local Ransomware Outbreak (zdnet.com) 141 Posted by BeauHD on Thursday July 25, 2019 @10:10PM from the hit-hard dept. Louisiana Governor John Bel Edwards has activated a state-wide state of emergency in response to a wave of ransomware infections that have hit multiple school districts.

ZDNet reports:

The ransomware infections took place this week and have impacted the school districts of three North Louisiana parishes -- Sabine, Morehouse, and Ouachita. IT networks are down at all three school districts, and files have been encrypted and are inaccessible, local media outlets are reporting. By signing the Emergency Declaration, the Louisiana governor is making available state resources to impacted schools. This includes assistance from cybersecurity experts from the Louisiana National Guard, Louisiana State Police, the Office of Technology Services, the Governor's Office of Homeland Security and Emergency Preparedness (GOHSEP), and others.

State officials hope that additional IT expertise will speed up the recovery process so schools can resume their activity and preparations for the upcoming school year.

Earlier today, some residents of Johannesburg have been left without electricity after a ransomware infection.


stealth_finger ( 1809752 ) , Friday July 26, 2019 @05:36AM ( #58989714 )

Re:State of emergency? ( Score: 5 , Insightful)
Uh, once a student clicks on the wrong .exe it's too late to unplug anything.

If something a student clicks can fuck your whole network, you have bigger problems.

Ocker3 ( 1232550 ) on Thursday July 25, 2019 @11:27PM (#58988772)

Re:State of emergency? (Score:2)

Does the student also have admin rights on the server?

When you're getting attacked by serious teams who know what they're doing, sometimes smaller enterprises just don't have the resources to fight back, only shut down and restore everything from backups (which hopefully aren't also compromised).

With BYOx being So common, the amount of hostile traffic coming from authenticated users Inside your network is a huge PITA.

rtb61 ( 674572 ) on Friday July 26, 2019 @03:19AM (#58989406) Homepage

Re:State of emergency? (Score:2)

It has impacted three school districts as in every school in each district, so clearly this is a high level admin security failure and not something happening at school level. At least one benefit, find what is common with those three districts and you are on the path to tracking the insider who did it, although it is likely they did not attack every school district they could for the same reason, similarly figuring out which school districts they could have attacked and didn't will likely help point the finger.


Re:High School IT (Score:2)

by drinkypoo ( 153816 ) <martin.espinoza@gmail.com> on Friday July 26, 2019 @09:06AM (#58990296) Homepage Journal

High schools won't trust students with that kind of access, and colleges don't need to, since tuition is high enough these days to hire IT staff.

Re:High School IT (Score:1)

by plloi ( 1055946 ) on Friday July 26, 2019 @09:57AM (#58990628)


Can confirm. Myself and my 2 best friends in high school where the admins for my junior and senior year. Dunno who got the job when we graduated.

luther349 ( 645380 ) , Friday July 26, 2019 @05:39AM ( #58989722 )

Re:My password is about to expire ( Score: 3 )

all the admin machines should be vms with snapshots. that way if this happens you can quickly restore. but public schools never have a good setup and normally stock unpatched end of life windows.

Revek ( 133289 ) , Thursday July 25, 2019 @11:07PM ( #58988682 ) Homepage
They will blame everyone but the ( Score: 4 , Insightful)

Substandard employees that they hire. They will blame IT first. Ideally their IT should have proper backups that are air gaped at some part of the process. But ultimately these things happen because clueless employees allow it to happen.

Gojira Shipi-Taro ( 465802 ) , Thursday July 25, 2019 @11:11PM ( #58988698 ) Homepage
Re:They will blame everyone but the ( Score: 2 )

Heavens! Are you saying that getting the cheapest contractors they can find isn't the best financial decision they could have made? But those nice MBAs assured them that running things like a cutthroat corporation was the best way!

Revek ( 133289 ) writes:
Re:They will blame everyone but the ( Score: 2 )

Heavens no. For instance I know of a city municipality that has the wan side of their internet merged with the lan side of their network. potentially exposing their whole infrastructure. I know and I told them but they would rather trust the guy who did the wiring to know more about networking than the guy who configured their fiber circuit. I'm sure that when they get their asses hacked again they will try to cast the net wide looking for anyone other than themselves to blame. That is why I fired off

Rockoon ( 1252108 ) , Friday July 26, 2019 @12:57AM ( #58989042 )
Re:They will blame everyone but the ( Score: 2 )

But they hired the comptrollers brother! Nothing can go wrong.

gweihir ( 88907 ) , Friday July 26, 2019 @12:56AM ( #58989040 )
Re:They will blame everyone but the ( Score: 2 )

Well, the MBA morons think that one unit of "employee xyz" is of course exactly the same as another one. Hence getting the cheapest ones does make sense to them. It is a sure recipe for an eventual collapse, of course.

houghi ( 78078 ) , Friday July 26, 2019 @06:01AM ( #58989768 )
Re:They will blame everyone but the ( Score: 2 , Interesting)

You can't blame the substandard and clueless employees. You can blame the people who decided to hire substandard and clueless people. Responsability goes from top to bottom. Not the other way around.

So why did they hire substandard people? Because of money. And why did they not have more money? Because people elected those who lowered taxes or apointed them elsewhere.

So who do we blame? The shareholders, or the voters in this case.

apoc.famine ( 621563 ) writes: < apoc.famine@gmail. c o m > on Friday July 26, 2019 @12:22PM ( #58991676 ) Journal
Re:They will blame everyone but the ( Score: 1 )

Yep.

What kills me about the low-tax, free market crowd is that they don't seem to be able to link these ideas together. If you want competent teachers and other school staff, you need to pay enough that competent people want to do that job.

Starting salary around here for a teacher who has to have a bachelor's degree at minimum, with a master's preferred is mid-$50k. For someone with a BA in English, that's not bad. But how do you get someone with a MS in a STEM field for that sort of money, when they could, at minimum, be making 50% more in the private sector, and likely close to double that, depending on their field. And that's not even considering that the work environment sucks.

While only working about 190 days a year seems like a nice benefit, the flip side is that you get no vacations during the school year other than the ones scheduled for the kids. That makes things like going to a wedding or joining a family vacation pretty much impossible if it falls during the school year.

And it used to be that teachers got the summers largely off, but now a good portion of states are requiring continuing education to retain your license, which means going back to school during your "summer off". And every time the standards or state curriculum change, teachers get to re-do their lesson plans. Unpaid, during the summer.

And IT? No break for them. Summer is when you refresh all the machines, update the network, get rid of the old stuff that students broke and set up all the new stuff. Likely in a steaming hot school with no AC, or if it has AC, with the thermostat set at 80 to save money since "nobody is there during the summer".

If you want competent people to work in these conditions, you need to pay them appropriately. If you need to pay them more, you need money to do that. And that money comes from taxes, or from finding other things to cut spending on. Of course, we'd never consider violating the sanctity of the football program, so the $2m we're going to spend refreshing the turf and bleachers can't be put to better use....

ChoGGi ( 522069 ) writes: < slashdot@choggi.org > on Friday July 26, 2019 @12:05AM ( #58988926 ) Homepage
When I hear of X suffered a ransomware whatever ( Score: 4 , Interesting)

I wonder if IT gets the budget it needs (for backups), or slashed and someone fired.

I got nothing (just like Louisiana).

MobyDisk ( 75490 ) , Friday July 26, 2019 @11:37AM ( #58991306 ) Homepage
Malware finally found a way to make real money ( Score: 2 )

For years, malware was used for things like nabbing credit card numbers and selling them on the black market, or for sending spam emails. Deleting files and defacing web sites was good for the lulz, but nobody made money off that. But two concepts changed all that: Ransomware + Cryptocurrency. Now, ransoming files is safe AND profitable! Expect to see more and more of this.

Ransomware is really kinda genius when you think of it as a business model. The hacker steals the files - but does not need to store the files themselves! The files are still on the victim's own hard drives! So the hacker does not need to pay for storage, rent a server, or pay for bandwidth. It's akin to sneaking into a bank and instead of stealing the money, you just change the combination on the vank vault so they can't get in. The money is still in their own vault, just inaccessible!

Cryptocurrency has made it possible to transfer money with no physical presence, and no presence in any "legitimate" managed institution. Yes, it's still a visible transaction, but there's nobody's name and address and tax ID number assigned to the account.

It seems to me this will re-invigorate the hacking community, and everyone needs to become hyper vigilant. 5 years ago we could say "meh, nobody will hack me" and we were 99.9% right. And if they did, you just had to get a new credit card number or phone number or something. Now, the threat is losing everything.

WindBourne ( 631190 ) , Friday July 26, 2019 @12:33PM ( #58991772 ) Journal
love seeing the impact of cheap government ( Score: 2 )

rather than having effective government, we simply have government that gives our money to their friends. yeah.

SuricouRaven ( 1897204 ) , Friday July 26, 2019 @02:39AM ( #58989292 )
Re:Well... ( Score: 2 )

I work in a school. Chromebooks and iPads are certainly used a lot in education - but the bread-and-butter of school IT, in every school, is Windows. On desktops, or on laptops. It really has to be - the ICT classes need it because their course materials and exam standards expect it. Plus we like Active Directory - there's nothing so easily administered for managing large numbers of desktops on other operating systems.

Bert64 ( 520050 ) writes: < .moc.eeznerif.todhsals. .ta. .treb. > on Friday July 26, 2019 @03:07AM ( #58989366 ) Homepage
Re:Well... ( Score: 4 , Insightful)
Plus we like Active Directory - there's nothing so easily administered for managing large numbers of desktops on other operating systems.

The thing with centralised administration is that if compromised, it becomes centralised compromise and allows the ransomware (or whatever else) to infect every machine simultaneously.
Active directory is not very secure by default, and is extremely complex... Actually keeping it secure is extremely difficult and expensive, requiring significant investment, highly skilled staff and quite a lot of inconvenience for users.

Active directory is far from easy if you actually want it to be secure, if you want it to be easy then it also becomes easy to compromise and significantly increases the damage from a ransomware infection.

Anonymous Coward , Friday July 26, 2019 @07:17AM ( #58989906 )
Re: Well... ( Score: 1 )

Active Directory is easy to secure if you aren't stupid. Don't expose it directly to the internet and firewall off all non essential ports.
And Centralized data stores are easy to restore if compromised. Just use your offsite/offline/warm backup/restore plan. You test that regularly, offline, with false hw date clocks, so even if there is a timebonb strawman to worry about, you've git it covered.

gweihir ( 88907 ) , Friday July 26, 2019 @12:50AM ( #58989022 )
Re:Well... ( Score: 4 , Insightful)
-- and a Windows monoculture.

And apparently no backups and no Business Continuity Management.

IT is not cheap. It is just cheaper than doing it in the traditional ways. If you try to do it on the cheap, it can get very expensive though, and that is why you do not if you have a clue.

CaptainDork ( 3678879 ) , Friday July 26, 2019 @12:41PM ( #58991830 )
Re:Well... ( Score: 3 )

And a monoculture of under-funded IT departments.

_Sharp'r_ ( 649297 ) writes: < sharper@nOspam.booksunderreview.com > on Friday July 26, 2019 @03:14AM ( #58989390 ) Homepage Journal
Re:Well... ( Score: 3 )

What does Democratic Governor John Bel Edwards have to do with low taxes? Louisiana spends $11K/student, about the same as California, which is pretty damn high for a State with such a low cost of living in comparison.

grapesandwich ( 6086162 ) , Friday July 26, 2019 @09:46AM ( #58990556 )
Re:government employees are not high quality ( Score: 1 )

Or just block people from opening certain files and restrict them from only being able to do the basic stuff. Also this should be a heads up to people. HAVE BACKUPS! I don't understand how any enterprise can overlook this. Yeah it's expensive, but what's cheaper? Maintaining that, or being locked out of your data for a while/forever or having to pay a ransom that would've cost the same if not more?

stealth_finger ( 1809752 ) , Friday July 26, 2019 @05:33AM ( #58989706 )
Re:government employees are not high quality ( Score: 2 )
cheaper to pay the ransom

Probably cheaper to have a decent backup solution but there you go.

[Jul 30, 2019] 'No More Ransom' Decryption Tools Prevent $108M In Ransomware Payments

Jul 30, 2019 | it.slashdot.org

An anonymous reader quotes ZDNet: On the three-year anniversary of the No More Ransom project, Europol announced today that users who downloaded and decrypted files using free tools made available through the No More Ransom portal have prevented ransomware gangs from making profits estimated at at least $108 million ... However, an Emsisoft spokesperson told ZDNet that the $108 million estimate that Europol shared today is "actually a huge underestimate. They're based on the number of successful decryptions confirmed by telemetry -- in other words, when the tools phone home to confirm they've done their job," Emsisoft told ZDNet... Just the free decryption tools for the GandCrab ransomware alone offered on the No More Ransom website have prevented ransom payments of nearly $50 million alone, Europol said.

The project, which launched in July 2016, now hosts 82 tools that can be used to decrypt 109 different types of ransomware. Most of these have been created and shared by antivirus makers like Emsisoft, Avast, and Bitdefender, and others; national police agencies; CERTs; or online communities like Bleeping Computer. By far the most proficient member has been antivirus maker Emsisoft, which released 32 decryption tools for 32 different ransomware strains... All in all, Europol said that more than three million users visited the site and more than 200,000 users downloaded tools from the No More Ransom portal since its launch.
One Emisoft researcher said they were "pretty proud" of their decryptor for MegaLocker, "as not only did it help thousands of victims, but it really riled up the malware author."

[Jul 09, 2019] So what does a cybersecurity company that is hemorrhaging money and can't protect it's clients do? It does an IPO

Notable quotes:
"... So in the past three years Crowdstrike: ..."
"... a) detected the DNC server hack, but failed to stop it b) falsely accused the Russians of hacking Ukrainian artillery c) failed to prevent the NRCC from being hacked, even though that was why they were hired ..."
"... In other words, Crowdstrike is really bad at their job. In addition, Crowdstrike is really bad at business too. CrowdStrike recorded a net loss last year of $140 million on revenue of $249.8 million, and negative free cash flow of roughly $59 million. ..."
Jul 09, 2019 | caucus99percent.com

So in the past three years Crowdstrike:

a) detected the DNC server hack, but failed to stop it
b) falsely accused the Russians of hacking Ukrainian artillery
c) failed to prevent the NRCC from being hacked, even though that was why they were hired

In other words, Crowdstrike is really bad at their job. In addition, Crowdstrike is really bad at business too. CrowdStrike recorded a net loss last year of $140 million on revenue of $249.8 million, and negative free cash flow of roughly $59 million.

So what does a cybersecurity company that is hemorrhaging money and can't protect it's clients do? It does an IPO .

It just goes to show that "getting it right" is not the same thing as "doing a good job." If you tell the right people what they want to hear, the money will take care of itself.

[Jul 09, 2019] Crowdstrike mode of operation:

Jul 09, 2019 | caucus99percent.com

Whoops, you got hacked? Gee, nothing we could have done. More money please!

I think this is most of the IT biz right here

It just goes to show that "getting it right" is not the same thing as "doing a good job."

If you tell the right people what they want to hear, the money will take care of itself.

It's all about making the people at the top feel smart for having hired you and assuring them they don't need to waste their beautiful minds trying to understand what it is you do.

Whoops, you got hacked? Gee, nothing we could have done. More money please!

[Jun 25, 2019] Stuxnet itself was only possible because the manufacturer provided the CIA with a backdoor to the operating system

Jun 25, 2019 | www.moonofalabama.org

William Gruff , Jun 23, 2019 3:41:19 PM | 78

the pessimist @68

Iran purged Microsoft Windows OS from military uses years ago, so Stuxnet style attacks are no longer possible. Stuxnet itself was only possible because the manufacturer provided the CIA with a backdoor to the operating system. Prior to 2010 Iran was in the top 10 countries from which patches to the Linux kernel came from, but that has dropped to 0% since then. Though I do not know this for a fact, this suggests that Iran forked Linux in 2010 and has been encouraging domestic development of that operating system.

What does this have to do with claims that the US launched a cyber attack on Iran? It means that any American cyber attack on Iran almost certainly failed 100%.

America's misnamed "intelligence" agencies are spoiled by having easy access to targets' communications through built-in back doors and vulnerabilities that American industry build into their products. Despite appearances, US "intelligence" agencies are not very good at real hacking. In fact, they suck badly at it. If Microsoft, Cisco, Google or Apple don't provide them access to the products that they sell, then the CIA is sh!t out of luck (which is why they hate Huawei, by the way). Since Iran no longer uses Microsoft Windows in any critical functions, and instead uses a version of Linux that has diverged from the ones that the West uses for almost a decade, the chances that the CIA or Pentagram's Visual Basic script kiddies could hack them effectively drops to 0%.

--Baconator

[May 27, 2019] The infamous Stuxnet cyberweapon did not destroy more than a fifth of Iran's nuclear centrifuges, but that does not mean it was not a real success for Israel/America's campaign

May 27, 2019 | www.unz.com

Mitleser , says: January 27, 2019 at 3:05 am GMT

@WHAT The point is not to stop them entirely, but to delay and disrupt their ambitious programs.

The infamous Stuxnet cyberweapon did not destroy more than a fifth of Iran's nuclear centrifuges, but that does not mean it was not a real success for Israel/America's campaign against the Iranian nuclear program.

[Apr 29, 2019] When the disaster hit, you need to resolve things quickly and efficiently, with panic being the worst enemy. Amount of training and previous experience become crucial factors in such situations

It is rarely just one thing that causes an “accident”. There are multiple contributors here.
Notable quotes:
"... Panic in my experience stems from a number of things here, but two crucial ones are: ..."
"... not knowing what to do, or learned actions not having any effect ..."
Apr 29, 2019 | www.nakedcapitalism.com

vlade , April 29, 2019 at 11:04 am

...I suspect that for both of those, when they hit, you need to resolve things quickly and efficiently, with panic being the worst enemy.

Panic in my experience stems from a number of things here, but two crucial ones are:
input overload
not knowing what to do, or learned actions not having any effect

Both of them can be, to a very large extent, overcome with training, training, and more training (of actually practising the emergency situation, not just reading about it and filling questionairres).

... ... ...

[Jan 02, 2019] The second iteration of "Hack the Air Force" in December paid out $103,883 in bounties to freelance hackers for 106 vulnerabilities found over a 20-day period. The highest bounty was $12,500, the largest paid by the U.S. government to date.

Jan 02, 2019 | www.moonofalabama.org

Don Bacon , Feb 21, 2018 10:29:06 PM | link

The US Air Force has out-sourced cybersecurity.
The U.S. military's love affair with bug bounty programs continues.

The second iteration of "Hack the Air Force" in December paid out $103,883 in bounties to freelance hackers for 106 vulnerabilities found over a 20-day period. The highest bounty was $12,500, the largest paid by the U.S. government to date.

The Air Force's first bug bounty program launched in April 2017 following similar efforts like Hack the Pentagon and Hack the Army in 2016. In total, more than 3,000 vulnerabilities have been found in federal government systems since the programs began.

The bug bounty platform HackerOne, a private company, continues to handle the military's bug bounty initiatives. Air Force CISO Peter Kim, who helped kick off and cheerlead the service's first round last year, also played a leading role this time. . . here

[Dec 29, 2018] -Election Meddling- Enters Bizarro World As MSM Ignores Democrat-Linked -Russian Bot- Scheme -

Highly recommended!
Is this shadow of Integrity Initiative in the USA ? This false flag open the possibility that other similar events like DNC (with very questionable investigation by Crowdstrike, which was a perfect venue to implement a false flag; cybersecurity area is the perfect environment for planting false flags), MH17 (might be an incident but later it definitely was played as a false flag), Skripals (Was Skripals poisoning a false flag decided to hide the fact that Sergey Skripal was involved in writing Steele dossier?) and Litvinenko (probably connected with lack of safety measures in the process of smuggling of Plutonium by Litvinenko himself, but later played a a false flag). All of those now should be re-assessed from the their potential of being yet another flag flag operation against Russia. While Browder was a MI6 operation from the very beginning (and that explains why he abdicated the US citizenship more convincingly that the desire to avoid taxes) .
Notable quotes:
"... Democratic operative Jonathon Morgan - bankrolled by LinkedIn founder Reid Hoffman, pulled a Russian bot "false flag" operation against GOP candidate Roy Moore in the Alabama special election last year - creating thousands of fake social media accounts designed to influence voters . Hoffman has since apologized, while Morgan was suspended by Facebook for "coordinated inauthentic" behavior. ..."
"... Really the bigger story is here is that these guys convincingly pretended to be Russian Bots in order to influence an election (not with the message being put forth by the bots, but by their sheer existence as apparent supporters of the Moore campaign). ..."
"... By all appearances, they were Russian bots trying to influence the election. Now we know it was DNC operatives. Yet we are supposed to believe without any proof that the "Russian bots" that supposedly influenced the 2016 Presidential election were, actually, Russian bots, and worthy of a two year long probe about "Russian collusion" and "Russian meddling." ..."
"... The whole thing is probably a farce, not only in the sense that there is no evidence that Russia had any influence at all on a single voter, but also in the sense that there is no evidence that Russia even tried (just claims and allegations by people who have a vested interest in convincing us its true). ..."
Dec 29, 2018 | www.zerohedge.com

For over two years now, the concepts of "Russian collusion" and "Russian election meddling" have been shoved down our throats by the mainstream media (MSM) under the guise of legitimate concern that the Kremlin may have installed a puppet president in Donald Trump.

Having no evidence of collusion aside from a largely unverified opposition-research dossier fabricated by a former British spy, the focus shifted from "collusion" to "meddling" and "influence." In other words, maybe Trump didn't actually collude with Putin, but the Kremlin used Russian tricks to influence the election in Trump's favor. To some, this looked like nothing more than an establishment scheme to cast a permanent spectre of doubt over the legitimacy of President Donald J. Trump.

Election meddling "Russian bots" and "troll farms" became the central focus - as claims were levied of social media operations conducted by Kremlin-linked organizations which sought to influence and divide certain segments of America.

And while scant evidence of a Russian influence operation exists outside of a handful of indictments connected to a St. Petersburg "Troll farm" (which a liberal journalist cast serious doubt ov er), the MSM - with all of their proselytizing over the "threat to democracy" that election meddling poses, has largely decided to ignore actual evidence of "Russian bots" created by Democrat IT experts, used against a GOP candidate in the Alabama special election, and amplified through the Russian bot-detecting "Hamilton 68" dashboard developed by the same IT experts.

Jonathon Morgan ✔ @jonathonmorgan

Russian trolls tracked by # Hamilton68 are taking an interest in the AL Senate race. What a surprise.

298 4:02 PM - Nov 10, 2017

Democratic operative Jonathon Morgan - bankrolled by LinkedIn founder Reid Hoffman, pulled a Russian bot "false flag" operation against GOP candidate Roy Moore in the Alabama special election last year - creating thousands of fake social media accounts designed to influence voters . Hoffman has since apologized, while Morgan was suspended by Facebook for "coordinated inauthentic" behavior.

As Russian state-owned RT puts it - and who could blame them for being a bit pissed over the whole thing, "it turns out there really was meddling in American democracy by "Russian bots." Except they weren't run from Moscow or St. Petersburg, but from the offices of Democrat operatives chiefly responsible for creating and amplifying the "Russiagate" hysteria over the past two years in a textbook case of psychological projection. "

A week before Christmas, the Senate Intelligence Committee released a report accusing Russia of depressing Democrat voter turnout by targeting African-Americans on social media. Its authors, New Knowledge, quickly became a household name.

Described by the New York Times as a group of "tech specialists who lean Democratic," New Knowledge has ties to both the US military and intelligence agencies. Its CEO and co-founder Jonathon Morgan previously worked for DARPA, the US military's advanced research agenc y. His partner, Ryan Fox, is a 15-year veteran of the National Security Agency who also worked as a computer analyst for the Joint Special Operations Command (JSOC). Their unique skill sets have managed to attract the eye of investors, who pumped $11 million into the company in 2018 alone.

...

On December 19, a New York Times story revealed that Morgan and his crew had created a fake army of Russian bots, as well as fake Facebook groups, in order to discredit Republican candidate Roy Moore in Alabama's 2017 special election for the US Senate.

Working on behalf of the Democrats, Morgan and his crew created an estimated 1,000 fake Twitter accounts with Russian names, and had them follow Moore. They also operated several Facebook pages where they posed as Alabama conservatives who wanted like-minded voters to support a write-in candidate instead.

In an internal memo, New Knowledge boasted that it had "orchestrated an elaborate 'false flag' operation that planted the idea that the Moore campaign was amplified on social media by a Russian botnet."

It worked. The botnet claim made a splash on social media and was further amplified by Mother Jones, which based its story on expert opinion from Morgan's other dubious creation, Hamilton 68. - RT

Moore ended up losing the Alabama special election by a slim margin of just

In other words: In November 2017 – when Moore and his Democratic opponent were in a bitter fight to win over voters – Morgan openly promoted the theory that Russian bots were supporting Moore's campaign . A year later – after being caught red-handed orchestrating a self-described "false flag" operation – Morgan now says that his team never thought that the bots were Russian and have no idea what their purpose was . Did he think no one would notice? - RT

Dan Cohen ✔ @dancohen3000 Replying to @dancohen3000

Disinformation warrior @ jonathonmorgan attempts to control damage by lying. He now claims the "false flag operation" never took place and the botnet he promoted as Russian-linked (based on phony Hamilton68 Russian troll tracker he developed) wasn't Russian https://www. newknowledge.com/blog/about-ala bama

89 2:23 AM - Dec 29, 2018

Even more strange is that Scott Shane - the journalist who wrote the New York Times piece exposing the Alabama "Russian bot" scheme, knew about it for months after speaking at an event where the organizers bragged about the false flag on Moore .

Shane was one of the speakers at a meeting in September, organized by American Engagement Technologies, a group run by Mikey Dickerson, President Barack Obama's former tech czar. Dickerson explained how AET spent $100,000 on New Knowledge's campaign to suppress Republican votes, " enrage" Democrats to boost turnout, and execute a "false flag" to hrt Moore. He dubbed it "Project Birmingham." - RT

Dan Cohen ✔ @dancohen3000 · Dec 28, 2018 Replying to @dancohen3000

This gets even weirder: NYT reporter @ ScottShaneNYT , who broke the Alabama disinfo op story, learned of it in early September when he spoke at an off-the-record event organized by one of the firms that perpetrated the deception https://www. buzzfeednews.com/article/craigs ilverman/alabama-dirty-tricksters-invited-a-new-york-times-reporter

NY Times Reporter Briefed Alabama Special Election Dirty Tricksters

New York Times reporter Scott Shane spoke at an event organized by the group who ran a disinformation op aimed at helping defeat Roy Moore in Alabama.

A lightly-redacted copy of the internal @ NewKnowledgeAI report has been leaked and claims at least partial credit for Doug Jones' victory. Details follow https:// medium.com/@jeffgiesea/br eaking-heres-the-after-action-report-from-the-alabama-senate-disinformation

10 12:09 PM - Dec 28, 2018 Twitter Ads info and privacy

Shane told BuzzFeed that he was "shocked" by the revelations, though hid behind a nondisclosure agreement at the request of American Engagement Technologies (AET). He instead chose to spin the New Knowledge "false flag" operation on Moore as "limited Russian tactics" which were part of an "experiment" that had a budget of "only" $100,000 - and which had no effect on the election.

New Knowledge suggested that the false flag operation was simply a "research project," which Morgan suggested was designed "to better understand and report on the tactics and effects of social media disinformation."

View image on Twitter
Jonathon Morgan ✔ @jonathonmorgan

My statement on this evening's NYT article.

94 9:17 PM - Dec 19, 2018
465 people are talking about this Twitter Ads info and privacy

While the New York Times seemed satisfied with his explanation, others pointed out that Morgan had used the Hamilton 68 dashboard to give his "false flag" more credibility – misleading the public about a "Russian" influence campaign that he knew was fake.

New Knowledge's protestations apparently didn't convince Facebook, which announced last week that five accounts linked to New Knowledge – including Morgan's – had been suspended for engaging in "coordinated inauthentic behavior." - RT

They knew exactly what they were doing

While Morgan and New Knowledge sought to frame the "Project Birmingham" as a simple research project, a leaked copy of the operation's after-action report reveals that they knew exactly what they were doing .

"We targeted 650,000 like AL voters, with a combination of persona accounts, astroturfing, automated social media amplification and targeted advertising," reads the report published by entrepreneur and executive coach Jeff Giesea.

Jeff Giesea ✔ @jeffgiesea

BREAKING: Here's the after-action report from the AL Senate disinfo campaign.

**an exclusive release by @ JeffGiesea https:// medium.com/@jeffgiesea/br eaking-heres-the-after-action-report-from-the-alabama-senate-disinformation-campaign-e3edd854f17d

1,658 8:49 PM - Dec 27, 2018 Twitter Ads info and privacy BREAKING: Here's The After-Action Report From the Alabama Senate Disinformation Campaign

EXCLUSIVE RELEASE FROM JEFF GIESEA

medium.com
1,381 people are talking about this Twitter Ads info and privacy

The rhetorical question remains, why did the MSM drop this election meddling story like a hot rock after the initial headlines faded away?

criminal election meddling, but then who the **** is going to click on some morons tactic and switch votes?

anyone basing any funding, whether it is number of facebook hits or attempted mind games by egotistical cuck soyboys needs a serious psychological examination. fake news is fake BECAUSE IT ISNT REAL AND DOES NOT MATTER TO ANYONE but those living in the excited misery of their tiny bubble world safe spaces. SOCIAL MEDIA IS A CON AND IS NOT IMPORTANT OR RELEVANT TO ANYONE.

far more serious is destroying ballots, writing in ballots without consent, bussing voters around to vote multiple times in different districts, registering dead voters and imperosnating the corpses, withholding votes until deadlines pass - making them invalid.


Herdee , 10 minutes ago

NATO on behalf of the Washington politicians uses the same bullsh*t propaganda for continual war.

Mugabe , 20 minutes ago

Yup "PROJECTION"...

Yippie21 , 21 minutes ago

None of this even touches on the 501c3 or whatever that was set up , concerned Alabama voters or somesuch, and was funneled a **** load of money to be found to be in violation of the law AFTER the election and then it all just disappeared. Nothing to see here folks, Democrat won, let's move on. There was a LOT of " tests " for the smart-set in that election and it all worked. We saw a bunch of it used in 2018, especially in Texas with Beto and down-ballot races. Democrats cleaned up like crazy in Texas, especially in Houston.

2020 is going to be a hot mess. And the press is in on it, and even if illegal or unseemly things are done, as long as Democrats win, all good... let's move on. Crazy.

LetThemEatRand , 21 minutes ago

The fact that MSM is not covering this story -- which is so big it truly raises major questions about the entire Russiagate conspiracy including why Mueller was appointed in the first place -- is proof that they have no interest in journalism or the truth and that they are 100% agenda driven liars. Not that we needed more proof, but there it is anyway.

Oldguy05 , 19 minutes ago

Dimz corruption is a nogo. Now if it were conservatives.......

CosineCosineCosine , 23 minutes ago

I'm not a huge fan, but Jimmy Dore has a cathartic and entertaining 30 minutes on this farce. Well worth the watch:

h https://youtu.be/hqLIJznUNVw

LetThemEatRand , 27 minutes ago

Really the bigger story is here is that these guys convincingly pretended to be Russian Bots in order to influence an election (not with the message being put forth by the bots, but by their sheer existence as apparent supporters of the Moore campaign).

By all appearances, they were Russian bots trying to influence the election. Now we know it was DNC operatives. Yet we are supposed to believe without any proof that the "Russian bots" that supposedly influenced the 2016 Presidential election were, actually, Russian bots, and worthy of a two year long probe about "Russian collusion" and "Russian meddling."

The whole thing is probably a farce, not only in the sense that there is no evidence that Russia had any influence at all on a single voter, but also in the sense that there is no evidence that Russia even tried (just claims and allegations by people who have a vested interest in convincing us its true).

dead hobo , 30 minutes ago

I've been watching Scandal on Netflix. Still only in season 2. Amazing how nothing changes.They nailed it and memorialized it. The MSM are useful idiots who are happy to make money publicizing what will sell the best.

chunga , 30 minutes ago

The media is biased and sucks, yup.

The reason the reds lost the house is because they went along with this nonsense and did nothing about it, like frightened baby chipmunks.

JRobby , 33 minutes ago

Only when "the opposition" does it is it illegal. Total totalitarian state wannabe stuff.

divingengineer , 22 minutes ago

Amazing how people can contort reality to justify their own righteous cause, but decry their opposition for the EXACT same thing. See trump visit to troops signing hats as most recent proof. If DJT takes a piss and sprinkles the seat, it's a crime.

DarkPurpleHaze , 33 minutes ago

They're afraid to expose themselves...unlike Kevin Spacey. Trump or Whitaker will expose this with one signature. It's coming.

divingengineer , 20 minutes ago

Spacey has totally lost it. See his latest video, it will be a powerful piece of evidence for an insanity plea.

CosineCosineCosine , 10 minutes ago

Disagree strongly. I think it was excellent - perhaps you misunderstood the point? 6 minutes Diana Davidson look at it clarifies

https://youtu.be/_il_NBq0Ec8

[Dec 16, 2018] Windows 10 Sends Your Activity History to Microsoft, Even if You Tell It Not To by Chris Hoffman

Notable quotes:
"... This problem was recently discussed on Reddit, and it's pretty easy to confirm. Head to Settings > Privacy > Activity History and disable "Send my activity history to Microsoft." It was already disabled on our PC, so it made this easy to test. ..."
"... Update: Microsoft has confirmed this, telling us you'll need to set this option to "Basic" to stop Windows from sending your app usage history to Microsoft. ..."
Dec 10, 2018 | www.howtogeek.com

Chris Hoffman @chrisbhoffman
December 10, 2018, 1:15pm EDT

Windows 10 collects an "Activity History" of applications you launch on your PC and sends it to Microsoft. Even if you disable or clear this, Microsoft's Privacy Dashboard still shows an "Activity History" of applications you've launched on your PCs.

Update: Microsoft's Marisa Rogers reached out to us with the following statement:

"Microsoft is committed to customer privacy, being transparent about the data we collect and use for your benefit, and we give you controls to manage your data. In this case, the same term "Activity History" is used in both Windows 10 and the Microsoft Privacy Dashboard. Windows 10 Activity History data is only a subset of the data displayed in the Microsoft Privacy Dashboard. We are working to address this naming issue in a future update."

In addition to simply disabling the "Send my activity history to Microsoft" option, Microsoft told us you must set your diagnostic data level to "Basic." This will prevent Windows 10 from sending app usage history to Microsoft.

This problem was recently discussed on Reddit, and it's pretty easy to confirm. Head to Settings > Privacy > Activity History and disable "Send my activity history to Microsoft." It was already disabled on our PC, so it made this easy to test.

For bonus points, you can also click the "Clear" button under Clear Activity History. This should, theoretically, clear all that data from Microsoft's servers. But, apparently, it doesn't.

You'll see a list of applications you've launched on your connected PCs, even if you've disabled or cleared your Activity History on those PCs.

This is pretty strange and confusing, but we think there's a simple explanation: Microsoft also collects a history of applications you launch through Windows 10's diagnostics. We think the "Activity History" page in the Privacy Dashboard has an incorrect name. It's not part of the Windows 10 "Activity History" feature, which is associated with the Timeline.

Windows 10's default diagnostic setting, "Full," says it sends "info about websites you browse and how you use apps and features," so this data may just be sent to Microsoft through Windows 10's normal telemetry. You can find these options at Settings > Privacy > Diagnostics & Feedback.

Update: Microsoft has confirmed this, telling us you'll need to set this option to "Basic" to stop Windows from sending your app usage history to Microsoft.

This whole confusing mess highlights how Microsoft has failed to explain exactly what data Windows 10 collects and how you can control it.

The Privacy Dashboard was designed to make this more transparent, but even the dashboard is confusing and uses incorrect names that don't match the associated features in Windows 10. Microsoft still has a lot of work to do here.

[Dec 11, 2018] Software "upgrades" require workers to constantly relearn the same task because some young "genius" observed that a carefully thought out interface "looked tired" and glitzed it up.

Dec 11, 2018 | www.ianwelsh.net

S Brennan permalink April 24, 2016

My grandfather, in the early 60's could board a 707 in New York and arrive in LA in far less time than I can today. And no, I am not counting 4 hour layovers with the long waits to be "screened", the jets were 50-70 knots faster, back then your time was worth more, today less.

Not counting longer hours AT WORK, we spend far more time commuting making for much longer work days, back then your time was worth more, today less!

Software "upgrades" require workers to constantly relearn the same task because some young "genius" observed that a carefully thought out interface "looked tired" and glitzed it up. Think about the almost perfect Google Maps driver interface being redesigned by people who take private buses to work. Way back in the '90's your time was worth more than today!

Life is all the "time" YOU will ever have and if we let the elite do so, they will suck every bit of it out of you.

[Nov 07, 2018] Stuxnet 2.0? Iran claims Israel launched new cyber attacks

Nov 07, 2018 | arstechnica.com

President Rouhani's phone "bugged," attacks against network infrastructure claimed.

Sean Gallagher - 11/5/2018, 5:10 PM

reader comments

Last week, Iran's chief of civil defense claimed that the Iranian government had fought off Israeli attempts to infect computer systems with what he described as a new version of Stuxnet -- the malware reportedly developed jointly by the US and Israel that targeted Iran's uranium-enrichment program. Gholamreza Jalali, chief of the National Passive Defense Organization (NPDO), told Iran's IRNA news service, "Recently, we discovered a new generation of Stuxnet which consisted of several parts... and was trying to enter our systems."

On November 5, Iran Telecommunications Minister Mohammad-Javad Azari Jahromi accused Israel of being behind the attack, and he said that the malware was intended to "harm the country's communication infrastructures." Jahromi praised "technical teams" for shutting down the attack, saying that the attackers "returned empty-handed." A report from Iran's Tasnim news agency quoted Deputy Telecommunications Minister Hamid Fattahi as stating that more details of the cyber attacks would be made public soon.

Jahromi said that Iran would sue Israel over the attack through the International Court of Justice. The Iranian government has also said it would sue the US in the ICJ over the reinstatement of sanctions. Israel has remained silent regarding the accusations .

The claims come a week after the NPDO's Jalali announced that President Hassan Rouhani's cell phone had been "tapped" and was being replaced with a new, more secure device. This led to a statement by Iranian Supreme Leader Ayatollah Ali Khamenei, exhorting Iran's security apparatus to "confront infiltration through scientific, accurate, and up-to-date action."

While Iran protests the alleged attacks -- about which the Israeli government has been silent -- Iranian hackers have continued to conduct their own cyber attacks. A recent report from security tools company Carbon Black based on data from the company's incident-response partners found that Iran had been a significant source of attacks in the third quarter of this year, with one incident-response professional noting, "We've seen a lot of destructive actions from Iran and North Korea lately, where they've effectively wiped machines they suspect of being forensically analyzed."


SymmetricChaos </> , 2018-11-05T17:16:46-05:00 I feel like governments still think of cyber warfare as something that doesn't really count and are willing to be dangerously provocative in their use of it. ihatewinter , 2018-11-05T17:27:06-05:00 Another day in international politics. Beats lobbing bombs at each other. +13 ( +16 / -3 ) fahrenheit_ak </> , 2018-11-05T17:46:44-05:00

corey_1967 wrote:
The twin pillars of Iran's foreign policy - America is evil and Wipe Israel off the map - do not appear to be serving the country very well.

They serve Iran very well, America is an easy target to gather support against, and Israel is more than willing to play the bad guy (for a bunch of reasons including Israels' policy of nuclear hegemony in the region and historical antagonism against Arab states).
revision0 , 2018-11-05T17:48:22-05:00 Israeli hackers?

Go on!

Quote:

Israeli hackers offered Cambridge Analytica, the data collection firm that worked on U.S. President Donald Trump's election campaign, material on two politicians who are heads of state, the Guardian reported Wednesday, citing witnesses.

https://www.haaretz.com/israel-news/isr ... -1.5933977

Quote:

For $20M, These Israeli Hackers Will Spy On Any Phone On The Planet

https://www.forbes.com/sites/thomasbrew ... -ulin-ss7/

Quote:

While Israelis are not necessarily number one in technical skills -- that award goes to Russian hackers -- Israelis are probably the best at thinking on their feet and adjusting to changing situations on the fly, a trait essential for success in a wide range of areas, including cyber-security, said Forzieri. "In modern attacks, the human factor -- for example, getting someone to click on a link that will install malware -- constitutes as much as 85% of a successful attack," he said.

http://www.timesofisrael.com/israeli-ha ... ty-expert/

+5 ( +9 / -4 )
ihatewinter </> , 2018-11-05T17:52:15-05:00
dramamoose wrote:
thorpe wrote:
The pro-Israel trolls out in front of this comment section...

You don't have to be pro-Israel to be anti-Iran. Far from it. I think many of Israel's actions in Palestine are reprehensible, but I also know to (rightly) fear an Islamic dictatorship who is actively funding terrorism groups and is likely a few years away from having a working nuclear bomb, should they resume research (which the US actions seem likely to cause).

The US created the Islamic Republic of Iran by holding a cruel dictator in power rather than risking a slide into communism. We should be engaging diplomatically, rather than trying sanctions which clearly don't work. But I don't think that the original Stuxnet was a bad idea, nor do I think that intense surveillance of what could be a potentially very dangerous country is a bad one either.

If the Israelis (slash US) did in fact target civilian infrastructure, that's a problem. Unless, of course, they were bugging them for espionage purposes.

Agree. While Israel is not about to win Humanitarian Nation of the year Award any time soon, I don't see it going to Iran in a close vote tally either.

[Nov 06, 2018] Flaws in Self-Encrypting SSDs Let Attackers Bypass Disk Encryption

Nov 06, 2018 | it.slashdot.org

(zdnet.com) 62 Researchers have found flaws that can be exploited to bypass hardware encryption in well known and popular SSD drives. Master passwords and faulty standards implementations allow attackers access to encrypted data without needing to know the user-chosen password.

SSDs from Micron (Crucial) and Samsung are affected. These are SSDs that support hardware-level encryption via a local built-in chip, separate from the main CPU. Some of these devices have a factory-set master password that bypasses the user-set password, while other SSDs store the encryption key on the hard drive, from where it can be retrieved. The issue is worse on Windows, where BitLocker defers software-level encryption to hardware encryption-capable SSDs, meaning user data is vulnerable to attacks without the user's knowledge. More in the research paper .

[Nov 02, 2018] US Government Employee's Addiction to Russian Porn Gives USGS Network a Virus

Notable quotes:
"... The DOI conducts IT security training once a year, during which employees sign a statement saying they understand those rules. The employee attended those annual training events and the OIG "confirmed he agreed to the Rules of Behavior for several years prior." ..."
"... The OIG recommended that USGS step up its monitoring of employee web usage, block pornographic websites and prevent unauthorized USB devices from being used on all employee computers. It gave USGS 90 days to indicate whether it plans on implementing those recommendations. ..."
Nov 02, 2018 | sputniknews.com

A US government employee with an apparent addiction to Russian pornography is causing a headache at the US Geological Survey (USGS) after infecting their network with malware. The USGS's Office of Inspector General (OIG) released a report October 17 detailing the compromise. The employee was apparently visiting pornography sites on his government-issued laptop, which is how the malware was contracted and spread through the network.

The employee, whose name is redacted from the report, visited thousands of pornographic websites. "Many of the 9,000 web pages [redacted] visited routed through websites that originated in Russia and contained malware," the report says.

"Most of the larger porn sites are not actively trying to install malware on your device, because that would interrupt their business model of getting you to come back to the site, click and view ads, and subscribe to their premium content," web developer and technologist Chris Garaffa told Sputnik News Tuesday. "However, third-party ad networks that do not properly screen the ads they run can be exploited to serve malware along with the ad. This applies not just to porn sites but to any site with advertisements on it."

"I recommend people use a safer browser like Mozilla Firefox or Brave, along with an ad-blocker add-on like uBlock Origin to help mitigate the risks -- regardless of what content they're viewing," Garaffa added.

According to the government's analysis, a number of pornographic images were saved on an unauthorized USB device and the employee's personal Android phone, which also got infected with the malware.

USGS is under the Department of Interior (DOI), which prohibits employees from viewing or distributing pornography on government computers. Employees are also banned from connecting their personal devices to government computers or networks, another rule that was violated by the employee.

The DOI conducts IT security training once a year, during which employees sign a statement saying they understand those rules. The employee attended those annual training events and the OIG "confirmed he agreed to the Rules of Behavior for several years prior."

The OIG recommended that USGS step up its monitoring of employee web usage, block pornographic websites and prevent unauthorized USB devices from being used on all employee computers. It gave USGS 90 days to indicate whether it plans on implementing those recommendations.

According to NextGov, a number of US government agencies have had similar scandals in recent history, including the Environmental Protection Agency, the Securities and Exchange Commission, the Internal Revenue Service and about a dozen others .

Representative Mark Meadows (R-NC) has on three occasions introduced legislation banning the viewing of pornography on federal government computers, NextGov notes. It isn't clear why the bills have failed to come to fruition.

"If your employer owns your phone, computer or even just the network you're connecting to, they have the legal right to monitor, log and save records of what you're typing, what websites you're visiting, the content of the emails you send -- even on your personal accounts -- and the right to look at your screen," Garaffa said.

"Employees should effectively keep in mind that they currently have no legal right to privacy when using a company-owned device or network," he added.

[Nov 02, 2018] Stuxnet 2.0 'New Generation' of Likely US-Israeli Attack Virus Hits Iran - Sputnik International

Notable quotes:
"... Iranian Students News Agency (ISNA) then reported on Monday that Rouhani's cell phone had recently been discovered to be bugged, citing Jalali as saying that Rouhani's phone would be replaced with a more secure device. Again, Jalali made no indication as to who was believed to be behind the wire tap ..."
"... Earlier this year, Israel claimed it had accomplished a vast cyber-heist, stealing an archive that Israel claimed documented Tehran's continuing nuclear weapons program. Israeli Prime Minister Benjamin Netanyahu presented those claims to the UN in September. ..."
"... "What Iran hides, Israel will find," Netanyahu declared in his UN speech at the time. ..."
"... What kind of sick people put viruses in nuclear power stations? ..."
"... Who else could it be but one of the dirty 4, US, UK, France or Israel ..."
Nov 02, 2018 | sputniknews.com

The head of Iran's civil defense agency announced on Sunday that a new version of the Stuxnet virus, believed to be a US-Israeli creation, had been found by Iranian authorities. The announcement came amid news that President Hassan Rouhani's phone had been bugged and a call for increased defenses to "confront infiltration." "Recently we discovered a new generation of Stuxnet which consisted of several parts and was trying to enter our systems," announced Brigadier General Gholamreza Jalali, head of Iranian civil defense, Reuters reported. He gave no further details, such as whom the Iranian government believes to be behind the attack or how much damage it had caused.

The original Stuxnet virus targeted nuclear centrifuges at Iran's Natanz Uranium Enrichment Facility in June 2009, when it caused about 20 percent of the facility's centrifuges to spin out of control until they broke. It's widely believed to have been a joint creation by the US and Israel.

The Times of Israel noted that Israeli officials have refused to discuss what role, if any, they played in either Stuxnet operation.

That same day, Iranian Supreme Leader Ayatollah Ali Khamenei said Sunday, "In the face of the enemy's complex practices, our civil defense should confront infiltration through scientific, accurate and up-to-date action."

Iranian Students News Agency (ISNA) then reported on Monday that Rouhani's cell phone had recently been discovered to be bugged, citing Jalali as saying that Rouhani's phone would be replaced with a more secure device. Again, Jalali made no indication as to who was believed to be behind the wire tap .

Still, Israel seems to be name on everyone's lips. The news is only one episode in a rapid succession of moves between Israel and Iran, with Israel's Mossad intelligence agency saying on Wednesday it had thwarted an Iranian murder plot in Denmark against three members of the Arab Struggle Movement for the Liberation of Ahvaz, an organization connected to those who carried out a terrorist attack during a military parade in the Iranian city of Ahvaz on September 22, killing 25 people.

Earlier this year, Israel claimed it had accomplished a vast cyber-heist, stealing an archive that Israel claimed documented Tehran's continuing nuclear weapons program. Israeli Prime Minister Benjamin Netanyahu presented those claims to the UN in September.

"What Iran hides, Israel will find," Netanyahu declared in his UN speech at the time.

Lex W. Porter
What kind of sick people put viruses in nuclear power stations? The same kind that shoot kids with sniper rifles while their citizens watch and cheer, I guess. Straight up criminal rogue regime...

John Mason

Who else could it be but one of the dirty 4, US, UK, France or Israel who have been involved in creating global chaos.

[Oct 26, 2018] Vault 7 "Dark Matter" contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB)

Notable quotes:
"... Apple is a shit proprietary company that has somehow convinced people around the world that their product is as important as eating, and costs you as much to have an iPhone as it costs you to buy food each month. Oh but it has a camera and these really cool weather apps that cuss at you, and my selfie stick is made for the iPhone 7, but they will be coming out with an iPhone 8 soon. I sure hope my selfie stick works with it! ..."
Mar 23, 2017 | www.zerohedge.com

Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.

Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise

TheMeatTrapper Mar 23, 2017 10:20 AM

They should change the name of the company to CIApple. The millenials can then line up for them in the cold.

http://ads.pubmatic.com/AdServer/js/showad.js#PIX&kdntuid=1&p=52041

Manthong froze25 Mar 23, 2017 10:27 AM

It appears that some real patriots are blowing the lid off of the pervasive evil.

The Amendments only clarified what is the law of the land.

I F'NG WANT THEM ADHERED TO.

Start with the 4 th one and then work your way up and down.

http://ads.pubmatic.com/AdServer/js/showad.js#PIX&kdntuid=1&p=52041

JRobby brianshell Mar 23, 2017 11:05 AM Get your red iPhone! On sale this week!!!! Brand new color! Red!!!!!

http://ads.pubmatic.com/AdServer/js/showad.js#PIX&kdntuid=1&p=52041

mtl4 Manthong Mar 23, 2017 11:14 AM After seeing this, any wonder why Shillary was so stuck on using Blackberry?!

I think Blackberry really missed a huge opportunity as the anti-eavesdropping cell phone platform.

http://ads.pubmatic.com/AdServer/js/showad.js#PIX&kdntuid=1&p=52041

PrayingMantis mtl4 Mar 23, 2017 11:59 AM

... "Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008."

... time to ditch those CiApple devices ... now you know why the Canadian Blackberry was killed off the US market ... they wouldn't play the US alphabet agencies' surveillance game ...

http://ads.pubmatic.com/AdServer/js/showad.js#PIX&kdntuid=1&p=52041

brianshell kavlar Mar 23, 2017 2:21 PM Ban dual nationals in government.

http://ads.pubmatic.com/AdServer/js/showad.js#PIX&kdntuid=1&p=52041

wren Manthong Mar 23, 2017 12:41 PM

I knew it was a publicity hoax when Apple didn't want to allow the feds access to the phone that was used by the killers in the San Bernadillo Massacre. Like Apple really cares about giving your info to the feds...

Apple is a shit proprietary company that has somehow convinced people around the world that their product is as important as eating, and costs you as much to have an iPhone as it costs you to buy food each month. Oh but it has a camera and these really cool weather apps that cuss at you, and my selfie stick is made for the iPhone 7, but they will be coming out with an iPhone 8 soon. I sure hope my selfie stick works with it!

"Hi, my name is Lisa and I am in like 7th grade. Other kids in my class only have the iPhone 5, but I have the new iPhone 7. I go to school with such pathetic loooserrs. Everyone in my school is jealous of me and my new iPhone 7, cause it shows that my parents really care about me, because, you know, they spent a lot of money on me for this phone so it must show they like, really care, right?

And the other kids in school chant my name as I walk down the halls because they're like so jealous of how much my parents love me. They are jealous because I'm like really rich, really cool, and my parents really love me too."

http://ads.pubmatic.com/AdServer/js/showad.js#PIX&kdntuid=1&p=52041

WillyGroper JRobby Mar 23, 2017 1:31 PM

went to the site from SGT...interesting seeeyeyah rabbit hole runs decades back.

of course the usual suspects.

https://www.muckrock.com/news/archives/2017/mar/20/cia-waffled-promise-destroy-records/

AldousHuxley d brianshell •Mar 23, 2017 4:46 PM

Smartphone won't make you smarter when all you do on it is chatting about superficial issues.

Idiots paying $500 every year to talk to other idiots is why Apple has $700B market cap.

http://ads.pubmatic.com/AdServer/js/showad.js#PIX&kdntuid=1&p=52041

Latina Lover froze25 Mar 23, 2017 10:32 AM

In a honest country where the rule of law applies to all, USA prisons would be filled with CIA and NSA operatives. Instead, we live in a banana republic, without the bananas.

[Oct 11, 2018] Insidious propaganda attack on Taiwan manufactures by Western MSM

Oct 11, 2018 | thenewkremlinstooge.wordpress.com

et Al October 5, 2018 at 4:00 am

The Register: Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?
https://www.theregister.co.uk/2018/10/04/supermicro_bloomberg/

Who's your money on? Bloomberg's sources? Apple? Amazon? Super Micro?

####

Hit the comments. Quite a few very good points made, namely 'Why now?' (its da Chinese!) as it supposed occurred some years ago, the US breaks this kind of story when it knows it will shortly be fingered for doing the same (the US did a demo SCADA attack for the media before the STUXNET story broke), if it was done it would have only been on select machines etc. etc.

Euractiv: Apple, Amazon deny Bloomberg report on Chinese hardware attack
https://www.euractiv.com/section/cybersecurity/news/apple-amazon-deny-bloomberg-report-on-chinese-hardware-attack/

There was a headlining (which of course I cannot find now*) saying that the US is calling on the UK, EU & Japan should get together and take on China economically. Why does the might US need help? It's quite an admission. This is at the same time that the US is targeting EU companies that do business with Russia and also telling Brussels that they do not agree with its very modest proposals for WTO reform.** There's no balance. They're all over the place, no to mention their spokespersons going tonto and shooting off their mouths so casually (US NATO Amb).

The more you look at all the current revelations, who they are made by, the way they are all being fed to the press and the demands now being made, it looks more and more that the Euro-Atfantacists are making another concerted and desperate campaign to retain some sort of influence. The UK is leaving the EU. Even if it rejoins, it won't be a 'special partner'. The fact that the USA-insane Netherlands and the UK are running their stories together shows us that the target is the rest of Europe, just as outgoing Pres of the EU J-C Juncker has said that Europe's best interests are with a security treaty with Russia. BTW, Finland's Stubb is putting himself forward to replace Juncker

* et voila! US, EU should 'clean the house' and deal with China – US ambassador
https://www.euractiv.com/section/eu-china/news/us-eu-should-clean-the-house-and-deal-with-china-us-ambassador/

** US says it cannot support some of EU's ideas for WTO reform
https://www.euractiv.com/section/economy-jobs/news/us-says-it-cannot-support-some-of-eus-ideas-for-wto-reform/

[Oct 08, 2018] Hacking and Propaganda by Marcus Ranum

Highly recommended!
Notable quotes:
"... There has been an ongoing campaign on the part of the US, to get out the idea that China, Russia, North Korea, and Iran have massive armies of hackers that are constantly looking to steal American secrets. The absurdity of the US' claims is pretty obvious. As I pointed out in my book The Myth of Homeland Security ..."
"... "The Great US/China Cyberwar of 2010" is one cyberwar that didn't happen, but was presaged with a run-up of lots of claims that the Chinese were hacking all over the place. I'm perfectly willing to accept the possibility that there was Chinese hacking activity, but in the industry there was no indication of an additional level of attack or significance. ..."
"... One thing that did ..."
"... US ideology is that "we don't start wars" -- it's always looking for an excuse to go to war under the rubric of self-defense, so I see these sorts of claims as justification in advance for unilateral action. I also see it as a sign of weakness; if the US were truly the superpower it claims it is, it would simply accept its imperial mantle and stop bothering to try to justify anything. I'm afraid we may be getting close to that point. ..."
"... My assumption has always been that the US is projecting its own actions on other nations. At the time when the US was talking the loudest about Chinese cyberwar, the US and Israel had launched STUXNET against the Iranian enrichment plant at Natanz, and the breeder reactor at Bushehr (which happens to be just outside of a large city; the attack took some of its control systems and backup generators offline). Attacks on nuclear power facilities are a war crime under international humanitarian law, which framework the US is signatory to but has not committed to actually follow. This sort of activity happens at the same time that the US distributes talking-points to the media about the danger of Russian hackers crashing the US power grid. I don't think we can psychoanalyze an entire government and I think psychoanalysis is mostly nonsense -- but it's tempting to accuse the US of "projection." ..."
"... All of this stuff happens against the backdrop of Klein, Binney, Snowden, and the Vault 7 revelations, as well as solid attribution identifying the NSA as "equation group" and linking the code-tree of NSA-developed malware to STUXNET, FLAME, and DUQU. ..."
"... the US has even admitted to deploying STUXNET -- Obama bragged about it. When Snowden's revelations outlined how the NSA had eavesdropped on Angela Merkel's cellphone, the Germans expressed shock and Barack Obama remarkably truthfully said "that's how these things are done" and blew the whole thing off by saying that the NSA wasn't eavesdropping on Merkel any more. [ bbc ] ..."
"... It's hard to keep score because everything is pretty vague, but it sounds like the US has been dramatically out-spending and out-acting the other nations that it accuses of being prepared for cyberwar. ..."
"... it's hard not to see the US is prepared for cyberwar, when both the NSA and the CIA leak massive collections of advanced tools. ..."
"... My observation is that the NSA and CIA have been horribly sloppy and have clearly spent a gigantic amount of money preparing to compromise both foreign and domestic systems -- that's bad enough. With friends like the NSA and CIA, who needs Russians and Chinese? ..."
"... The Russian and Chinese efforts are relatively tiny compared to the massive efforts the US expends tens of billions of dollars on. The US spends about $50bn on its intelligence agencies, while the entire Russian Department of Defense budget is about $90bn (China is around $139bn) -- maybe the Russians and Chinese have such a small footprint because they are much smaller operations? ..."
"... That brings us to the recent kerfuffle about taps on the Supermicro motherboards. That's not unbelievable at all -- not in a world where we discover that Intel has built a parallel management CPU into every CPU since 2008, and that there is solid indications that other processors have similar backdoors. ..."
"... There are probably so many backdoors in our systems that it's a miracle it works at all. ..."
"... So, with respect to "propaganda" I would say that the US intelligence community has been consistently pushing a propaganda agenda against the US government, and the citizens in order to justify its actions and defend its budget. ..."
"... What little I've been able to find out the new Trump™ cybersecurity plan is that it doesn't involve any defense, just massive retribution against (perceived) foes. ..."
"... Funny how those obsessed with "false flag" operations work so hard to invite more of same. ..."
Oct 07, 2018 | freethoughtblogs.com

Bob Moore asks me to comment on an article about propaganda and security/intelligence. [ article ] This is going to be a mixture of opinion and references to facts; I'll try to be clear which is which.

Yesterday several NATO countries ran a concerted propaganda campaign against Russia. The context for it was a NATO summit in which the U.S. presses for an intensified cyberwar against NATO's preferred enemy.

On the same day another coordinated campaign targeted China. It is aimed against China's development of computer chip manufacturing further up the value chain. Related to this is U.S. pressure on Taiwan, a leading chip manufacturer, to cut its ties with its big motherland.

It is true that the US periodically makes a big push regarding "messaging" about hacking. Whether or not it constitutes a "propaganda campaign" depends on how we choose to interpret things and the labels we attach to them -- "propaganda campaign" has a lot of negative connotations and one person's "outreach effort" is an other's "propaganda." An ultra-nationalist or an authoritarian submissive who takes the government's word for anything would call it "outreach."

There has been an ongoing campaign on the part of the US, to get out the idea that China, Russia, North Korea, and Iran have massive armies of hackers that are constantly looking to steal American secrets. The absurdity of the US' claims is pretty obvious. As I pointed out in my book The Myth of Homeland Security (2004) [ wc ] claims such as that the Chinese had "40,000 highly trained hackers" are flat-out absurd and ignore the reality of hacking; that's four army corps. Hackers don't engage in "human wave" attacks.

"The Great US/China Cyberwar of 2010" is one cyberwar that didn't happen, but was presaged with a run-up of lots of claims that the Chinese were hacking all over the place. I'm perfectly willing to accept the possibility that there was Chinese hacking activity, but in the industry there was no indication of an additional level of attack or significance.

One thing that did happen in 2010 around the same time as the nonexistent cyberwar was China and Russia proposed trilateral talks with the US to attempt to define appropriate limits on state-sponsored hacking. The US flatly rejected the proposal, but there was virtually no coverage of that in the US media at the time. The UN also called for a cyberwar treaty framework, and the effort was killed by the US. [ wired ] What's fascinating and incomprehensible to me is that, whenever the US feels that its ability to claim pre-emptive cyberwar is challenged, it responds with a wave of claims about Chinese (or Russian or North Korean) cyberwar aggression.

John Negroponte, former director of US intelligence, said intelligence agencies in the major powers would be the first to "express reservations" about such an accord.

US ideology is that "we don't start wars" -- it's always looking for an excuse to go to war under the rubric of self-defense, so I see these sorts of claims as justification in advance for unilateral action. I also see it as a sign of weakness; if the US were truly the superpower it claims it is, it would simply accept its imperial mantle and stop bothering to try to justify anything. I'm afraid we may be getting close to that point.

My assumption has always been that the US is projecting its own actions on other nations. At the time when the US was talking the loudest about Chinese cyberwar, the US and Israel had launched STUXNET against the Iranian enrichment plant at Natanz, and the breeder reactor at Bushehr (which happens to be just outside of a large city; the attack took some of its control systems and backup generators offline). Attacks on nuclear power facilities are a war crime under international humanitarian law, which framework the US is signatory to but has not committed to actually follow. This sort of activity happens at the same time that the US distributes talking-points to the media about the danger of Russian hackers crashing the US power grid. I don't think we can psychoanalyze an entire government and I think psychoanalysis is mostly nonsense -- but it's tempting to accuse the US of "projection."

The anti-Russian campaign is about alleged Russian spying, hacking and influence operations. Britain and the Netherland took the lead. Britain accused Russia's military intelligence service (GRU) of spying attempts against the Organisation for the Prohibition of Chemical Weapons (OPCW) in The Hague and Switzerland, of spying attempts against the British Foreign Office, of influence campaigns related to European and the U.S. elections, and of hacking the international doping agency WADA. British media willingly helped to exaggerate the claims: [ ]

The Netherland [sic] for its part released a flurry of information about the alleged spying attempts against the OPCW in The Hague. It claims that four GRU agents traveled to The Hague on official Russian diplomatic passports to sniff out the WiFi network of the OPCW. (WiFi networks are notoriously easy to hack. If the OPCW is indeed using such it should not be trusted with any security relevant issues.) The Russian officials were allegedly very secretive, even cleaning out their own hotel trash, while they, at the same, time carried laptops with private data and even taxi receipts showing their travel from a GRU headquarter in Moscow to the airport. Like in the Skripal/Novichok saga the Russian spies are, at the same time, portrayed as supervillains and hapless amateurs. Real spies are neither.

The U.S. Justice Department added to the onslaught by issuing new indictments (pdf) against alleged GRU agents dubiously connected to several alleged hacking incidents . As none of those Russians will ever stand in front of a U.S. court the broad allegations will never be tested.

There's a lot there, and I think the interpretation is a bit over-wrought, but it's mostly accurate. The US and the UK (and other NATO allies, as necessary) clearly coordinate when it comes to talking points. Claims of Chinese cyberwar in the US press will be followed by claims in the UK and Australian press, as well. My suspicion is that this is not the US Government and UK Government coordinating a story -- it's the intelligence agencies doing it. My opinion is that the intelligence services are fairly close to a "deep state" -- the CIA and NSA are completely out of control and the CIA has gone far toward building its own military, while the NSA has implemented completely unrestricted surveillance worldwide.

All of this stuff happens against the backdrop of Klein, Binney, Snowden, and the Vault 7 revelations, as well as solid attribution identifying the NSA as "equation group" and linking the code-tree of NSA-developed malware to STUXNET, FLAME, and DUQU. While the attribution that "Fancy Bear is the GRU" has been made and is probably fairly solid, the attribution of NSA malware and CIA malware is rock solid; the US has even admitted to deploying STUXNET -- Obama bragged about it. When Snowden's revelations outlined how the NSA had eavesdropped on Angela Merkel's cellphone, the Germans expressed shock and Barack Obama remarkably truthfully said "that's how these things are done" and blew the whole thing off by saying that the NSA wasn't eavesdropping on Merkel any more. [ bbc ]

It's hard to keep score because everything is pretty vague, but it sounds like the US has been dramatically out-spending and out-acting the other nations that it accuses of being prepared for cyberwar. I tend to be extremely skeptical of US claims because: bomber gap, missile gap, gulf of Tonkin, Iraq WMD, Afghanistan, Libya and every other aggressive attack by the US which was blamed on its target. The reason I assume the US is the most aggressive actor in cyberspace is because the US has done a terrible job of protecting its tool-sets and operational security: it's hard not to see the US is prepared for cyberwar, when both the NSA and the CIA leak massive collections of advanced tools.

Meanwhile, where are the leaks of Russian and Chinese tools? They have been few and far between, if there have been any at all. Does this mean that the Russians and Chinese have amazingly superior tradecraft, if not tools? I don't know. My observation is that the NSA and CIA have been horribly sloppy and have clearly spent a gigantic amount of money preparing to compromise both foreign and domestic systems -- that's bad enough. With friends like the NSA and CIA, who needs Russians and Chinese?

The article does not have great depth to its understanding of the situation, I'm afraid. So it comes off as a bit heavy on the recent news while ignoring the long-term trends. For example:

The allegations of Chinese supply chain attacks are of course just as hypocritical as the allegations against Russia. The very first know case of computer related supply chain manipulation goes back to 1982 :

A CIA operation to sabotage Soviet industry by duping Moscow into stealing booby-trapped software was spectacularly successful when it triggered a huge explosion in a Siberian gas pipeline, it emerged yesterday.

I wrote a piece about the "Farewell Dossier" in 2004. [ mjr ] Re-reading it, it comes off as skeptical but waffly. I think that it's self-promotion by the CIA and exaggerates considerably ("look how clever we are!") at a time when the CIA was suffering an attention and credibility deficit after its shitshow performance under George Tenet. But the first known cases of computer related supply chain manipulation go back to the 70s and 80s -- the NSA even compromised Crypto AG's Hagelin M-209 system (a mechanical ciphering machine) in order to read global communications encrypted with that product. You can imagine Crypto AG's surprise when the Iranian secret police arrested one of their sales reps for selling backdoor'd crypto -- the NSA had never told them about the backdoor, naturally. The CIA was also on record for producing Xerox machines destined for the USSR, which had recorders built into them So, while the article is portraying the historical sweep of NSA dirty tricks, they're only looking at the recent ones. Remember: the NSA also weakened the elliptic curve crypto library in RSA's Bsafe implementation, paying RSADSI $13 million to accept their tweaked code.

Why haven't we been hearing about the Chinese and Russians doing that sort of thing? There are four options:

  1. The Russians and Chinese are doing it, they're just so darned good nobody has caught them until just recently.
  2. The Russians and Chinese simply resort to using existing tools developed by the hacking/cybercrime community and rely on great operational security rather than fancy tools.
  3. The Russian and Chinese efforts are relatively tiny compared to the massive efforts the US expends tens of billions of dollars on. The US spends about $50bn on its intelligence agencies, while the entire Russian Department of Defense budget is about $90bn (China is around $139bn) -- maybe the Russians and Chinese have such a small footprint because they are much smaller operations?
  4. Something else.

That brings us to the recent kerfuffle about taps on the Supermicro motherboards. That's not unbelievable at all -- not in a world where we discover that Intel has built a parallel management CPU into every CPU since 2008, and that there is solid indications that other processors have similar backdoors.

Was the Intel IME a "backdoor" or just "a bad idea"? Well, that's tricky. Let me put my tinfoil hat on: making a backdoor look like a sloppily developed product feature would be the competent way to write a backdoor. Making it as sneaky as the backdoor in the Via is unnecessary -- incompetence is eminently believable.

&

(kaspersky)

I believe all of these stories (including the Supermicro) are the tip of a great big, ugly iceberg. The intelligence community has long known that software-only solutions are too mutable, and are easy to decompile and figure out. They have wanted to be in the BIOS of systems -- on the motherboard -- for a long time. If you go back to 2014, we have disclosures about the NSA malware that hides in hard drive BIOS: [ vice ] [ vice ] That appears to have been in progress around 2000/2001.

Of note, the group recovered two modules belonging to EquationDrug and GrayFish that were used to reprogram hard drives to give the attackers persistent control over a target machine. These modules can target practically every hard drive manufacturer and brand on the market, including Seagate, Western Digital, Samsung, Toshiba, Corsair, Hitachi and more. Such attacks have traditionally been difficult to pull off, given the risk in modifying hard drive software, which may explain why Kaspersky could only identify a handful of very specific targets against which the attack was used, where the risk was worth the reward.

But Equation Group's malware platforms have other tricks, too. GrayFish, for example, also has the ability to install itself into computer's boot record -- software that loads even before the operating system itself -- and stores all of its data inside a portion of the operating system called the registry, where configuration data is normally stored.

EquationDrug was designed for use on older Windows operating systems, and "some of the plugins were designed originally for use on Windows 95/98/ME" -- versions of Windows so old that they offer a good indication of the Equation Group's age.

This is not a very good example of how to establish a "malware gap" since it just makes the NSA look like they are incapable of keeping a secret. If you want an idea how bad it is, Kaspersky labs' analysis of the NSA's toolchain is a good example of how to do attribution correctly. Unfortunately for the US agenda, that solid attribution points toward Fort Meade in Maryland. [kaspersky]

Let me be clear: I think we are fucked every which way from the start. With backdoors in the BIOS, backdoors on the CPU, and wireless cellular-spectrum backdoors, there are probably backdoors in the GPUs and the physical network controllers, as well. Maybe the backdoors in the GPU come from the GRU and maybe the backdoors in the hard drives come from NSA, but who cares? The upshot is that all of our systems are so heinously compromised that they can only be considered marginally reliable. It is, literally, not your computer: it's theirs. They'll let you use it so long as your information is interesting to them.

Do I believe the Chinese are capable of doing such a thing? Of course. Is the GRU? Probably. Mossad? Sure. NSA? Well-documented attribution points toward NSA. Your computer is a free-fire zone. It has been since the mid 1990s, when the NSA was told "no" on the Clipper chip and decided to come up with its own Plan B, C, D, and E. Then, the CIA came up with theirs. Etc. There are probably so many backdoors in our systems that it's a miracle it works at all.

From my 2012 RSA conference lecture "Cyberwar, you're doing it wrong."

The problem is that playing in this space is the purview of governments. Nobody in the cybercrime or hacking world need tools like these. The intelligence operatives have huge budgets, compared to a typical company's security budget, and it's unreasonable to expect any business to invest such a level of effort on defending itself. So what should companies do? They should do exactly what they are doing: expect the government to deal with it; that's what governments are for. The problem with that strategy is that their government isn't on their side, either! It's Hobbes' playground.

In case you think I am engaging in hyperbole, I assure you I am not. If you want another example of the lengths (and willingness to bypass the law) "they" are willing to go, consider 'stingrays' that are in operation in every major US city and outside of every interesting hotel and high tech park. Those devices are not passive -- they actively inject themselves into the call set-up between your phone and your carrier -- your data goes through the stingray, or it doesn't go at all. If there are multiple stingrays, then your latency goes through the roof. "They" don't care. Are the stingrays NSA, FBI, CIA, Mossad, GRU, or PLA? Probably a bit of all of the above depending on where and when.

Whenever the US gets caught with its pants down around its ankles, it blames the Chinese or the Russians because they have done a good job of building the idea that the most serious hackers on the planet at the Chinese. I don't believe that we're seeing complex propaganda campaigns that are tied to specific incidents -- I think we see ongoing organic propaganda campaigns that all serve the same end: protect the agencies, protect their budgets, justify their existence, and downplay their incompetence.

So, with respect to "propaganda" I would say that the US intelligence community has been consistently pushing a propaganda agenda against the US government, and the citizens in order to justify its actions and defend its budget.

The government also engages in propaganda, and is influenced by the intelligence community's propaganda as well. And the propaganda campaigns work because everyone involved assumes, "well, given what the NSA has been able to do, I should assume the Chinese can do likewise." That's a perfectly reasonable assumption and I think it's probably true that the Chinese have capabilities. The situation is what Chuck Spinney calls "A self-licking ice cream cone" -- it's a justifying structure that makes participation in endless aggression seem like a sensible thing to do. And, when there's inevitably a disaster, it's going to be like a cyber-9/11 and will serve as a justification for even more unrestrained aggression.


Want to see what it looks like? A thousand thanks to Commentariat member [redacted] for this link. If you don't like video, there's an article here. [ toms ]

https://www.youtube.com/embed/_eSAF_qT_FY

Is this an NSA backdoor, or normal incompetence? Is Intel Management Engine an NSA-inspired backdoor, or did some system engineers at Intel think that was a good idea? There are other scary indications of embedded compromise: the CIA's Vault7 archive included code that appeared to be intended to embed in the firmware of "smart" flatscreen TVs. That would make every LG flat panel in every hotel room, a listening device just waiting to be turned on.

We know the Chinese didn't do that particular bug but why wouldn't they do something similar, in something else? China is the world's oldest mature culture -- they literally wrote the book on strategy -- Americans acting as though it's a great surprise to learn that the Chinese are not stupid, it's just the parochialism of a 250 year-old culture looking at a 3,000 year-old culture and saying "wow, you guys haven't been asleep at the switch after all!"

WIRED on cyberspace treaties [ wired ]

Comments
  1. Pierce R. Butler says

    October 6, 2018 at 1:31 pm

    What little I've been able to find out the new Trump™ cybersecurity plan is that it doesn't involve any defense, just massive retribution against (perceived) foes.

    Funny how those obsessed with "false flag" operations work so hard to invite more of same.

  2. Marcus Ranum says

    October 6, 2018 at 2:28 pm

    Pierce R. Butler@#1:
    What little I've been able to find out the new Trump™ cybersecurity plan is that it doesn't involve any defense, just massive retribution against (perceived) foes.

    Yes. Since 2001, as far as most of us can tell, federal cybersecurity spend has been 80% offense, 20% defense. And a lot of the offensive spend has been aimed at We, The People.

  3. Cat Mara says

    October 6, 2018 at 5:20 pm

    Your mention of Operation Sundevil and Kevin Mitnick in a previous post made me think that maybe the reason we haven't seen the kind of leaks from the Russian and Chinese hacking operations that we've seem from the NSA is that they're running a "Kevin Mitnick style" operation; that is, relying less on technical solutions and using instead old-fashioned "social engineering" and other low-tech forms of espionage (like running troll farms on social media). I mean, I've seen interviews with retired US intelligence people since the 90s complain that since the late 1980s, the intelligence agencies have been crippled by management in love with hi-tech "SIGINT" solutions to problems that never deliver and neglecting old-fashioned "HUMINT" intelligence-gathering.

    The thing is, Kevin Mitnick got away with a lot of what he did because people didn't take security seriously then, and still don't. On a similar nostalgia vibe, I remember reading an article by Keith Bostic (one of the researchers who helped in the analysis of the Morris worm that took down a significant chunk of the Internet back in 1988) where he did a follow-up a year or so afterwards and some depressing number of organisations that had been hit by it still hadn't patched the holes that had let the worm infect them in the first place.

  4. Marcus Ranum says

    October 6, 2018 at 9:20 pm

    Cat Mara@#3:
    Your mention of Operation Sundevil and Kevin Mitnick in a previous post made me think that maybe the reason we haven't seen the kind of leaks from the Russian and Chinese hacking operations that we've seem from the NSA is that they're running a "Kevin Mitnick style" operation; that is, relying less on technical solutions and using instead old-fashioned "social engineering" and other low-tech forms of espionage (like running troll farms on social media).

    I think that's right, to a high degree. What if Edward Snowden was an agent provocateur instead of a well-meaning naive kid? A tremendous amount of damage could be done, as well as stealing the US' expensive toys. The Russians have been very good at doing exactly that sort of operation, since WWII. The Chinese are, if anything, more subtle than the Russians.

    The Chinese attitude, as expressed to me by someone who might be a credible source is, "why are you picking a fight with us? We don't care, you're too far away for us to threaten you, we both have loads of our own fish to fry. To them, the US is young, hyperactive, and stupid.

    The FBI is not competent, at all, against old-school humint intelligence-gathering. Compared to the US' cyber-toys, the old ways are probably more efficient and cost effective. China's intelligence community is also much more team-oriented than the CIA/NSA; they're actually a disciplined operation under the strategic control of policy-makers. That, by the way, is why Russians and Chinese stare in amazement when Americans ask things like "Do you think Putin knew about this?" What a stupid question! It's an autocracy; they don't have intelligence operatives just going an deciding "it's a nice day to go to England with some Novichok." The entire American attitude toward espionage lacks maturity.

    On a similar nostalgia vibe, I remember reading an article by Keith Bostic (one of the researchers who helped in the analysis of the Morris worm that took down a significant chunk of the Internet back in 1988) where he did a follow-up a year or so afterwards and some depressing number of organisations that had been hit by it still hadn't patched the holes that had let the worm infect them in the first place.

    That as an exciting time. We were downstream from University of Maryland, which got hit pretty badly. Pete Cottrel and Chris Torek from UMD were also in on Bostic's dissection. We were doing uucp over TCP for our email (that changed pretty soon after the worm) and our uucp queue blew up. I cured the worm with a reboot into single-user mode and a quick 'rm -f' in the uucp queue.

  5. Bob Moore says

    October 7, 2018 at 9:18 am

    Thanks. I appreciate your measured analysis and the making explicit of the bottom line: " agencies, protect their budgets, justify their existence, and downplay their incompetence."

[Oct 05, 2018] The SuperMicro chips problem may be an alleged use of the Intel Management Engine (or the AMD equivalent).

Oct 05, 2018 | www.moonofalabama.org

daffyDuct , Oct 5, 2018 8:35:21 PM | link

The SuperMicro chips may be an alleged use of the Intel Management Engine (or the AMD equivalent).

From Bloomberg: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

"In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips' operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board's temporary memory en route to the server's central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.

The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off."

From Wikipedia: https://en.wikipedia.org/wiki/Intel_Management_Engine

"The Intel Management Engine (ME), also known as the Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. The subsystem primarily consists of proprietary firmware running on a separate microprocessor that performs tasks during boot-up, while the computer is running, and while it is asleep.As long as the chipset or SoC is connected to current (via battery or power supply), it continues to run even when the system is turned off. Intel claims the ME is required to provide full performance. Its exact workings are largely undocumented and its code is obfuscated using confidential huffman tables stored directly in hardware, so the firmware does not contain the information necessary to decode its contents. Intel's main competitor AMD has incorporated the equivalent AMD Secure Technology (formally called Platform Security Processor) in virtually all of its post-2013 CPUs.

The Electronic Frontier Foundation (EFF) and security expert Damien Zammit accuse the ME of being a backdoor and a privacy concern. Zammit states that the ME has full access to memory (without the parent CPU having any knowledge); has full access to the TCP/IP stack and can send and receive network packets independent of the operating system, thus bypassing its firewall. Intel asserts that it "does not put back doors in its products" and that its products do not "give Intel control or access to computing systems without the explicit permission of the end user."

[Oct 04, 2018] Despicable fear mongering by Bloomberg

Notable quotes:
"... Plus according to Microsemi's own website, all military and aerospace qualified versions of their parts are still made in the USA. So this "researcher" used commercial parts, which depending on the price point can be made in the plant in Shanghai or in the USA at Microsemi's own will. ..."
"... The "researcher" and the person who wrote the article need to spend some time reading more before talking. ..."
"... You clearly have NOT used a FPGA or similar. First the ProASIC3 the article focuses on is the CHEAPEST product in the product line (some of that model line reach down to below a dollar each). But beyond that ... Devices are SECURED by processes, such as blowing the JTAG fuses in the device which makes them operation only, and unreadable. They are secureable, if you follow the proper processes and methods laid out by the manufacturer of the specific chip. ..."
"... Just because a "research paper" claims there is other then standard methods of JTAG built into the JTAG doesn't mean that the device doesn't secure as it should, nor does it mean this researcher who is trying to peddle his own product is anything but biased in this situation. ..."
"... You do know that the Mossad has been caught stealing and collecting American Top Secrets. ..."
"... The original article is here. [cam.ac.uk] It refers to an Actel ProAsic3 chip, which is an FPGA with internal EEPROM to store the configuration. ..."
"... With regard to reprogramming the chip remotely or by the FPGA itself via the JTAG port: A secure system is one that can't reprogram itself. ..."
"... When I was designing VMEbus computer boards for a military subcontractor many years ago, every board had a JTAG connector that required the use of another computer with a special cable plugged into the board to perform reprogramming of the FPGAs. None of this update-by-remote-control crap. ..."
"... It seems that People's Republic of China has been misidentified with Taiwan (Republic of China). ..."
"... Either the claims will be backed up by independently reproduced tests or they won't. But, given his apparent track record in this area and the obvious scrutiny this would bring, Skorobogatov must have been sure of his results before announcing this. ..."
"... Where was this undocumented feature/bug designed in? I see plenty of "I hate China" posts, it would be quite hilarious if the fedgov talked the US mfgr into adding this backdoor, then the Chinese built it as designed. Perhaps the plan all along was to blame the Chinese if they're caught. ..."
"... These are not military chips. They are FPGAs that happen to be used occasionally for military apps. Most of them are sold for other, more commercially exploitable purposes. ..."
"... The page with a link to the final paper actually does mention China. However, it's an American design from a US company. I suspect we will find the backdoor was in the original plans. It will be interesting to see however. ..."
Oct 04, 2018 | it.slashdot.org

Taco Cowboy ( 5327 ) , Tuesday May 29, 2012 @12:17AM ( #40139317 ) Journal

It's a scam !! ( Score: 5 , Informative)

http://erratasec.blogspot.com/2012/05/bogus-story-no-chinese-backdoor-in.html [blogspot.com]

Bogus story: no Chinese backdoor in military chip
"Today's big news is that researchers have found proof of Chinese manufacturers putting backdoors in American chips that the military uses. This is false. While they did find a backdoor in a popular FPGA chip, there is no evidence the Chinese put it there, or even that it was intentionally malicious.

Furthermore, the Actel ProAsic3 FPGA chip isn't fabricated in China at all !!

jhoegl ( 638955 ) , Monday May 28, 2012 @01:30PM ( #40136003 )
Fear mongering ( Score: 5 , Insightful)

It sells...

khasim ( 1285 ) writes: < brandioch.conner@gmail.com > on Monday May 28, 2012 @01:48PM ( #40136097 )
Particularly in a press release like that. ( Score: 5 , Insightful)

That entire article reads more like a press release with FUD than anything with any facts.

Which chip?
Which manufacturer?
Which US customer?

No facts and LOTS of claims. It's pure FUD.

(Not that this might not be a real concern. But the first step is getting past the FUD and marketing materials and getting to the real facts.)

ArsenneLupin ( 766289 ) , Tuesday May 29, 2012 @01:11AM ( #40139489 )
Re:Particularly in a press release like that. ( Score: 5 , Informative)

A quick google showed that that this is indeed the chip, but the claims are "slightly" overblown [blogspot.com]

Anonymous Coward , Monday May 28, 2012 @02:14PM ( #40136273 )
Most likely inserted by Microsemi/Actel not fab ( Score: 5 , Informative)

1) Read the paper http://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf
2) This is talking about FPGAs designed by Microsemi/Actel.
3) The article focuses on the ProAsic3 chips but says all the Microsemi/Actel chips tested had the same backdoor including but not limited to Igloo, Fusion and Smartfusion.
4) FPGAs give JTAG access to their internals for programming and debugging but many of the access methods are proprietary and undocumented. (security through obscurity)
5) Most FPGAs have features that attempt to prevent reverse engineering by disabling the ability to read out critical stuff.
6) These chips have a secret passphrase (security through obscurity again) that allows you to read out the stuff that was supposed to be protected.
7) These researchers came up with a new way of analyzing the chip (pipeline emission analysis) to discover the secret passphrase. More conventional analysis (differential power analysis) was not sensitive enough to reveal it.

This sounds a lot (speculation on my part) like a deliberate backdoor put in for debug purposes, security through obscurity at it's best. It doesn't sound like something secret added by the chip fab company, although time will tell. Just as embedded controller companies have gotten into trouble putting hidden logins into their code thinking they're making the right tradeoff between convenience and security, this hardware company seems to have done the same.

Someone forgot to tell the marketing droids though and they made up a bunch of stuff about how the h/w was super secure.

JimCanuck ( 2474366 ) , Monday May 28, 2012 @04:45PM ( #40137217 )
Re:Most likely inserted by Microsemi/Actel not fab ( Score: 5 , Interesting)

I don't think anyone fully understands JTAG, there are a lot of different versions of it mashed together on the typical hardware IC. Regardless if its a FPGA, microcontroller or otherwise. The so called "back door" can only be accessed through the JTAG port as well, so unless the military installed a JTAG bridge to communicate to the outside world and left it there, well then the "backdoor" is rather useless.

Something that can also be completely disabled by setting the right fuse inside the chip itself to disable all JTAG connections. Something that is considered standard practice on IC's with a JTAG port available once assembled into their final product and programmed.

Plus according to Microsemi's own website, all military and aerospace qualified versions of their parts are still made in the USA. So this "researcher" used commercial parts, which depending on the price point can be made in the plant in Shanghai or in the USA at Microsemi's own will.

The "researcher" and the person who wrote the article need to spend some time reading more before talking.

emt377 ( 610337 ) , Monday May 28, 2012 @07:02PM ( #40137873 )
Re:Most likely inserted by Microsemi/Actel not fab ( Score: 4 , Insightful)
The so called "back door" can only be accessed through the JTAG port as well, so unless the military installed a JTAG bridge to communicate to the outside world and left it there, well then the "backdoor" is rather useless.

With pin access to the FPGA it's trivial to hook it up, no bridges or transceivers needed. If it's a BGA then get a breakout/riser board that provides pin access. This is off-the-shelf stuff. This means if the Chinese military gets their hands on the hardware they can reverse engineer it. They won't have to lean very hard on the manufacturer for them to cough up every last detail. In China you just don't say no to such requests if you know what's good for you and your business.

JimCanuck ( 2474366 ) , Monday May 28, 2012 @11:05PM ( #40139083 )
Re:Most likely inserted by Microsemi/Actel not fab ( Score: 4 , Interesting)
Not being readable even when someone has the device in hand is exactly what these secure FPGAs are meant to protect against!

It's not a non-issue. It's a complete failure of a product to provide any advantages over non-secure equivalents.

You clearly have NOT used a FPGA or similar. First the ProASIC3 the article focuses on is the CHEAPEST product in the product line (some of that model line reach down to below a dollar each). But beyond that ... Devices are SECURED by processes, such as blowing the JTAG fuses in the device which makes them operation only, and unreadable. They are secureable, if you follow the proper processes and methods laid out by the manufacturer of the specific chip.

Just because a "research paper" claims there is other then standard methods of JTAG built into the JTAG doesn't mean that the device doesn't secure as it should, nor does it mean this researcher who is trying to peddle his own product is anything but biased in this situation.

nospam007 ( 722110 ) * , Monday May 28, 2012 @02:39PM ( #40136445 )
Re:What did the military expect? ( Score: 4 , Interesting)

"Even if this case turns out to be a false alarm, allowing a nation that you repeatedly refer to as a 'near-peer competitor' to build parts of your high-tech weaponry is idiotic."

Not to mention the non-backdoor ones.

'Bogus electronic parts from China have infiltrated critical U.S. defense systems and equipment, including Navy helicopters and a commonly used Air Force cargo aircraft, a new report says.'

http://articles.dailypress.com/2012-05-23/news/dp-nws-counterfeit-chinese-parts-20120523_1_fake-chinese-parts-counterfeit-parts-air-force-c-130j [dailypress.com]

0123456 ( 636235 ) , Monday May 28, 2012 @02:04PM ( #40136219 )
Re:Should only buy military components from allies ( Score: 3 , Funny)
The US military should have a strict policy of only buying military parts from sovereign, free, democratic countries with a long history of friendship, such as Israel, Canada, Europe, Japan and South Korea.

Didn't the US and UK governments sell crypto equipment they knew they could break to their 'allies' during the Cold War?

tlhIngan ( 30335 ) writes: < slashdot@[ ]f.net ['wor' in gap] > on Monday May 28, 2012 @03:30PM ( #40136781 )
Re:Should only buy military components from allies ( Score: 5 , Insightful)
Second problem.... 20 years ago the DOD had their own processor manufacturing facilities, IC chips, etc. They were shut down in favor of commercial equipment because some idiot decided it was better to have an easier time buying replacement parts at Radioshack than buying quality military-grade components that could last in austere environments. (Yes, speaking from experience). Servers and workstations used to be built from the ground up at places like Tobyhanna Army Depot. Now, servers and workstations are bought from Dell.

Fabs are expensive. The latest generation nodes cost billions of dollars to set up and billions more to run. If they aren't cranking chips out 24/7, they're literally costing money. Yes, I know it's hte military, but I'm sure people have a hard time justifying $10B every few years just to fab a few chips. One of the biggest developments in the 90s was the development of foundries that let anyone with a few tens of millions get in the game of producing chips rather than requiring billions in startup costs. Hence the startup of tons of fabless companies selling chips.

OK, another option is to buy a cheap obsolete fab and make chips that way - much cheaper to run, but we're also talking maybe 10+ year old technology, at which point the chips are going to be slower and take more power.

Also, building your own computer from the ground up is expensive - either you buy the designs of your servers from say, Intel, or design your own. If you buy it, it'll be expensive and probably require your fab to be upgraded (or you get stuck with an old design - e.g., Pentium (the original) - which Intel bought back from the DoD because the DoD had been debugging it over the decade). If you went with the older cheaper fab, the design has to be modified to support that technology (you cannot just take a design and run with it - you have to adapt your chip to the foundry you use).

If you roll your own, that becomes a support nightmare because now no one knows the system.

And on the taxpayer side - I'm sure everyone will question why you're spending billions running a fab that's only used at 10% capacity - unless you want the DoD getting into the foundry business with its own issues.

Or, why is the military spending so much money designing and running its own computer architecture and support services when they could buy much cheaper machines from Dell and run Linux on them?

Hell, even if the DoD had budget for that, some bean counter will probably do the same so they can save money from one side and use it to buy more fighter jets or something.

30+ years ago, defense spending on electronics formed a huge part of the overall electronics spending. These days, defense spending is but a small fraction - it's far more lucrative to go after the consumer market than the military - they just don't have the economic clout they once had. End result is the military is forced to buy COTS ICs, or face stuff like a $0.50 chip costing easily $50 or more for same just because the military is a bit-player for semiconductors

__aaltlg1547 ( 2541114 ) , Monday May 28, 2012 @02:29PM ( #40136361 )
Re:Should only buy military components from allies ( Score: 2 )

Anybody remember Jonathan Pollard?

Genda ( 560240 ) writes: < <ten.tog> <ta> <teiram> > on Monday May 28, 2012 @03:46PM ( #40136857 ) Journal
Re:Should only buy military components from allies ( Score: 2 )

You do know that the Mossad has been caught stealing and collecting American Top Secrets. In fact most of the nations above save perhaps Canada have at one time or another been caught either spying on us, or performing dirty deeds cheap against America's best interest. I'd say for the really classified stuff, like the internal security devices that monitor everything else... homegrown only thanks, and add that any enterprising person who's looking to get paid twice by screwing with the hardware or selling secrets to certified unfriendlies get's to cools their heels for VERY LONG TIME.

NixieBunny ( 859050 ) , Monday May 28, 2012 @01:34PM ( #40136025 ) Homepage
The actual article ( Score: 5 , Informative)

The original article is here. [cam.ac.uk] It refers to an Actel ProAsic3 chip, which is an FPGA with internal EEPROM to store the configuration.

Anonymous Coward , Monday May 28, 2012 @02:09PM ( #40136249 )
Re:The actual article ( Score: 5 , Interesting)

From your much more useful link,

We investigated the PA3 backdoor problem through Internet searches, software and hardware analysis and found that this particular backdoor is not a result of any mistake or an innocent bug, but is instead a deliberately inserted and well thought-through backdoor that is crafted into, and part of, the PA3 security system. We analysed other Microsemi/Actel products and found they all have the same deliberate backdoor. Those products include, but are not limited to: Igloo, Fusion and Smartfusion.
we have found that the PA3 is used in military products such as weapons, guidance, flight control, networking and communications. In industry it is used in nuclear power plants, power distribution, aerospace, aviation, public transport and automotive products. This permits a new and disturbing possibility of a large scale Stuxnet-type attack via a network or the Internet on the silicon itself. If the key is known, commands can be embedded into a worm to scan for JTAG, then to attack and reprogram the firmware remotely.

emphasis mine. Key is retrieved using the backdoor. Frankly, if this is true, Microsemi/Actel should get complete ban from all government contracts, including using their chips in any item build for use by the government.

NixieBunny ( 859050 ) , Monday May 28, 2012 @02:44PM ( #40136487 ) Homepage
Re:The actual article ( Score: 3 )

I would not be surprised if it's a factory backdoor that's included in all their products, but is not documented and is assumed to not be a problem because it's not documented.

With regard to reprogramming the chip remotely or by the FPGA itself via the JTAG port: A secure system is one that can't reprogram itself.

When I was designing VMEbus computer boards for a military subcontractor many years ago, every board had a JTAG connector that required the use of another computer with a special cable plugged into the board to perform reprogramming of the FPGAs. None of this update-by-remote-control crap.

Blackman-Turkey ( 1115185 ) , Monday May 28, 2012 @02:19PM ( #40136305 )
Re:The actual article ( Score: 3 , Informative)

No source approved [dla.mil] for Microsemi (Actel) qualified chips in China. If you use non-approved sources then, well, shit happens (although how this HW backdoor would be exploited is kind of unclear).

It seems that People's Republic of China has been misidentified with Taiwan (Republic of China).

6031769 ( 829845 ) , Monday May 28, 2012 @01:35PM ( #40136031 ) Homepage Journal
Wait and see ( Score: 5 , Informative)

Either the claims will be backed up by independently reproduced tests or they won't. But, given his apparent track record in this area and the obvious scrutiny this would bring, Skorobogatov must have been sure of his results before announcing this.

Here's his publications list from his University home page, FWIW: http://www.cl.cam.ac.uk/~sps32/#Publications [cam.ac.uk]

Anonymous Coward , Monday May 28, 2012 @01:36PM ( #40136039 )
samzenpus will be looking for a new job soon ( Score: 3 , Funny)
Even though this story has been blowing-up on Twitter, there are a few caveats. The backdoor doesn't seem to have been confirmed by anyone else, Skorobogatov is a little short on details, and he is trying to sell the scanning technology used to uncover the vulnerability.

Hey hey HEY! You stop that right this INSTANT, samzenpus! This is Slashdot! We'll have none of your "actual investigative research" nonsense around here! Fear mongering to sell ad space, mister, and that's ALL! Now get back to work! We need more fluffy space-filling articles like that one about the minor holiday labeling bug Microsoft had in the UK! That's what we want to see more of!

laing ( 303349 ) , Monday May 28, 2012 @02:08PM ( #40136243 )
Requires Physical Access ( Score: 5 , Informative)

The back-door described in the white paper requires access to the JTAG (1149.1) interface to exploit. Most deployed systems do not provide an active external interface for JTAG. With physical access to a "secure" system based upon these parts, the techniques described in the white paper allow for a total compromise of all IP within. Without physical access, very little can be done to compromise systems based upon these parts.

vlm ( 69642 ) , Monday May 28, 2012 @03:34PM ( #40136807 )
Where was it designed in? ( Score: 3 )

Where was this undocumented feature/bug designed in? I see plenty of "I hate China" posts, it would be quite hilarious if the fedgov talked the US mfgr into adding this backdoor, then the Chinese built it as designed. Perhaps the plan all along was to blame the Chinese if they're caught.

These are not military chips. They are FPGAs that happen to be used occasionally for military apps. Most of them are sold for other, more commercially exploitable purposes.

time961 ( 618278 ) , Monday May 28, 2012 @03:51PM ( #40136887 )
Big risk is to "secret sauce" for comms & cryp ( Score: 5 , Informative)

This is a physical-access backdoor. You have to have your hands on the hardware to be able to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a mechanism that requires use of a special connector on the circuit board to connect to a dedicated JTAG port that is simply neither used nor accessible in anything resembling normal operation.

That said, it's still pretty bad, because hardware does occasionally end up in the hands of unfriendlies (e.g., crashed drones). FPGAs like these are often used to run classified software radio algorithms with anti-jam and anti-interception goals, or to run classified cryptographic algorithms. If those algorithms can be extracted from otherwise-dead and disassembled equipment, that would be bad--the manufacturer's claim that the FPGA bitstream can't be extracted might be part of the system's security certification assumptions. If that claim is false, and no other counter-measures are place, that could be pretty bad.

Surreptitiously modifying a system in place through the JTAG port is possible, but less of a threat: the adversary would have to get access to the system and then return it without anyone noticing. Also, a backdoor inserted that way would have to co-exist peacefully with all the other functions of the FPGA, a significant challenge both from an intellectual standpoint and from a size/timing standpoint--the FPGA may just not have enough spare capacity or spare cycles. They tend to be packed pretty full, 'coz they're expensive and you want to use all the capacity you have available to do clever stuff.

Fnord666 ( 889225 ) , Monday May 28, 2012 @09:16PM ( #40138557 ) Journal
Re:Big risk is to "secret sauce" for comms & c ( Score: 4 , Insightful)
This is a physical-access backdoor. You have to have your hands on the hardware to be able to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a mechanism that requires use of a special connector on the circuit board to connect to a dedicated JTAG port that is simply neither used nor accessible in anything resembling normal operation.

Surreptitiously modifying a system in place through the JTAG port is possible, but less of a threat: the adversary would have to get access to the system and then return it without anyone noticing.

As someone else mentioned in another post, physical access can be a bit of a misnomer. Technically all that is required is for a computer to be connected via the JTAG interface in order to exploit this. This might be a diagnostic computer for example. If that diagnostic computer were to be infected with a targeted payload, there is your physical access.

nurb432 ( 527695 ) , Monday May 28, 2012 @02:43PM ( #40136477 ) Homepage Journal
Re:Is it called JTAG? ( Score: 2 )

I agree it most likely wasn't malicious, but its more than careless, its irresponsible, especially when dealing with military contracts.

rtfa-troll ( 1340807 ) , Monday May 28, 2012 @03:22PM ( #40136743 )
Re:No China link yet, probably a US backdoor ( Score: 2 )
There is no China link to the backdoor yet.

The page with a link to the final paper actually does mention China. However, it's an American design from a US company. I suspect we will find the backdoor was in the original plans. It will be interesting to see however.

[Oct 04, 2018] Bloomberg is spreading malicious propaganda trying to blame China for modifying hardware with some additional ships

Kind of Chinagate, but China means her Taivan and the design is US-based. Completely false malicious rumors -- propaganda attack on China. The goal is clearly to discredit Chinese hardware manufactures by spreading technical innuendo. In other words this is a kick below the belt.
Bloomberg jerks are just feeding hacker paranoia.
First of all this is not easy to do, secondly this is a useless exercise, as you need access to TCP/IP stack of the computer to transmit information. Software Trojans is much more productive area for such activities.
Oct 04, 2018 | www.zerohedge.com

Today, Bloomberg BusinessWeek published a story claiming that AWS was aware of modified hardware or malicious chips in SuperMicro motherboards in Elemental Media's hardware at the time Amazon acquired Elemental in 2015, and that Amazon was aware of modified hardware or chips in AWS's China Region.

As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.

There are so many inaccuracies in ‎this article as it relates to Amazon that they're hard to count. We will name only a few of them here. First, when Amazon was considering acquiring Elemental, we did a lot of due diligence with our own security team, and also commissioned a single external security company to do a security assessment for us as well. That report did not identify any issues with modified chips or hardware. As is typical with most of these audits, it offered some recommended areas to remediate, and we fixed all critical issues before the acquisition closed. This was the sole external security report commissioned. Bloomberg has admittedly never seen our commissioned security report nor any other (and refused to share any details of any purported other report with us).

The article also claims that after learning of hardware modifications and malicious chips in Elemental servers, we conducted a network-wide audit of SuperMicro motherboards and discovered the malicious chips in a Beijing data center. This claim is similarly untrue. The first and most obvious reason is that we never found modified hardware or malicious chips in Elemental servers. Aside from that, we never found modified hardware or malicious chips in servers in any of our data centers. And, this notion that we sold off the hardware and datacenter in China to our partner Sinnet because we wanted to rid ourselves of SuperMicro servers is absurd. Sinnet had been running these data centers since we ‎launched in China, they owned these data centers from the start, and the hardware we "sold" to them was a transfer-of-assets agreement mandated by new China regulations for non-Chinese cloud providers to continue to operate in China.

Amazon employs stringent security standards across our supply chain – investigating all hardware and software prior to going into production and performing regular security audits internally and with our supply chain partners. We further strengthen our security posture by implementing our own hardware designs for critical components such as processors, servers, storage systems, and networking equipment.

Security will always be our top priority. AWS is trusted by many of the world's most risk-sensitive organizations precisely because we have demonstrated this unwavering commitment to putting their security above all else. We are constantly vigilant about potential threats to our customers, and we take swift and decisive action to address them whenever they are identified.

– Steve Schmidt, Chief Information Security Officer

Trumptards are IDIOTs


CashMcCall , 5 hours ago

TRUMPTARDS have an enormous amount of surplus time on their hands to forward their Harry Potter Styled Conspiracies.

APPLE AND AMAZON DENIED THE STORY. STORY OVER... GET IT CREEPY?

CashMcCall , 5 hours ago

While TRUMPTARDS were posting their Conspiracy Theories and the "TrumpEXPERTS" were embellishing the ridiculous story with their lavish accounts of chip bug design, I was enjoying a Bloomberg windfall.

Having confirmed early that the story was False since AMAZON and APPLE BOTH DENIED IT... and their stock was not moving, I turned to Supermicro which was plunging and down over 50%. I checked the options, and noted they were soft, so I put in bids for long shares and filled blocks at 9 from two accounts.

The moronic TRUMPTARD Conspiracy posts continued, Supermicro is now up over 13.

That is the difference between having a brain in your head or having TRUMPTARD **** FOR BRAINS...

Urban Roman , 5 hours ago

On second thought, this story is just ********. Note that the BBG story never mentions the backdoors that were talked about for over a decade, nor did they mention Mr. Snowden's revelation that those backdoors do exist, and are being used, by the surveillance state.

Since the Chinese factories are manufacturing these things, they'd have all the specs and the blobs and whatever else they need, and would never require a super-secret hardware chip like this. Maybe this MITM chip exists, and maybe it doesn't. But there's nothing to keep China from using the ME on any recent Intel chip, or the equivalent on any recent AMD chip, anywhere.

The purpose of this article is to scare you away from using Huawei or ZTE for anything, and my guess is that it is because those companies did not include these now-standard backdoors in their equipment. Maybe they included Chinese backdoors instead, but again, they wouldn't need a tiny piece of hardware for this MITM attack, since modern processors are all defective by design.

Chairman , 5 hours ago

I think I will start implementing this as an interview question. If a job candidate is stupid enough to believe this **** then they will not work for me.

DisorderlyConduct , 4 hours ago

Well, hmmm, could be. To update a PCB is actually really poor work. I would freak my biscuits if I received one of my PCBs with strange pads, traces or parts.

To substitute a part is craftier. To change the content of a part is harder, and nigh impossible to detect without xray.

Even craftier is to change VHDL code in an OTP chip or an ASIC. The package and internal structure is the same but the fuses would be burned different. No one would likely detect this unless they were specifically looking for it.

Kendle C , 5 hours ago

Well written propaganda fails to prove claims. Everybody in networking and IT knows that switches and routers have access to root, built in, often required by government, backdoors. Scripts are no big thing often used to speed up updates, backups, and troubleshooting. So when western manufacturers began shoveling their work to Taiwan and China, with them they sent millions of text files, including instructions for backdoor access, the means and technology (to do what this **** article is claiming) to modify the design, even classes with default password and bypass operations for future techs. We were shoveling hand over foot designs as fast as we could...all for the almighty dollar while stiffing American workers. So you might say greed trumped security and that fault lies with us. So stuff this cobbled together propaganda piece, warmongering ****.

AllBentOutOfShape , 5 hours ago

ZH has definitely been co-oped. This is just the latest propaganda ******** article of the week they've come out with. I'm seeing more and more articles sourced from well known propaganda outlets in recent months.

skunzie , 6 hours ago

Reminds me of how the US pulled off covert espionage of the Russians in the 70's using Xerox copiers. The CIA inserted trained Xerox copy repairmen to handle repairs on balky copiers in Russian embassies, etc. When a machine was down the technician inserted altered motherboards which would transmit future copies directly to the CIA. This is a cautionary tale for companies to cover their achilles heel (weakest point) as that is generally the easiest way to infiltrate the unsuspecting company.

PrivetHedge , 6 hours ago

What another huge load of bollocks from our pharisee master morons.

I guess they think we're as stupid as they are.

CashMcCall , 6 hours ago

But but but the story came from one of the chosen money changers Bloomberg... everyone knows a *** would never lie or print a false story at the market open

smacker , 7 hours ago

With all the existing ***** chips and backdoors on our computers and smartphones planted by the CIA, NSA, M$, Goolag & friends, and now this chip supposedly from China, it won't be long before there's no space left in RAM and on mobos for the chips that actually make the device do what we bought it to do.

Stinkbug 1 , 7 hours ago

this was going on 20 years ago when it was discovered that digital picture frames from china were collecting passwords and sending them back. it was just a test, so didn't get much press.

now they have the kinks worked out, and are ready for the coup de grace.

I Write Code , 7 hours ago

https://www.reddit.com/r/news/comments/9lac9k/china_used_a_tiny_chip_in_a_hack_that_infiltrated/?st=JMUNFMRR&sh=10c388fb

ChecksandBalances , 7 hours ago

This story seemed to die. Did anyone find anything indicating someone on our side has actually got a look at the malicious chip, assuming it exists? Technical blogs have nothing, only news rags like NewsMaxx. If 30 companies had these chips surely someone has one. This might be one huge fake news story. Why Bloomberg would publish it is kind of odd.

FedPool , 7 hours ago

Probably a limited evaluation operation to gauge the population's appetite for war. Pentagram market research. They're probably hitting all of the comment sections around the web as we speak. Don't forget to wave 'hi'.

Heya warmongers. No, we don't want a war yet, k thanks.

underlying , 7 hours ago

Since were on the topic let's take a look at the scope hacking tools known to the general public known prior to the Supermicro Server Motherboard Hardware Exploit; (P.S. What the **** do you expect when you have Chinese state owned enterprises, at minimum quasi state owned enterprises in special economic development zones controlled by the Chinese communist party, building motherboards?)

Snowden NSA Leaks published in the gaurdian/intercept

https://www.theguardian.com/us-news/the-nsa-files

Wikileaks Vault 7 etc....

https://wikileaks.org/vault7/

Spector/Meltdown vulnerability exploits

https://leeneubecker.com/grc-releases-test-tool-spectre-and-meltdown-vulnerabilities/

Random list compiled by TC bitches

https://techcrunch.com/2017/03/09/names-and-definitions-of-leaked-cia-hacking-tools/

This does not include the private/corporate sector hacking pen testing resources and suites which are abundant and easily available to **** up the competition in their own right.

i.e., https://gbhackers.com/hacking-tools-list/

Urban Roman , 5 hours ago

Exactly. Why would they ever need a super-micro-man-in-the-middle-chip?

Maybe this 'chip' serves some niche in their spycraft, but the article in the keypost ignores a herd of elephants swept under the carpet, and concentrates on a literal speck of dust.

Moribundus , 8 hours ago

A US-funded biomedical laboratory in Georgia may have conducted bioweapons research under the guise of a drug test, which claimed the lives of at least 73 subjects...new documents "allow us to take a fresh look" at outbreaks of African swine fever in southern Russia in 2007-2018, which "spread from the territory of Georgia into the Russian Federation, European nations and China. The infection strain in the samples collected from animals killed by the disease in those nations was identical to the Georgia-2007 strain." https://www.rt.com/news/440309-us-georgia-toxic-bioweapon-test/

Dr. Acula , 8 hours ago

"In a Senate testimony this past February, six major US intelligence heads warned that American citizens shouldn't use Huawei and ZTE products and services." - https://www.theverge.com/2018/5/2/17310870/pentagon-ban-huawei-zte-phones-retail-stores-military-bases

Are these the same intelligence agencies that complain about Russian collusion and cover up 9/11 and pizzagate?

[Sep 05, 2018] West Virginia Offers Free Cybersecurity Training To the Elderly

Sep 04, 2018 | news.slashdot.org
msmash on Tuesday September 04, 2018 @10:50AM from the how-about-that dept

West Virginia's Attorney General Patrick Morrisey, who's currently running for U.S. Senate, announced Tuesday that he's partnering with two local community and technical colleges to connect senior citizens with college students for free cybersecurity training .

The announcement comes amid rising cyber scams, many of which are targeted at elderly.

[Aug 22, 2018] How Do You Get the "Recent Files" List Back in Windows 10? by Akemi Iwaya

Notable quotes:
"... Today's Question & Answer session comes to us courtesy of SuperUser -- a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites. ..."
"... Note: The contents of the Recent Items folder is different from the contents of the File Explorer entry Recent Places, which contains folders that have been recently visited rather than files. They often have quite different contents. ..."
"... Recent Items folder ..."
"... %AppData%\Microsoft\Windows\Recent\ ..."
"... Quick Access Menu ..."
"... Power User's Menu ..."
"... Quick Access Menu ..."
"... Windows Key+X ..."
"... Note: The original article was for Windows 8.1, but this works on Windows 10 at the time of writing this. ..."
"... Image/Screenshot Credit: Techie007 (SuperUser) ..."
Aug 22, 2018 | www.howtogeek.com

October 4th, 2016

how-do-you-get-the-all-recent-files-list-functionality-back-in-windows-ten-00

When you frequently use a long-standing and convenient feature in Windows, then suddenly see it removed from the latest version, it can be very frustrating. How do you get the missing feature back? Today's SuperUser Q&A post has some helpful solutions to a reader's "recent file" woes.

Today's Question & Answer session comes to us courtesy of SuperUser -- a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.

The Question

SuperUser reader Mr. Boy wants to know how to get the "All Recent Files" list back in Windows 10:

I can find the listings for recent items, but these only seem to let me see recent items opened by a particular app. For example, I can look at Microsoft Word's icon and see the documents recently opened in it.

I am unable to find a simple "these are the last ten documents/files opened with any application", which is very useful if I have not pinned the apps in question to my taskbar. This feature used to exist in Windows XP as "My Recent Documents":

how-do-you-get-the-all-recent-files-list-functionality-back-in-windows-ten-01-b

Is there a way to get this functionality back in Windows 10? For example, I open doc.docx, sheet.xlsl, options.txt, picture.bmp, etc. with different apps and then see these items all listed in one place indicating the files that I have most recently accessed?

How do you get the "All Recent Files" list functionality back in Windows 10?

The Answer

SuperUser contributors Techie007 and thilina R have the answer for us. First up, Techie007:

I believe that the new way of thinking at Microsoft during the Start Menu's redesign process was that if you want to access "files", then you should open the File Explorer to access them instead of the Start Menu.

To that end, when you open the File Explorer, it will default to Quick Access , which includes a list of Recent Files like the example shown here:

how-do-you-get-the-all-recent-files-list-functionality-back-in-windows-ten-02

Followed by the answer from thilina R:

Method 1: Use the Run Dialog Box

This will open the folder listing all of your recent items. The list can be quite long and may contain items that are not as recent, and you may even want to delete some of them.

Note: The contents of the Recent Items folder is different from the contents of the File Explorer entry Recent Places, which contains folders that have been recently visited rather than files. They often have quite different contents.

Method 2: Make a Desktop Shortcut to the Recent Items Folder

If you like (or need) to look at the contents of the Recent Items folder on a frequent basis, you may want to create a shortcut on your desktop:

You can also pin this shortcut to the taskbar or place it in another convenient location.

Method 3: Add Recent Items to the Quick Access Menu

The Quick Access Menu (also called the Power User's Menu ) is another possible place to add an entry for Recent Items . This is the menu opened by the keyboard shortcut Windows Key+X . Use the path:

Contrary to what some articles on the Internet say, you cannot simply add shortcuts to the folder that is used by the Quick Access Menu . For security reasons, Windows will not allow additions unless the shortcuts contain certain code. The utility Windows Key+X menu editor takes care of that problem.

Source: Three Ways to Easily Access Your Most Recent Documents and Files in Windows 8.x [Gizmo's Freeware] Note: The original article was for Windows 8.1, but this works on Windows 10 at the time of writing this.


Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here .

Image/Screenshot Credit: Techie007 (SuperUser)

[Aug 22, 2018] Microsoft has reason to get in the good graces of the CIA, NSA and Pentagon at this time: Quid pro quo

Notable quotes:
"... In the running are Amazon Web Services, IBM and Microsoft. Winning this contract gives the winner an advantage in winning future related contracts ..."
Aug 22, 2018 | www.moonofalabama.org

librul | Aug 21, 2018 11:04:43 PM | 48

Can we see Microsoft's actions today as a salespitch?

https://www.nextgov.com/it-modernization/2018/07/pentagon-accepting-bids-its-controversial-10-billion-war-cloud/150059/

The Defense Department on Thursday officially began accepting proposals for its highly-anticipated Joint Enterprise Defense Infrastructure cloud contract. The JEDI contract will be awarded to a single cloud provider -- an issue many tech companies rallied against -- and will be valued at up to $10 billion over 10 years, according to the final request for proposal. The contract itself will put a commercial company in charge of hosting and distributing mission-critical workloads and classified military secrets to warfighters around the globe in a single war cloud.

https://www.defenseone.com/technology/2018/08/someone-waging-secret-war-undermine-pentagons-huge-cloud-contract/150685/

As some of the biggest U.S. technology companies have lined up to bid on the $10 billion contract to create a massive Pentagon cloud computing network, the behind-the-scenes war to win it has turned ugly.

In the running are Amazon Web Services, IBM and Microsoft. Winning this contract gives the winner an advantage in winning future related contracts.

[Aug 02, 2018] There was a big row over Kaspersky s software actually doing its job and detecting malware on an NSA officer s personal workstation at home, where he was conducting development in an unauthorized manner.

Notable quotes:
"... There was a big row over Kaspersky's software actually doing its job and detecting malware on an NSA officer's personal workstation at home, where he was conducting development in an unauthorized manner. The software did as it is designed, which is upload the suspicious software to Kaspersky's servers for analysis. This was represented by the US government as some sort of "spying for the Russian intelligence community" by Kaspersky. The US government also made a big deal over the fact that Kaspersky does work with the Russian government on computer security issues, as one would expect of such a company. ..."
Aug 02, 2018 | turcopolier.typepad.com

richardstevenhack -> Bill Herschel , a day ago

Yes, PostgreSQL is very good. It's open source, meaning the source code is available for inspection, so if there was anything suspicious about it, it would likely have been caught before now. Of course, bugs and security issues might well remain, regardless.

Russians make a lot of good software. Their computer training in universities has always been first rate.

This is similar to the big issue over the Kaspersky company, a major manufacturer of a high-quality antimalware suite, being Russian. The US has made it a big issue, passing regulations that prohibit US government offices from using it, forcing Kaspersky to consider moving to Switzerland. I don't think many people in the infosec community have any concerns about Kaspersky being Russian. They've been in the antimalware business for quite a while and always get top marks in the independent antimalware tests.

There was a big row over Kaspersky's software actually doing its job and detecting malware on an NSA officer's personal workstation at home, where he was conducting development in an unauthorized manner. The software did as it is designed, which is upload the suspicious software to Kaspersky's servers for analysis. This was represented by the US government as some sort of "spying for the Russian intelligence community" by Kaspersky. The US government also made a big deal over the fact that Kaspersky does work with the Russian government on computer security issues, as one would expect of such a company.

The whole thing is just another example of "Russian Derangement Syndrome."

[Aug 01, 2018] There was a big row over Kaspersky's software actually doing its job and detecting malware on an NSA officer's personal workstation at home, where he was conducting development in an unauthorized manner.

Aug 01, 2018 | turcopolier.typepad.com

[Jul 05, 2018] Stuxnet opened a can of worms

Jul 05, 2018 | www.theamericanconservative.com

...Stuxnet, which was thought to be a joint American-Israeli assault on Iran's nuclear program. And there are reports of U.S. attempts to similarly hamper North Korean missile development. Some consider such direct attacks on other governments to be akin to acts of war. Would Washington join Moscow in a pledge to become a good cyber citizen?

[Jun 19, 2018] DOJ Indicts Vault 7 Leak Suspect; WikiLeaks Release Was Largest Breach In CIA History Zero Hedge

Jun 19, 2018 | www.zerohedge.com

A 29-year-old former CIA computer engineer, Joshua Adam Schulte, was indicted Monday by the Department of Justice on charges of masterminding the largest leak of classified information in the spy agency's history .

Schulte, who created malware for the U.S. Government to break into adversaries computers, has been sitting in jail since his August 24, 2017 arrest on unrelated charges of posessing and transporting child pornography - which was discovered in a search of his New York apartment after Schulte was named as the prime suspect in the cyber-breach one week after WikiLeaks published the "Vault 7" series of classified files. Schulte was arrested and jailed on the child porn charges while the DOJ ostensibly built their case leading to Monday's additional charges.

[I]nstead of charging Mr. Schulte in the breach, referred to as the Vault 7 leak, prosecutors charged him last August with possessing child pornography, saying agents had found 10,000 illicit images on a server he created as a business in 2009 while studying at the University of Texas at Austin.

Court papers quote messages from Mr. Schulte that suggest he was aware of the encrypted images of children being molested by adults on his computer, though he advised one user, "Just don't put anything too illegal on there." - New York Times

Monday's DOJ announcement adds new charges related to stealing classified national defense information from the Central Intelligence Agency in 2016 and transmitting it to WikiLeaks ("Organization-1").

The Vault 7 release - a series of 24 documents which began to publish on March 7, 2017 - reveal that the CIA had a wide variety of tools to use against adversaries, including the ability to "spoof" its malware to appear as though it was created by a foreign intelligence agency , as well as the ability to take control of Samsung Smart TV's and surveil a target using a "Fake Off" mode in which they appear to be powered down while eavesdropping.

The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity .

...

The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from .

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques . - WikiLeaks

Schulte previously worked for the NSA before joining the CIA, then "left the intelligence community in 2016 and took a job in the private sector," according to a statement reviewed in May by The Washington Post .

Schulte also claimed that he reported "incompetent management and bureaucracy" at the CIA to that agency's inspector general as well as a congressional oversight committee. That painted him as a disgruntled employee, he said, and when he left the CIA in 2016, suspicion fell upon him as "the only one to have recently departed [the CIA engineering group] on poor terms," Schulte wrote. - WaPo

Part of that investigation, reported WaPo, has been analyzing whether the Tor network - which allows internet users to hide their location (in theory) "was used in transmitting classified information."

In other hearings in Schulte's case, prosecutors have alleged that he used Tor at his New York apartment, but they have provided no evidence that he did so to disclose classified information. Schulte's attorneys have said that Tor is used for all kinds of communications and have maintained that he played no role in the Vault 7 leaks. - WaPo

Schulte says he's innocent: " Due to these unfortunate coincidences the FBI ultimately made the snap judgment that I was guilty of the leaks and targeted me," Schulte said. He launched Facebook and GoFundMe pages to raise money for his defense, which despite a $50 million goal, has yet to r eceive a single donation.

me name=

The Post noted in May, the Vault 7 release was one of the most significant leaks in the CIA's history , "exposing secret cyberweapons and spying techniques that might be used against the United States, according to current and former intelligence officials."

The CIA's toy chest includes:

"The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages."

me title=

me title=

me title=

"Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.

In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa.

CIA hackers operating out of the Frankfurt consulate ( "Center for Cyber Intelligence Europe" or CCIE) are given diplomatic ("black") passports and State Department cover.

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.

CIA hackers developed successful attacks against most well known anti-virus programs. These are documented in AV defeats , Personal Security Products , Detecting and defeating PSPs and PSP/Debugger/RE Avoidance . For example, Comodo was defeated by CIA malware placing itself in the Window's "Recycle Bin" . While Comodo 6.x has a "Gaping Hole of DOOM" .

You can see the entire Vault7 release here .

A DOJ statement involving the Vault7 charges reads:

"Joshua Schulte, a former employee of the CIA, allegedly used his access at the agency to transmit classified material to an outside organization . During the course of this investigation, federal agents also discovered alleged child pornography in Schulte's New York City residence ," said Manhattan U.S. Attorney Geoffrey S. Berman.

On March 7, 2017, Organization-1 released on the Internet classified national defense material belonging to the CIA (the "Classified Information"). In 2016, SCHULTE, who was then employed by the CIA, stole the Classified Information from a computer network at the CIA and later transmitted it to Organization-1. SCHULTE also intentionally caused damage without authorization to a CIA computer system by granting himself unauthorized access to the system, deleting records of his activities, and denying others access to the system . SCHULTE subsequently made material false statements to FBI agents concerning his conduct at the CIA.

Schulte faces 135 years in prison if convicted on all 13 charges:

  1. Illegal Gathering of National Defense Information, 18 U.S.C. §§ 793(b) and 2
  2. Illegal Transmission of Lawfully Possessed National Defense Information, 18 U.S.C. §§ 793(d) and 2
  3. Illegal Transmission of Unlawfully Possessed National Defense Information, 18 U.S.C. §§ 793(e) and 2
  4. Unauthorized Access to a Computer To Obtain Classified Information, 18 U.S.C. §§ 1030(a)(1) and 2
  5. Theft of Government Property, 18 U.S.C. §§ 641 and 2
  6. Unauthorized Access of a Computer to Obtain Information from a Department or Agency of the United States, 18 U.S.C. §§ 1030(a)(2) and 2
  7. Causing Transmission of a Harmful Computer Program, Information, Code, or Command, 18 U.S.C. §§ 1030(a)(5) and 2
  8. Making False Statements, 18 U.S.C. §§ 1001 and 2
  9. Obstruction of Justice, 18 U.S.C. §§ 1503 and 2
  10. Receipt of Child Pornography, 18 U.S.C. §§ 2252A(a)(2)(B), (b)(1), and 2
  11. Possession of Child Pornography, 18 U.S.C. §§ 2252A(a)(5)(B), (b)(2), and 2
  12. Transportation of Child Pornography, 18 U.S.C. § 2252A(a)(1)
  13. Criminal Copyright Infringement, 17 U.S.C. § 506(a)(1)(A) and 18 U.S.C. § 2319(b)(1)

Billy the Poet -> Anarchyteez Mon, 06/18/2018 - 22:50 Permalink

So Schulte was framed for kiddie porn because he released information about how the CIA can frame innocent people for computer crime.

A Sentinel -> Billy the Poet Mon, 06/18/2018 - 22:59 Permalink

That seems very likely.

Seems like everyone has kiddy porn magically appear and get discovered after they piss off the deep state bastards.

And the best part is that it's probably just the deep state operatives' own private pedo collections that they use to frame anyone who they don't like.

A Sentinel -> CrabbyR Mon, 06/18/2018 - 23:46 Permalink

I was thinking about the advancement of the technology necessary for that. They can do perfect fake stills already.

My thought is that you will soon need to film yourself 24/7 (with timestamps, shared with a blockchain-like verifiably) so that you can disprove fake video evidence by having a filmed alibi.

CrabbyR -> A Sentinel Tue, 06/19/2018 - 00:07 Permalink

good point but creepy to think it can get that bad

peopledontwanttruth -> Anarchyteez Mon, 06/18/2018 - 22:50 Permalink

Funny how all these whistleblowers are being held for child pornography until trial.

But we have evidence of government officials and Hollyweird being involved in this perversion and they walk among us

secretargentman -> peopledontwanttruth Mon, 06/18/2018 - 22:51 Permalink

Those kiddy porn charges are extremely suspect, IMO.

chunga -> secretargentman Mon, 06/18/2018 - 23:12 Permalink

It's so utterly predictable.

The funny* thing is I believe gov, particularly upper levels, is chock full of pedophiles.

* It isn't funny, my contempt for the US gov grows practically by the hour.

A Sentinel -> chunga Mon, 06/18/2018 - 23:42 Permalink

I said pretty much the same. I further speculated that it was their own porn that they use for framing operations.

SybilDefense -> A Sentinel Tue, 06/19/2018 - 00:33 Permalink

Ironically, every single ex gov whistle blower (/pedophile) has the exact same kiddie porn data on their secret server (hidden in plane view at the apartment). Joe CIA probably has a zip drive preloaded with titled data sets like "Podesta's Greatest Hits", "Hillary's Honey bunnies" or "Willy go to the zoo". Like the mix tapes you used to make for a new gal you were trying to date. Depending upon the mood of the agent in charge, 10,000 images of Weiner's "Warm Pizza" playlist magically appear on the server in 3-2-1... Gotcha!

These false fingerprint tactics were all over the trump accusations which started the whole Russia Russia Russia ordeal. And the Russia ordeal was conceptualized in a paid report to Podesta by the Bensenson Group called the Salvage Program when it was appearant that Trump could possible win and the DNC needed ideas on how to throw the voters off at the polls. Russia is coming /Red dawn was #1 or #2 on the list of 7 recommended ploys. The final one was crazy.. If Trump appeared to win the election, imagery of Jesus and an Alien Invasion was to be projected into the skies to cause mass panic and create a demand for free zanex to be handed out to the panic stricken.

Don't forget Black Lives Matters. That was idea #4 of this Bensenson report, to create civil unrest and a race war. Notice how BLM and Antifa manically disappeared after Nov 4. All a ploy by the Dems & the deep state to remain in control of the countrys power.

Back to the topic at hand. Its a wonder he didn't get Seth Riched. Too many porn servers and we will begin to question the legitimacy. Oh wait...

You won't find any kiddie porn on Hillary's or DeNiros laptop. Oh its there. You just will never ever hear about it.

cankles' server -> holdbuysell Mon, 06/18/2018 - 22:57 Permalink

The Vault 7 release - a series of 24 documents which began to publish on March 7, 2017 - reveal that the CIA had a wide variety of tools to use against adversaries, including the ability to "spoof" its malware to appear as though it was created by a foreign intelligence agency ....

It probably can spoof child porn as well.

Is he charged with copyright infringement for pirating child porn?

BGO Mon, 06/18/2018 - 22:43 Permalink

The intel community sure has a knack for sussing out purveyors of child pornography. It's probably just a coincidence govt agencies and child pornography are inextricably linked.

Never One Roach -> BGO Mon, 06/18/2018 - 22:44 Permalink

Sounds like he may be a friend of Uncle Joe Biden whom we know is "very, very friendly" with the children.

NotBuyingIt -> BGO Mon, 06/18/2018 - 23:09 Permalink

It's very easy for a criminal spook to plant child porn on some poor slob's machine - especially when they want to keep him on the hook to sink his ass for something bigger in the future. Who knows... this guy may have done some shit but I'm willing to bet he was entirely targeted by these IC assholes. Facing 135 years in prison... yet that baggy ass cunt Hillary walks free...

DoctorFix -> BGO Mon, 06/18/2018 - 23:18 Permalink

Funny how they always seem to have a "sting" operation in progress when there's anyone the DC rats want to destroy but strangely, or not, silent as the grave when one of the special people are fingered.

MadHatt Mon, 06/18/2018 - 22:43 Permalink

Transportation of Child Pornography, 18 U.S.C. § 2252A(a)(1)

Uhh... what? He stole CIA child porn?

navy62802 -> MadHatt Mon, 06/18/2018 - 23:30 Permalink

Nah ... that's the shit they planted on him for an excuse to make an arrest.

MadHatt -> navy62802 Tue, 06/19/2018 - 00:29 Permalink

If he stole all their hacking apps, wouldn't that be enough to arrest him?

Never One Roach Mon, 06/18/2018 - 22:44 Permalink

That list of federal crimes is almost as long as Comey's list of Hillary Clinton's federal crimes.

_triplesix_ Mon, 06/18/2018 - 22:46 Permalink

Of all these things the C_A can do, it doesn't take a brain surgeon to realize that planting CP on a computer of someone you don't like would be a piece of cake, comparatively speaking.

_triplesix_ Mon, 06/18/2018 - 22:46 Permalink

Of all these things the C_A can do, it doesn't take a brain surgeon to realize that planting CP on a computer of someone you don't like would be a piece of cake, comparatively speaking.

Giant Meteor -> _triplesix_ Mon, 06/18/2018 - 22:51 Permalink

It probably comes standard now buried within systems, like a sleeper cell. Just waiting for the right infraction and trigger to be pulled ..

PigMan Mon, 06/18/2018 - 22:50 Permalink

Did he also leak that the CIA's favorite tactic is to plant kiddie porn on their targets computer?

ConnectingTheDots Mon, 06/18/2018 - 22:56 Permalink

The alphabet agencies would never hack someone's computer.

The alphabet agencies would never spy on US citizens (at least not wittingly)

The alphabet agencies would never plant physical evidence.

The alphabet agencies would never lie under oath.

The alphabet agencies would never have an agenda.

The alphabet agencies would never provide the media with false information.

/s

Chupacabra-322 Mon, 06/18/2018 - 23:14 Permalink

The "Spoofing" or Digital Finger Print & Parallel Construction tools that can be used against Governments, Individuals, enemies & adversaries are Chilling.

The CIA can not only hack into anything -- they can download any "evidence" they want onto your phone or computer. Child pornography, national secrets, you name it. Then they can blackmail you, threatening prosecution for whatever crap they have planted, then "found" on your computer. They can also "spoof" the source of such downloads -- for instance, if they want to "prove" that something on your computer (or Donald Trump's computer) came from a "Russian source" -- they can spoof the IP address of a Russian source.

The take-away: no digital evidence the CIA or NSA produces on any subject whatsoever can be trusted. No digital evidence should be acceptable in any case where the government has an interest, because they have the complete ability to fabricate and implant any evidence on any iphone or computer. And worse: they have intentionally created these digital vulnerabilities and pushed them onto the whole world via Microsoft and Google. Government has long been at war with liberty, claiming that we need to give up liberty to be secure. Now we learn that they have been deliberately sabotaging our security, in order to augment their own power. Time to shut down the CIA and all the other spy agencies. They're not keeping us free OR secure, and they're doing it deliberately. Their main function nowadays seems to be lying us into wars against countries that never attacked us, and had no plans to do so.

The Echelon Computer System Catch Everything

The Flagging goes to Notify the Appropriate Alphabet,,,...Key Words Phrases...Algorithms,...It all gets sucked up and chewed on and spat out to the surmised computed correct departments...That simple.

Effective immediately defund, Eliminate & Supeona it's Agents, Officials & Dept. Heads in regard to the Mass Surveillance, Global Espionage Spying network & monitoring of a President Elect by aforementioned Agencies & former President Obama, AG Lynch & DIA James Clapper, CIA John Breanan.

#SethRich

#Vault7

#UMBRAGE

ZIRPdiggler -> Chupacabra-322 Tue, 06/19/2018 - 00:29 Permalink

Since 911, they've been "protecting" the shit out of us. "protecting" away every last fiber of liberty. Was watching some fact-based media about the CIA's failed plan to install Yeltsin's successor via a Wallstreet banking cartel bet (see, LTCM implosion). The ultimate objectives were to rape and loot post-Soviet Russian resources and enforce regime change. It's such a tired playbook at this point. Who DOESNT know about this sort of affront? Apparently even nobel prize economists cant prevent a nation from failing lol. The ultimate in vanity; our gubmint and its' shadow controllers.

moobra Mon, 06/18/2018 - 23:45 Permalink

This is because people who are smart enough to write walware for the CIA send messages in the clear about child porn and are too dumb to encrypt images with a key that would take the lifetime of the universe to break.

Next his mother will be found to have a tax problem and his brother's credit rating zeroed out.

Meanwhile Comey will be found to have been "careless".

ZIRPdiggler Tue, 06/19/2018 - 00:05 Permalink

Yeah I don't believe for a second that this guy had anything to do with child porn. Not like Obama and his hotdogs or Clintons at pedo island, or how bout uncle pervie podesta? go after them, goons and spooks. They (intelligence agencies) falsely accuse people of exactly what they are ass-deep in. loses credibility with me when the CIA clowns or NSA fuck ups accuse anyone of child porn; especially one of their former employees who is 'disgruntled'. LOL. another spook railroad job done on a whistleblower. fuck the CIA and all 17 alphabet agencies who spy on us 24/7. Just ask, if you want to snoop on me. I may even tell you what I'm up to because I have nothing that I would hide since, I don't give a shit about you or whether you approve of what I am doing.

AGuy -> ZIRPdiggler Tue, 06/19/2018 - 00:36 Permalink

"Yeah I don't believe for a second that this guy had anything to do with child porn."

Speculation by my part: He was running a Tor server, and the porn originated from other Tor users. If that is the case ( it would be easy for law enforcement to just assume it was his) law enforcement enjoys a quick and easy case.

rgraf Tue, 06/19/2018 - 00:05 Permalink

They shouldn't be spying, and they shouldn't keep any secrets from the populace. If they weren't doing anything wrong, they have nothing to hide.

ZIRPdiggler -> rgraf Tue, 06/19/2018 - 00:09 Permalink

It really doesn't matter if someone wants to hide. That is their right. Only Nazi's like our spy agencies would use the old Gestapo line, "If you have nothing to hide then you have nothing to worry about. Or better yet, you should let me turn your life upside down if you have nothing to hide. " Bullshit! It's none of their fucking business. How bout that? Spooks and secret clowns CAN and DO frame anybody for whatever or murder whomever they wish. So why WOULDNT people be afraid when government goons start sticking their big snouts into their lives??? They can ruin your life for the sake of convenience. Zee Furor is not pleased with your attitude, comrade.

Blue Steel 309 Tue, 06/19/2018 - 00:53 Permalink

Vault 7 proves that most digital evidence should be inadmissible in court, yet I don't see anyone publishing articles about this problem.

[May 20, 2018] How to: install Windows 7 on a recent laptop/PC from a bootable USB drive

May 20, 2018 | bogdan.org.ua

12th June 2016

If you had ever seen the not-so-descriptive error message
A required CD/DVD drive device driver is missing ,
then you have been trying to install Windows 7 (possibly using a bootable flash drive) on a recent laptop or desktop.

There are two major obstacles for a somewhat-dated Windows 7 when it sees modern hardware:

Fortunately, both problems are easy to fix.
Just follow the steps below; skip steps 1 and 2 if you already have a bootable Win7 flash drive.
Read the rest of this entry "

[Apr 17, 2018] U.S., British governments warn businesses worldwide of Russian campaign to hack routers by Ellen Nakashima

Looks like US and British government does not like competition ;-)
"These network devices make "ideal targets," said Manfra, Homeland Security's assistant secretary for cybersecurity and communications." -- he knows what he is talking about...
The problem here are "very cheap" and "very old" routers and weak firewalls. Your Router's Security Stinks Here's How to Fix It For those who are into this business it might benefical to use a separate firewall unit and a "honeypot" before the router those days. You may wish to buy a low-end commercial-grade Wi-Fi/Ethernet router, which retails for about $200, rather than a consumer-friendly router that can cost as little as $20.
Apr 16, 2018 | www.washingtonpost.com

The unusual public warning from the White House, U.S. agencies and Britain's National Cyber Security Center follows a years-long effort to monitor the threat. The targets number in the millions, officials say, and include "primarily government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors."

... ... ...

These network devices make "ideal targets," said Manfra, Homeland Security's assistant secretary for cybersecurity and communications. Most traffic within a company or between organizations traverses them. So a hacker can monitor, modify or disrupt it, she said. And they're usually not secured at the same level as a network server.

"Once you own the router, you own the traffic that's traversing the router," she said.

... ... ...

Ellen Nakashima is a national security reporter for The Washington Post. She covers cybersecurity, surveillance, counterterrorism and intelligence issues. She has also served as a Southeast Asia correspondent and covered the White House and Virginia state politics. She joined The Post in 1995. Follow @nakashimae

jedediah smytheson, 3 hours ago

It is appropriate to reveal and decry misbehavior in cyberspace. What is not appropriate is our leaders ignoring their own responsibility to secure government networks. The sad fact is that senior leaders in government do not understand the issue and are unwilling to accept any inconvenience. The Federal government has lost huge amounts of very sensitive data of AT LEAST 100 million citizens. If I remember correctly, OPM lost 23 million electronic security clearance forms (SF 86s) with personal information not only of the person being processed for a clearance, but also of the members of that person's family. That's how I came up with over 100 million. And what was the result? Well, no one was held accountable or responsible for this incredible breach of security. More importantly, the networks are still not well secured. In summary, we will be hacked continuously until someone in Government takes this seriously and puts more resources into securing the networks rather than turning the public's attention away from their own incompetence and focusing on our adversaries.

bluefrog, 4 hours ago

Haha ... the U.K. who secretly tapped the fiber optic cables running under the Atlantic Ocean to record EVERYONE's private data is now advising against hackers! A degenerate country operating on the basis of lies and deceit, I don't trust them as far as I can throw them.

hkbctkny, 4 hours ago

This is really nothing new [ https://www.us-cert.gov/ncas/alerts/TA18-106A ] - most of this has been going on forever, even skript kiddies were on it back in the day.

The only part that might be news is if there's evidence of a concerted, targeted campaign from one very organized actor. Haven't seen the evidence presented, though, and my scans are basically what they've always been: hundreds and hundreds from residential CPE and other compromised machines from all over the world.

Update your firmware - even old devices can be updated, for the most part; turn off remote mgt (!), change the password to something that YOU set.

Make it challenging, at least.
4 hours ago
Really no different from the NSA and GCHQ..........

[Mar 27, 2018] Meet the Tiny Startup That Sells IPhone and Android Zero Days To Governments

Mar 27, 2018 | it.slashdot.org

(vice.com) The story of Azimuth Security, a tiny startup in Australia, provides a rare peek inside the secretive industry that helps government hackers get around encryption . Azimuth is part of an opaque, little known corner of the intelligence world made of hackers who develop and sell expensive exploits to break into popular technologies like iOS, Chrome, Android and Tor.

[Mar 27, 2018] Facebook Gave Data About 57 Billion Friendships To Academic

Mar 27, 2018 | tech.slashdot.org

(theguardian.com) an anonymised, aggregate dataset of 57bn Facebook friendships . From a report: Facebook provided the dataset of "every friendship formed in 2011 in every country in the world at the national aggregate level" to Kogan's University of Cambridge laboratory for a study on international friendships published in Personality and Individual Differences in 2015. Two Facebook employees were named as co-authors of the study, alongside researchers from Cambridge, Harvard and the University of California, Berkeley. Kogan was publishing under the name Aleksandr Spectre at the time. A University of Cambridge press release on the study's publication noted that the paper was "the first output of ongoing research collaborations between Spectre's lab in Cambridge and Facebook." Facebook did not respond to queries about whether any other collaborations occurred. "The sheer volume of the 57bn friend pairs implies a pre-existing relationship," said Jonathan Albright, research director at the Tow Center for Digital Journalism at Columbia University. "It's not common for Facebook to share that kind of data. It suggests a trusted partnership between Aleksandr Kogan/Spectre and Facebook."

[Mar 27, 2018] Hey Microsoft, Stop Installing Apps On My PC Without Asking

Mar 27, 2018 | tech.slashdot.org

(howtogeek.com) I'm getting sick of Windows 10's auto-installing apps. Apps like Facebook are now showing up out of nowhere, and even displaying notifications begging for me to use them. I didn't install the Facebook app, I didn't give it permission to show notifications, and I've never even used it. So why is it bugging me? Windows 10 has always been a little annoying about these apps, but it wasn't always this bad. Microsoft went from "we pinned a few tiles, but the apps aren't installed until you click them" to "the apps are now automatically installed on your PC" to " the automatically installed apps are now sending you notifications ." It's ridiculous.

[Mar 27, 2018] A Hacker Has Wiped a Spyware Company's Servers -- Again

Mar 27, 2018 | it.slashdot.org

(vice.com) spyware to everyday consumers and wiped their servers, deleting photos captured from monitored devices. A year later, the hacker has done it again . Motherboard: Thursday, the hacker said he started wiping some cloud servers that belong to Retina-X Studios, a Florida-based company that sells spyware products targeted at parents and employers, but that are also used by people to spy on their partners without their consent. Retina-X was one of two companies that were breached last year in a series of hacks that exposed the fact that many otherwise ordinary people surreptitiously install spyware on their partners' and children's phones in order to spy on them. This software has been called "stalkerware" by some.

[Mar 27, 2018] Salon Magazine Mines Monero On Your Computer If You Use an Ad Blocker

Mar 27, 2018 | hardware.slashdot.org

(bbc.com) BeauHD on Monday February 19, 2018 @06:00AM from the crypto-cash dept. dryriver shares a report from BBC: News organizations have tried many novel ways to make readers pay -- but this idea is possibly the most audacious yet. If a reader chooses to block its advertising, U.S. publication Salon will use that person's computer to mine for Monero , a cryptocurrency similar to Bitcoin. Creating new tokens of a cryptocurrency typically requires complex calculations that use up a lot of computing power. Salon told readers: "We intend to use a small percentage of your spare processing power to contribute to the advancement of technological discovery, evolution and innovation." The site is making use of CoinHive, a controversial mining tool that was recently used in an attack involving government websites in the UK, U.S. and elsewhere. However, unlike that incident, where hackers took control of visitors' computers to mine cryptocurrency, Salon notifies users and requires them to agree before the tool begins mining.

[Mar 27, 2018] Flight Sim Company Embeds Malware To Steal Pirates' Passwords

Mar 27, 2018 | yro.slashdot.org

(torrentfreak.com) Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure . Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.

[Mar 27, 2018] MoviePass CEO Proudly Says App Tracks Your Location Before, After Movies

Mar 27, 2018 | yro.slashdot.org

(techcrunch.com) BeauHD on Tuesday March 06, 2018 @03:00AM from the head-held-high dept. MoviePass CEO Mitch Lowe told an audience at a Hollywood event last Friday that the app tracks moviegoers' locations before and after each show they watch . "We get an enormous amount of information," Lowe said. "We watch how you drive from home to the movies. We watch where you go afterwards." His talk at the Entertainment Finance Forum was entitled "Data is the New Oil: How will MoviePass Monetize It?" TechCrunch reports: It's no secret that MoviePass is planning on making hay out of the data collected through its service. But what I imagined, and what I think most people imagined, was that it would be interesting next-generation data about ticket sales, movie browsing, A/B testing on promotions in the app and so on. I didn't imagine that the app would be tracking your location before you even left your home, and then follow you while you drive back or head out for a drink afterwards. Did you? It sure isn't in the company's privacy policy , which in relation to location tracking discloses only a "single request" when selecting a theater, which will "only be used as a means to develop, improve, and personalize the service." Which part of development requires them to track you before and after you see the movie? A MoviePass representative said in a statement to TechCrunch: "We are exploring utilizing location-based marketing as a way to help enhance the overall experience by creating more opportunities for our subscribers to enjoy all the various elements of a good movie night. We will not be selling the data that we gather. Rather, we will use it to better inform how to market potential customer benefits including discounts on transportation, coupons for nearby restaurants, and other similar opportunities."

[Mar 27, 2018] Half of Ransomware Victims Didn't Recover Their Data After Paying the Ransom

Mar 27, 2018 | it.slashdot.org

(bleepingcomputer.com) A massive survey of nearly 1,200 IT security practitioners and decision makers across 17 countries reveals that half the people who fell victim to ransomware infections last year were able to recover their files after paying the ransom demand. The survey, carried out by research and marketing firm CyberEdge Group, reveals that paying the ransom demand, even if for desperate reasons, does not guarantee that victims will regain access to their files . Timely backups are still the most efficient defense against possible ransomware infections, as it allows easy recovery. The survey reveals that 55% of all responders suffered a ransomware infection in 2017, compared to the previous year's study, when 61% experienced similar incidents. Of all the victims who suffered ransomware infections, CyberEdge discovered that 61.3% opted not to pay the ransom at all. Some lost files for good (8%), while the rest (53.3%) managed to recover files, either from backups or by using ransomware decrypter applications. Of the 38.7% who opted to pay the ransom, a little less than half (19.1%) recovered their files using the tools provided by the ransomware authors.

[Mar 27, 2018] My Cow Game Extracted Your Facebook Data

Mar 27, 2018 | tech.slashdot.org

(theatlantic.com) Already in 2010, it felt like a malicious attention market where people treated friends as latent resources to be optimized. Compulsion rather than choice devoured people's time. Apps like FarmVille sold relief for the artificial inconveniences they themselves had imposed. In response, I made a satirical social game called Cow Clicker. Players clicked a cute cow, which mooed and scored a "click." Six hours later, they could do so again. They could also invite friends' cows to their pasture, buy virtual cows with real money, compete for status, click to send a real cow to the developing world from Oxfam, outsource clicks to their toddlers with a mobile app, and much more. It became strangely popular, until eventually, I shut the whole thing down in a bovine rapture -- the "cowpocalypse." It's kind of a complicated story .

But one worth revisiting today, in the context of the scandal over Facebook's sanctioning of user-data exfiltration via its application platform. It's not just that abusing the Facebook platform for deliberately nefarious ends was easy to do (it was). But worse, in those days, it was hard to avoid extracting private data, for years even, without even trying. I did it with a silly cow game. Cow Clicker is not an impressive work of software. After all, it was a game whose sole activity was clicking on cows. I wrote the principal code in three days, much of it hunched on a friend's couch in Greenpoint, Brooklyn. I had no idea anyone would play it, although over 180,000 people did, eventually. And yet, if you played Cow Clicker, even just once, I got enough of your personal data that, for years, I could have assembled a reasonably sophisticated profile of your interests and behavior. I might still be able to; all the data is still there, stored on my private server, where Cow Clicker is still running, allowing players to keep clicking where a cow once stood, before my caprice raptured them into the digital void.

[Mar 27, 2018] 'Slingshot' Malware That Hid For Six Years Spread Through Routers

Mar 27, 2018 | it.slashdot.org

BeauHD on Monday March 12, 2018 @08:10PM from the under-the-radar dept. An anonymous reader quotes a report from Engadget: Security researchers at Kaspersky Lab have discovered what's likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through a multi-layer attack that targets MikroTik routers . It first replaces a library file with a malicious version that downloads other malicious components, and then launches a clever two-pronged attack on the computers themselves. One, Canhadr, runs low-level kernel code that effectively gives the intruder free rein, including deep access to storage and memory; the other, GollumApp, focuses on the user level and includes code to coordinate efforts, manage the file system and keep the malware alive. Kaspersky describes these two elements as "masterpieces," and for good reason. For one, it's no mean feat to run hostile kernel code without crashes. Slingshot also stores its malware files in an encrypted virtual file system, encrypts every text string in its modules, calls services directly (to avoid tripping security software checks) and even shuts components down when forensic tools are active. If there's a common method of detecting malware or identifying its behavior, Slingshot likely has a defense against it. It's no wonder that the code has been active since at least 2012 -- no one knew it was there. Recent MikroTik router firmware updates should fix the issue. However, there's concern that other router makers might be affected.

[Mar 25, 2018] Surveillance is the DNA of the Platform Economy

Creating a malware application which masks itself as some kind of pseudo scientific test and serves as the backdoor to your personal data is a very dirty trick...
Especially dirty it it used by academic researchers, who in reality are academic scum... An additional type of academic gangsters, in addition to Harvard Mafia
Notable quotes:
"... By Ivan Manokha, a departmental lecturer in the Oxford Department of International Development. He is currently working on power and obedience in the late-modern political economy, particularly in the context of the development of new technologies of surveillance. Originally published at openDemocracy ..."
"... The current social mobilization against Facebook resembles the actions of activists who, in opposition to neoliberal globalization, smash a McDonald's window during a demonstration. ..."
"... But as Christopher Wylie, a twenty-eight-year-old Canadian coder and data scientist and a former employee of Cambridge Analytica, stated in a video interview , the app could also collect all kinds of personal data from users, such as the content that they consulted, the information that they liked, and even the messages that they posted. ..."
"... All this is done in order to use data to create value in some way another (to monetize it by selling to advertisers or other firms, to increase sales, or to increase productivity). Data has become 'the new oil' of global economy, a new commodity to be bought and sold at a massive scale, and with this development, as a former Harvard Business School professor Shoshana Zuboff has argued , global capitalism has become 'surveillance capitalism'. ..."
"... What this means is that platform economy is a model of value creation which is completely dependant on continuous privacy invasions and, what is alarming is that we are gradually becoming used to this. ..."
"... In other instances, as in the case of Kogan's app, the extent of the data collected exceeds what was stated in the agreement. ..."
"... What we need is a total redefinition of the right to privacy (which was codified as a universal human right in 1948, long before the Internet), to guarantee its respect, both offline and online. ..."
"... I saw this video back in 2007. It was originally put together by a Sarah Lawrence student who was working on her paper on social media. The ties of all the original investors to IN-Q-Tel scared me off and I decided to stay away from Facebook. ..."
"... But it isn't just FB. Amazon, Twitter, Google, LinkedIn, Apple, Microsoft and many others do the same, and we are all caught up in it whether we agree to participate or not. ..."
"... Platform Capitalism is a mild description, it is manipulation based on Surveillance Capitalism, pure and simple. The Macro pattern of Corporate Power subsuming the State across every area is fascinating to watch, but a little scary. ..."
"... For his part, Aleksandr Kogan established a company, Global Science Research, that contracted with SCL, using Facebook data to map personality traits for its work in elections (Kosinski claims that Kogan essentially reverse-engineered the app that he and Stillwell had developed). Kogan's app harvested data on Facebook users who agreed to take a personality test for the purposes of academic research (though it was, in fact, to be used by SCL for non-academic ends). But according to Wylie, the app also collected data on their entire -- and nonconsenting -- network of friends. Once Cambridge Analytica and SCL had won contracts with the State Department and were pitching to the Pentagon, Wylie became alarmed that this illegally-obtained data had ended up at the heart of government, along with the contractors who might abuse it. ..."
"... This apparently bizarre intersection of research on topics like love and kindness with defense and intelligence interests is not, in fact, particularly unusual. It is typical of the kind of dual-use research that has shaped the field of social psychology in the US since World War II. ..."
"... Much of the classic, foundational research on personality, conformity, obedience, group polarization, and other such determinants of social dynamics -- while ostensibly civilian -- was funded during the cold war by the military and the CIA. ..."
"... The pioneering figures from this era -- for example, Gordon Allport on personality and Solomon Asch on belief conformity -- are still cited in NATO psy-ops literature to this day ..."
"... This is an issue which has frustrated me greatly. In spite of the fact that the country's leading psychologist (at the very least one of them -- ex-APA president Seligman) has been documented taking consulting fees from Guantanamo and Black Sites goon squads, my social science pals refuse to recognize any corruption at the core of their so-called replicated quantitative research. ..."
Mar 24, 2018 | www.nakedcapitalism.com
Yves here. Not new to anyone who has been paying attention, but a useful recap with some good observations at the end, despite deploying the cringe-making trope of businesses having DNA. That legitimates the notion that corporations are people.

By Ivan Manokha, a departmental lecturer in the Oxford Department of International Development. He is currently working on power and obedience in the late-modern political economy, particularly in the context of the development of new technologies of surveillance. Originally published at openDemocracy

The current social mobilization against Facebook resembles the actions of activists who, in opposition to neoliberal globalization, smash a McDonald's window during a demonstration.

On March 17, The Observer of London and The New York Times announced that Cambridge Analytica, the London-based political and corporate consulting group, had harvested private data from the Facebook profiles of more than 50 million users without their consent. The data was collected through a Facebook-based quiz app called thisisyourdigitallife, created by Aleksandr Kogan, a University of Cambridge psychologist who had requested and gained access to information from 270,000 Facebook members after they had agreed to use the app to undergo a personality test, for which they were paid through Kogan's company, Global Science Research.

But as Christopher Wylie, a twenty-eight-year-old Canadian coder and data scientist and a former employee of Cambridge Analytica, stated in a video interview , the app could also collect all kinds of personal data from users, such as the content that they consulted, the information that they liked, and even the messages that they posted.

In addition, the app provided access to information on the profiles of the friends of each of those users who agreed to take the test, which enabled the collection of data from more than 50 million.

All this data was then shared by Kogan with Cambridge Analytica, which was working with Donald Trump's election team and which allegedly used this data to target US voters with personalised political messages during the presidential campaign. As Wylie, told The Observer, "we built models to exploit what we knew about them and target their inner demons."

'Unacceptable Violation'

Following these revelations the Internet has been engulfed in outrage and government officials have been quick to react. On March 19, Antonio Tajani President of the European Parliament Antonio Tajani, stated in a twitter message that misuse of Facebook user data "is an unacceptable violation of our citizens' privacy rights" and promised an EU investigation. On March 22, Wylie communicated in a tweet that he accepted an invitation to testify before the US House Intelligence Committee, the US House Judiciary Committee and UK Parliament Digital Committee. On the same day Israel's Justice Ministry informed Facebook that it was opening an investigation into possible violations of Israelis' personal information by Facebook.

While such widespread condemnation of Facebook and Cambridge Analytica is totally justified, what remains largely absent from the discussion are broader questions about the role of data collection, processing and monetization that have become central in the current phase of capitalism, which may be described as 'platform capitalism', as suggested by the Canadian writer and academic Nick Srnicek in his recent book .

Over the last decade the growth of platforms has been spectacular: today, the top 4 enterprises in Forbes's list of most valuable brands are platforms, as are eleven of the top twenty. Most recent IPOs and acquisitions have involved platforms, as have most of the major successful startups. The list includes Apple, Google, Microsoft, Facebook, Twitter, Amazon, eBay, Instagram, YouTube, Twitch, Snapchat, WhatsApp, Waze, Uber, Lyft, Handy, Airbnb, Pinterest, Square, Social Finance, Kickstarter, etc. Although most platforms are US-based, they are a really global phenomenon and in fact are now playing an even more important role in developing countries which did not have developed commercial infrastructures at the time of the rise of the Internet and seized the opportunity that it presented to structure their industries around it. Thus, in China, for example, many of the most valuable enterprises are platforms such as Tencent (owner of the WeChat and QQ messaging platforms) and Baidu (China's search engine); Alibaba controls 80 percent of China's e-commerce market through its Taobao and Tmall platforms, with its Alipay platform being the largest payments platform in China.

The importance of platforms is also attested by the range of sectors in which they are now dominant and the number of users (often numbered in millions and, in some cases, even billions) regularly connecting to their various cloud-based services. Thus, to name the key industries, platforms are now central in Internet search (Google, Yahoo, Bing); social networking (Facebook, LinkedIn, Instagram, Snapchat); Internet auctions and retail (eBay, Taobao, Amazon, Alibaba); on-line financial and human resource functions (Workday, Upwork, Elance, TaskRabbit), urban transportation (Uber, Lyft, Zipcar, BlaBlaCar), tourism (Kayak, Trivago, Airbnb), mobile payment (Square Order, PayPal, Apple Pay, Google Wallet); and software development (Apple's App Store, Google Play Store, Windows App store). Platform-based solutions are also currently being adopted in more traditional sectors, such as industrial production (GE, Siemens), agriculture (John Deere, Monsanto) and even clean energy (Sungevity, SolarCity, EnerNOC).

User Profiling -- Good-Bye to Privacy

These platforms differ significantly in terms of the services that they offer: some, like eBay or Taobao simply allow exchange of products between buyers and sellers; others, like Uber or TaskRabbit, allow independent service providers to find customers; yet others, like Apple or Google allow developers to create and market apps.

However, what is common to all these platforms is the central role played by data, and not just continuous data collection, but its ever more refined analysis in order to create detailed user profiles and rankings in order to better match customers and suppliers or increase efficiency.

All this is done in order to use data to create value in some way another (to monetize it by selling to advertisers or other firms, to increase sales, or to increase productivity). Data has become 'the new oil' of global economy, a new commodity to be bought and sold at a massive scale, and with this development, as a former Harvard Business School professor Shoshana Zuboff has argued , global capitalism has become 'surveillance capitalism'.

What this means is that platform economy is a model of value creation which is completely dependant on continuous privacy invasions and, what is alarming is that we are gradually becoming used to this.

Most of the time platform providers keep track of our purchases, travels, interest, likes, etc. and use this data for targeted advertising to which we have become accustomed. We are equally not that surprised when we find out that, for example, robotic vacuum cleaners collect data about types of furniture that we have and share it with the likes of Amazon so that they can send us advertisements for pieces of furniture that we do not yet possess.

There is little public outcry when we discover that Google's ads are racially biased as, for instance, a Harvard professor Latanya Sweeney found by accident performing a search. We are equally hardly astonished that companies such as Lenddo buy access to people's social media and browsing history in exchange for a credit score. And, at least in the US, people are becoming accustomed to the use of algorithms, developed by private contractors, by the justice system to take decisions on sentencing, which often result in equally unfair and racially biased decisions .

The outrage provoked by the Cambridge Analytica is targeting only the tip of the iceberg. The problem is infinitely larger as there are countless equally significant instances of privacy invasions and data collection performed by corporations, but they have become normalized and do not lead to much public outcry.

DNA

Today surveillance is the DNA of the platform economy; its model is simply based on the possibility of continuous privacy invasions using whatever means possible. In most cases users agree, by signing the terms and conditions of service providers, so that their data may be collected, analyzed and even shared with third parties (although it is hardly possible to see this as express consent given the size and complexity of these agreements -- for instance, it took 8 hours and 59 minutes for an actor hired by the consumer group Choice to read Amazon Kindle's terms and conditions). In other instances, as in the case of Kogan's app, the extent of the data collected exceeds what was stated in the agreement.

But what is important is to understand that to prevent such scandals in the future it is not enough to force Facebook to better monitor the use of users' data in order to prevent such leaks as in the case of Cambridge Analytica. The current social mobilization against Facebook resembles the actions of activists who, in opposition to neoliberal globalization, smash a McDonald's window during a demonstration.

What we need is a total redefinition of the right to privacy (which was codified as a universal human right in 1948, long before the Internet), to guarantee its respect, both offline and online.

What we need is a body of international law that will provide regulations and oversight for the collection and use of data.

What is required is an explicit and concise formulation of terms and conditions which, in a few sentences, will specify how users' data will be used.

It is important to seize the opportunity presented by the Cambridge Analytica scandal to push for these more fundamental changes.



Arizona Slim , , March 24, 2018 at 7:38 am

I am grateful for my spidey sense. Thanks, spidey sense, for ringing the alarm bells whenever I saw one of those personality tests on Facebook. I never took one.

Steve H. , , March 24, 2018 at 8:05 am

First they came for

The most efficient strategy is to be non-viable . They may come for you eventually, but someone else gets to be the canary, and you haven't wasted energy in the meantime. TOR users didn't get that figured out.

Annieb , , March 24, 2018 at 2:02 pm

Never took the personality test either, but now I now that all of my friends who did unknowingly gave up my personal information too. I read an article somewhere about this over a year ago so it's really old news. Sent the link to a few people who didn't care. But now that they all know that Cambridge Analytical used FB data in support of the Trump campaign it's all over the mainstream and people are upset.

ChrisPacific , , March 25, 2018 at 4:07 pm

You can disable that (i.e., prevent friends from sharing your info with third parties) in the privacy options. But the controls are not easy to find and everything is enabled by default.

HotFlash , , March 24, 2018 at 3:13 pm

I haven't FB'd in years and certainly never took any such test, but if any of my friends, real or FB, did, and my info was shared, can I sue? If not, why not?

Octopii , , March 24, 2018 at 8:06 am

Everyone thought I was paranoid as I discouraged them from moving backups to the cloud, using trackers, signing up for grocery store clubs, using real names and addresses for online anything, etc. They thought I was overreacting when I said we need European-style privacy laws in this country. People at work thought my questions about privacy for our new location-based IoT plans were not team-based thinking.

And it turns out after all this that they still think I'm extreme. I guess it will have to get worse.

Samuel Conner , , March 24, 2018 at 8:16 am

In a first for me, there are surface-mount resistors in the advert at the top of today's NC links page. That is way out of the ordinary; what I usually see are books or bicycle parts; things I have recently purchased or searched.

But a couple of days ago I had a SKYPE conversation with a sibling about a PC I was scavenging for parts, and surface mount resistors (unscavengable) came up. I suspect I have been observed without my consent and am not too happy about it. As marketing, it's a bust; in the conversation I explicitly expressed no interest in such components as I can't install them. I suppose I should be glad for this indication of something I wasn't aware was happening.

Collins , , March 24, 2018 at 9:14 am

Had you used your computer keyboard previously to search for 'surface mount resistors', or was the trail linking you & resistors entirely verbal?

Samuel Conner , , March 24, 2018 at 10:15 am

No keyboard search. I never so much as think about surface mount components; the inquiry was raised by my sibling and I responded. Maybe its coincidental, but it seems quite odd.

I decided to click through to the site to generate a few pennies for NC and at least feel like I was punishing someone for snooping on me.

Abi , , March 25, 2018 at 3:24 pm

Its been happening to me a lot recently on my Instagram, I don't like pictures or anything, but whenever I have a conversation with someone on my phone, I start seeing ads of what I spoke about

ChiGal in Carolina , , March 25, 2018 at 10:12 am

I thought it came out a while ago that Skype captures and retains all the dialogue and video of convos using it.

Eureka Springs , , March 24, 2018 at 8:44 am

What we need is a total redefinition of the right to privacy (which was codified as a universal human right in 1948, long before the Internet), to guarantee its respect, both offline and online.

Are we, readers of this post, or citizens of the USA supposed to think there is anything binding in declarations? Or anything from the UN if at all inconvenient for that matter?

https://www.un.org/en/universal-declaration-human-rights/
Article 12.

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Platforms like facebook allow individuals to 'spy' on each other and people love it. When I was a kid i always marveled at how some households would leave a police scanner on 24/7. With the net we have this writ large with baby, puppy and tv dinner photos. Not to forget it's a narcissist paradise. I have friends who I've tried to gently over time inject tidbits of info like this article provides for many years and they still just refuse to try and get it. If they looked over their shoulder and saw how many people/entities are literally following them everywhere they go, they would become rabid gun owners (don't tread on me!) overnight, but the invisible hand/eye registers not at all.

Pelham , , March 24, 2018 at 9:13 am

A side note: If Facebook and other social media were to assume ANY degree of responsibility for content appearing on their platforms, they would be acknowledging their legal liability for ALL content.

Hence they would be legally responsible just as newspapers are. And major newspapers have on-staff lawyers and editors exquisitely attuned to the possibility of libelous content so they can avoid ruinous lawsuits.

If the law were applied as it should be, Facebook and its brethren wouldn't last five minutes before being sued into oblivion.

albert , , March 24, 2018 at 6:27 pm

" being sued into oblivion ." If only.

Non-liability is a product of the computer age. I remember having to agree with Microsofts policy to absolve them of -any- liability when using their software. If they had their druthers, -no- company would be liable for -anything-. It's called a 'perfect world'.

Companies that host 'social media' should not have to bear any responsibility for their users content. Newspapers employ writers and fact checkers. They are set up to monitor their staff for accuracy (Okay, in theory). So you can sue them and even their journalist employees. Being liable (and not sued) allows them to brag about how truthful they are. Reputations are a valuable commodity these days.

In the case of 'social media' providers, liability falls on the authors of their own comments, which is only fair, in my view. However, I would argue that those 'providers' should -not- be considered 'media' like newspapers, and their members should not be considered 'journalists'.

Also, those providers are private companies, and are free to edit, censor, or delete anything on their site. And of course it's automated. Some conservative Facebook members were complaining about being banned. Apparently, there a certain things you can't say on Facebook.

AFAIC, the bottom line is this: Many folks tend to believe everything they read online. They need to learn the skill of critical thinking. And realize that the Internet can be a vast wasteland; a digital garbage dump.

Why are our leaders so concerned with election meddling? Isn't our propaganda better than the Russians? We certainly pay a lot for it.
. .. . .. -- .

PlutoniumKun , , March 24, 2018 at 9:52 am

It seems even Elon Musk is now rebelling against Facebook.

Musk Takes Down the Tesla and SpaceX Facebook Pages.

Today, Musk also made fun of Sonos for not being as committed as he was to the anti-Facebook cause after the connected-speaker maker said it would pull ads from the platform -- but only for a week.

"Wow, a whole week. Risky " Musk tweeted.

saurabh , , March 24, 2018 at 11:43 am

Musk, like Trump, knows he does not need to advertise because a fawning press will dutifully report on everything he does and says, no matter how dumb.

Jim Thomson , , March 25, 2018 at 9:39 am

This is rich.

I can't resist: It takes a con to know a con.
(not the most insightful comment)

Daniel Mongan , , March 24, 2018 at 10:14 am

A thoughtful post, thanks for that. May I recommend you take a look at "All You Can Pay" (NationBooks 2015) for a more thorough treatment of the subject, together with a proposal on how to re-balance the equation. Full disclosure, I am a co-author.

JimTan , , March 24, 2018 at 11:12 am

People are starting to download copies of their Facebook data to get an understanding of how much information is being collected from them.

JCC , , March 24, 2018 at 11:29 am

A reminder: https://www.youtube.com/watch?v=iRT9On7qie8

I saw this video back in 2007. It was originally put together by a Sarah Lawrence student who was working on her paper on social media. The ties of all the original investors to IN-Q-Tel scared me off and I decided to stay away from Facebook.

But it isn't just FB. Amazon, Twitter, Google, LinkedIn, Apple, Microsoft and many others do the same, and we are all caught up in it whether we agree to participate or not.

Anyone watch the NCAA Finals and see all the ads from Google about being "The Official Cloud of the NCAA"? They were flat out bragging, more or less, about surveillance of players. for the NCAA.

Platform Capitalism is a mild description, it is manipulation based on Surveillance Capitalism, pure and simple. The Macro pattern of Corporate Power subsuming the State across every area is fascinating to watch, but a little scary.

oh , , March 24, 2018 at 1:44 pm

Caveat Emptor: If you watch YouTube, they'll only add to the information that they already have on you!

HotFlash , , March 24, 2018 at 3:27 pm

Just substitute "hook" for 'you" in the URL, you get the same video, no ads, and they claim not to track you. YMMV

Craig H. , , March 24, 2018 at 12:21 pm

Privacy no longer a social norm, says Facebook founder; Guardian; 10 January 2010

The Right to Privacy; Warren & Brandeis; Harvard Law Review; 15 December 1890

It was amusing that the top Google hit for the Brandeis article was JSTOR which requires us to surrender personal detail to access their site. To hell with that.

The part I like about the Brandeis privacy story is the motivation was some Manhattan rich dicks thought the gossip writers snooping around their wedding party should mind their own business. (Apparently whether this is actually true or just some story made up by somebody being catty at Brandeis has been the topic of gigabytes of internet flame wars but I can't ever recall seeing any of those.)

Ed , , March 24, 2018 at 2:50 pm

https://www.zerohedge.com/news/2018-03-23/digital-military-industrial-complex-exposed

" Two young psychologists are central to the Cambridge Analytica story. One is Michal Kosinski, who devised an app with a Cambridge University colleague, David Stillwell, that measures personality traits by analyzing Facebook "likes." It was then used in collaboration with the World Well-Being Project, a group at the University of Pennsylvania's Positive Psychology Center that specializes in the use of big data to measure health and happiness in order to improve well-being. The other is Aleksandr Kogan, who also works in the field of positive psychology and has written papers on happiness, kindness, and love (according to his résumé, an early paper was called "Down the Rabbit Hole: A Unified Theory of Love"). He ran the Prosociality and Well-being Laboratory, under the auspices of Cambridge University's Well-Being Institute.

Despite its prominence in research on well-being, Kosinski's work, Cadwalladr points out, drew a great deal of interest from British and American intelligence agencies and defense contractors, including overtures from the private company running an intelligence project nicknamed "Operation KitKat" because a correlation had been found between anti-Israeli sentiments and liking Nikes and KitKats. Several of Kosinski's co-authored papers list the US government's Defense Advanced Research Projects Agency, or DARPA, as a funding source. His résumé boasts of meetings with senior figures at two of the world's largest defense contractors, Boeing and Microsoft, both companies that have sponsored his research. He ran a workshop on digital footprints and psychological assessment for the Singaporean Ministry of Defense.

For his part, Aleksandr Kogan established a company, Global Science Research, that contracted with SCL, using Facebook data to map personality traits for its work in elections (Kosinski claims that Kogan essentially reverse-engineered the app that he and Stillwell had developed). Kogan's app harvested data on Facebook users who agreed to take a personality test for the purposes of academic research (though it was, in fact, to be used by SCL for non-academic ends). But according to Wylie, the app also collected data on their entire -- and nonconsenting -- network of friends. Once Cambridge Analytica and SCL had won contracts with the State Department and were pitching to the Pentagon, Wylie became alarmed that this illegally-obtained data had ended up at the heart of government, along with the contractors who might abuse it.

This apparently bizarre intersection of research on topics like love and kindness with defense and intelligence interests is not, in fact, particularly unusual. It is typical of the kind of dual-use research that has shaped the field of social psychology in the US since World War II.

Much of the classic, foundational research on personality, conformity, obedience, group polarization, and other such determinants of social dynamics -- while ostensibly civilian -- was funded during the cold war by the military and the CIA. The cold war was an ideological battle, so, naturally, research on techniques for controlling belief was considered a national security priority. This psychological research laid the groundwork for propaganda wars and for experiments in individual "mind control."

The pioneering figures from this era -- for example, Gordon Allport on personality and Solomon Asch on belief conformity -- are still cited in NATO psy-ops literature to this day .."

Craig H. , , March 24, 2018 at 3:42 pm

This is an issue which has frustrated me greatly. In spite of the fact that the country's leading psychologist (at the very least one of them -- ex-APA president Seligman) has been documented taking consulting fees from Guantanamo and Black Sites goon squads, my social science pals refuse to recognize any corruption at the core of their so-called replicated quantitative research.

I have asked more than five people to point at the best critical work on the Big 5 Personality theory and they all have told me some variant of "it is the only way to get consistent numbers". Not one has ever retreated one step or been receptive to the suggestion that this might indicate some fallacy in trying to assign numbers to these properties.

They eat their own dog food all the way and they seem to be suffering from a terrible malnutrition. At least the anthropologists have Price . (Most of that book can be read for free in installments at Counterpunch.)

[Mar 23, 2018] Was Destructive 'Slingshot' Malware Deployed by the Pentagon

The rule No.1: do not buy cheap routers. Do not use routers which are supplied for free by your ISP. Buy only from proven companies with good security record. To use your own firewall (a small linux server is OK) is a must in the current circumstances
There is no special value in Kaspersky anti-virus software. all such products can be used as a backdoor in your computer (for example via update mechanism). Using complex and opaque software actually makes Windows less secure not more secure. Periodic (say, daily) reinstallation from trusted image is probably a better way, especially if Windows is really minimized and does not contain third party software that has it's own update mechanisms or such mechanism are blocked.
But attacks on routers is a new fashion and should be taken very seriously as most people pay no attention to this crucial part of their business or home network. In any case a separate firmware is needed after Internet router which now is not that expensive (a decent box can be bought for around $300. For those who know Unix/Linux see for example Firewall Micro Appliance or QOTOM (both can be used of pfSense or your custom Linux solution) For those who don't see, for example, Zyxel [USG40] ZyWALL (USG) UTM Firewall
Notable quotes:
"... Further findings suggest that Slingshot had common code with only two other known pieces of software, both malwares, which were attributed to the NSA and CIA, respectively, by analysts. Though various U.S. agencies are all denying comment, things are clearly pointing uncomfortably in their direction. ..."
"... Malware is not a precision munition, it hits wide targets and spreads out to bystanders. This is particularly disturbing to note if, as some reports are indicating, this malware was Pentagon in origin. ..."
Mar 23, 2018 | www.theamericanconservative.com
Slingshot . The malware targeted Latvian-made Internet routers popular in the Middle East, Africa, and Southeast Asia.

Kaspersky's reports reveal that the malware had been active since at least 2012, and speculates that it was government-made, owing to its sophistication and its use of novel techniques rarely seen elsewhere.

Those investigating the matter further have drawn the conclusion that Slingshot was developed by the U.S. government, with some reports quoting former officials as connecting it to the Pentagon's JSOC special forces. For those following the cyber security and malware sphere, this is a huge revelation, putting the U.S. government in the hot seat for deploying cyber attacks that harm a much greater range of innocent users beyond their intended targets.

Kaspersky's own findings note that the code was written in English, using a driver flaw to allow the implanting of various types of spyware. Among those mentioned by Moscow-based Kaspersky was an implant named "GOLLUM," which notably was mentioned in one of the leaked Edward Snowden documents .

Further findings suggest that Slingshot had common code with only two other known pieces of software, both malwares, which were attributed to the NSA and CIA, respectively, by analysts. Though various U.S. agencies are all denying comment, things are clearly pointing uncomfortably in their direction.

Cyberscoop , one of the first news outlets to break the story, reported a mixed reaction among officials. Some noted that Kaspersky Labs was simply doing what a security company is supposed to do. Others, however, were less agreeable, suggesting it was an intentional attempt by Kaspersky to undermine U.S. security.

The argument, as far as it goes, is that given the ostensible target areas -- the Middle East, North Africa, Afghanistan -- Kaspersky should have concluded it was related to the War on Terror and sat on their findings. The Trump administration already views Kaspersky as a sort of hostile actor -- banning the use of Kaspersky products by any government or civilian federal contractor in December, citing Kremlin influence (a charge that has been vehemently denied by the company). This just gives them more justification for seeing Kaspersky as an adversary in the space.

Unfortunately for the Russian company, some American retailers have even followed suit, pulling the software from the shelves on the grounds that it's Russian, and that therefore suspect.

There has been no clear evidence that Kaspersky's software was serving as a backdoor for Russian intelligence, though it was reported last fall that sensitive documents were stolen from a National Security Agency (NSA) contractor's laptop via its Kaspersky-made antivirus software . In a statement at the time, the company said, "Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts." Turns out that Israeli spies, spying on the Russian spies, disclosed the intrusion to U.S. officials.

Kaspersky has consistently ranked near the top of antivirus ratings from virtually all third-party reviewers. The company has sold its products to nearly 400 million users worldwide, with 60 percent in the U.S. and Western Europe. Until now, Kaspersky was being used by several major agencies in the federal government, including the State Department and Department of Defense.

Ironically, this new Slingshot issue itself appears just to be a testament to how well the company's security works at digging up extremely dangerous malware. It also underscores the uneasy reality that the U.S. has been engaging in its own brand of cyber warfare all along.

Any claims that a specific piece of U.S. malware -- in this case, Slingshot -- was targeting only al-Qaeda or ISIS bad guys is disingenuous as well. The exploit on routers is hitting an entire region, infecting an untold number of innocent people . Internet cafés are said to have been hit in this, meaning everyone going into the cafes is at risk.

Malware is not a precision munition, it hits wide targets and spreads out to bystanders. This is particularly disturbing to note if, as some reports are indicating, this malware was Pentagon in origin.

U.S. civilian government surveillance is already doing great harm to general Internet security, and does so by remaining in denial about the balance of good to harm that is being done. The U.S. military, by contrast, has shown its willingness to inflict major harm on innocents in pursuit of any war goal. As they start hitting regions with malware, all bets are off on how far it will spread.

Security companies like Kaspersky Labs only afford the private user limited protection from all of this malware, because they're constantly playing catch-up, finding new variants and new exploits that the various pieces of software are using. Slingshot, for instance, went undetected for six solid years .

The discovery means fixes can finally be implemented for the routers and the computers. Novel exploits like this are rarely a one-time fix, however, as a slew of similar exploits from other sources tend to crop up after one gets taken out. It's a never-ending battle.

In August, President Trump made U.S. Cyber Command a formal military command , reflecting the growing view of the Internet as a military objective. Much as America's other battlefields result in collateral damage on the ground, the cyberwar is going to have a deleterious impact on day-to-day life in cyberspace. The big questions are how bad things will get, and how quickly.

Jason Ditz is news editor at Antiwar.com , a nonprofit organization dedicated to the cause of non-interventionism. In addition to TAC, his work has appeared in Forbes, Toronto Star, Minneapolis Star-Tribune, Providence Journal, Daily Caller, Washington Times and Detroit Free Press.

[Mar 21, 2018] Never attribute to malice that which can be attributed to a bug in the software

Mar 21, 2018 | consortiumnews.com

JWalters , March 19, 2018 at 10:46 pm

In a casual conversation at a party a computer science researcher from a leading university commented that the vast majority of "denial of service" attacks in this country are done by the federal government. That would probably be the CIA covert ops in service to the bankster oligarchy. The Israelis are also known to have cyber warfare capabilities, and are a central part of the oligarchy, judging by their clear control of the MSM.

It makes complete sense that the oligarchy would do everything it could to harass and slow down the opposition, even if just to frustrate them to the point of giving up. I'm glad you are reporting your experiences here; it will help the site administrators deal with the problem.

A few years ago there was a Zionist mole(s) at Disqus who deleted posts that were too informative about Israel, especially those with links to highly informative articles. After an open discussion of the problem it eventually disappeared.

backwardsevolution , March 19, 2018 at 4:29 pm

Realist -- occasionally this happens to me and, yes, it is most frustrating. What I am doing more often now (but sometimes I still forget) is copying my text before hitting "Post Comment". If it disappears, at least you still have it and can try again. If this occurs, I go completely off the site, and then come back on and post again. Does this just happen on posts that took you a long time to get finished? I ask this because I've found that if I type some words, go away and start making dinner (or whatever), and my comment is not posted for several hours, then sometimes it does this.

I sure hope you get it figured out because your posts are always wonderful to read.

Realist , March 19, 2018 at 4:47 pm

This has been happening systematically to anything I post today. Both long and short entries. I copy the text, then post it. When I see it appear or even see it under moderation, I have assumed it would stand and so delete the copy rather than save it -- that space goes to the next composition. So, everything "disappeared" today is gone. Most of the stuff disappeared has to do with our supposed rights of free speech and the intrusion of the intelligence agencies into our lives and our liberties. Guess who I suspect of sabotaging these calls to be vigilant against attacks on our freedoms? Good gravy, they are becoming relentless in trying to control every jot and tittle of the narrative. The entire MSM is not enough for them, even web sites with a microscopic audience are now in their sights. I don't know what else to make of a problem that has become routine, not just sporadic.

backwardsevolution , March 19, 2018 at 6:18 pm

You're just too good, Realist! You make too much sense! If there is a "they" out there who are censoring, of course they'd go after someone like you. Take a break, kick back, then see what happens tomorrow. If it continues, then maybe you could make a few calls.

Skip Scott , March 19, 2018 at 7:29 pm

Sorry to hear of your difficulties, Realist. Don't give up yet. Your posts are a very valuable part of this website. I do suspect outside interference. This site and ICH are both under attack, and probably others as well. I hope Nat and Tom Feeley can afford some good techies to mount a good defense.

robjira , March 19, 2018 at 9:58 pm

I agree with be and Skip, Realist. The same thing happened to me (and I'm not even a frequent commentator here); sometimes it takes days for a post(s) to appear. This sometime can be triggered by multiple links, extensive text formatting, etc. (you probably already know all this).

Anyway, be has it right; take a breather for a while. If something more nefarious is really happening, wear it like a medal; if your comments are disappeared, that as good as confirms you're on target. Your commentary is really insightful, and nothing freaks them out more than an informed opinion.
Peace.

Paul E. Merrell, J.D. , March 19, 2018 at 9:59 pm

To paraphrase someone: "Never attribute to malice that which can be attributed to a bug in the software."

backwardsevolution , March 19, 2018 at 10:15 pm

Paul E. Merrell -- "Never attribute to malice that which can be attributed to a bug in the software."

Quite true. I was having trouble going on Paul Craig Roberts' site for about a month (and another site, but I can't remember which one). I said to my son, "What the heck? Are they shutting down access to this site?" My son came onto my computer and within about two minutes he had me set right again. He said it had to do with my Internet security company. Who knew? Certainly not me! Thank goodness for tech-literate children.

Litchfield , March 20, 2018 at 9:09 am

" even web sites with a microscopic audience are now in their sights."

Maybe "microscopic," but with the potential to be magnified and multiplied. I have been puzzled as to why some posts have shown up as being in moderation and others not. But have not systematically followed up to see what happened. I assume comments at this site are moderated in some way, but why would that result in the patchy appearance of an actual "under moderation" signal?

freedom lover , March 20, 2018 at 3:39 pm

Not just this website but very common if you try to post anything on RT.

Sam F , March 19, 2018 at 8:47 pm

I also noticed several comments here that had been deleted after I refreshed the screen. They appeared to have attracted the "anti-semitism" accusation, so perhaps other hackers are involved.

Sam F , March 19, 2018 at 8:40 pm

While at first skeptical of the hacking hypothesis, I realized its similarity to what I have seen for two months on RT.

RT is apparently being copied to "mirror sites" likely controlled by US agencies, so that they can run spy scripts when the stories are viewed. My PC runs far slower after checking any story on RT, and the browser must be restarted to regain normal speed. No other website has this problem, and certainly RT would not want to annoy their viewers by doing that themselves.

Most likely the secret agency scripts are sending files and browsing information to government spies.

It may be that CN is now being copied into hacked "mirror sites" by those who control the web DNS service that identifies the web server address for named websites. That would be a US secret agency. I have wondered whether such agencies are responsible for the trolls who have annoyed commenters here for several months. It may be that they are controlling the commentary now as well, to make political dossiers.

Litchfield , March 20, 2018 at 9:12 am

"My PC runs far slower after checking any story on RT, and the browser must be restarted to regain normal speed. "

I have noticed this as well. I don't check RT all that often, but one time I wanted to see what Peter Lavelle had been up to lately with CrossTalk, so went to RT. This was awhile ago so I can't recall the exact details, but I think my browser generally froze up and I had to reboot my laptop. Of course it made me a bit paranoid and I wondered what was going on at RT.

Realist , March 20, 2018 at 5:01 pm

I've often noticed a great delay in RT loading. I'll have to focus on the effect you described. Sometimes I get a "service not available" notice for CN which usually resolves within no more than a half hour.

Inthebyte , March 20, 2018 at 11:27 am

I agree about RT. When I log on there everything slows to a crawl, or flat doesn't navigate. Thanks for the comment. Now I know I'm being gas lighted. Another site with all of these problems is Information Clearing House who are hacked repeatedly.

Zachary Smith , March 20, 2018 at 12:51 pm

My PC runs far slower after checking any story on RT, and the browser must be restarted to regain normal speed. No other website has this problem, and certainly RT would not want to annoy their viewers by doing that themselves.

I'm running three script-blocker addons as I type this, and a fourth will be enabled again after making this post. The latter one does something to the CN site, and unless disabled any comment goes to the bottom of the page. My Firefox browser (which I'm using now) has the cache set to "0", and also to "never remember history". This slows it somewhat, but I figure the trade-off is worthwhile.

I review four "Russian" sites and have noticed they're chock-full of annoying ads and scripts. One of them I suspect is being run for income, for there is no coherent "message" along with most of the headlines being clickbait material. But I return there because sometimes they have a story worth more investigation.

Sam F , March 19, 2018 at 8:42 pm

While at first skeptical of the hacking hypothesis, I should note what I have seen for two months on RT.

RT is apparently being copied to "mirror sites" likely controlled by US agencies, so that they can run spy scripts when the stories are viewed. My PC runs far slower after checking any story on RT, and the browser must be restarted to regain normal speed. No other website has this problem, and certainly RT would not want to annoy their viewers by doing that themselves.

Most likely the secret agency scripts are sending files and browsing information to government spies.

It may be that CN is now being copied into hacked "mirror sites" by those who control the web DNS service that identifies the web server address for named websites. That would be a US secret agency. I have wondered whether such agencies are responsible for the trolls who have annoyed commenters here for several months. It may be that they are controlling the commentary now as well, to make political dossiers.

geeyp , March 20, 2018 at 12:28 am

Nothing much secret regarding the secret agencies. Didn't I read that Google and Face. (same company with Y.T.) have fairly recently hired 10,000 new employees for just this purpose? I ,too, have had plenty of issues with the RT.com site. It is not RT causing the issues. Truth hurts these evil P.O.S. And, also I have wondered regarding the ISP involvement. On the article topic, I was quite angered when I read his Tweet over the weekend; that punk has got nerve and needs to wear an orange jumpsuit.

Litchfield , March 20, 2018 at 9:13 am

What is the ISP movement?

Sam F , March 20, 2018 at 11:50 am

The ISP may or may not be involved, but the DNS is involved in creating fake (or real) "mirror sites." DNS (distributed name service) has its own servers all over, which translate text URLs (xxx.com ) to numeric internet (IP) addresses. So when you request the site, your local DNS server gives you the address based upon its updates from other sources, including the "mirror" sites used for heavily-used websites.

I do not yet know the processes used to update DNS servers which would be tampered to create fake mirror sites, or exactly how this would be controlled, except that secret agencies would know this and would have such control. Others might be able to do this as well.

Skeptigal , March 20, 2018 at 4:26 am

Sorry, I know you're frustrated but I couldn't help but giggle at your indignant replies. They are hilarious. Your comments may have ended up in the spam folder. If you contact them they will restore your comments. Good luck! :)

Realist , March 20, 2018 at 11:23 pm

Using the British standard, I'm going to assume you are responsible for all the trouble unless you prove otherwise.

[Mar 19, 2018] How to reset a Windows password with Linux by Archit Modi

clonezilla has chntpw on the CD/DVD.
Mar 16, 2018 | www.linuxtoday.com
12 comments If you (or someone you know) ever forget your Windows password, you'll be glad to know about chntpw , a neat Linux utility that you can use to reset a Windows password. For this how-to, I created a Windows virtual machine and set the password to pass123 on my user account, Archit-PC . I also created a Live USB with Fedora 27 using the Fedora Media Writer application.

Here are the steps, along with screenshots, to guide you through the quick and super easy process of resetting your Windows password with chntpw .

1. Attach the Live USB to your PC and restart from the login screen, as shown below:

2. Boot from the Live USB and click on Try Fedora :

3. Log out from live-user and log into root . This step is not necessary, but I prefer to use the root user to bypass any permission issues:

4. Install the chntpw utility with the following command (you'll need a live internet connection for this):

sudo dnf install -y chntpw

5. Check which partition should be mounted by sfdisk -l ...:

and mount that partition (e.g., /dev/sda2 ) with the following command:

sudo mount /dev/sda2 /mnt/Microsoft/

Change the current directory to the config directory:

cd /mnt/Microsoft/Windows/System32/config/

Also, check the user records in the Security Account Manager (SAM) database:

passwordreset_mount-3.png Checking SAM database

6. Edit the SAM database with the command:

sudo chntpw -i SAM

Then type 1 (for Edit user data and passwords ):

passwordreset_username-1.png Select 1 for Edit user data and passwords

And type your user account name (i.e., Archit-PC in this example) for the username:

passwordreset_username-2.png Enter your username

7. Type 1 to clear the user password or 2 to set a new password for the Archit-PC user, then quit and save the changes:

passwordreset_clear-1.png Edit user menu
passwordreset_clear-2.png Confirmation that password was cleared

8. Reboot to Windows. If you selected 1 above, you'll see there's no password required to log in. Just click Sign in and you will be logged in:

That's all there is to it! I hope this will be helpful if you ever need to reset a Windows password.

[Mar 07, 2018] By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware.

Mar 07, 2018 | www.thegatewaypundit.com

Paul Tibbets a day ago

Brennan is a scum bag, he over saw the CIA as they sought to become the premier Gov. Agency.

https://wikileaks.org/ciav7p1/

Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force -- its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities.

By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.

[Feb 20, 2018] US-UK Accuse Russia of "NotPetya" Cyberattack, Offer Zero Evidence Global Research - Centre for Research on Globalization

Notable quotes:
"... The US and European press have both published stories accusing the Russian government, and in particular, the Russian military, of the so-called "NotPetya" cyberattack which targeted information technology infrastructure in Ukraine. ..."
"... Ulson Gunnar is a New York-based geopolitical analyst and writer especially for the online magazine " New Eastern Outlook ". ..."
"... All images in this article are from the author. ..."
Feb 20, 2018 | www.globalresearch.ca

US-UK Accuse Russia of "NotPetya" Cyberattack, Offer Zero Evidence By Ulson Gunnar Global Research, February 19, 2018 Region: Europe , Russia and FSU , USA Theme: Intelligence , Media Disinformation

The US and European press have both published stories accusing the Russian government, and in particular, the Russian military, of the so-called "NotPetya" cyberattack which targeted information technology infrastructure in Ukraine.

The Washington Post in an article titled, " UK blames Russian military for 'malicious' cyberattack ," would report:

Britain and the United States blamed the Russian government on Thursday for a cyberattack that hit businesses across Europe last year, with London accusing Moscow of "weaponizing information" in a new kind of warfare. Foreign Minister Tariq Ahmad said "the U.K. government judges that the Russian government, specifically the Russian military, was responsible for the destructive NotPetya cyberattack of June 2017." The fast-spreading outbreak of data-scrambling software centered on Ukraine, which is embroiled in a conflict with Moscow-backed separatists in the country's east. It spread to companies that do business with Ukraine, including U.S. pharmaceutical company Merck, Danish shipping firm A.P. Moller-Maersk and FedEx subsidiary TNT.

British state media, the BBC, would report in its article, " UK and US blame Russia for 'malicious' NotPetya cyber-attack ," that:

The Russian military was directly behind a "malicious" cyber-attack on Ukraine that spread globally last year, the US and Britain have said.

The BBC also added that:

On Thursday the UK government took the unusual step of publicly accusing the Russia military of being behind the attack. "The UK and its allies will not tolerate malicious cyber activity," the foreign office said in a statement. Later, the White House also pointed the finger at Russia.

Yet despite this "unusual step of publicly accusing the Russian military of being behind the attack," neither the US nor the British media provided the public with any evidence, at all, justifying the accusations. The official statement released by the British government would claim:

The UK's National Cyber Security Centre assesses that the Russian military was almost certainly responsible for the destructive NotPetya cyber-attack of June 2017. Given the high confidence assessment and the broader context, the UK government has made the judgement that the Russian government – the Kremlin – was responsible for this cyber-attack.

Claiming that the Russian military was "almost certainly responsible," is not the same as being certain the Russian military was responsible. And such phrases as "almost certainly" have been used in the past by the United States and its allies to launch baseless accusations ahead of what would otherwise be entirely unprovoked aggression against targeted states, in this case, Russia. The White House would also release a statement claiming:

In June 2017, the Russian military launched the most destructive and costly cyber-attack in history. The attack, dubbed "NotPetya," quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin's ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia's involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.

Considering claims that this is the "most destructive and costly cyber-attack in history, " it would seem imperative to establish evidence beyond doubt of who was responsible. No Evidence From Governments Confirmed to Possess the Means to Fabricate Attribution Yet, so far, this has not been done. Claims that Russia's military was behind the attacks seems to be built solely upon private analysts who have suggested the attacks appear to have originated in Russia.

However, as it was revealed by Wikileaks in its Vault 7 release , exposing cyber hacking tools used by the US Central Intelligence Agency (CIA), the origin of attacks can be forged. USA Today in an article titled, " WikiLeaks: CIA hacking group 'UMBRAGE' stockpiled techniques from other hackers ," would admit:

A division of the Central Intelligence Agency stockpiled hacking techniques culled from other hackers, giving the agency the ability to leave behind the "fingerprints" of the outside hackers when it broke into electronic devices, the anti-secrecy group WikiLeaks alleges as it released thousands of documents Tuesday.

The article continues by pointing out:

The documents also suggest that one of the agency's divisions – the Remote Development Branch's UMBRAGE Group – may have been cataloguing hacking methods from outside hackers, including in Russia, that would have allowed the agency to mask their identity by employing the method during espionage. "With UMBRAGE and related projects the CIA cannot only increase its total number of attack types, but also misdirect attribution by leaving behind the 'fingerprints' of the groups that the attack techniques were stolen from," Wikileaks said in a statement.

Not only does this ability allow the CIA to carry out espionage that if discovered would be attributed to other parties, it also allows the CIA to conduct attacks the US government and its allies can then blame on foreign states for the purpose of politically maligning them, and even justifying otherwise indefensible acts of aggression, either militarily, or in the realm of cyberspace.

Evidence provided by the UK and US governments would have to establish Russia's role in the "NotPetya" cyberattack beyond mere attribution, since this is now confirmed to be possible to forge. The UK and US governments have failed to provide any evidence at all, likely because all it can offer is mere attribution which skeptics could easily point out might have been forged. NATO Had Been Preparing "Offensive" Cyber Weapons

As previously reported , NATO had been in the process of creating and preparing to deploy what it called an "offensive defense" regarding cyber warfare. Reuters in an article titled, " NATO mulls 'offensive defense' with cyber warfare rules ," would state:

A group of NATO allies are considering a more muscular response to state-sponsored computer hackers that could involve using cyber attacks to bring down enemy networks, officials said.

Reuters would also report:

The doctrine could shift NATO's approach from being defensive to confronting hackers that officials say Russia, China and North Korea use to try to undermine Western governments and steal technology.

It has been repeatedly pointed out how the US, UK and other NATO members have repeatedly used false pretexts to justify military aggression carried out with conventional military power. Examples include fabricated evidence of supposed "weapons of mass destruction (WMD)" preceding the 2003 US invasion of Iraq and the so-called "humanitarian war" launched against Libya in 2011 built on fabricated accounts from US and European rights advocates.

With UMBRAGE, the US and its allies now possess the ability to fabricate evidence in cyberspace, enabling them to accuse targeted nations of cyber attacks they never carried out, to justify the deployment of "offensive" cyber weapons NATO admits it has prepared ahead of time. While the US and European media have warned the world of a "cyber-911″ it appears instead we are faced with "cyber-WMD claims" rolled out to justify a likewise "cyber-Iraq War" using cyber weapons the US and its NATO allies have been preparing and seeking to use for years. Were Russia to really be behind the "NotPetya" cyberattack, the US and its allies have only themselves to blame for decades spent undermining their own credibility with serial instances of fabricating evidence to justify its serial military aggression. Establishing that Russia was behind the "NotPetya" cyberattack, however, will require more evidence than mere "attribution" the CIA can easily forge.

*

Ulson Gunnar is a New York-based geopolitical analyst and writer especially for the online magazine " New Eastern Outlook ".

All images in this article are from the author.

[Feb 19, 2018] The White House on Thursday blamed Russia for the devastating 'NotPetya' cyber attack last year , joining the British government in condemning Moscow for unleashing a virus

Notable quotes:
"... Poor Russia cant get a break, neither can Americans get a break from this USA 'get Russia' monkey circus. The monkeys now reach back a year ago to get Russia on a cyber attack. ..."
Feb 19, 2018 | www.unz.com

renfro, February 19, 2018 at 7:38 am GMT

Poor Russia cant get a break, neither can Americans get a break from this USA 'get Russia' monkey circus. The monkeys now reach back a year ago to get Russia on a cyber attack.

White House blames Russia for 'reckless' NotPetya cyber attack

https://www.reuters.com/ russia /white-house-blames-russia-for-reckless-notpetya-c&#8230 ;

3 days ago -- WASHINGTON/LONDON (Reuters) -- The White House on Thursday blamed Russia for the devastating 'NotPetya' cyber attack last year , joining the British government in condemning Moscow for unleashing a virus that crippled parts of Ukraine's infrastructure and damaged computers in countries across the

Best advice for Americans believe nothing, trust nothing that issues from a government.

The experts:

John McAfee, founder of an anti-virus firm, said: "When the FBI or when any other agency says the Russians did it or the Chinese did something or the Iranians did something -- that's a fallacy," said McAfee.

"Any hacker capable of breaking into something is extraordinarily capable of hiding their tracks. If I were the Chinese and I wanted to make it look like the Russians did it I would use Russian language within the code. "I would use Russian techniques of breaking into organisations so there is simply no way to assign a source for any attack -- this is a fallacy."

I can promise you -- if it looks like the Russians did it, then I can guarantee you it was not the Russians."

Wikileaks has released a number of CIA cyber tools it had obtained. These included software specifically designed to create false attributions.

[Feb 16, 2018] White House: Iraq Has Anthrax Virus Russia Launched NotPetya

Notable quotes:
"... Washington Post ..."
Feb 16, 2018 | www.moonofalabama.org

Late last night the White House accused the Russian military of having launched the destructive "NotPetya" malware which in June 2017 hit many global companies:

Statement from the Press Secretary

In June 2017, the Russian military launched the most destructive and costly cyber-attack in history.

The attack, dubbed "NotPetya," quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin's ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia's involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.

The statement has the same quality as earlier statements about Spain sinking the Maine or about Saddam's Weapons of Mass Destruction had.

Neither the U.S. nor anyone else has presented ANY evidence of ANY Russian involvement in the creation or distribution of the NotPetya malware. The U.S. is simply asserting this while presenting nothing to back it up.

There is, in general, no attribution possible for any such cyber attack. As John McAfee, founder of an anti-virus firm, said :

"When the FBI or when any other agency says the Russians did it or the Chinese did something or the Iranians did something – that's a fallacy," said McAfee.
...
" Any hacker capable of breaking into something is extraordinarily capable of hiding their tracks. If I were the Chinese and I wanted to make it look like the Russians did it I would use Russian language within the code. "I would use Russian techniques of breaking into organisations so there is simply no way to assign a source for any attack – this is a fallacy."
...
I can promise you – if it looks like the Russians did it, then I can guarantee you it was not the Russians ."

I agree with McAfee's statement. The CIA must likewise agree. Wikileaks has released a number of CIA cyber tools it had obtained. These included software specifically designed to create false attributions:

The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.

Nearly all "attributes" used for attributing a cyber attack can be easily faked to accuse a party not involved in the attack.

The British National Cyber Security Center, part of the British computer spying organisation GCHQ, also claims that the Russian military is " almost certainly " responsible for the NotPetya attack. Canada and the Australians also chipped in .

But note - these are NOT independent sources. They are, together with New Zealand, part of the of the " Five Eyes " spying alliance. From NSA files released by Edward Snowden we know that the Five Eyes are practically led by the U.S. National Security Agency:

One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a visit to Menwith Hill in June 2008, asking: "Why can't we collect all the signals all the time? Sounds like a good summer project for Menwith."

Menwith Hill is a Royal Airforce spying station and part of the GCHQ infrastructure. That the head of the NSA can assign "summer projects" to it shows where the real power lies.

The Russian government strongly rejects the accusations.

NotPetya was a destructive virus that masked as ransomware. It was based on attacking tools which originally had been developed by the NSA but were later anonymously published by someone calling himself Shadow-Broker. One of several attack vectors NotPetya used was the update mechanism of some tax accounting software which is common in Ukraine and Russia. But the attack soon spread globally :

The attack hit Ukraine central bank, government computers, airports, the Kiev metro, the state power distributor Ukrenergo, Chernobyl's radiation monitoring system, and other machines in the country. It also affected Russian oil giant Rosneft, DLA Piper law firm, U.S. biopharmaceutical giant Merck, British advertiser WPP, and Danish shipping and energy company Maersk, among others.

The biggest damaged through NotPetya occurred at the Danish shipping company Maersk which had to completely reboot its entire infrastructure and lost some $250-300 million due to the attack.

The question one must always ask when such accusations are made is: Why would the accused do this?

In January the U.S. attribution claims about the NotPetya malware were prelaunched through the Washington Post :

The CIA has attributed to Russian military hackers a cyberattack that crippled computers in Ukraine last year, an effort to disrupt that country's financial system amid its ongoing war with separatists loyal to the Kremlin.
...
The GRU military spy agency created NotPetya, the CIA concluded with "high confidence" in November, according to classified reports cited by U.S. intelligence officials.
...
The hackers worked for the military spy service's GTsST, or Main Center for Special Technology, the CIA reported. That unit is highly involved in the GRU's cyberattack program, including the enabling of influence operations.

What could have been the motive of the "Russian military" to release a (badly written) malware that destroys computer-files of random companies all over the world including at the all important Russian oil-giant Rosneft . To assume that Ukraine's financial system was the target is almost certainly wrong. There is also no evidence that this was the case. Ukraine's Central Bank was just one of thousands of victims of the attack.

Only some 50% of the affected companies were in Ukraine. Most of them were not financial firms. The attack was initiated through an update mechanism of an accounting software that is also used in Russia. That original attack vector was probably chosen simply because it was easy to use. The accounting software company had a lousy security protection. The first infected computers then applied a different mechanism to spread the malware to other machines. The attack was launched on a Ukrainian national holiday which is not optimal if one wants to spread it as wide as possible throughout the Ukraine.

That the Ukraine and Russia were hit first by the malware was also likely just a time-of-day question. The timeline shows that the U.S. and most of western-Europe were still asleep when the virus started to proliferate. The anti-virus organizations, the Russian company Kaspersky among them , took only a few hours to diagnose the attacking software. A solution to prevent further damage was found within some twelve hours. By the time the U.S. working day started anti-virus companies were already releasing advise and protective code against it. If the attack had not been stopped by protective software it would have effected many more computers. Most of these would not have been in the Ukraine.

The U.S. attribution of the NotPetya attack to some Russian organization is extremely doubtful. In general a certain attribution of any such cyber attack is impossible. It is easy for any sophisticated virus writer to modify the code so that it looks as if it was written by some third party. The CIA even develops tools to do exactly that.

The attacking software seemed to be of relatively low quality. It was a badly designed mishmash created from earlier known malware and spy tools. It was not confined to a certain country or target. It can at best be described as an act of random vandalism on a global scale. There is no discernible motive for any Russian state organizations to release such nonsense.

In 2009 Russia offered an international treaty to prohibit cyber attacks. It was the U.S. under Obama which rejected it as "unnecessary" while it was expanding its own attack capabilities.

The U.S. government has launched a Cold War 2.0 against Russia. The motive for that seems to be mostly monetary. Hunting a few 'terrorists' does not justify big military budgets, opposing a nuclear power does.

The now released accusations against Russia have as much foundation in reality as the claims of alleged Iraqi WMDs. We can only hope that these new accusations will have less severe consequences.

Posted by b on February 16, 2018 at 04:30 AM | Permalink

Comments


uncle tungsten , Feb 16, 2018 4:53:27 AM | 1

Trump has made a fool of himself by agreeing to be the mouth for some looney security briefing. Why the White House releasing this? why not the NSA or some slightly distant body so the president can be kept clear of blowback if the accusation is proven to be wrong (as it has and was at the time of its spread). A gullible fool is spouting at the behest of the five anuses. They certainly aren't eyes with that sh!t coming out.
igybundy , Feb 16, 2018 5:44:44 AM | 2
Some of the smartest hackers I seen are Russians, although a lot of kids will just do it for kicks, professionals would have a target rather than random targets that can back fire aka how the US does things as we seen off their Iranian attack.

Kaspersky being the best of the best, Kremlin would know and would make great effort to make sure they stay as far away from them as possible. To give it a fighting chance. That Kaspersky found it so fast shows it was not Russian. Since you want them to be last on the list to know about it. Kaspersky for some strange reason also works with their partners in the US/UK etc sharing information. So Russians themselves would work to defeat a Russian attack even if its made. Which any smart cookie would say is self defeating and they would not waste the effort to try.


Jen , Feb 16, 2018 5:55:09 AM | 3
Could the attack have been co-ordinated by parties in different countries but in the same time zone or in neighbouring time zones, with one or two of these being the same time zones that European Russia is in?

It seems possible that at least one of these parties might be based in Ukraine. For Ukrainian-based pro-Maidan cyber-hackers to release the virus on a Ukrainian public holiday, when most major public and private institutions and businesses are closed, but Russian ones are not, would make sense. Another party could be based in a different country with sophisticated cyber-technology and experience in creating and spreading cyber-viruses that is in the same time zone as Ukraine. Israel comes to mind.

Ian , Feb 16, 2018 6:11:01 AM | 4
I don't believe anything will come of it. I see these accusations as petty attempts to get under Russia's skin. Frankly, I can't see anybody believing the crap that comes out of Washington's mouth, especially after what Snowden/Wikileaks has revealed to the public.
Me , Feb 16, 2018 6:30:32 AM | 5
These Russians are so badass!
I'm beginning to wish to be a Russian. :)
Partisan , Feb 16, 2018 6:35:18 AM | 6
"Some of the smartest hackers I seen are Russians, ....."

I am curious where have you seen them?

Second thing which I've never understood about hacking is, why all this noise about it. It is like a pc and network infrastructures are like holly grail and untouchable. The fetishization of this particular technology which comes from the west is unbearable, it is like the life on earth depend on it. Than can not be further from the truth. The US behaves as the owner and guardian of the IT sector, and they handsomely profited from it.

If someone leave its nodes exposed or on the Internet than it is their fault, why not hack it. To hell with them. If someone leave sensitive documents on server than again that's the owner problem, and so on. It is not a bigger crime than "regular" spying activity.

The Russian hacking is beyond the point. Two big powers, capitalist countries with almost identical political structure are competing in the world arena. One of them in decline big time, the second one resurgent but stagnant in development and to gain wider influence. The USA is clearly unable to bribe (as used to) Russia although countries such North Korea still suffer from their collusion in the Security council.

Hacking someone's IT infrastructure is mature skill and there is nothing new in it so just like everything else everything the US and its organs are saying is plain lie. Now, the problem is that after a lie follow some kind of coercion. It that doesn't work - if you are small and defenseless country - than they will kill you.

Red Ryder , Feb 16, 2018 6:49:23 AM | 7
There are at least two tactics in cyberwarfare (which this is).
First, to attack and destroy infrastructure of an enemy or opponent or resistant vassal.
Second, to place blame on others for the use of cyber as a weapon.

The US is at cyber war with Russia and China. This is not Cold War.
Neither was Stuxnet. That was cyber war on Iran. It got out beyond Iran because its careless design sought Seimens equipment everywhere on the Internet. It went to many other countries far beyond Iran and attacked the equipment there.

This malware was not well-designed either. It may have been meant for Russian targets. Rosneft is a huge economic target.

But this campaign using NotPetya had the value of being a Tactic #1 attack + #2 failure against Russia. The CIA got to blame Russia even though the intended damage was quickly reversed by Kaspersky. The irony is they attacked a nation with the best resources to combat and defend against the weapon they used.

But make no mistake, the CyperWars are well underway. The US is sloppy, just like all their Hegemon efforts are seriously flawed in classic terms of execution. The Russians are far more elegant with cyber, as anyone who knows their software experts or products over the years.

Partisan , Feb 16, 2018 7:01:48 AM | 8
"But make no mistake, the CyperWars are well underway."

I doubt, I doubt very much. If there is a one than it is manufactured.

No vital and nationally sensitive or strategic IT nodes are exposed to the public net. All this is bizarre and narrative created by the Deep State for idiots. Probably ~60% of drugs infested Amerikkans do no care. The rest: https://medium.com/incerto/the-intellectual-yet-idiot-13211e2d0577 are somewhat interested. We can argue whether for domestic (in the light of another shooting, if true) or international purposes (Syria, Iraq, Iran), or both.

Partisan , Feb 16, 2018 7:14:33 AM | 9
The Class War is the Marx's term that is taboo and forbidden in capitalist's world everywhere and in particular in the US where is social oppression and inequality is the greatest in the world by far.

Maintain all kind of spins and propaganda along with political oppression i.e. help of political police the American version of the Nazi's Gestapo is crucial for the ruling class and regime.

While the looting of the drugged and non-drugged Americans continue unabated.

Partisan , Feb 16, 2018 7:33:59 AM | 10
I would say that only 10% of the Amerikkans have clue what's hacking about, and very small percentage understand in technical terms and details. Sadly, it is NOT important and even more important those question should not be asked! Questioning the highest authority is no, no. The more convoluted the better.

Now when the statement is out of the WH we might except refined follow up by the National Security organs, TNYT, TWP, etc. An intended audience are https://en.wikipedia.org/wiki/Little_Eichmanns

It is very good that you posted that photo of Collin Powell in the context of the article. It says it a lot, if not all.

integer , Feb 16, 2018 8:02:09 AM | 11
In a Euromaidan Press article dated November 2nd, 2016, the hackers state enthusiastically "Ukrainian hackers have a rather high level of work. So the help of the USA I don't know, why would we need it? We have all the talent and special means for this. And I don't think that the USA or any NATO country would make such sharp movements in international politics."

From: Untying PropOrNot: Who They Are and a Look at 2017's Biggest Fake News Story

Christian Chuba , Feb 16, 2018 8:15:13 AM | 12
On the Tucker Carlson Show an FBI agent defended the fact that they could not identify the school shooter, prior to the event, even after he was reported, because his one post did not identify himself explicitly. Also, the threat was not enough to open an investigation.

So now the same group of people claim the ability to discover that people are 'Russian Trolls' from a specific building in St. Petersburg simply based on the content of purely political posts to facebook and twitter.

Partisan , Feb 16, 2018 8:23:03 AM | 13
By following, little bit, the US National Security operation called Cryptocurrency (ies), allegedly based in South Korea and Japan I noticed numbers of hacking of the companies' web sites that are in this, let-call-it-business.

The most famous hacking was one of Mt.Gox (Japan based) one, where the French nationals was the business' principal. A money never was recovered, and hacker is still unknown!? I guess the place of business and the CEO meant (all US' client states) to give legitimacy to cryptocurrency and lure fools into buying the "fog". But where did "investors" money goes? Not to brilliant Russians...and how could that be? There is a lot of money in game, real money.

Is the National Security State agencies has transfered looting from the domestic soil to international one with help of the virtual reality. No trace of hackers, none!?

Partisan , Feb 16, 2018 9:06:43 AM | 14
I use the term The US National Security State (or Deep State) and its apparatus as synonymous to the Nazi Reich Main Security Office. Both of them, while differ in the methods and size, the goals and objectives are the same.
integer , Feb 16, 2018 9:12:50 AM | 15
Having just had a quick look into the NotPetya attack, it appears to have began on the morning of the day before Ukraine's Constitution Day, and originated from the update server of a Ukrainian tax accounting program called MeDoc. I expect this was another Ukrainian false flag; a cyber warfare version of MH17. Sharp movements in international politics indeed.
Partisan , Feb 16, 2018 9:23:02 AM | 16
integer | Feb 16, 2018 9:12:50 AM | 15

Meaning what? A client state was forced into this in order (to blame Russkies) to get another tranches of loan from the IMF?

susetta , Feb 16, 2018 9:53:35 AM | 17
Well that may mean that, under the new dictact (now the Unites States will not just use its nuclear weapons as a response if the other party used them; now the United States has declared that it will use nuclear weapons if, say, there should be a virus attack on its networks), that the United States is about to declare war on Russia and proceed to nuke it. <