Showing posts with label Hacking. Show all posts
Showing posts with label Hacking. Show all posts

Thursday, February 16, 2017

Intel Community Is Sabotaging Trump! - Warns Notable DEMOCRAT

Dennis Kucinich explains the recent national security moves that were made and how it might drastically affect the future.

Jimmy Dore breaks it down.

Wednesday, January 11, 2017

INTEL CHIEFS PRESENTED TRUMP WITH CLAIMS OF RUSSIAN EFFORTS TO COMPROMISE HIM PER CNN

By DemocratSinceBirth

 Suggestion they have compromising information on him !!!

Communications between Trump and Russian officials.

This is beyond huge !!!

Intel chiefs presented Trump with claims of Russian efforts to compromise him
By Evan Perez, Jim Sciutto, Jake Tapper and Carl Bernstein, CNN
Updated 5:15 PM ET, Tue January 10, 2017

(CNN) Classified documents presented last week to President Obama and President-elect Trump included allegations that Russian operatives claim to have compromising personal and financial information about Mr. Trump, multiple US officials with direct knowledge of the briefings tell CNN.

The allegations were presented in a two-page synopsis that was appended to a report on Russian interference in the 2016 election. The allegations came, in part, from memos compiled by a former British intelligence operative, whose past work US intelligence officials consider credible. The FBI is investigating the credibility and accuracy of these allegations, which are based primarily on information from Russian sources, but has not confirmed many essential details in the memos about Mr. Trump. 

The classified briefings last week were presented by four of the senior-most US intelligence chiefs -- Director of National Intelligence James Clapper, FBI Director James Comey, CIA Director John Brennan, and NSA Director Admiral Mike Rogers. 

One reason the nation's intelligence chiefs took the extraordinary step of including the synopsis in the briefing documents was to make the President-elect aware that such allegations involving him are circulating among intelligence agencies, senior members of Congress and other government officials in Washington, multiple sources tell CNN. 

These senior intelligence officials also included the synopsis to demonstrate that Russia had compiled information potentially harmful to both political parties, but only released information damaging to Hillary Clinton and Democrats. This synopsis was not an official part of the report from the intelligence community case about Russian hacks, but some officials said it augmented the evidence that Moscow intended to harm Clinton's candidacy and help Trump's, several officials with knowledge of the briefings tell CNN. 

The two-page synopsis also included allegations that there was a continuing exchange of information during the campaign between Trump surrogates and intermediaries for the Russian government, according to two national security officials

Sources tell CNN that these same allegations about communications between the Trump campaign and the Russians, mentioned in classified briefings for congressional leaders last year, prompted then-Senate Democratic Leader Harry Reid to send a letter to FBI Director Comey in October, in which he wrote, "It has become clear that you possess explosive information about close ties and coordination between Donald Trump, his top advisors, and the Russian government -- a foreign interest openly hostile to the United States." 

CNN has confirmed that the synopsis was included in the documents that were presented to Mr. Trump but cannot confirm if it was discussed in his meeting with the intelligence chiefs.
The Trump transition team declined repeated requests for comment. 

CNN has reviewed a 35-page compilation of the memos, from which the two-page synopsis was drawn. The memos originated as opposition research, first commissioned by anti-Trump Republicans, and later by Democrats. At this point, CNN is not reporting on details of the memos, as it has not independently corroborated the specific allegations. But, in preparing this story, CNN has spoken to multiple high ranking intelligence, administration, congressional and law enforcement officials, as well as foreign officials and others in the private sector with direct knowledge of the memos.

Some of the memos were circulating as far back as last summer. What has changed since then is that US intelligence agencies have now checked out the former British intelligence operative and his vast network throughout Europe and find him and his sources to be credible enough to include some of the information in the presentations to the President and President-elect a few days ago. 

On the same day that the President-elect was briefed by the intelligence community, the top four Congressional leaders, and chairmen and ranking members of the House and Senate intelligence committees -- the so-called "Gang of Eight" -- were also provided a summary of the memos regarding Mr. Trump, according to law enforcement, intelligence and administration sources. 

The two-page summary was written without the detailed specifics and information about sources and methods included in the memos by the former British intelligence official. That said, the synopsis was considered so sensitive it was not included in the classified report about Russian hacking that was more widely distributed, but rather in an annex only shared at the most senior levels of the government: President Obama, the President-elect, and the eight Congressional leaders.

CNN has also learned that on December 9, Senator John McCain gave a full copy of the memos -- dated from June through December, 2016 -- to FBI Director James Comey. McCain became aware of the memos from a former British diplomat who had been posted in Moscow. But the FBI had already been given a set of the memos compiled up to August 2016, when the former MI6 agent presented them to an FBI official in Rome, according to national security officials. 

The raw memos on which the synopsis is based were prepared by the former MI6 agent, who was posted in Russia in the 1990s and now runs a private intelligence gathering firm. His investigations related to Mr. Trump were initially funded by groups and donors supporting Republican opponents of Mr. Trump during the GOP primaries, multiple sources confirmed to CNN. Those sources also said that once Mr. Trump became the nominee, further investigation was funded by groups and donors supporting Hillary Clinton.

Spokespeople for the FBI and the Director of National Intelligence declined to comment. Officials who spoke to CNN declined to do so on the record given the classified nature of the material.
Some of the allegations were first reported publicly in Mother Jones one week before the election.

One high level administration official told CNN, "I have a sense the outgoing administration and intelligence community is setting down the pieces so this must be investigated seriously and run down. I think concern was to be sure that whatever information was out there is put into the system so it is evaluated as it should be and acted upon as necessary."

http://www.cnn.com/2017/01/10/politics/donald-trump-intelligence-report-russia/index.html

Saturday, January 7, 2017

Russian hack of US election

http://www.nytimes.com/2016/10/08/us/politics/us-formally-accuses-russia-of-stealing-dnc-emails.html?_r=0

http://www.cnn.com/2016/12/12/politics/russian-hack-donald-trump-2016-election/index.html

https://www.washingtonpost.com/opinions/stop-trying-to-hush-up-the-truth-about-election-hacking/2017/01/04/bf8c286a-d2ac-11e6-9cb0-54ab630851e8_story.html?utm_term=.63e20e26680f

http://www.nytimes.com/2017/01/06/us/politics/russia-hack-report.html

https://www.theatlantic.com/international/archive/2017/01/russian-hacking-trump/510689/

http://www.wsj.com/articles/intelligence-officials-to-testify-as-senate-examines-russian-hacking-1483612205

http://www.reuters.com/article/us-usa-russia-cyber-idUSKBN14Q1T8

http://www.independent.co.uk/news/world/americas/us-intelligence-report-russia-unclassified-hacking-report-donald-trump-us-election-read-a7513986.html

https://techcrunch.com/2017/01/06/intel-report-on-hacking-says-russian-interference-with-us-election-was-boldest-yet/

http://www.nytimes.com/2017/01/06/us/politics/russian-hack-report.html

http://www.independent.co.uk/news/world/americas/us-intelligence-report-russia-unclassified-hacking-report-donald-trump-us-election-read-a7513986.html

https://www.engadget.com/2017/01/06/us-releases-report-linking-russia-to-election-hacks/

http://www.vox.com/world/2017/1/6/14194986/russia-hack-intelligence-report-election-trump

http://www.nytimes.com/2017/01/06/us/politics/donald-trump-wall-hack-russia.html

http://www.bbc.com/news/world-us-canada-38528329

https://www.washingtonpost.com/world/national-security/intelligence-chiefs-expected-in-new-york-to-brief-trump-on-russian-hacking/2017/01/06/5f591416-d41a-11e6-9cb0-54ab630851e8_story.html?utm_term=.13425e9ebf6e

http://www.npr.org/2017/01/06/508520414/on-intelligence-and-election-hacking-trump-and-his-team-continue-to-miss-the-poi

http://www.independent.co.uk/news/world/americas/donald-trump-russia-cyber-hack-vladimir-putin-president-barack-obama-fbi-cia-intelligence-briefing-a7513966.html

https://www.bloomberg.com/politics/articles/2017-01-06/u-s-says-putin-ordered-russian-hacking-during-the-2016-election

http://www.bbc.com/news/world-us-canada-38538002

Thursday, January 5, 2017

Latest guides for 3DS hacking up to firmware 11.2

With the recent 33c3 concluding at the end of last year, came numerous exploit announcements for the 3DS scene, many of which have since been implemented and are in working stable condition. Two of those exploits being soundhax and fasthax, both developed by Ned Will, a prominent hacker of the 3DS scene.
Alongside these many exploits and developers, the 3DS scene also consists of many involved and active community members, which can be noted from the active discussions on their sub-reddit along with the rapid development rate of recent releases.
As of this writing, it is now possible to downgrade all current N3DS models and most O3DS models based on firmware version, using the combos of waithax/svchax/safefirmhax or fasthax/safefirmhax, keep in mind fasthax is still in alpha, well technically beta, though not officially beta as of this writing, but it should be soon, thanks to an active community, many users have implemented and compiled their own versions of the exploit and have had great success for many users in the process of downgrading/installing a9lh+cfw of choice.
Starting with 3DS models firmware 11.1 and lower, fasthax doesn’t support firmwares below 11.2, but there is waithax, which provided you have the patience as the name says, to wait, works flawlessly. A guide for 3DS models below firmware 11.2 can be found here:
Since Plailect has both updated links and instructions.
For 3DS models on firmware 11.2, things get a little complex. Users of these systems can follow reddit user Aurolei’s guide, using a custom fasthax/safefirmhax compiled binary file, that works with any entry point, same as prior.


Keen warning that this current implementation may be unstable as it is not an official stable release, but a community release for those eagers users who would like to downgrade and install the a9lh exploit alongside Luma3DS/NTR or whichever customer firmware of choice is preferred. I have personally downgraded two of my own systems using both exploits and their respectful guides, with absolutely no trouble, exact step by step instructions must be followed, or user errors are likely to cause unnecessary conflicts and errors.
Custom guide can be found here:
Aurolei’s Guide
Downgrades can take around 2+ hours, so time and patience are key.

Saturday, December 31, 2016

When did Trump develop fealty to Russia, & why does it persist after their cyber attack?


ALTHOUGH PRESIDENT Obama’s sanctions against Russia for interfering with the U.S. presidential election came late, his action on Thursday reflected a bipartisan consensus that penalties must be imposed for Moscow’s audacious hacking and meddling. 

But one prominent voice in the United States reacted differently. President-elect Donald Trump said “it’s time for our country to move on to bigger and better things.” Earlier in the week, he asserted that the “whole age of computer has made it where nobody knows exactly what is going on.”

No, Mr. Trump, it is not time to move on. U.S. intelligence agencies are in agreement about “what is going on”: a brazen and unprecedented attempt by a hostile power to covertly sway the outcome of a U.S. presidential election through the theft and release of material damaging to Democratic nominee Hillary Clinton. The president-elect’s dismissive response only deepens unanswered questions about his ties to Russia in the past and his plans for cooperation with Vladi­mir Putin.

For his part, Mr. Putin seems to be eagerly anticipating the Trump presidency. On Friday, he promised to withhold retaliatory sanctions, clearly hoping the new Trump administration will nullify Mr. Obama’s acts. Then Mr. Trump cheered on Twitter: “Great move on delay (by V. Putin) — I always knew he was very smart!”

For any American leader, an attempt to subvert U.S. democracy ought to be unforgivable — even if he is the intended beneficiary. Some years ago, then-Defense Secretary Leon Panetta warned of a “cyber-Pearl Harbor,” and the fear at the time was of a cyberattack collapsing electric grids or crashing financial markets. Now we have a real cyber-Pearl Harbor, though not one that was anticipated. Mr. Obama has pledged a thorough investigation and disclosure; the information released on Thursday does not go far enough. Congress should not shrink from establishing a select committee for a full-scale probe.

Mr. Obama also hinted at additional retaliation, possibly unannounced, and we believe it would be justified to deter future mischief. How about shedding a little sunshine on Mr. Putin’s hidden wealth and that of his coterie?

Mr. Trump has been frank about his desire to improve relations with Russia, but he seems blissfully untroubled by the reasons for the deterioration in relations, including Russia’s instigation of an armed uprising in Ukraine, its seizure of Crimea, its efforts to divide Europe and the crushing of democracy and human rights at home.

Why is Mr. Trump so dismissive of Russia’s dangerous behavior? Some say it is his lack of experience in foreign policy, or an oft-stated admiration for strongmen, or naivete about Russian intentions. But darker suspicions persist. Mr. Trump has steadfastly refused to be transparent about his multibillion-dollar business empire. Are there loans or deals with Russian businesses or the state that were concealed during the campaign? Are there hidden communications with Mr. Putin or his representatives? We would be thrilled to see all the doubts dispelled, but Mr. Trump’s odd behavior in the face of a clear threat from Russia, matched by Mr. Putin’s evident enthusiasm for the president-elect, cannot be easily explained.

Read more on this topic:
 
Greg Sargent: The Trump camp’s spin on Russian interference is falling apart
Ruth Marcus: On Russia, Trump is incapable of looking past politics
Jennifer Rubin: A moment of truth on Russia

Monday, December 19, 2016

This Horrible Belief About the Election and What to Do With It

Posted By Rude One

If a Republican were president right now and an incoming Democrat had won in an election where there was even a whiff of Russian interference, the nation would be shut down right now. Lawyers would be filing every lawsuit imaginable in every court everywhere. Marches would be ready to blockade the path of the electors from even getting to their meeting place. Impeachment documents would have been drawn up and, if they were in the minority in Congress, Republicans would be nonstop shaming Democrats, asking if they're loyal to the United States or Russia, until they agreed not to certify the election.

It would be a 50-alarm fire and no one would be able to stop the momentum until the president-elect agreed to postpone inauguration until either a definite determination was made about the Russian influence or until a new election could be held. And that's what they'd do if the Democratic president-elect was an entirely competent, qualified person. If it was an egomaniacal hedonist who craps all over the traditions and decorum of the government? We'd be at Def-Con Monica.

And who could blame them, really? If Democratic elected officials truly believe that Russia hacked the Republican and Democratic National Committees' email servers in an effort to push the needle even slightly towards Donald Trump, then that's exactly how they should be acting.

In a twist right out of Shakespeare, President Obama's fatal flaw is the very thing that launched him into the presidency in the first place: his belief in the basic decency of people. It has failed him time and again, yet so often when dealing with his political opposition, he has treated them with respect and dignity that they did not deserve and that they refused him. It failed him when he tried to get Mitch McConnell to release a joint statement on the hack before the election. McConnell said he wouldn't do it and, if the Democrats did, he would just call it political games and discredit it. So, being decent, Obama backed down. Everyone in that situation should be ashamed.

Now, in the last weekend before the Electoral College votes on Monday, in the last month before Donald Trump takes over and attempts to completely destroy his legacy, it is time for President Obama to at long last forgo his instinct to trust that right will somehow always win and to actually reach out to bend the arc of history towards progress. In simpler terms, he needs to fuck some shit up.

This is where we are right now: Obama has such confidence that Russia did hack the servers that he is promising that the United States will retaliate. Now, yes, real evidence needs to be presented to the nation (which will automatically be dismissed as false in many quarters, notably the ones that inform Trump's opinions). But, at this point, I'm gonna trust Obama over Russia or the guy who told an audience in Chicago a blatant lie last night: that the murder rate is "the largest it’s been in 45 years."

In the course of two tweets, Trump pretended no one had ever talked about the hacking until now and then admitted that people had talked about the hacking before the election. It's no wonder that White House Spokesman Josh Earnest could directly say, "Mr. Trump obviously knew that Russia was engaged in malicious cyber activity that was helping him and hurting Secretary Clinton's campaign."

As Trump continues to deny and deflect on Russia's involvement, it would be good to remember the rule that whatever Trump says about others generally applies to himself. During the election, for instance, Trump kept insisting that Hillary Clinton's email server something or other "disqualified" her from even running for president. The truth is that Trump's financial entanglements that will likely put him in violation of the Constitution from the moment he's sworn in actually should have disqualified him from running. And he knew that (and, as many others have said, I'm still not convinced that this election is not a publicity stunt that got out of hand).

So we have to consider both Trump's just weird refusal to take the intelligence agencies he's going to need at their word on Russia and that, in the latter part of the election cycle, he claimed that the whole thing was "rigged" against him. Again, it's just a damned odd thing to say. What we originally thought was simply a shot across the bow of the legitimacy of a Clinton victory is seeming more and more like a deflection from the election actually being, if not rigged, then manipulated. Ultimately, if there was coordination between the Trump campaign and Russia, then do we call that "treason"? And if we do, then we have to follow through with all that that requires.

At the very least, President Obama should ask that Congress delay the Electoral College vote until, as Trump might say, we can figure out what the hell is going on. Barring that, he should ask Congress to delay the January 6 count of electoral votes. Barring that, Democrats should file objections to the vote that will force Congress to have to go on record in support of Trump.

And rank and file Democrats better be calling their members of Congress and the White House to voice their concern. And they better be ready to take to the streets to shut this down before the Trump cancer metastasizes so that its diseased tendrils grow deep into the American body. Act like our goddamned lives depend on it. Obama should be leading the charge on this, asking all concerned Americans to get involved. Just don't expect decency from a good many of them.

Barring all of that and Trump becoming president (as is most likely), well, then we need a new plan. And I've got an idea or two.

One last thing for President Obama: Fire the fuck out of James Comey. Shit, arrest that motherfucker.

Sunday, December 11, 2016

The Evidence To Prove Russian Hack



In this post, I’m going to lay out the evidence needed to fully explain the Russian hack. I think it will help to explain some of the timing around the story that the CIA believes Russia hacked the DNC to help win Trump win the election, as well as what is new in Friday’s story. I will do rolling updates on this and eventually turn it into a set of pages on Russia’s hacking.

As I see it, intelligence on all the following are necessary to substantiate some of the claims about Russia tampering in this year’s election.
  1. FSB-related hackers hacked the DNC
  2. GRU-related hackers hacked the DNC
  3. Russian state actors hacked John Podesta’s emails
  4. Russian state actors hacked related targets, including Colin Powell and some Republican sites
  5. Russian state actors hacked the RNC
  6. Russian state actors released information from DNC and DCCC via Guccifer 2
  7. Russian state actors released information via DC Leaks
  8. Russian state actors or someone acting on its behest passed information to Wikileaks
  9. The motive explaining why Wikileaks released the DNC and Podesta emails
  10. Russian state actors probed voter registration databases
  11. Russian state actors used bots and fake stories to make information more damaging and magnify its effects
  12. The level at which all Russian state actors’ actions were directed and approved
  13. The motive behind the actions of Russian state actors
  14. The degree to which Russia’s efforts were successful and/or primary in leading to Hillary’s defeat
I explain all of these in more detail below. For what it’s worth, I think there was strong publicly available information to prove 3, 4, 7, 11. I think there is weaker though still substantial information to support 2. It has always been the case that the evidence is weakest at point 6 and 8.

At a minimum, to blame Russia for tampering with the election, you need high degree of confidence that GRU hacked the DNC (item 2), and shared those documents via some means with Wikileaks (item 8). What is new about Friday’s story is that, after months of not knowing how the hacked documents got from Russian hackers to Wikileaks, CIA now appears to know that people close to the Russian government transferred the documents (item 8). In addition, CIA now appears confident that all this happened to help Trump win the presidency (item 13).

1) FSB-related hackers hacked the DNC

The original report from Crowdstrike on the DNC hack actually said two separate Russian-linked entities hacked the DNC: one tied to the FSB, which it calls “Cozy Bear” or APT 29, and one tied to GRU, which it calls “Fancy Bear” or APT 28. Crowdstrike says Cozy Bear was also responsible for hacks of unclassified networks at the White House, State Department, and US Joint Chiefs of Staff.
I’m not going to assess the strength of the FSB evidence here. As I’ll lay out, the necessary hack to attribute to the Russians is the GRU one, because that’s the one believed to be the source of the DNC and Podesta emails. The FSB one is important to keep in mind, as it suggests part of the Russian government may have been hacking US sites solely for intelligence collection, something our own intelligence agencies believe is firmly within acceptable norms of spying. In the months leading up to the 2012 election, for example, CIA and NSA hacked the messaging accounts of a bunch of Enrique Peña Nieto associates, pretty nearly the equivalent of the Podesta hack, though we don’t know what they did with that intelligence. The other reason to keep the FSB hack in mind is because, to the extent FSB hacked other sites, they also may be deemed part of normal spying.

2) GRU-related hackers hacked the DNC

As noted, Crowdstrike reported that GRU also hacked the DNC. As it explains, GRU does this by sending someone something that looks like an email password update, but which instead is a fake site designed to get someone to hand over their password. The reason this claim is strong is because people at the DNC say this happened to them.

Note that there are people who raise questions of whether this method is legitimately tied to GRU and/or that the method couldn’t be stolen and replicated. I will deal with those questions at length elsewhere. But for the purposes of this post, I will accept that this method is a clear sign of GRU involvement. There are also reports that deal with GRU hacking that note high confidence GRU hacked other entities, but less direct evidence they hacked the DNC.

Finally, there is the real possibility that other people hacked the DNC, in addition to FSB and GRU. That possibility is heightened because a DNC staffer was hacked via what may have been another method, and because DNC emails show a lot of password changes off services for which DNC staffers had had their accounts exposed in other hacks.

All of which is a way of saying, there is some confidence that DNC got hacked at least twice, with those two revealed efforts being done by hackers with ties to the Russian state.

3) Russian state actors (GRU) hacked John Podesta’s emails

Again, assuming that the fake Gmail phish is GRU’s handiwork, there is probably the best evidence that GRU hacked John Podesta and therefore that Russia, via some means, supplied Wikileaks, because we have a copy of the actual email used to hack him. The Smoking Gun has an accessible story describing how all this works. So in the case of Podesta, we know he got a malicious phish email, we know that someone clicked the link in the email, and we know that emails from precisely that time period were among the documents shared with Wikileaks. We just have no idea how they got there.

4) Russian state actors hacked related targets, including some other Democratic staffers, Colin Powell and some Republican sites

That same Gmail phish was used with victims — including at a minimum William Rinehart and Colin Powell — that got exposed in a site called DC Leaks. We can have the same high degree of confidence that GRU conducted this hack as we do with Podesta. As I note below, that’s more interesting for what it tells us about motive than anything else.

5) Russian state actors hacked the RNC

The allegation that Russia also hacked the RNC, but didn’t leak those documents — which the CIA seems to rely on in part to argue that Russia must have wanted to elect Trump — has been floating around for some time. I’ll return to what we know of this. RNC spox Sean Spicer is denying it, though so did Hillary’s people at one point deny that they had been hacked.

There are several points about this. First, hackers presumed to be GRU did hack and release emails from Colin Powell and an Republican-related server. The Powell emails (including some that weren’t picked up in the press), in particular, were detrimental to both candidates. The Republican ones were, like a great deal of the Democratic ones, utterly meaningless from a news standpoint.

So I don’t find this argument persuasive in its current form. But the details on it are still sketchy precisely because we don’t know about that hack.

6) Russian state actors released information from DNC and DCCC via Guccifer 2

Some entity going by the name Guccifer 2 started a website in the wake of the announcement that the DNC got hacked. The site is a crucial part of this assessment, both because it released DNC and DCCC documents directly (though sometimes misattributing what it was releasing) and because Guccifer 2 stated clearly that he had shared the DNC documents with Wikileaks. The claim has always been that Guccifer 2 was just a front for Russia — a way for them to adopt plausible deniability about the DNC hack.

That may be the case (and obvious falsehoods in Guccifer’s statements make it clear deception was part of the point), but there was always less conclusive (and sometimes downright contradictory) evidence to support this argument (this post summarizes what it claims are good arguments that Guccifer 2 was a front for Russia; on the most part I disagree and hope to return to it in the future).

Moreover, this step has been one that past reporting said the FBI couldn’t confirm. Then there are other oddities about Guccifer’s behavior, such as his “appearance” at a security conference in London, or the way his own production seemed to fizzle as Wikileaks started releasing the Podesta emails. Those details of Guccifer’s behavior are, in my opinion, worth probing for a sense of how all this was orchestrated.

Yesterday’s story seems to suggest that the spooks have finally figured out this step, though we don’t have any idea what it entails.

7) Russian state actors released information via DC Leaks

Well before many people realized that DC Leaks existed, I suspected that it was a Russian operation. That’s because two of its main targets — SACEUR Philip Breedlove and George Soros — are targets Russia would obviously hit to retaliate for what it treats as a US-backed coup in Ukraine.

DC Leaks is also where the publicly released (and boring) GOP emails got released.

Perhaps most importantly, that’s where the Colin Powell emails got released (this post covers some of those stories). That’s significant because Powell’s emails were derogatory towards both candidates (though he ultimately endorsed Hillary).

It’s interesting for its haphazard targeting (if someone wants to pay me $$ I would do an assessment of all that’s there, because some just don’t make any clear sense from a Russian perspective, and some of the people most actively discussing the Russian hacks have clearly not even read all of it), but also because a number of the victims have been affirmatively tied to the GRU phishing methods.

So DC Leaks is where you get obvious Russian targets and Russian methods all packaged together. But of the documents it released, the Powell emails were the most interesting for electoral purposes, and they didn’t target Hillary as asymmetrically as the Wikileaks released documents did.

8) Russian state actors or someone acting on its behest passed information to Wikileaks

The basis for arguing that all these hacks were meant to affect the election is that they were released via Wikileaks. That is what was supposed to be new, beyond just spying (though we have almost certainly hacked documents and leaked them, most probably in the Syria Leaks case, but I suspect also in some others).

And as noted, how Wikileaks got two separate sets of emails has always been the big question. With the DNC emails, Guccifer 2 clearly said he had given them to WL, but the Guccifer 2 ties to Russia was relatively weak. And with the Podesta emails, I’m not aware of any known interim step between the GRU hack and Wikileaks.

A late July report said the FBI was still trying to determine how Russia got the emails to Wikileaks or even if they were the same emails.
The FBI is still investigating the DNC hack. The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.
The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.
An even earlier report suggested that the IC wasn’t certain the files had been passed electronically.
And the joint DHS/ODNI statement largely attributed its confidence that Russia was involved in the the leaking (lumping Guccifer 2, DC Leaks, and Wikileaks all together) not because it had high confidence in that per se (a term of art saying, effectively, “we have seen the evidence”), but instead because leaking such files is consistent with what Russia has done elsewhere.
The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.
Importantly, that statement came out on October 7, so well after the September briefing at which CIA claimed to have further proof of all this.

Now, Julian Assange has repeatedly denied that Russia was his source. Craig Murray asserted, after having meeting with Assange, that the source is not the Russian state or a proxy. Wikileaks’ tweet in the wake of yesterday’s announcement — concluding that an inquiry directed at Russia in this election cycle is targeted at Wikileaks — suggests some doubt. Also, immediately after the election, Sergei Markov, in a statement deemed to be consistent with Putin’s views, suggested that “maybe we helped a bit with WikiLeaks,” even while denying Russia carried out the hacks.

That’s what’s new in yesterday’s story. It stated that “individuals with connections to the Russian government” handed the documents to Wikileaks.
Intelligence agencies have identified individuals with connections to the Russian government who provided WikiLeaks with thousands of hacked emails from the Democratic National Committee and others, including Hillary Clinton’s campaign chairman, according to U.S. officials. Those officials described the individuals as actors known to the intelligence community and part of a wider Russian operation to boost Trump and hurt Clinton’s chances.
[snip]
[I]ntelligence agencies do not have specific intelligence showing officials in the Kremlin “directing” the identified individuals to pass the Democratic emails to WikiLeaks, a second senior U.S. official said. Those actors, according to the official, were “one step” removed from the Russian government, rather than government employees. Moscow has in the past used middlemen to participate in sensitive intelligence operations so it has plausible deniability.
I suspect we’ll hear more leaked about these individuals in the coming days; obviously, the IC says it doesn’t have evidence of the Russian government ordering these people to share the documents with Wikileaks.

Nevertheless, the IC now has what it didn’t have in July: a clear idea of who gave Wikileaks the emails.

9) The motive explaining why Wikileaks released the DNC and Podesta emails

There has been a lot of focus on why Wikileaks did what it did, which notably includes timing the DNC documents to hit for maximum impact before the Democratic Convention and timing the Podesta emails to be a steady release leading up to the election.

I don’t rule out Russian involvement with all of that, but it is entirely unnecessary in this case. Wikileaks has long proven an ability to hype its releases as much as possible. More importantly, Assange has reason to have a personal gripe against Hillary, going back to State’s response to the cable release in 2010 and the subsequent prosecution of Chelsea Manning.

In other words, absent really good evidence to the contrary, I assume that Russia’s interests and Wikileaks’ coincided perfectly for this operation.

10) Russian state actors probed voter registration databases

Back in October, a slew of stories reported that “Russians” had breached voter related databases in a number of states. The evidence actually showed that hackers using a IP tied to Russia had done these hacks. Even if the hackers were Russian (about which there was no evidence in the first reports), there was also no evidence the hackers were tied to the Russian state. Furthermore, as I understand it, these hacks used a variety of methods, some or all of which aren’t known to be GRU related. A September DHS bulletin suggested these hacks were committed by cybercriminals (in the past, identity thieves have gone after voter registration lists). And the October 7 DHS/ODNI statement affirmatively said the government was not attributing the probes to the Russians.
Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government.
In late November, an anonymous White House statement said there was no increased malicious hacking aimed at the electoral process, though remains agnostic about whether Russia ever planned on such a thing.
The Federal government did not observe any increased level of malicious cyber activity aimed at disrupting our electoral process on election day. As we have noted before, we remained confident in the overall integrity of electoral infrastructure, a confidence that was borne out on election day. As a result, we believe our elections were free and fair from a cyber security perspective.
That said, since we do not know if the Russians had planned any malicious cyber activity for election day, we don’t know if they were deterred from further activity by the various warnings the U.S. government conveyed.
Absent further evidence, this suggests that reports about Russian trying to tamper with the actual election infrastructure were at most suspicions and possibly just a result of shoddy reporting conflating Russian IP with Russian people with Russian state.

11) Russian state actors used bots and fake stories to make information more damaging and magnify its effects

Russia has used bots and fake stories in the past to distort or magnify compromising information. There is definitely evidence some pro-Trump bots were based out of Russia. RT and Sputnik ran with inflammatory stories. Samantha Bee famously did an interview with some Russians who were spreading fake news. But there were also people spreading fake news from elsewhere, including Macedonia and Surburban LA. A somewhat spooky guy even sent out fake news in an attempt to discredit Wikileaks.

As I have argued, the real culprit in this economy of clickbait driven outrage is closer to home, in the algorithms that Silicon Valley companies use that are exploited by a whole range of people. So while Russian directed efforts may have magnified inflammatory stories, that was not a necessary part of any intervention in the election, because it was happening elsewhere.

12) The level at which all Russian state actors’ actions were directed and approved

The DHS/ODNI statement said clearly that “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.” But the WaPo story suggests they still don’t have proof of Russia directing even the go-between who gave WL the cables, much less the go-between directing how Wikileaks released these documents.

Mind you, this would be among the most sensitive information, if the NSA did have proof, because it would be collection targeted at Putin and his top advisors.

13) The motive behind the actions of Russian state actors

The motive behind all of this has varied. The joint DHS/ODNI statement said it was “These thefts and disclosures are intended to interfere with the US election process.” It didn’t provide a model for what that meant though.

Interim reporting — including the White House’s anonymous post-election statement — had suggested that spooks believed Russia was doing it to discredit American democracy.
The Kremlin probably expected that publicity surrounding the disclosures that followed the Russian Government-directed compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations, would raise questions about the integrity of the election process that could have undermined the legitimacy of the President-elect.
At one level, that made a lot of sense — the biggest reason to release the DNC and Podesta emails, it seems to me, was to confirm the beliefs a lot of people already had about how power works. I think one of the biggest mistakes of journalists who have political backgrounds was to avoid discussing how the sausage of politics gets made, because this material looks worse if you’ve never worked in a system where power is about winning support. All that said, there’s nothing in the emails (especially given the constant release of FOIAed emails) that uniquely exposed American democracy as corrupt.

All of which is to say that this explanation never made any sense to me; it was mostly advanced by people who live far away from people who already distrust US election systems, who ignored polls showing there was already a lot of distrust.

Which brings us to the other thing that is new in the WaPo story: the assertion that CIA now believes this was all intended to elect Trump, not just make us distrust elections.
The CIA has concluded in a secret assessment that Russia intervened in the 2016 election to help Donald Trump win the presidency, rather than just to undermine confidence in the U.S. electoral system, according to officials briefed on the matter.
[snip]
“It is the assessment of the intelligence community that Russia’s goal here was to favor one candidate over the other, to help Trump get elected,” said a senior U.S. official briefed on an intelligence presentation made to U.S. senators. “That’s the consensus view.”
For what it’s worth, there’s still some ambiguity in this. Did Putin really want Trump? Or did he want Hillary to be beat up and weak for an expected victory? Did he, like Assange, want to retaliate for specific things he perceived Hillary to have done, in both Libya, Syria, and Ukraine? That’s unclear.

14) The degree to which Russia’s efforts were successful and/or primary in leading to Hillary’s defeat

Finally, there’s the question that may explain Obama’s reticence about this issue, particularly in the anonymous post-election statement from the White House, which stated that the “election results … accurately reflect the will of the American people.” It’s not clear that Putin’s intervention, whatever it was, had anywhere near the effect as (for example) Jim Comey’s letters and Bret Baier’s false report that Hillary would be indicted shortly. There are a lot of other factors (including Hillary’s decision to ignore Jake Sullivan’s lonely advice to pay some attention to the Rust Belt).

And, as I’ve noted repeatedly, it is no way the case that Vladimir Putin had to teach Donald Trump about kompromat, the leaking of compromising information for political gain. Close Trump associates, including Roger Stone (who, by the way, may have had conversations with Julian Assange), have been rat-fucking US elections since the time Putin was in law school.

But because of the way this has rolled out (and particularly given the cabinet picks Trump has already made), it will remain a focus going forward, perhaps to the detriment of other issues that need attention.

Friday, December 2, 2016

DS Programming For Newbies

This is a PDF file that contains the posts made by Foxi4 in this post as an introduction into C programming.

This is so that people can download & view on mobile devices or print out, without having to go through each & every post he's done.

Tuesday, November 8, 2016

How To Rig An Election

By

It’s almost over. Will we heave a sigh of relief, or shriek in horror? Nobody knows for sure, although early indications clearly lean Clinton. Whatever happens, however, let’s be clear: this was, in fact, a rigged election.

The election was rigged by state governments that did all they could to prevent nonwhite Americans from voting: The spirit of Jim Crow is very much alive — or maybe translate that to Diego Cuervo, now that Latinos have joined African-Americans as targets. Voter ID laws, rationalized by demonstrably fake concerns about election fraud, were used to disenfranchise thousands; others were discouraged by a systematic effort to make voting hard, by closing polling places in areas with large minority populations.

The election was rigged by Russian intelligence, which was almost surely behind the hacking of Democratic emails, which WikiLeaks then released with great fanfare. Nothing truly scandalous emerged, but the Russians judged, correctly, that the news media would hype the revelation that major party figures are human beings, and that politicians engage in politics, as somehow damning.

The election was rigged by James Comey, the director of the F.B.I. His job is to police crime — but instead he used his position to spread innuendo and influence the election. Was he deliberately putting a thumb on the electoral scales, or was he simply bullied by Republican operatives? It doesn’t matter: He abused his office, shamefully.

The election was also rigged by people within the F.B.I. — people who clearly felt that under Mr. Comey they had a free hand to indulge their political preferences. In the final days of the campaign, pro-Trump agents have clearly been talking nonstop to Republicans like Rudy Giuliani and right-wing media, putting claims and allegations that may or may not have anything to do with reality into the air. The agency clearly needs a major housecleaning: Having an important part of our national security apparatus trying to subvert an election is deeply scary. Unfortunately, Mr. Comey is just the man not to do it.

The election was rigged by partisan media, especially Fox News, which trumpeted falsehoods, then retracted them, if at all, so quietly that almost nobody heard. For days Fox blared the supposed news that the F.B.I. was preparing an indictment of the Clinton Foundation. When it finally admitted that the story was false, Donald Trump’s campaign manager smugly remarked, “The damage is done to Hillary Clinton.”

The election was rigged by mainstream news organizations, many of which simply refused to report on policy issues, a refusal that clearly favored the candidate who lies about these issues all the time, and has no coherent proposals to offer. Take the nightly network news broadcasts: In 2016 all three combined devoted a total of 32 minutes to coverage of issues — all issues. Climate change, the most important issue we face, received no coverage at all.

The election was rigged by the media obsession with Hillary Clinton’s emails. She shouldn’t have used her own server, but there is no evidence at all that she did anything unethical, let alone illegal. The whole thing is orders of magnitude less important than multiple scandals involving her opponent — remember, Donald Trump never released his tax returns. Yet those networks that found only 32 minutes for all policy issues combined found 100 minutes to talk about Clinton emails.

It’s a disgraceful record. Yet Mrs. Clinton still seems likely to win.

If she does, you know what will happen. Republicans will, of course, deny her legitimacy from day one, just as they did for the last two Democratic presidents. But there will also — you can count on it — be a lot of deprecation and sneering from mainstream pundits and many in the media, lots of denial that she has a “mandate” (whatever that means), because some other Republican would supposedly have beaten her, she should have won by more, or something.

So in the days ahead it will be important to remember two things. First, Mrs. Clinton has actually run a remarkable campaign, demonstrating her tenacity in the face of unfair treatment and remaining cool under pressure that would have broken most of us. Second, and much more important, if she wins it will be thanks to Americans who stood up for our nation’s principles — who waited for hours on voting lines contrived to discourage them, who paid attention to the true stakes in this election rather than letting themselves be distracted by fake scandals and media noise.

Those citizens deserve to be honored, not disparaged, for doing their best to save the nation from the effects of badly broken institutions. Many people have behaved shamefully this year — but tens of millions of voters kept their faith in the values that truly make America great.

Friday, September 16, 2016

Over 500,000 People Have Installed A Pokemon Go Related App That Roots And Hijacks Android Devices











Wednesday, September 14, 2016

Hacker 'Guccifer 2.0' Releases More DNC Docs — Including Tim Kaine's Cell Number

The hacker or hackers who claim to have broken into Democratic Party systems released more documents Tuesday, including what appeared to be the personal cell phone of vice presidential candidate Tim Kaine.

"Guccifer 2.0" released over 670 megabytes of documents at a cyber-security conference in London Tuesday.

http://www.nbcnews.com/news/us-news/hacker-guccifer-2-0-releases-more-dnc-docs-including-tim-n647921

Wednesday, August 31, 2016

Friday, August 19, 2016

Malware Infected All Eddie Bauer Stores In U.S., Canada

By Brian Krebs

Clothing store chain Eddie Bauer said today it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach. The acknowledgement comes nearly six weeks after KrebsOnSecurity first notified the clothier about a possible intrusion at stores nationwide.

ebstore

On July 5, 2016, KrebsOnSecurity reached out to Bellevue, Wash., based Eddie Bauer after hearing from several sources who work in fighting fraud at U.S. financial institutions. All of those sources said they’d identified a pattern of fraud on customer cards that had just one thing in common: They were all recently used at some of Eddie Bauer’s 350+ locations in the U.S. The sources said the fraud appeared to stretch back to at least January 2016.

A spokesperson for Eddie Bauer at the time said the company was grateful for the outreach but that it hadn’t heard any fraud complaints from banks or from the credit card associations.

Earlier today, however, an outside public relations firm circled back on behalf of Eddie Bauer. That person told me Eddie Bauer — working with the FBI and an outside computer forensics firm — had detected and removed card-stealing malware from cash registers at all of its locations in the United States and Canada.

The retailer says it believes the malware was capable of capturing credit and debit card numbers from customer transactions made at all 350 Eddie Bauer stores in the United States and Canada between January 2, 2016 to July 17, 2016. The company emphasized that this breach did not impact purchases made at the company’s online store eddiebauer.com.

“While not all transactions during this period were affected, out of an abundance of caution, Eddie Bauer is offering identity protection services to all customers who made purchases or returns during this period,” the company said in a press release issued directly after the markets closed in the U.S. today.

Given the volume of point-0f-sale malware attacks on retailers and hospitality firms in recent months, it would be nice if each one of these breach disclosures didn’t look and sound exactly the same. For example, in addition to offering customers the predictable and irrelevant credit monitoring services topped with bland assurances that the “security of our customers’ information is a top priority,” breached entities could offer the cyber defenders of the world just a few details about the attack tools and online staging grounds the intruders used.

That way, other companies could use the information to find out if they are similarly victimized and to stop the bleeding of customer card data as quickly as possible. Eddie Bauer’s spokespeople say the company has no intention of publishing these so-called “indicators of compromise,” but emphasized that Eddie Bauer worked closely with the FBI and outside security experts.

For more on the importance of IOCs in helping to detect and ultimately stymie cybercrime, check out last Saturday’s story about IOCs released by Visa in connection with the recent intrusion at Oracle’s MICROS point-of-sale unit. And for the record, I have no information connecting this breach or any other recent POS malware attack with the breach at Oracle’s MICROS unit. If that changes, hopefully you’ll read about it here first.

Sunday, August 14, 2016

Niantic Says It'll Perma-Ban Pokémon Go Cheaters

By Carli Velocci

Niantic Inc., the company behind that app you won’t stop hearing about Pokémon Go, has taken a stand against cheaters in the past, or anybody who violates its terms of service, such as sending out cease and desist letters to tracker apps. Now the company has stated that it will outright ban users for those violations.

In a post on the official website, Niantic writes that accounts can be fully terminated for a number of reasons.
“This includes, but is not limited to: falsifying your location, using emulators, modified or unofficial software and/or accessing Pokémon GO clients or backends in an unauthorized manner including through the use of third party software.
Our goal is to provide a fair, fun and legitimate game experience for everyone. We will continue to work with all of you to improve the quality of the gameplay, including ongoing optimization and fine tuning of our anti-cheat system.”
Some of the best parts at following the game’s success online have been seeing the myriad of ways people try and skirt around the system.

There’s a way to hack your phone in order to tap to walk anywhere on the Pokémon Go map; you can trick your phone into faking your GPS location; and a group of hackers cracked a piece of the code to create a new API that can be integrated into bots.

There’s also fun, not-as-technical ways people have tried to cheat the game, including that guy who tried to use a drone to catch Pokémon (it didn’t work).

Niantic came under fire after it issued the cease and desist letters to programs like Pokevision, which was a live updating Pokémon tracker. People in suburban or rural areas made use of similar programs since finding actual things to interact with is more complicated. The company also wrote a letter to Twitch, which streamed live videos of hacks and cheats on its website.

It’s also unclear how this will work. If Niantic bans an account, couldn’t users just make another one? If it’s done by IP address, it runs into the issue of addresses that are shared among users in the same area. Is it done by device? There are so many questions and Niantic isn’t known for being transparent.

Niantic does add in its post that anybody whose account has been suspended should not make a plea on social media due to “privacy reasons,” but also so that Niantic can manage requests better and you don’t call them out publicly if you disagree.

The issue of what is allowed with this app is up in the air, but because this is the Internet, I’m sure people will find ways around even these new restrictions.

[Verge]

Saturday, August 13, 2016

If the 2016 election is hacked, it's because no one listened to these people

By Cory Doctorow

Ever since the Supreme Court ordered the nation's voting authorities to get their act together in 2002 in the wake of Bush v Gore, tech companies have been flogging touchscreen voting machines to willing buyers across the country, while a cadre computer scientists trained in Ed Felten's labs at Princeton have shown again and again and again and again that these machines are absolutely unfit for purpose, are trivial to hack, and endanger the US election system.

Felten has moved on to the White House, where he's deputy CTO, while his grad students have fanned out across the country to take positions at some of America's top universities, where they and their students continue to mercilessly attack the unsound computers that America has put its democracy inside of.

Ben Wofford's comprehensive account of the war on shitty voting machines in Politico is by turns frightening and enraging, and even though the touchscreen voting era appears to finally be drawing to its inevitable close, the remaining machines in the field are, if anything, even more vulnerable to remote attacks, and, worryingly, many are clustered in hotly disputed districts in key battleground states for the 2016 presidential race.

It's not for lack of trying to raise alarms. Felten's team and proteges have gone to far as to meet mysterious whistleblowers in dark New York alleys to take receipt of smuggled-out voting machines to run tests on, and then produced some of the most mediagenic, easy-to-understand videos and articles detailing their findings that you could ask for.

Combine this indifference with North Korea's attack on Sony, China's attack on the Office of Personnel Management, and Russia's (presumptive) attack on the DNC, and you've got a situation where it's all-too-plausible that the coming election will be hacked, and where it's certain that any irregularities will be blamed on hackers, domestic and foreign.

After all, Virgina took 13 years to ditch its wifi-connected Winvote machines, whose crypto key is now known to be "abcde," and which runs a version of Windows that hasn't been updated since 2005.

Jeremy Epstein, the whistleblower who fought for the machines' removal for all that time, says of the elections that were balloted on Winvote systems, "If these machines and elections weren’t hacked, it was only because no one tried."

To make things worse, many of the same vendors who denied, threatened, and obfuscated when caught selling defective voting machines are now trying to sell online voting systems that will have every problem of the worst voting machines, times a thousand.
The Princeton group has no shortage of things that keep them up at night. Among possible targets, foreign hackers could attack the state and county computers that aggregate the precinct totals on election night—machines that are technically supposed to remain non-networked, but that Appel thinks are likely connected to the Internet, even accidentally, from time to time. They could attack digitized voter registration databases—an increasingly utilized tool, especially in Ohio, where their problems are mounting—erasing voters’ names from the polls (a measure that would either cause voters to walk away, or overload the provisional ballot system). They could infect software at the point of development, writing malicious ballot definition files that companies distribute, or do the same on a software patch. They could FedEx false software to a county clerk’s office and, with the right letterhead and convincing cover letter, get it installed. If a county clerk has the wrong laptop connected to the Internet at the wrong time, that could be a wide enough entry window for an attack.
“No county clerk anywhere in the United States has the ability to defend themselves against advanced persistent threats,” Wallach tells me, using the parlance of industry for highly motivated hackers who “lay low and stick around for a while.” Wallach painted an unseemly picture, in which a seasoned cyber warrior overseas squared off against a septuagenarian volunteer. “In the same way,” continues Wallach, “you would not expect your local police department to be able to repel a foreign military power.”
In the academic research, hacks of the machines are far more pervasive; digitized voting registrations or tabulation software are not 10 years old and running on Windows 2000, unlike the machines. Still, they present risks of their own. “There are still plenty of computers involved” even without digital touch screens, says Appel. “Even with optical scan voting, it’s not just the voting machines themselves—it’s the desktop and laptop computers that election officials use to prepare the ballots, prepare the electronic files from the OpScan machines, panel voter registration, electronic poll books. And the computers that aggregate the results together from all of the optical scans.”
“If any of those get hacked, it could could significantly disrupt the election.”
The digital touch screens, even with voter verified paper trail, will still be pervasive this election; 28 states keep them in use to some degree, including Ohio and Florida, though increasingly in limited settings. Pam Smith, the director of Verified Voting—a group that tracks the use of voting equipment by precinct in granular detail—isn’t sure how many digital touch screens are left; no one I spoke with seemed to know. Nor is it clear where they’ll be deployed, a decision left up to county administrators. Smith confirms that after 2007, the number of states that adopted the machines plateaued, and has finally begun to shrink. The number of states using paperless touch screens—and nothing else—is five: South Carolina, Georgia, Louisiana, New Jersey and Delaware. But the number of states with a significant number of counties with the easily hacked machines is much larger, at 13, including Indiana, Virginia, and Pennsylvania. For hacking purposes, there’s little difference: In a close election, only a few precincts with paperless touch screens would be required to deflate vote totals, says Appel, even if the majority of counties are still in the Stone Age. Many of Felten’s mad-scientist experiments were designed to metastasize the nefarious code once it gained entry into a machine system.
How to Hack an Election in 7 Minutes [Ben Wofford/Politico]
(via Memex 1.1)