They're also happy to support the idea of the US government sending lethal arms to the right-wing government in Kiev, Ukraine, which uses neo-Nazi militia groups like the Azov Battalion in their fight with the pro-Russian Ukrainians in Donbass.
The ISPs and other Internet infrastructure are happy to be considered "public utilities" when they want to get out from under being held responsible for content - but when it's content they don't like - or are afraid will lose them business - then they want to censor the content.
Hypocrites. A pox on all their houses - including the Nazis.
The Forensicator's point has been misinterpreted by a lot of people, including the VIPS.
His point is not that you can't find high speed Internet. Indeed, 17 percent of the US population have access to Gigabit Ethernet to the home and business. Other countries, as noted including Romania, have higher speeds available. And you can also use 802.11n wireless to get the reported speeds.
His point is that the speed cited - 23-28Mbps - is consistent with USB 2.0 flash drive speeds. And the date/time stamps, although capable of being modified, pretty well establish for logical reasons that the files were downloaded on the East Coast.
What that does is make the Guccifer 2.0 narrative of hacking across the Atlantic from Romania come under serious question.
You really need to read all The Forensicator's articles and updates to get the full picture. Don't rely on The Nation article alone.
The evidence does not prove that a DNC hack did not take place. It has, however, good circumstantial evidence that the story peddled by CrowdStrike/threatConnect/the government and Guccifer 2.0 is simply wrong.
And that doesn't even address Sy Hersh's revelation that the FBI has a report that explicitly states that Seth Rich was in contact with Wikileaks and offered them DNC documents in exchange for money, and that Wikileaks had access to Rich's DropBox account. We will know more once Hersh finishes his "long form journalism" piece on the entire event. Hersh explicitly said that the entire Russiagate/DNC hack story was a disinformation campaign run by John Brennan at CIA.
How long before Clapper and his ilk declare Putin did this to steal voter records? 5...4...3...2...
There is as yet ZERO evidence establishing that the Russian government has done ANYTHING with regard to the US election.
The ONLY "evidence" of ANY kind was that provided by CrowdStrike re the DNC leaks - and that was utter crap, thoroughly debunked as proving nothing by a company whose head is an Atlantic Council member with close ties to Ukraine.
1) This person, Reality Winner, apparently had access to documents outside her area of expertise. Even after Snowden, are we to believe that the NSA STILL does not support "role authentication" and "need to know"?
2) She printed ONE document which just HAPPENS to support the government's "RussiaGate" accusations against Russia (and by extension, Trump.)
3) She printed this document on her work printer and from her workstation, despite the NSA monitoring their employees after Snowden. She postmarked the envelope from her actual location. She exhibited absolutely NO tradecraft or sttempt to disguise her culpability.
4) Said document provides no actual evidence for its assertions. It's an "assessment", much like the "assessments" previously produced by the intelligence community, which also provided ZERO evidence to prove Russia did anything. There ARE NO "methods and sources" revealed.
5) Unlike most cases of leaks, the NSA was quick to confirm this document as genuine and has completely promoted this document publicly and in the legal affidavits files released publicly.
I believe this is a set-up: that this person is in fact a controlled patsy who is performing as a "reverse Snowdon" to release a document which the NSA would like to use to convince the public of its "RussiaGate" charges against Russia and Trump.
What is disturbing is that The Intercept apparently told investigators the postmark on the envelope which, along with the printer forensic examination, led to the arrest of their source. The Intercept appears to have no concern whatsoever about this lapse in their own OPSEC on behalf of their source.
What is Glenn Greenwald or Jeremy Scahill have to say about this behavior?
Evidence – much better evidence than has been produced so far – is building that any hacks – as opposed to leaks – that were done to the DNC were likely done by Ukrainian hackers as a false flag to get Russia blamed for them.
I had been suspicious of the Russian theory due to Jeffrey Carr’s articles on Medium (Google for them, they are vital to understanding the issues) which debunk most of the evidence. I wondered why it was that the equally logical possibility that Ukrainian hackers might have done the hacks as a false flag operation to frame Russian for them was being ignored completely.
I noted that the “evidence” that the compile times for the malware were allegedly during “Russian business hours.” If you look at the time zone maps, you’ll see Moscow is just one hour ahead of Kiev, Ukraine. So that “evidence” was meaningless.
Secondly, I read an article by WordFence, a company which does WordPress blog security, that the PHP malware used was provably Ukrainian and open source, i.e., available to anyone aware of it. There is nothing “Russian” about it.
Then I found the above articles which pretty clearly show connect the dots evidence that the head of CrowdStrike, the company that the FBI RELIED ON for the “evidence”, is run by an anti-Russian Russian ex-pat who has DIRECT connections to Ukrainian ultra-nationalists who are DIRECTLY connected to the Democratic National Committee and who themselves have DIRECT connections to apparently competent Ukrainian hackers. I mean these articles lay it out in chapter and verse based on publicly available data.
I now believe that it is entirely possible that the entire DNC “hack” accusation is a false flag operation organized by Ukrainian individuals, with or without Ukrainian state help, and with or without the knowledge of the Clinton campaign, for the purpose of further ruining US relations with Russia.
The DNC documents themselves were likely “leaked”, not “hacked”. But hacks were done solely for the purpose of getting Russia blamed for them.
This is potentially a HUGE story. If the head of rowdStrike - and possibly members of the DNC itself or the Clinton campaign organization - were knowingly in league with Ukraine ultranationalists who in turn were in contact with competent Ukraine hackers in a false flag attempt to increase the bad relations between the US and Russia for their own political reasons, this would be a massive conspiracy which would put egg on the faces of everyone involved, including the entire US intelligence apparatus, the mainstream media and many other people. The entire Russia-bashing industry would be called into question.
I suspect that what happened is as follows:
1) The DNC and the Clinton campaign decided to tar Trump with the "Russian agent" meme.
2) At some point the DNC and the Clinton campaign became aware that there were one or more serious leaks of information from the DNC - leaks, not hacks.
3) At this point the DNC and the Clinton campaign decided to fake a Russian hacking effort in order to 1) cover the leaks, and 2) use it to continue to tar Trump as a "Russian agent."
4) In order to make a believable case, they contacted some ultranationalist Ukrainians who were involved in the election and who had contact with some reasonable competent anti-Russian Ukrainian hacker collectives. These collectives faked a Russian hack of the DNC.
5) They then called in CrowdStrike, which was already on the DNC/Clinton payroll, a company headed by an anti-Putin Russian ex-pat who would be ready to "validate" the "Russian hack" by accepting flimsy circumstantial and spoofable "evidence" as sufficient for attribution.
6) Then they refused to allow the FBI to use their own infosec forensic experts to inspect the evidence, relying on CrowdStrike officer Shawn Henry's background as a former FBI Assistant Director to deflect the FBI into accepting CrowdStrike's "investigation" as adequate.
The latter fact pretty much makes clear that the DNC and the Clinton campaign knowingly colluded with Ukrainian nationalists to influence the election.
So far from the situation being "Russia influenced the election for Trump", it looks like "Ukrainians influenced the election for Clinton."
This may all sound like "conspiracy theory". There is of course no proof to date of any of this. But the circumstances are just as likely as the theory that Russia decided to "influence the election" by hacking the DNC using the most incompetent hackers and poorest OPSEC they could produce, leaving a trail pointing directly at them.
The one thing we can know is that in intelligence and hacking operations, Occam's Razor - the notion that the simplest solution is usually correct - does not apply. There is too much obfuscation, misdirection and manipulation involved in such operations.
The theory that someone has conducted a false flag operation to frame Russia for hacks is at least as credible as the idea that Russia would attempt to influence the election by randomly hacking the DNC. The latter really makes no sense, given the probability that whatever hacks Russia could do would be less influential on the election than the actions of the candidates themselves - which the Russians would know. And the Russians would also know that if caught, there could be serious repercussions in relations with the US - which means not using incompetent third-party hacker groups who leave trails and use outdated malware.
Some investigative journalists need to follow up on the articles cited above and see where they lead. If this theory is proven, it will be Pulitzer Prize for someone - and major egg for the US intelligence community, the mainstream media, and the infosec community.
LS: I have a couple of questions regarding the use of legendary software PROMIS [Prosecutor's Management Information System], which was developed by my friend William A Hamilton, the founder of the US information technology company Inslaw Inc, and he was also a programer for NSA. Do you know anything about NSA's use of unauthorized copyright infringing copies of Inslaw's PROMIS software for at least 25 years as the software it sold to banks in support of its "follow the money" SIGINT mission?
TD: I don't have any specific knowledge of it. I am certainly aware of the program. I was not part of it. I have heard about it and am aware, had become aware of it over the years, and ... I've had people who've had the history of that program who have actually contacted me over the last couple of years. Unfortunately, it is an example - though I don't have, I can't validate or verify it - not any of the allegations or assertions, any of the history that's been revealed and disclosed regarding PROMIS, none of it surprises me and here's why. It's unfortunate but it is, and I had the direct experience at NSA that NSA would either abscond with or would cast aside really powerful technology and then use it for their own purposes.
LS: Understood, but I would like to ask you, nevertheless one more question related to this. This would be, once NSA controlled the software used by banks to process wire transfers or money and letters of credit it could in theory add, delete and/or modify the amounts of funds in accounts because the funds are just data like any other kind of data. Have you ever heard that NSA or other intelligence agency exploited the banks surveillance version of PROMIS towards such an end?
TD: I've certainly heard of it, I just don't have any proof nor can I verify or validate, but I will tell you one of the aspects that has not been fully disclosed although I blew the whistle on it early on when I, within the system, had gone to key people within the government particularly congressional intelligence committees regarding Stellar Wind. One of the things that Stellar Wind did was actually without, again, without warrants, was gain direct access to financial transaction information at the bank level, credit card level, and this is extraordinary - these secret agreements were put into place regarding the flow of money.
This is shrouded in all kinds of secrecy ... but I was well aware what would that mean if there were those within the system who chose to abuse it, you know far beyond the purpose of tracking money laundering and things of that nature because this is all hidden; ... the life blood of any economy is the money, the money flows, the money deposits, the investments. I can't speak specifically to the allegations or assertions that you mentioned, but I can tell you that I would not be surprised at all that it was used in that manner given my knowledge of other abuses of information and systems that people in secret would use or have access to.
The Iranian presidency is not a "token" position. He has real influence over domestic policy such as the economy in Iran. He just has little influence over foreign policy and national security.
The odds of Iran having a "second revolution", certainly one that is more secular, are next to nil. The majority of Iranians believe in their system of government, even if they aren't totally happy with some of the excesses.
Compared to US "allies" in the region such as Saudi Arabia and Qatar, which are true monarchical dictatorships, Iran is almost a model democracy. They have a higher voting turnout than the US does. Although the candidates are vetted by the cleric council, I'm not sure that's worse than US candidates being vetted by a corrupt national party leadership angling for corporate contributions.
And before anyone raises the point about the 2009 elections, there is ZERO evidence of vote fraud in that election. Google for Eric Brill's report on that.
follow the Leveretts' site www.goingtotehran.com which covers US foreign policy and media mistakes on Iran.
Much of what you read about Iran in the US mainstream media is about as accurate as what you're reading about Snowden.
The main thing to understand is that Iran absolutely does not have a nuclear weapons program and has zero interest in ever having one. Everything you hear from Obama and the MSM on that is a total lie.
I think this is a good policy. The small amount of time the end users spend checking personal email on their personal devices is a small price to pay for removing a large section of vulnerability from the network.
In addition, while phishing may have dropped 15 percent for some sectors, it's risen for others as the link posted shows. Phishing remains one of the best ways for hackers to breach a network.
Suggesting that PEBCAC is the reason doesn't help. PEBCAC doesn't go away without major training. Worse, hackers with proper reconnaissance can craft an email that NO ONE would refuse to click on because it would look exactly like something they should click on. That's true whether the email comes in as company business or as personal business.
So removing one entire source of such phishing efforts is worth a small price in efficiency.
Personally, I think companies should follow CIA policy: two computers on each desk, one classified, one unclassified. The classified one runs on the main business network, the unclassified one runs on an entirely different network. And never the twain shall meet except via a specific protocol for transferring vetted data from one to the other. This goes beyond just having a firewall and a DMZ.
"We would shut down our business before co-operating with such an order and any VPN serious about privacy would do the same."
Frankly, I call BS. I'll believe that statement when I see it happen. No one who has invested significant funds in a business or worse owes investors is going to shut down that business over a court order even if that order contradicts the very basis of the business.
"So unless law enforcement were to arrest the VPN owners on the spot, and recover their keys and password before they could react"
Which is exactly what they can do. You've obviously never been raided by the Secret Service or the FBI. They will kick your door down, point a 9mm firearm in your face, and tell you to stand still. And you will.
Anyone using a commercial VPN to conduct illegal business - without further methods for obfuscating their identity - is an idiot. Anyone using a commercial VPN to protect their privacy should realize that even if THEY are not subject to a government authorized raid, someone else on that server may be. And when that happens, their privacy is over.
I have a meme about security which goes like this:
You can haz better security, you can haz worse security. But you cannot haz "security". There is no security, Deal.
The same applies to privacy. A VPN is merely a tool. Relying on any one tool to provide security or privacy is a fool's game.
One analysis I saw - as opposed to all the Iran-bashing ones - actually made sense.
It indicated that based on the design the plane probably isn't intended to be "stealth" or even much of a high-altitude fighter. It's probably intended to be an "anti-helicopter" plane. This is because the US Navy will be using anti-submarine and anti-small boat helicopters to prevent Iran from laying mines in the Persian Gulf in the event of a war. Having a small jet that could fly flow, be hard to detect or maneuver against by regular fighter hets, and make mince-meat of helicopters would be a strategic asset.
Personally I doubt they would survive long against US air superiority once achieved, but the concept makes sense.
Most of the Iran-bashing articles just don't get that this was a mockup, not an actual plane. Wait until a test unit rolls off the assembly line to decide whether it will fly or not.
Meanwhile, keep this in mind: There is ZERO evidence that Iran has ANY interest whatsoever in nuclear weapons. ALL the real evidence - and logic - points the other way. ALL the ALLEGED evidence has been debunked by one expert or journalist or another. The notion that Iran is pursuing nuclear weapons is PRECISELY the same BS that Iraq was pursuing "WMDs" - and for the same reasons.
First, any "cyber" anything done by one nation state to another is going to be either "cyber-espionage" or "cyber-sabotage".
Second, no nation state is going to attack the US with "cyber-anything" that causes loss of life or even short or long term critical infrastructure damage because that would result in an immediate or subsequent military strike by the US at that nation state, by definition. The US would not respond over the Internet - that's ridiculous on the face of it.
The same applies to every other nation - except those with no credible ability to threaten the US, such as Iran. Which is why Iran is not engaging in any cyber attacks on the US, despite the US media spin of various incidents. Iran can't afford to because the US is just itching for a war with Iran and Iran can't afford to provoke one.
Which means "cyberwar" is in fact merely a "cyber" dimension to an actual physical war. Which means absent that physical war, there will be no "cyberwar."
Which means for the most part that any "cyber" conflict is going to be relegated to espionage - or in the case of things like Stuxnet, sabotage from one major power to a much weaker power who can't effectively respond due to the threat of actual physical military attack.
All the hype about China's "cyber-threat" is also irrelevant because all China's hackers are doing is stealing corporate intellectual property in an attempt to "level the playing field" in economic terms. Which frankly I think is just fine, given how long China was kept down by Western interests. Paying the West back for the Brits pushing opium seems reasonable to me.
Not to mention that anyone who thinks the US isn't engaged in large-scale industrial espionage against other countries, as well as the European Union, is just naive. Further not to mention that the US uses its military and economic power as a bludgeon on most of the nations of the world and has done so for the last hundred years, a history which is far worse than any "cyber-spying" of industrial processes.
Back in the mid-80's, I was employed by an IBM Series 1 VAR (Value-Added Reseller). They were planning to become an IBM PC VAR, so they sent me to IBM PC Repair school (a week-long course on basic PC repair.) There I was told that PC repair was a profit center for any VAR.
So clearly Toshiba is greedier than those companies who release their manuals as they don't want independent PC techs and repair shops fixing their computers when their authorized dealers and the main company itself can profit from repair revenue.
I've noticed that Toshiba machines tend to be more expensive than others and with less support for some time. I'd never recommend a Toshiba laptop to a client. Go for Acer or Asus or Lenovo or Dell.
Their statement claimed a "significant match" with the stolen UIDs, and then the quote above says "100 percent certainty".
Frankly, I'm not convinced. It could be that they merely have the same UIDs that the hackers stole. They also aren't very forthcoming as to how or when the data was stolen (if they even know).
However, the hackers who claimed the FBI was involved should provide more proof of their claims at this point. Otherwise the impact of their release does nothing but damage their credibility given this company's claims.
They want power. You get power for hoovering up everything, regardless of whether you can use it to track "terrorists".
Enough info will be retrievable and useful for the real purposes of such information gathering, i.e., spying on "threats" such as libertarians, anarchists, or anyone who simply doesn't like the way the government is run by corrupt politicians.
It's also useful for spying on the people who are supposed to do "oversight" on the NSA.
Anyone with any knowledge of intelligence agencies in any century knows that collecting masses of ostensibly useless information is a basic cornerstone of such agencies. The Russians did it in the 19th century, the Nazis did it in the 20th century, and the US has been doing it over the same time span. So does every other intelligence agency in every other country. The US is just better at it because it can throw more taxpayer money at it - money from the people being spied on.
The US taxpayers no longer control the US government - if they ever did. They can't stop the US government from starting wars, they can't stop the gov from spying on them, they can't stop the gov for arresting them for no reason and throwing them in a mental institution like that Marine.
Face it - it's over. You're living in 1984 and have been since well before 1984. And there's nothing the taxpayer can do about it because he's too gutless to take up a gun.
Like most rich foundations, the purpose of it is to provide influence and control, not charity.
If you look at the Foundation's Web site, you'll see that all these "huge" donations to charities are spread out OVER TEN YEARS or more! The actual amount of money doled out in a given year is a minute fraction of the Foundation's assets.
In addition, given the assets of the Foundation, I recall the US government nearly removed its status as a charitable foundation because so LITTLE percentage of its assets were being expended on actual charitable work.
The Gates Foundation is a stock-laundering scam. Gates can't sell large amounts of his Microsoft stock all at once because of SEC rules on major corporate shareholders. So he creates a foundation - run by his father - that he can donate the stock to. Then the foundation uses the value of that stock to invest in other corporations Gates wants to influence.
It's a standard scam for the uber-rich, nothing more. While obviously a certain number of people and charities get some decent assistance, the "philanthropic" motivation is just a PR scam.
"appeared to involve a US Attorney leaving out key information, making blatantly false insinuations about other facts, and in some cases, what appears to just be lying"
All I can say about this remark is...DUH!
I was once in a Federal holding cell awaiting an appearance in court. A defendant in an earlier case comes in laughing. He says the Magistrate was skeptical about the testimony of a DEA agent. The prosecuting attorney tells the Magistrate, "But Your Honor, this man is a Federal agent. He wouldn't lie!"
The Magistrate bursts out laughing. He tells the attorney, "Don't tell me a Federal agent wouldn't lie in this courtroom!"
Attorneys and cops are professional liars and they do it most of the time.
And this: "the police's actions 'could be compared to entering a courtroom and arresting a person during the course of his or her testimony. It is simply not done in a civilized jurisdiction that is bound by the rule of law.'"
That term "civilized jurisdiction" doesn't apply to either the US or Canada... Both are fascist-corporate states ruled by people with money and power, just like the worst South African zoo state - and with worse consequences because both countries are far more powerful than a zoo state. African zoo states tend to kill only their one people - not a million people and displace four million more in countries thousands of miles from their location whereas the US and Canada (and NATO countries in general) MAKE THEIR LIVING doing that sort of thing.
Sharon Corr (of the rock group, The Corrs) and her husband, Belfast attorney Gavin Bonnar, are going to be ticked off.
I had a huge Twitter argument with Bonnar a couple times over IP issues. He hates file sharing with an insane passion. His wife and her rock group generally hate it as well, having served as spokespersons for the Euro equivalent of the RIAA. She even stood up and complained loudly at a meeting with either the Taoiseach or some other high ranking government official that they weren't doing enough to fight file sharing.
I love Sharon for her music and generally being a nice person, but she, and especially her husband, are way off base on the IP issue.
On the post: DOJ Russia Indictment Again Highlights Why Internet Companies Can't Just Wave A Magic Wand To Make Bad Stuff Go Away
This Indictment is a Load of BS and Mueller Desperation
Anti-Russia Russians recruited by the CIA to do this stuff...
Read here and learn:
A Brief History of the “Kremlin Trolls”
https://thesaker.is/a-brief-history-of-the-kremlin-trolls/
There was no attempt by Russia to "meddle" in the election. It was a CIA disinformation campaign.
On the post: Nazis, The Internet, Policing Content And Free Speech
Hypocrisy at its worst
They're also happy to support the idea of the US government sending lethal arms to the right-wing government in Kiev, Ukraine, which uses neo-Nazi militia groups like the Azov Battalion in their fight with the pro-Russian Ukrainians in Donbass.
The ISPs and other Internet infrastructure are happy to be considered "public utilities" when they want to get out from under being held responsible for content - but when it's content they don't like - or are afraid will lose them business - then they want to censor the content.
Hypocrites. A pox on all their houses - including the Nazis.
On the post: Stories Claiming DNC Hack Was 'Inside Job' Rely Heavily On A Stupid Conversion Error No 'Forensic Expert' Would Make
This article is not correct
His point is not that you can't find high speed Internet. Indeed, 17 percent of the US population have access to Gigabit Ethernet to the home and business. Other countries, as noted including Romania, have higher speeds available. And you can also use 802.11n wireless to get the reported speeds.
His point is that the speed cited - 23-28Mbps - is consistent with USB 2.0 flash drive speeds. And the date/time stamps, although capable of being modified, pretty well establish for logical reasons that the files were downloaded on the East Coast.
What that does is make the Guccifer 2.0 narrative of hacking across the Atlantic from Romania come under serious question.
You really need to read all The Forensicator's articles and updates to get the full picture. Don't rely on The Nation article alone.
Guccifer 2.0 NGP/VAN Metadata Analysis
https://theforensicator.wordpress.com/guccifer-2-ngp-van-metadata-analysis/
You also need to read over the extensive analysis of the alleged "Guccifer 2.0" entity at Adam Carter's blog:
Guccifer 2.0: Game Over
http://g-2.space/
The evidence does not prove that a DNC hack did not take place. It has, however, good circumstantial evidence that the story peddled by CrowdStrike/threatConnect/the government and Guccifer 2.0 is simply wrong.
And that doesn't even address Sy Hersh's revelation that the FBI has a report that explicitly states that Seth Rich was in contact with Wikileaks and offered them DNC documents in exchange for money, and that Wikileaks had access to Rich's DropBox account. We will know more once Hersh finishes his "long form journalism" piece on the entire event. Hersh explicitly said that the entire Russiagate/DNC hack story was a disinformation campaign run by John Brennan at CIA.
On the post: GOP Data Firm Left The Personal Data Of 198 Million American Voters On Openly-Accessible Amazon Server
Putin did it!
There is as yet ZERO evidence establishing that the Russian government has done ANYTHING with regard to the US election.
The ONLY "evidence" of ANY kind was that provided by CrowdStrike re the DNC leaks - and that was utter crap, thoroughly debunked as proving nothing by a company whose head is an Atlantic Council member with close ties to Ukraine.
On the post: Snowden Explains How The Espionage Act Unfairly Stacks The Deck Against Reality Winner
Evidence indicates this is a false flag incident
2) She printed ONE document which just HAPPENS to support the government's "RussiaGate" accusations against Russia (and by extension, Trump.)
3) She printed this document on her work printer and from her workstation, despite the NSA monitoring their employees after Snowden. She postmarked the envelope from her actual location. She exhibited absolutely NO tradecraft or sttempt to disguise her culpability.
4) Said document provides no actual evidence for its assertions. It's an "assessment", much like the "assessments" previously produced by the intelligence community, which also provided ZERO evidence to prove Russia did anything. There ARE NO "methods and sources" revealed.
5) Unlike most cases of leaks, the NSA was quick to confirm this document as genuine and has completely promoted this document publicly and in the legal affidavits files released publicly.
I believe this is a set-up: that this person is in fact a controlled patsy who is performing as a "reverse Snowdon" to release a document which the NSA would like to use to convince the public of its "RussiaGate" charges against Russia and Trump.
What is disturbing is that The Intercept apparently told investigators the postmark on the envelope which, along with the printer forensic examination, led to the arrest of their source. The Intercept appears to have no concern whatsoever about this lapse in their own OPSEC on behalf of their source.
What is Glenn Greenwald or Jeremy Scahill have to say about this behavior?
On the post: What The US Intelligence 'Russia Hacked Our Election' Report Could Have Said... But Didn't
What May Really Have Happened
Everyone should read these articles:
Why Crowdstrike’s Russian Hacking Story Fell Apart – Say Hello to Fancy Bear
http://jfmxl.sdf.org/USA/20170103-why-crowdstrike-s-russian-hacking-story-fell-apart-say-hello-t o-fancy-bear.html
Did a Ukrainian University Student Create Grizzly Steppe?
http://jfmxl.sdf.org/USA/20170106-petri-krohn-did-a-ukrainian-university-student-create-grizz ly-steppe.html
Russia Hacking the Election the Inside Story
http://www.washingtonsblog.com/2016/12/russia-hacking-election-inside-story-2.html
I had been suspicious of the Russian theory due to Jeffrey Carr’s articles on Medium (Google for them, they are vital to understanding the issues) which debunk most of the evidence. I wondered why it was that the equally logical
possibility that Ukrainian hackers might have done the hacks as a false flag operation to frame Russian for them was being ignored completely.
I noted that the “evidence” that the compile times for the malware were allegedly during “Russian business hours.” If you look at the time zone maps, you’ll see Moscow is just one hour ahead of Kiev, Ukraine. So that “evidence” was meaningless.
Secondly, I read an article by WordFence, a company which does WordPress blog security, that the PHP malware used was provably Ukrainian and open source, i.e., available to anyone aware of it. There is nothing “Russian” about it.
Then I found the above articles which pretty clearly show connect the dots evidence that the head of CrowdStrike, the company that the FBI RELIED ON for the “evidence”, is run by an anti-Russian Russian ex-pat who has DIRECT connections to Ukrainian ultra-nationalists who are DIRECTLY connected to the Democratic National Committee and who themselves have DIRECT connections to apparently competent Ukrainian hackers. I mean these articles lay it out in chapter and verse based on publicly available data.
I now believe that it is entirely possible that the entire DNC “hack” accusation is a false flag operation organized by Ukrainian individuals, with or without Ukrainian state help, and with or without the knowledge of the Clinton campaign, for the purpose of further ruining US relations with Russia.
The DNC documents themselves were likely “leaked”, not “hacked”. But hacks were done solely for the purpose of getting Russia blamed for them.
This is potentially a HUGE story. If the head of rowdStrike - and possibly members of the DNC itself or the Clinton campaign organization - were knowingly in league with Ukraine ultranationalists who in turn were in contact with
competent Ukraine hackers in a false flag attempt to increase the bad relations between the US and Russia
for their own political reasons, this would be a massive conspiracy which would put egg on the faces of everyone involved, including the entire US intelligence apparatus, the mainstream media and many other people. The entire
Russia-bashing industry would be called into question.
I suspect that what happened is as follows:
1) The DNC and the Clinton campaign decided to tar Trump with the "Russian agent" meme.
2) At some point the DNC and the Clinton campaign became aware that there were one or more serious leaks of information from the DNC - leaks, not hacks.
3) At this point the DNC and the Clinton campaign decided to fake a Russian hacking effort in order to 1) cover the leaks, and 2) use it to continue to tar Trump as a "Russian agent."
4) In order to make a believable case, they contacted some ultranationalist Ukrainians who were involved in the election and who had contact with some reasonable competent anti-Russian Ukrainian hacker collectives. These
collectives faked a Russian hack of the DNC.
5) They then called in CrowdStrike, which was already on the DNC/Clinton payroll, a company headed by an anti-Putin Russian ex-pat who would be ready to "validate" the "Russian hack" by accepting flimsy circumstantial and spoofable "evidence" as sufficient for attribution.
6) Then they refused to allow the FBI to use their own infosec forensic experts to inspect the evidence, relying on CrowdStrike officer Shawn Henry's background as a former FBI Assistant Director to deflect the FBI into accepting
CrowdStrike's "investigation" as adequate.
The latter fact pretty much makes clear that the DNC and the Clinton campaign knowingly colluded with Ukrainian nationalists to influence the election.
So far from the situation being "Russia influenced the election for Trump", it looks like "Ukrainians influenced the election for Clinton."
This may all sound like "conspiracy theory". There is of course no proof to date of any of this. But the circumstances are just as likely as the theory that Russia decided to "influence the election" by hacking the DNC using the most incompetent hackers and poorest OPSEC they could produce, leaving a trail pointing directly at them.
The one thing we can know is that in intelligence and hacking operations, Occam's Razor - the notion that the simplest solution is usually correct - does not apply. There is too much obfuscation, misdirection and manipulation involved in such operations.
The theory that someone has conducted a false flag operation to frame Russia for hacks is at least as credible as the idea that Russia would attempt to influence the election by randomly hacking the DNC. The latter really makes no sense, given the probability that whatever hacks Russia could do would be less influential on the election than the actions of the candidates themselves - which the Russians would know. And the Russians would also know that if caught, there could be serious repercussions in relations with the US - which means not using incompetent third-party hacker groups who leave trails and use outdated
malware.
Some investigative journalists need to follow up on the articles cited above and see where they lead. If this theory is proven, it will be Pulitzer Prize for someone - and major egg for the US intelligence community, the mainstream media, and the infosec community.
On the post: Oklahoma Cops Think Falling Glitter Might Be A Biochemical Attack, Book Protesters On 'Terrorist Hoax' Charges When It Isn't
Heh, Heh
Oklahoma just got telephones and television last year... :-)
Oklahoma doesn't "do" "glitter"... :-)
I appear here most evenings...Try the veal...
On the post: Report Suggests NSA Engaged In Financial Manipulation, Changing Money In Bank Accounts
Check out the Asia Times interview with Thomas Drake
In it, there is this exchange...
LS: I have a couple of questions regarding the use of legendary software PROMIS [Prosecutor's Management Information System], which was developed by my friend William A Hamilton, the founder of the US information technology company Inslaw Inc, and he was also a programer for NSA. Do you know anything about NSA's use of unauthorized copyright infringing copies of Inslaw's PROMIS software for at least 25 years as the software it sold to banks in support of its "follow the money" SIGINT mission?
TD: I don't have any specific knowledge of it. I am certainly aware of the program. I was not part of it. I have heard about it and am aware, had become aware of it over the years, and ... I've had people who've had the history of that program who have actually contacted me over the last couple of years. Unfortunately, it is an example - though I don't have, I can't validate or verify it - not any of the allegations or assertions, any of the history that's been revealed and disclosed regarding PROMIS, none of it surprises me and here's why. It's unfortunate but it is, and I had the direct experience at NSA that NSA would either abscond with or would cast aside really powerful technology and then use it for their own purposes.
LS: Understood, but I would like to ask you, nevertheless one more question related to this. This would be, once NSA controlled the software used by banks to process wire transfers or money and letters of credit it could in theory add, delete and/or modify the amounts of funds in accounts because the funds are just data like any other kind of data. Have you ever heard that NSA or other intelligence agency exploited the banks surveillance version of PROMIS towards such an end?
TD: I've certainly heard of it, I just don't have any proof nor can I verify or validate, but I will tell you one of the aspects that has not been fully disclosed although I blew the whistle on it early on when I, within the system, had gone to key people within the government particularly congressional intelligence committees regarding Stellar Wind. One of the things that Stellar Wind did was actually without, again, without warrants, was gain direct access to financial transaction information at the bank level, credit card level, and this is extraordinary - these secret agreements were put into place regarding the flow of money.
This is shrouded in all kinds of secrecy ... but I was well aware what would that mean if there were those within the system who chose to abuse it, you know far beyond the purpose of tracking money laundering and things of that nature because this is all hidden; ... the life blood of any economy is the money, the money flows, the money deposits, the investments. I can't speak specifically to the allegations or assertions that you mentioned, but I can tell you that I would not be surprised at all that it was used in that manner given my knowledge of other abuses of information and systems that people in secret would use or have access to.
On the post: Iran's President-Elect: Net Filtering Doesn't Work... Oh, And By The Way, Human Rights Are Universal
Re:
The odds of Iran having a "second revolution", certainly one that is more secular, are next to nil. The majority of Iranians believe in their system of government, even if they aren't totally happy with some of the excesses.
Compared to US "allies" in the region such as Saudi Arabia and Qatar, which are true monarchical dictatorships, Iran is almost a model democracy. They have a higher voting turnout than the US does. Although the candidates are vetted by the cleric council, I'm not sure that's worse than US candidates being vetted by a corrupt national party leadership angling for corporate contributions.
And before anyone raises the point about the 2009 elections, there is ZERO evidence of vote fraud in that election. Google for Eric Brill's report on that.
On the post: Iran's President-Elect: Net Filtering Doesn't Work... Oh, And By The Way, Human Rights Are Universal
If you want real perspectives on Iran
Much of what you read about Iran in the US mainstream media is about as accurate as what you're reading about Snowden.
The main thing to understand is that Iran absolutely does not have a nuclear weapons program and has zero interest in ever having one. Everything you hear from Obama and the MSM on that is a total lie.
On the post: You've Got (No) Mail! Major Law Firm Blocks Employee Email Access
I disagree
In addition, while phishing may have dropped 15 percent for some sectors, it's risen for others as the link posted shows. Phishing remains one of the best ways for hackers to breach a network.
Suggesting that PEBCAC is the reason doesn't help. PEBCAC doesn't go away without major training. Worse, hackers with proper reconnaissance can craft an email that NO ONE would refuse to click on because it would look exactly like something they should click on. That's true whether the email comes in as company business or as personal business.
So removing one entire source of such phishing efforts is worth a small price in efficiency.
Personally, I think companies should follow CIA policy: two computers on each desk, one classified, one unclassified. The classified one runs on the main business network, the unclassified one runs on an entirely different network. And never the twain shall meet except via a specific protocol for transferring vetted data from one to the other. This goes beyond just having a firewall and a DMZ.
On the post: Can Commercial VPNs Really Protect Your Privacy?
There's no such thing as "privacy" OR "security"
Frankly, I call BS. I'll believe that statement when I see it happen. No one who has invested significant funds in a business or worse owes investors is going to shut down that business over a court order even if that order contradicts the very basis of the business.
"So unless law enforcement were to arrest the VPN owners on the spot, and recover their keys and password before they could react"
Which is exactly what they can do. You've obviously never been raided by the Secret Service or the FBI. They will kick your door down, point a 9mm firearm in your face, and tell you to stand still. And you will.
Anyone using a commercial VPN to conduct illegal business - without further methods for obfuscating their identity - is an idiot. Anyone using a commercial VPN to protect their privacy should realize that even if THEY are not subject to a government authorized raid, someone else on that server may be. And when that happens, their privacy is over.
I have a meme about security which goes like this:
You can haz better security, you can haz worse security. But you cannot haz "security". There is no security, Deal.
The same applies to privacy. A VPN is merely a tool. Relying on any one tool to provide security or privacy is a fool's game.
On the post: Iran's New Jet Can Fly (In Photoshop, At Least)!
Plane probably does fly
It indicated that based on the design the plane probably isn't intended to be "stealth" or even much of a high-altitude fighter. It's probably intended to be an "anti-helicopter" plane. This is because the US Navy will be using anti-submarine and anti-small boat helicopters to prevent Iran from laying mines in the Persian Gulf in the event of a war. Having a small jet that could fly flow, be hard to detect or maneuver against by regular fighter hets, and make mince-meat of helicopters would be a strategic asset.
Personally I doubt they would survive long against US air superiority once achieved, but the concept makes sense.
Most of the Iran-bashing articles just don't get that this was a mockup, not an actual plane. Wait until a test unit rolls off the assembly line to decide whether it will fly or not.
Meanwhile, keep this in mind: There is ZERO evidence that Iran has ANY interest whatsoever in nuclear weapons. ALL the real evidence - and logic - points the other way. ALL the ALLEGED evidence has been debunked by one expert or journalist or another. The notion that Iran is pursuing nuclear weapons is PRECISELY the same BS that Iraq was pursuing "WMDs" - and for the same reasons.
On the post: Press Parrots Cybersecurity FUD From Former NSA Boss Without Mentioning Massive Conflict Of Interest
There's no such thing as "cyberwar"
Second, no nation state is going to attack the US with "cyber-anything" that causes loss of life or even short or long term critical infrastructure damage because that would result in an immediate or subsequent military strike by the US at that nation state, by definition. The US would not respond over the Internet - that's ridiculous on the face of it.
The same applies to every other nation - except those with no credible ability to threaten the US, such as Iran. Which is why Iran is not engaging in any cyber attacks on the US, despite the US media spin of various incidents. Iran can't afford to because the US is just itching for a war with Iran and Iran can't afford to provoke one.
Which means "cyberwar" is in fact merely a "cyber" dimension to an actual physical war. Which means absent that physical war, there will be no "cyberwar."
Which means for the most part that any "cyber" conflict is going to be relegated to espionage - or in the case of things like Stuxnet, sabotage from one major power to a much weaker power who can't effectively respond due to the threat of actual physical military attack.
All the hype about China's "cyber-threat" is also irrelevant because all China's hackers are doing is stealing corporate intellectual property in an attempt to "level the playing field" in economic terms. Which frankly I think is just fine, given how long China was kept down by Western interests. Paying the West back for the Brits pushing opium seems reasonable to me.
Not to mention that anyone who thinks the US isn't engaged in large-scale industrial espionage against other countries, as well as the European Union, is just naive. Further not to mention that the US uses its military and economic power as a bludgeon on most of the nations of the world and has done so for the last hundred years, a history which is far worse than any "cyber-spying" of industrial processes.
A little "cyber-payback" is perfectly justified.
On the post: Toshiba: You Can't Have Repair Manuals Because They're Copyrighted And You're Too Dumb To Fix A Computer
Their real reason
Back in the mid-80's, I was employed by an IBM Series 1 VAR (Value-Added Reseller). They were planning to become an IBM PC VAR, so they sent me to IBM PC Repair school (a week-long course on basic PC repair.) There I was told that PC repair was a profit center for any VAR.
So clearly Toshiba is greedier than those companies who release their manuals as they don't want independent PC techs and repair shops fixing their computers when their authorized dealers and the main company itself can profit from repair revenue.
I've noticed that Toshiba machines tend to be more expensive than others and with less support for some time. I'd never recommend a Toshiba laptop to a client. Go for Acer or Asus or Lenovo or Dell.
On the post: Publishing Company Admits That Anonymous' UDID Data Leak Was Actually Taken From Their Database
I'm still skeptical
Their statement claimed a "significant match" with the stolen UIDs, and then the quote above says "100 percent certainty".
Frankly, I'm not convinced. It could be that they merely have the same UIDs that the hackers stole. They also aren't very forthcoming as to how or when the data was stolen (if they even know).
However, the hackers who claimed the FBI was involved should provide more proof of their claims at this point. Otherwise the impact of their release does nothing but damage their credibility given this company's claims.
On the post: NSA Put A Premium On Collecting Info, But Not Making Sense Of It
The NSA doesn't care about "sense"
Enough info will be retrievable and useful for the real purposes of such information gathering, i.e., spying on "threats" such as libertarians, anarchists, or anyone who simply doesn't like the way the government is run by corrupt politicians.
It's also useful for spying on the people who are supposed to do "oversight" on the NSA.
Anyone with any knowledge of intelligence agencies in any century knows that collecting masses of ostensibly useless information is a basic cornerstone of such agencies. The Russians did it in the 19th century, the Nazis did it in the 20th century, and the US has been doing it over the same time span. So does every other intelligence agency in every other country. The US is just better at it because it can throw more taxpayer money at it - money from the people being spied on.
The US taxpayers no longer control the US government - if they ever did. They can't stop the US government from starting wars, they can't stop the gov from spying on them, they can't stop the gov for arresting them for no reason and throwing them in a mental institution like that Marine.
Face it - it's over. You're living in 1984 and have been since well before 1984. And there's nothing the taxpayer can do about it because he's too gutless to take up a gun.
On the post: Is The Gates Foundation Really Looking At New Ways To Tackle Big Health Problems When It's Hiring Pharma Execs?
Gates Foundation is a con game
If you look at the Foundation's Web site, you'll see that all these "huge" donations to charities are spread out OVER TEN YEARS or more! The actual amount of money doled out in a given year is a minute fraction of the Foundation's assets.
In addition, given the assets of the Foundation, I recall the US government nearly removed its status as a charitable foundation because so LITTLE percentage of its assets were being expended on actual charitable work.
The Gates Foundation is a stock-laundering scam. Gates can't sell large amounts of his Microsoft stock all at once because of SEC rules on major corporate shareholders. So he creates a foundation - run by his father - that he can donate the stock to. Then the foundation uses the value of that stock to invest in other corporations Gates wants to influence.
It's a standard scam for the uber-rich, nothing more. While obviously a certain number of people and charities get some decent assistance, the "philanthropic" motivation is just a PR scam.
On the post: How Cisco & The Justice Department Conspired To Try To Destroy One Man's Life For Daring To Sue Cisco
I'm shocked...SHOCKED!
All I can say about this remark is...DUH!
I was once in a Federal holding cell awaiting an appearance in court. A defendant in an earlier case comes in laughing. He says the Magistrate was skeptical about the testimony of a DEA agent. The prosecuting attorney tells the Magistrate, "But Your Honor, this man is a Federal agent. He wouldn't lie!"
The Magistrate bursts out laughing. He tells the attorney, "Don't tell me a Federal agent wouldn't lie in this courtroom!"
Attorneys and cops are professional liars and they do it most of the time.
And this: "the police's actions 'could be compared to entering a courtroom and arresting a person during the course of his or her testimony. It is simply not done in a civilized jurisdiction that is bound by the rule of law.'"
That term "civilized jurisdiction" doesn't apply to either the US or Canada... Both are fascist-corporate states ruled by people with money and power, just like the worst South African zoo state - and with worse consequences because both countries are far more powerful than a zoo state. African zoo states tend to kill only their one people - not a million people and displace four million more in countries thousands of miles from their location whereas the US and Canada (and NATO countries in general) MAKE THEIR LIVING doing that sort of thing.
On the post: Irish Gov't Trying To Sneak Through Massive Copyright Law Changes Via Questionable Legal Process
If it's NOT going to be implemented...
I had a huge Twitter argument with Bonnar a couple times over IP issues. He hates file sharing with an insane passion. His wife and her rock group generally hate it as well, having served as spokespersons for the Euro equivalent of the RIAA. She even stood up and complained loudly at a meeting with either the Taoiseach or some other high ranking government official that they weren't doing enough to fight file sharing.
I love Sharon for her music and generally being a nice person, but she, and especially her husband, are way off base on the IP issue.
Next >>