Top Russian Net Official Says Children Under 10 Shouldn't Go Online -- At All

from the changing-perceptions-of-reality dept

As Techdirt readers know only too well, doing things "for the children" is a perfect excuse to pass all kinds of ridiculous laws that would otherwise be thrown out without a thought. For example, back in 2013, we wrote about attempts to pass legislation in Russia that would ban swearing on the Internet. It was framed as an amendment to an existing law called "On the Protection of Children" that introduced a blacklist designed to block access to information on drugs, suicide and child pornography. Now the head of Roskomnadzor, the body that oversees website-blocking in Russia, has a bold proposal for protecting children from all the Internet's possible harms. It takes the "for the children" logic to its logical conclusion, as TorrentFreak explains:

In a Q&A session with AIF.ru, Alexander Zharov spoke on a number of issues, including online safety, especially for children. Naturally, kids need to be protected but the Rozcomnadzor chief has some quite radical ideas when it comes to them using the Internet.

"I believe that a child under 10-years-old should not go online. To use [the Internet] actively they need to start even later than that," Zharov said.

He went on to say:

"Some parents are proud of the fact that their three-year-old kid can deftly control a tablet and use it to watch cartoons. It is nothing good, in my opinion. A small child will begin to consider the virtual world part of the real world, and it changes their perception of reality."

This is presumably just Zharov's personal opinion, not a foreshadowing of official policy -- it's hard to believe the view that children under 10 years old should stay off the Net would ever be enshrined in a law. Then again, given some of the things that Russian officials have been suggesting, such as disconnecting Russia from the global Internet, you never know. And once people start invoking "for the children," common sense tends to go straight out of the window.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: children, culture, internet, russia

Inside Another Internet Troll Factory: This Time In Sweden, But With Russian Connections

from the it's-all-about-size dept

Well before fake news became a thing, Karl was reporting on the fascinating details that have emerged about Russia's Internet troll factories that relentlessly pump out fake posts on an extraordinary scale. More recently, the Russian Defense Minister Sergei Shoigu revealed that the country's military has created a force specifically tasked with waging information warfare. We may know about Russia's domestic activities in this area, but what about online propaganda teams active in other countries? One data point towards answering that question is provided by an article on a site called the Disinformation Review, which describes itself as follows:

the latest cases of news articles carrying key examples of how pro-Kremlin disinformation finds its way in international media, as well as news and analysis on the topic. The review focuses on key messages carried in international media which have been identified as providing a partial, distorted or false view or interpretation and/or spreading key pro-Kremlin messaging.

It does not necessarily imply however that the outlet concerned is linked to the Kremlin or pro-Kremlin, or that it has intentionally sought to disinform. The Review is a compilation of cases from the East StratCom Task Force's wide network of contributors and therefore cannot be considered an official EU position.

That is, the Disinformation Review draws on information provided by the EU-funded East StratCom Task Force, and is part of the EU's response to what it sees as growing Russian propaganda directed against the European Union and its member states. A recent post on the site delves into another troll factory, but this time in Sweden. It reports on an article originally published by the Swedish daily Eskilstuna Kuriren:

we read that Swedish trolls primarily target journalists; that they develop and use scripts for their telephone conversations; and that the trolls are paid 1,000 SEK (110 EUR [about $110]) when their recorded telephone conversations obtains enough 'likes' in social media. We read that the trolls work with manuals that instruct them to edit the recordings to make them as "entertaining" as possible. We also read that the people behind the troll factory belong to Swedish racist and extreme right wing organisations.

But it's not only extreme right-wing viewpoints that the Swedish Internet troll factory supports:

The agenda of the political movement affiliated with the trolls is, according to the investigation, "xenophobia and Islamophobia", combined with promotion of commentators who "support Russia after the occupation of the Crimea and the Russian-backed civil war in Ukraine".

Despite that intriguing fact, the Swedish newspaper report was unable to establish who was funding the propaganda efforts. However, it does provide some interesting information about what makes a successful Internet troll factory:

Eskilstuna Kuriren ends their piece by asking that question to Jack Werner, co-founder of the popular Swedish fact-checker Viralgranskaren. According to Werner, the organisation is possibly limited in size, but a central part of its strategy is to make itself look very big: "The aim of propaganda is to respond to light so as to make the shadow it casts is as large as possible. If you really want to give the impression that your side is the largest, most dedicated and most passionate, it requires more work, for example, you will need to spend days and nights writing comments in the internet."

The article quotes figures from an earlier investigation into right-wing propaganda sites, which found that just 183 individual writers accounted for 366,291 comments out of a total of half a million, which works out as 2,000 comments per person on average. Perhaps that high volume could be turned against the Internet troll factories.

Since it is very hard for people to write so many comments so quickly without using similar phrases, sites might check new posts against old ones to eliminate those that are likely to be from a few writers churning them out to order. The technology already exists, and is widely used to spot academic plagiarism, for example. Cloud computing platforms would allow this approach to be applied routinely at a reasonable cost, and there would be scope for new third-party services to flag up re-used content across multiple sites. Google's parent company, Alphabet, is already working on software in this area. Maybe the time has come to apply a little more intelligence and computational firepower to tackling the growing threat that intentionally misleading and inflammatory posts by Internet trolls represent not just to online discourse, but far beyond.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: internet trolls, russia, sweden, trolls

Proposed CIA Chief Seems Happy To Spy On Americans, Even If Using Info Hacked By Russians

from the that's...-a-concern dept

Last Friday, the first three of Donald Trump's appointments were up for vote -- with his DOD and DHS nominees sailing through with an easy vote. However, the Senate blocked Mike Pompeo, Trump's nominee for CIA. As we've discussed in the past, Pompeo is not concerned with violating civil liberties. In the past, we've noted that Pompeo put forth a sneaky fake amendment that pretended to defund NSA metadata collection, but which really reinforced it. He's further defended spying on Americans' metadata as the way government is supposed to operate. Oh, and did we mention that he angrily denounced SXSW for daring to have Ed Snowden speak there.

That's all quite concerning. But in opposing Pompeo for the CIA slot, Senator Ron Wyden has raised even more concerns -- including about Pompeo's willingness (or even eagerness) to use information hacked by the Russians to spy on Americans (and not just the Russians, but anyone else as well). That... should be concerning. As Marcy Wheeler explains, there were a long series of questions all leading up to the basic idea that Pompeo has no problem using whatever info is given to him to spy on people domestically, even if it comes from foreign hacking.

Wyden’s persistent concerns in his post-hearing questions pertained to whether and how Pompeo would be willing to cooperate with the Russians. Raising a Pompeo hearing comment that if a foreign partner gave the CIA information on US persons “independently,” “it may be appropriate of CIA to collect [that] information in bulk,” Wyden raised Trump’s encouragement of Russian hacking and asked what circumstances would make foreign collection so improper that CIA should not receive such information. Pompeo responded, “information obtained through such egregious conduct may be appropriate for the CIA to use or disseminate.”

Wyden then listed out a bunch of conditions, such as information coming from an adversary, to disrupt US democracy, information implicating First Amendment protected political activity, or information affecting thousands or millions of Americans. “The listed conditions could all be relevant,” Pompeo responded, remaining non-committal.

The full post-hearing questions can be found at that link, if you'd like to look them over. Meanwhile, Wyden is clearly not at all satisfied with Pompeo's answers, putting out a statement this morning saying:

Rep. Pompeo showed he's perfectly comfortable saying one thing on Monday, and the opposite on Tuesday. But his record reveals extreme positions, including enthusiasm for sweeping new surveillance programs targeting Americans and an openness to sending our country backward with regard to torture. Furthermore, his views on intelligence assessments on Russian interference in our election shifted along with the presidents', raising questions about the nominee’s objectivity.

There's been much made (especially over the weekend) about a potential rift between the CIA and Donald Trump, but no matter what, the CIA has a pretty long history of abuse of its powers in often dangerous ways. A person who has a history of supporting expanded spying on Americans (as a normal thing that government should do), and one who sees no problem using data hacked by foreign adversaries to then spy on Americans, seems like someone who should not be running the CIA right now.

Filed Under: cia, domestic surveillance, metadata, mike pompeo, ron wyden, russia, surveillance

Did The FISA Court Finally Reject The FBI's Advances?

from the too-coy-by-far,-and-with-too-many-unknown-details dept

Somewhere behind the lurid imagery of the unverified intelligence report BuzzFeed dropped on the web earlier this week is a possible story about the FISA court deciding, for once, that a government agency has gone too far. My apologies to those who've made New Year's resolutions to eat better: everything about this should be taken with several grains of salt.

First, there's the intelligence report itself, which has apparently been circulating for a long time before BuzzFeed stepped up and actually published it. The Guardian reports Mother Jones apparently had seen the document as early as last September. The previously anonymous source of the Trump/Russia intel report has now been outed, but to date, the only thing that has truly been confirmed are biases.

The document, however, was considered legitimate enough by John McCain to pass it on to the FBI. It includes -- along with the famous watersports details -- information on alleged contacts with Russia that Trump used to obtain information on political rivals. According to the document, Trump is both reliant on Russian intelligence services for info and a target for blackmail, should it be "needed," thanks to antics on Russian soil detailed in the report's pages.

The FBI has refused to comment on the document, other than to confirm that it has seen it. But there's another detail buried in the Guardian's report that suggests -- again, via several anonymous sources -- that the supposed intel report propelled the FBI to the FISA court to ask permission to spy on Trump's associates. This detail was pulled out of the densely-packed Guardian report by Jason Koebler of Vice.

Here's the passage from the Guardian article:

The Guardian has learned that the FBI applied for a warrant from the foreign intelligence surveillance (Fisa) court over the summer in order to monitor four members of the Trump team suspected of irregular contacts with Russian officials. The Fisa court turned down the application asking FBI counter-intelligence investigators to narrow its focus. According to one report, the FBI was finally granted a warrant in October, but that has not been confirmed, and it is not clear whether any warrant led to a full investigation.

How the Guardian "learned" this is never explained. The "one report" is an article at Heat Street, which also relies heavily on anonymous sources:

Two separate sources with links to the counter-intelligence community have confirmed to Heat Street that the FBI sought, and was granted, a FISA court warrant in October, giving counter-intelligence permission to examine the activities of ‘U.S. persons’ in Donald Trump’s campaign with ties to Russia.

According to Heat Street, this supposed application came on the heels of reports that Trump's private server was in frequent communication with a Russian bank. That story has been debunked thoroughly, but that doesn't necessarily mean the FBI didn't initiate an investigation on the (temporary) strength of these allegations. For it to have headed to the FISA court with a warrant app before the report was debunked seems unlikely, much less to have this one granted, rather than the one it wanted earlier in the summer.

That being said, if the FISA court did turn down the FBI's summer warrant application, it would be an anomaly. As Koebler points out, the FISA court hates being referred to as a "rubber stamp," but it can't really argue with its own track record.

According to the Department of Justice’s official numbers, of the thousands of applications made by the federal government to FISC, none have been denied since 2009. Rarely, the court has asked the government to modify its case. In 2013, the US made 1,588 applications; 34 were modified. In 2014, it made 1,379 applications; 19 were modified. In 2015, it made 1,457 applications; 80 were modified.

It could be that the Guardian story and the Heat Street story are actually referring to the same warrant applications. The FBI could have been asked to modify the order in the summer and had the fixed version approved in October. A BBC article claims it was the same warrant app -- rejected twice -- seeking info on Trump's ties to Russian banks. (Again, this is a firsthand account backed by anonymous sources.)

Their first application, in June, was rejected outright by the judge. They returned with a more narrowly drawn order in July and were rejected again. Finally, before a new judge, the order was granted, on 15 October, three weeks before election day.

The FISA court could still be pitching an application rejection shutout. We won't know more until the 2016 numbers are released by the DOJ and even then, we won't know much. If there's a denial or two on the record, it won't necessarily confirm these reports. And if it was just a demand for modification, the FBI's Trump-related warrant will just be one of the few dozen the FISA court issues every year.

Heat Street, however, claims there were two FBI FISA warrant applications, with the second directly tied to the Russian bank/Trump server story. Whatever the case is, the leaked intelligence report most likely wasn't the basis for the FBI's summer warrant application, as it may not have even been released yet to those who paid to have it compiled: Trump-opposing Republicans and Democrats. If the patrons truly believed everything in the report, you'd think they would have released it prior to the election. Then again, the document may have been shopped for months to sites far more reluctant than BuzzFeed to publish unsourced allegations.

Among all the unverifiables stands the FISA court, which may have withheld its rubber stamp just this once. As Vice's Koebler points out, even if it did, there's no reason to applaud its singular rejection.

[I]f The Guardian and HeatStreet reports are accurate, when the FBI decided to go after the rich, powerful, and politically well-connected, it was met with pushback. If only the rest of us could be so lucky.

Filed Under: donald trump, foia, rejection, russia

What The US Intelligence 'Russia Hacked Our Election' Report Could Have Said... But Didn't

from the why-didn't-it? dept

By now it's quite clear that many in the US intelligence community believe strongly that Russia tried to influence the US election, and part of that included hacks into the DNC's computer systems, a spearphishing attack on Clinton campaign manager John Podesta's emails and some exploratory surveillance hacking into the computer systems of state election systems (but not into the voting machines themselves). The US intelligence services said it back in October. And they said it again last month. And, they said it again on Friday with the release of an unclassified "incident attribution" report.

Because the debate over this issue has gotten quite silly in some places -- and ridiculously political as well -- let's start with a few basic points: It is absolutely entirely possible that the Russians hacked into all these systems and that it was trying (and perhaps succeeding?) to influence the election. Nothing in what I'm saying here is suggesting that's not true. What I am concerned about is the evidence that's presented to support that claim -- mainly because I think we should all be terrified when we escalate situations based on secret info where the government just tells us to "trust us, we know." And, yes, governments (including the US) have done this going back throughout history. That doesn't make it right.

But here's the thing: there actually is some pretty good evidence that Russia was behind the hack. But here's the crazy thing: that evidence is not in this report, but presented elsewhere. If you keep reading below, I'll point out an example of some pretty compelling evidence that Russia was behind the hack -- and it's the kind of evidence that the US intelligence community could have easily provided, but did not.

And that's where the problems lie. Because very little in this new report provides any evidence at all of Russia doing anything. It certainly goes deep into the motivations for why Russia might want to influence our election. It's also not surprising that Russia might have the ability and expertise to do these things. But it would be nice to see actual evidence. As Lovenzo Franceschi-Bicchierai at Motherboard notes, there's really very little in the new report that we didn't know already:

But this report adds nothing we didn’t already know from public information. The only significant statement is that, yes, American spies are convinced Russian President Vladimir Putin himself directed the hacking and influence campaign—something they already stated in early October.

Marcy Wheeler similarly notes that there's plenty of work on motives, but little on evidence:

What we see of it is uneven. I think the report is strongest on Russia’s motive for tampering with the election, even if the report doesn’t provide evidence. I think there are many weaknesses in the report’s discussion of media. That raises concerns that the material on the actual hack — which we don’t get in any detail at all — is as weak as the media section.

The "media" section is actually pretty ridiculous. It basically notes that RT, the American-targeted TV station owned by the Russian government, has a history of pushing Russian-approved propaganda. Well, sure.

And just one more pointer on this. Former CIA analyst Patrick Eddington also has a really thorough analysis of the report and comes to basically the same conclusions:

While the report provides new and important details on the multifaceted Russian operation, its failure to include declassified primary source data for key claims ensures the controversy has not been put to rest.

So, what kind of evidence could the intel community have provided? Well, Matt Tait, who used to work at the UK's GCHQ, and who now tweets at @pwnallthethings gave a pretty damn good example of digging down into publicly available data to present quite compelling evidence that Russian interests were behind, at the very least, the hack of John Podesta's emails. This is not 100% conclusive, certainly, but it's a hell of a lot more compelling than anything released by the US government: See? That's pretty damn compelling. Perhaps it's not conclusive, but it's a very, very strong argument for why the hack came from Russia. And it's a hell of a lot more compelling that what the US government put out.

I've seen lots of people arguing that the intelligence community couldn't reveal more details because it would "burn sources and methods" that were used to determine the attribution of the hacks -- but Matt Tait did figure all that out with public information (ironically, some of it revealed via Wikileaks). Now, perhaps the intelligence community that hates Wikileaks doesn't want to use that as a "source" in its report. Or perhaps it's something else. And, yes, it makes sense that the intelligence community should not burn sources and methods to reveal stuff like this. But there are ways to present compelling details without compromising those things. But, of course, this is the US intelligence community we're talking about, and they're generally not fans of revealing anything at all. So I'm sure even the details in this report were like pulling teeth. And that's dumb.

Again, more and more of what happens in the world is going to happen via computer systems and networks. And we're not always going to know. But it's a serious problem when governments are escalating situations and making angry posturing moves against one another based on totally secret information where the best we're being told by the government is "trust us." Especially when that very same government has a long history of not being so trustworthy.

Filed Under: election, evidence, hacking, matt tait, russia, us intelligence

Potential New FCC Boss Blames Obama For The Washington Post's Botched Russian Utility Hacking Story

from the finger-pointin' dept

We've noted how one of Trump's top telecom advisors is Jeffrey Eisenach, a long-time Verizon consultant and aggressive opponent of net neutrality. Eisenach's one of three Trump advisors who have made it clear their top priority in the new administration will be to not only gut net neutrality, but to defang and defund the FCC as a consumer watchdog on telecom issues. Eisenach isn't just an advisor, he's also on the shortlist to be the next head of an agency he doesn't believe in.

But when Eisenach isn't busy dreaming about dismantling net neutrality, he can apparently be found writing logically incoherent op-eds over at the Wall Street Journal. In a strange little tirade posted on January 3, Eisenach quite correctly ridicules the Washington Post's recent false claim that Russians were busy hacking U.S. utilities. In short, a piece of common malware was found on one PC, and because the Washington Post couldn't be bothered to even call the company in question, the paper created a bogus narrative, based entirely on anonymous sources, that casually pushed the country closer to war.

Yeah, no biggie.

Eisenach starts off well enough, quite correctly illustrating the depth of the Washington Post's failure on the story, and how the malware was arguably run of the mill, and certainly not directly tied to the government:

"The kind of malware involved in these two intrusions is neither new nor particularly sophisticated. It is run-of-the-mill spyware that has probably been implanted on thousands of networks around the world, from home computers to those inside banks, power companies and government agencies. These bugs are freely available online, and the code found at the Democratic National Committee and the power company isn’t even the latest version. The notion that such a mundane piece of software reveals a new and ominous threat to critical infrastructure is laughable."

All true. But Eisenach's piece then takes a strange turn, in that it somehow tries to blame the Washington Post's awful reporting on... the outgoing President:

"Misleading the American people to advance a political narrative has been a hallmark of President Obama’s foreign policy. The most recent example is the administration’s attempt to conflate the hacking of the Democratic Party with potential cyberattacks on critical infrastructure...Cyberthreats pose a clear danger to national security, and building an effective defense will take a concerted effort by the Trump administration. Americans are right to be concerned. But by playing on those fears, the Obama administration is putting politics ahead of the national interest."

While the Washington Post was once again happy to quote all manner of anonymous, pearl-clutching intelligence sector insiders for its story (a bipartisan disorder for sure), Obama wasn't among them. Nor is there any indication that the Obama administration actively encouraged the Washington Post to trip over its own shoelaces and perform an epic, journalistic face-plant. Obama certainly has been no saint on cybersecurity, but to blame him for the Washington Post's dysfunction is more than a little strange, especially when the entire point of your article is to lament the senseless politicization of cybersecurity.

Someone might want to notify Eisenach that as a top advisor and potential new FCC boss, he's now the one in a position of power. If your goal is to demonstrate that partisan patty cake should be nowhere near technology and cybersecurity policy, why not demonstrate that with your actions -- instead of penning editorials that completely undermine the entire point you're trying to make?

Filed Under: cybersecurity, donald trump, fake news, fcc, hacking, jeffrey eisenach, president obama, reporting, russia

Putin's Adviser Says Russia Must Be Ready To Disconnect Itself From The Global Internet

from the death-of-"death-of-geography" dept

Back in November, we wrote about Russia's surprising move to enforce an older data localization law that requires all Internet companies to store the personal data of Russian citizens on Russian soil. At the time, that seemed to be just another example of Vladimir Putin's desire to keep a close eye on everything that was happening in Russia. But a comment from his Internet adviser, German Klimenko, hints that there could be another motive: to make it easier for Russia to cut itself off from the global Internet during a crisis, as The Washington Post reports:

Klimenko pointed out that Western powers had cut Crimea off from Google and Microsoft services after the peninsula was annexed from Ukraine by Russia (the companies were complying with U.S. sanctions on Crimea imposed after Russia's takeover). He suggested that showed why it was necessary for the Russian Internet to work on its own.

"There is a high probability of 'tectonic shifts' in our relations with the West," said Klimenko. "Therefore, our task is to adjust the Russian segment of the Internet to protect themselves from such scenarios." He added that "critical infrastructure" should be on Russian territory, "so no one could turn it off."

Klimenko's comments were made before the US announced its response to claims of Russian interference in the presidential election process. His analysis of "tectonic shifts" in US-Russia relations now looks rather prescient, although US threats to hack back made it a relatively easy prediction. And even though his call for Russia to ensure its critical infrastructure cannot be "turned off" by anyone -- in particular by the US -- may be grandstanding to a certain extent, it is not infeasible.

The Chinese have consciously made their own segment of the Internet quite independent, with strict controls on how data enters or leaves the country. Techdirt reported earlier that Russia was increasingly looking to China for both inspiration and technological assistance; maybe Klimenko's comments are another sign of an alignment between the two countries in the digital realm.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: censorship, fragmentation, great wall, internet, localization, russia

Washington Post Falsely Claims Russia Hacked Vermont Utility, Because OMG RUSSIANS!

from the show-your-math dept

When a mainstream press that isn't always good at what it does meets technology it doesn't understand, the end result is often frustrating, if not comedic. Hacking is certainly no exception, given it's a realm where perpetrators are difficult to identify, hard proof is often impossible to come by, and hackers worth their salt either leave false footprints -- or no footprints at all. Throw in a press that's incapable of identifying and avoiding its own nationalism, and often all-too-gullible to intelligence industry influence, and you've got a fairly solid recipe for dysfunction when it comes to hacking-related news coverage.

Some of the resulting coverage has been highly entertaining -- such as CNN using a screen shot from the popular game Fallout 4 in a story about hacking and hoping nobody would notice. Other examples have been decidedly more troubling, such as the Washington Post's epic face plant over the holiday break.

Last Saturday the Post ran a story claiming that Russia was responsible for the hacking of Burlington Electric, a Vermont utility. According to the original Washington Post story, government sources claimed that code "associated with the Russian hacking operation dubbed Grizzly Steppe" was detected at the utility. The story was stuffed to the gills with all manner of pearl-clutching and outrage among politicians convinced Putin was actively trying to bring down the grid:

“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” Shumlin said in a statement. “This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling."

Unsurprisingly, the story quickly gained traction in the media, with numerous reports pouring gasoline on the idea that Russia has escalated its cyber offensives to include targeting sensitive American infrastructure. Many broadly speculated that other utilities had been compromised and that we were at the brink of war.And while it's true that the power grid is vulnerable to hackers (increasingly so courtesy of the internet-of-not-so-smart things), it turns out that Putin had nothing to do with the particular "attack" on the Vermont utility. In fact, in a follow up story and corrections made to the original report, the Post ultimately had to acknowledge that the malware in question was only found on one laptop, had nothing to do with the Russian government, and was never actually in contact with the grid itself:

"An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party. Officials told the company that traffic with this particular address is found elsewhere in the country and is not unique to Burlington Electric, suggesting the company wasn’t being targeted by the Russians. Indeed, officials say it is possible that the traffic is benign, since this particular IP address is not always connected to malicious activity."

That's obviously a pretty far cry from the hysteria bouncing around the news wires as the new year arrived. Thanks, again, to news outlets that are all too eager to take the breathless claims of a few anonymous officials as gospel without doing the heavy lifting required to first ensure the information is useful, or accurate. As it turns out, the Post hadn't even bothered to contact Burlington Electric, which was forced to issue its own statement to the Burlington Free Press clarifying what happened, and making it clear the laptop was never in contact with any electrical system.

All told, Burlington Electric had simply received a notification from Homeland Security sent to all utilities warning them to keep an eye out for particular malware. The company only found the malware and laptop in question after doing a scan off all of the company's systems. And as it turns out, the "Russian malware" in question could have simply been made by a Russian and purchased by anybody. Needless to say, the Washington Post then spent the lion's share of the next few days editing the story, changing the headline repeatedly, and walking back the story's claims.

But most of the stories regurgitating the Post's original claims were never updated or corrected.

Reporting on hacking isn't easy. Disinformation is everywhere, and many outlets continue to illustrate they're easily manipulated, thanks to a nationalism bias they're somehow still unaware of. But the Washington Post simply failed to do even the basics, inflaming notable tensions between two giant countries because it couldn't bother to pick up the phone. Yes, Russia hacks us (and uses propaganda against us and other countries) constantly. The United States does the same. Proof of either is often impossible to come by, but that still doesn't mean it's not required before jumping to conclusions.

As tensions rise facts matter more than ever, and sloppy reporting only fuels those quite intentionally looking to take these often-dangerous and idiotic cyber-offensive policies to an entirely new level.

Filed Under: electrical grid, hacking, journalism, russia, russians, technology, vermont
Companies: burlington electric, washington post

Whether Or Not You Believe Russia Interfered In The Election, We Should All Be Worried About Escalation Based On Secret Info

from the be-concerned dept

So, we just wrote about Obama administration's tepid response to claims that Russians "interfered" with the Presidential election. In that post, we noted our concerns about the fact that we seem to be escalating a situation based on claims where we're not allowed to see any of the actual evidence. I've seen a bunch of people arguing that anyone who won't automatically accept that Russia interfered in the election should be dubbed either Putin supporters or, at the very least, "useful idiots" but we should be very, very careful about where this leads. I certainly think that there's a tremendous possibility that Russian forces did intend to interfere with our election, but I'd certainly like to see some actual evidence -- and the "evidence" provided so far shows no such thing.

And this should scare you. Not because it means that anyone is lying, but because it's setting the stage for very dangerous things. If we're setting the precedent that the US government can escalate situations based on purely secret knowledge, what's to stop them from doing so over and over again? Put another way: for those who dislike Trump, but are happy about the White House calling out and sanctioning Russia, how will you feel when President Trump makes similar claims about some other country (perhaps one blocking a new Trump hotel?), and proceeds to issue US government sanctions on that country -- but without releasing any actual evidence of wrongdoing beyond "government agencies say they did bad things." Won't that be concerning too?

Matt Taibbi, over at Rolling Stone, has an excellent article comparing this to when we started the war in Iraq -- noting the similarities, in that the government (and the press) kept insisting that because certain government agencies said something ("Iraq has WMDs"), it must be true:

This dramatic story puts the news media in a jackpot. Absent independent verification, reporters will have to rely upon the secret assessments of intelligence agencies to cover the story at all.

Many reporters I know are quietly freaking out about having to go through that again. We all remember the WMD fiasco.

And, as he later notes:

The problem with this story is that, like the Iraq-WMD mess, it takes place in the middle of a highly politicized environment during which the motives of all the relevant actors are suspect. Nothing quite adds up.

If the American security agencies had smoking-gun evidence that the Russians had an organized campaign to derail the U.S. presidential election and deliver the White House to Trump, then expelling a few dozen diplomats after the election seems like an oddly weak and ill-timed response. Voices in both parties are saying this now.

And this is a big part of the problem. Because none of the evidence is public, beyond just statements of attribution, we're left with no way to know what are actually reasonable responses. There's a big spectrum of possibilities that might be described as "Russian interference" from merely helping some independent hackers release information (as some have charged) to using actual intelligence agencies to run a serious hacking operation (as others have charged), all the way up to actively tampering in voting systems (which some in the public now claim, but which no official has suggested actually happened).

The problem isn't so much a question of whether or not the Russians did something. Maybe they did. It certainly wouldn't surprise me at all if they did. At the very least, Russian officials seem to be laughing at everything going on now. The real issue is the danger of having the force and power of the US government responding to "actions" by stating things as true, without providing any evidence to back it up. In that space, a lot of mischief can and will occur. Looking back at the invasion of Iraq based on faulty reports is just one example. We should be learning from that lesson, not repeating it.

Filed Under: escalation, hacking, president obama, president trump, russia, secrecy, secrets, white house

White House Kicks Russian Diplomats Out Of The Country, Releases Preliminary Report On Russian Hacking With More To Come

from the escalation-time dept

As was widely expected, the White House officially announced its response to claims of Russian interference in our election process, and the "response" is basically kicking 35 Russian diplomats out of the country. Russia admittedly suggested it will do the same. The announcement also includes adding some entities to the official list of "Specially Designated Nationals and Blocked Persons." Somewhat incredibly, now added to that list is the FSB, which is the modern incarnation of the KGB. What's incredible about this was that it took until now for this to happen. With this, the administration also issued an executive order expanding on a previous executive order from last year, enabling it to take these actions.

Somewhat ridiculously, the new executive order just shows the full new order, and doesn't call out what changes were made from the original. So I went through and did a diff on the two executive orders myself. The first major change is an additional first line of who can be sanctioned. While the original had a description of what types of people could be sanctioned for cybersecurity violations, that same sanction has been bumped down to the 2nd item, and the new first item is:

the persons listed in the Annex to this order

Hmmm. That feels unfortunately close to an "enemies list."

The second major change is the addition of this action which can get you sanctioned to a long list of reasons:

tampering with, altering, or causing a misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions;

Yup. Remember, we noted already that interfering with "election systems" was not previously listed as a sanctionable offense. Now it is. That was to be expected.

Along with this report, Homeland Security and the FBI also (finally) released something of a "Joint Analysis Report" about the alleged Russian interference. The only major revelation in there is that the US government is referring to this hacking program as "GRIZZLY STEPPE."

This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE.

Previous JARs have not attributed malicious cyber activity to specific countries or threat actors. However, public attribution of these activities to RIS is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities. This determination expands upon the Joint Statement released October 7, 2016, from the Department of Homeland Security and the Director of National Intelligence on Election Security.

This activity by RIS is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens. These cyber operations have included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information. In foreign countries, RIS actors conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks. In some cases, RIS actors masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack. This JAR provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. Government.

Other than that, the report really doesn't tell us much more than was already reported in the past by various cybersecurity outfits, about the supposed infiltration by two hacking groups -- called APT28 and APT29 (APT: Advanced Persistent Threat) that people say are connected to the Russian government. There is a nifty graphic, though: The report also posts the YARA signature of the malware that was used (and encourage security folks to check for matching YARA signatures on their systems), and highlights (as was already known) that most of the "hacking" involved spearphishing (directly targeting individuals and tricking them into giving up passwords, with fake password reset requests).

The report does not add much to prove that it was actually the Russians behind this, though everyone insists that's now the consensus view. The NY Times notes that "a more detailed report on the intelligence... will be published in the next three weeks," which certainly could reveal more details. But... of course... "much of the detail -- especially evidence collected from "implants" in Russian computer systems, tapped conversations and spies — is expected to remain classified." In other words, for those who are still skeptical that it was Russia, don't expect them to be convinced by any of this.

Meanwhile, Donald Trump, when asked about all of this managed to toss off his typical word salad of nothingness:

“I think we ought to get on with our lives. I think that computers have complicated lives very greatly. The whole age of computer has made it where nobody knows exactly what is going on. We have speed, we have a lot of other things, but I’m not sure we have the kind, the security we need.”

Yes, it's true that attribution in online security is difficult, but most of that statement is completely ridiculous.

And, of course, this is all kinds of a mess. You have claims of attacks that no one wants to back up with actual details, for fear that it will reveal too much about sources and methods. You have escalation of "diplomatic responses" to counter this attack that everyone tells us was done by the Russians. You have an incoming President who basically said "how do I even computer." None of this is good, and none of it should be okay from no matter where you sit. If we're going to get into a fight with Russia, it would be nice if we had more evidence that "hey, someone broke into the email systems of political parties -- because those organizations are bad at security." But that doesn't seem likely to happen.

Instead, we're left with this weird game where we're constantly being told "trust us" by one side and "computers confusing" by the other. That's not comforting.

Filed Under: cybersecurity, diplomats, election, russia, sanctions, white house