Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Wednesday, August 30, 2017

Trump Cybersecurity Advisors Resign, Citing His ‘Insufficient Attention’ to Threats

By David Z. Morris



A quarter of the members of the National Infrastructure Advisory Council, whose purview includes national cybersecurity, have resigned. In a group resignation letter, they cited both specific shortfalls in the administration’s approach to cybersecurity, and broader concerns that Trump and his administration have undermined the “moral infrastructure” of the U.S.

The resignations came Monday and were acknowledged by the White House on Tuesday. Nextgov has recently published the resignation letter that the departing councilors submitted. According to Roll Call, seven members resigned from the 27 member Council.

Several of those resigning were Obama-era appointees, including former U.S. Chief Data Scientist DJ Patil and former Office of Science and Technology Policy Chief of Staff Cristin Dorgelo. Not surprisingly, then, the issues outlined in the resignation letter were broad, faulting both Trump’s decision to withdraw from the Paris climate accords and his inflammatory statements after the Charlottesville attacks, some of which came during what was intended to be an infrastructure-focused event.

“The moral infrastructure of our Nation is the foundation on which our physical infrastructure is built,” reads the letter in part. “The Administration’s actions undermine that foundation.”
But the resigning advisors also said the Administration was not “adequately attentive to the pressing national security matters within the NIAC’s purview, or responsive to sound advice received from experts and advisors.” The letter also zeroed in on “insufficient attention to the growing threats to the cybersecurity of the critical systems upon which all Americans depend,” including election systems.

While he has ordered better security for government networks, Trump has shown little understanding or seriousness when it comes to the broader issues surrounding, in his words, “the cyber.” Most notably, he has refused to accept the U.S. intelligence community’s conclusion that Russia engineered a hacking and propaganda campaign meant to subvert the 2016 presidential election, and even floated the idea of forming a cyber-security task force with Russia. The administration also missed a self-imposed deadline for presenting a comprehensive cyber-security plan.

In a report issued just after the mass resignations, the NIAC issued a report saying that dramatic steps were required to prevent a possible "9/11-level cyberattack."

Saturday, July 15, 2017

The Intercept Discloses Top-Secret NSA Document On Russia Hacking Aimed At US Voting System

The report details an operation targeting voter registration in 2016.

By Ben Dreyfuss

On Monday, the Intercept published a classified internal NSA document noting that Russian military intelligence mounted an operation to hack at least one US voting software supplier—which provided software related to voter registration files—in the months prior to last year’s presidential contest. It has previously been reported that Russia attempted to hack into voter registration systems, but this NSA document provides details of how one such operation occurred.

According to the Intercept:
The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the US election and voting infrastructure. The report, dated May 5, 2017, is the most detailed US government account of Russian interference in the election that has yet come to light.
While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A US intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.
The report indicates that Russian hacking may have penetrated further into US voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document:
Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.
Go read the whole thing.

Sunday, July 9, 2017

Trump’s Son Met With Russian Lawyer After Being Promised Damaging Information On Clinton

A meeting arranged by Donald Trump Jr. was held at Trump Tower in June 2016 with a Russian lawyer who has connections to the Kremlin. Credit Sam Hodgson for The New York Times
President Trump’s eldest son, Donald Trump Jr., was promised damaging information about Hillary Clinton before agreeing to meet with a Kremlin-connected Russian lawyer during the 2016 campaign, according to three advisers to the White House briefed on the meeting and two others with knowledge of it.

The meeting was also attended by his campaign chairman at the time, Paul J. Manafort, and his son-in-law, Jared Kushner. Mr. Manafort and Mr. Kushner only recently disclosed the meeting, though not its content, in confidential government documents described to The New York Times.

The Times reported the existence of the meeting on Saturday. But in subsequent interviews, the advisers and others revealed the motivation behind it.

The meeting — at Trump Tower on June 9, 2016, two weeks after Donald J. Trump clinched the Republican nomination — points to the central question in federal investigations of the Kremlin’s meddling in the presidential election: whether the Trump campaign colluded with the Russians. The accounts of the meeting represent the first public indication that at least some in the campaign were willing to accept Russian help.

And while Trump has been dogged by revelations of undisclosed meetings between his associates and the Russians, the episode at Trump Tower is the first such confirmed private meeting involving members of his inner circle during the campaign — as well as the first one known to have included his eldest son. It came at an inflection point in the campaign, when Donald Trump Jr., who served as an adviser and a surrogate, was ascendant and Mr. Manafort was consolidating power.

It is unclear whether the Russian lawyer, Natalia Veselnitskaya, actually produced the promised compromising information about Mrs. Clinton. But the people interviewed by The Times about the meeting said the expectation was that she would do so.

In a statement on Sunday, Donald Trump Jr. said he had met with the Russian lawyer at the request of an acquaintance. “After pleasantries were exchanged,” he said, “the woman stated that she had information that individuals connected to Russia were funding the Democratic National Committee and supporting Ms. Clinton. Her statements were vague, ambiguous and made no sense. No details or supporting information was provided or even offered. It quickly became clear that she had no meaningful information.”

He said she then turned the conversation to adoption of Russian children and the Magnitsky Act, an American law that blacklists suspected Russian human rights abusers. The law so enraged President Vladimir V. Putin of Russia that he retaliated by halting American adoptions of Russian children.

“It became clear to me that this was the true agenda all along and that the claims of potentially helpful information were a pretext for the meeting,” Mr. Trump said.

When he was first asked about the meeting on Saturday, he said only that it was primarily about adoptions and mentioned nothing about Mrs. Clinton.
President Trump’s son-in-law, Jared Kushner, also attended the meeting last year at Trump Tower. Credit Ruth Fremson/The New York Times
Mark Corallo, a spokesman for the president’s lawyer, said on Sunday that “Trump was not aware of and did not attend the meeting.”

Lawyers and spokesmen for Mr. Kushner and Mr. Manafort did not immediately respond to requests for comment. In his statement, Donald Trump Jr. said he asked Mr. Manafort and Mr. Kushner to attend, but did not tell them what the meeting was about.

American intelligence agencies have concluded that Russian hackers and propagandists worked to tip the election toward Donald J. Trump, in part by stealing and then providing to WikiLeaks internal Democratic Party and Clinton campaign emails that were embarrassing to Mrs. Clinton. WikiLeaks began releasing the material on July 22.

A special prosecutor and congressional committees are now investigating the Trump campaign’s possible collusion with the Russians. Mr. Trump has disputed that, but the investigation has cast a shadow over his administration.

Mr. Trump has also equivocated on whether the Russians were solely responsible for the hacking. On Sunday, two days after his first meeting as president with Mr. Putin, Mr. Trump said in a Twitter post: “I strongly pressed President Putin twice about Russian meddling in our election. He vehemently denied it. I’ve already given my opinion.....” He also tweeted that they had “discussed forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded...””

On Sunday morning on Fox News, the White House chief of staff, Reince Priebus, described the Trump Tower meeting as a “big nothing burger.”

“Talking about issues of foreign policy, issues related to our place in the world, issues important to the American people is not unusual,” he said.

But Representative Adam B. Schiff of California, the leading Democrat on the House Intelligence Committee, one of the panels investigating Russian election interference, said he wanted to question “everyone that was at that meeting.”

“There’s no reason for this Russian government advocate to be meeting with Paul Manafort or with Mr. Kushner or the president’s son if it wasn’t about the campaign and Russia policy,” Mr. Schiff said after the initial Times report.

Ms. Veselnitskaya, the Russian lawyer invited to the Trump Tower meeting, is best known for mounting a multipronged attack against the Magnitsky Act.

The adoption impasse is a frequently used talking point for opponents of the act. Ms. Veselnitskaya’s campaign against the law has also included attempts to discredit the man after whom it was named, Sergei L. Magnitsky, a lawyer and auditor who died in 2009 in mysterious circumstances in a Russian prison after exposing one of the biggest corruption scandals during Mr. Putin’s rule.
Mr. Trump’s former campaign chairman, Paul J. Manafort, at the Republican National Convention in July 2016 in Cleveland. Credit Sam Hodgson for The New York Times
Ms. Veselnitskaya’s clients include state-owned businesses and a senior government official’s son, whose company was under investigation in the United States at the time of the meeting. Her activities and associations had previously drawn the attention of the F.B.I., according to a former senior law enforcement official.

Ms. Veselnitskaya said in a statement on Saturday that “nothing at all about the presidential campaign” was discussed. She recalled that after about 10 minutes, either Mr. Kushner or Mr. Manafort walked out.

She said she had “never acted on behalf of the Russian government” and “never discussed any of these matters with any representative of the Russian government.”

The Trump Tower meeting was disclosed to government officials in recent days, when Mr. Kushner, who is also a senior White House aide, filed a revised version of a form required to obtain a security clearance.

The Times reported in April that he had failed to disclose any foreign contacts, including meetings with the Russian ambassador to the United States and the head of a Russian state bank. Failure to report such contacts can result in a loss of access to classified information and even, if information is knowingly falsified or concealed, in imprisonment.

Mr. Kushner’s advisers said at the time that the omissions were an error, and that he had immediately notified the F.B.I. that he would be revising the filing.

In a statement on Saturday, Mr. Kushner’s lawyer, Jamie Gorelick, said: “He has since submitted this information, including that during the campaign and transition, he had over 100 calls or meetings with representatives of more than 20 countries, most of which were during transition. Mr. Kushner has submitted additional updates and included, out of an abundance of caution, this meeting with a Russian person, which he briefly attended at the request of his brother-in-law Donald Trump Jr. As Mr. Kushner has consistently stated, he is eager to cooperate and share what he knows.”

Mr. Manafort, the former campaign chairman, also recently disclosed the meeting, and Donald Trump Jr.’s role in organizing it, to congressional investigators who had questions about his foreign contacts, according to people familiar with the events. Neither Mr. Manafort nor Mr. Kushner was required to disclose the content of the meeting.

A spokesman for Mr. Manafort declined to comment.

Since the president took office, Donald Trump Jr. and his brother Eric have assumed day-to-day control of their father’s real estate empire. Because he does not serve in the administration and does not have a security clearance, Donald Trump Jr. was not required to disclose his foreign contacts.

Federal and congressional investigators have not publicly asked for any records that would require his disclosure of Russian contacts.

Ms. Veselnitskaya is a formidable operator with a history of pushing the Kremlin’s agenda. Most notable is her campaign against the Magnitsky Act, which provoked a Cold War-style, tit-for-tat dispute with the Kremlin when President Barack Obama signed it into law in 2012.

Under the law, about 44 Russian citizens have been put on a list that allows the United States to seize their American assets and deny them visas. The United States asserts that many of them are connected to the fraud exposed by Mr. Magnitsky, who after being jailed for more than a year was found dead in his cell. A Russian human rights panel found that he had been assaulted. To critics of Mr. Putin, Mr. Magnitsky, in death, became a symbol of corruption and brutality in the Russian state.
An infuriated Mr. Putin has called the law an “outrageous act,” and, in addition to banning American adoptions, he compiled what became known as an “anti-Magnitsky” blacklist of United States citizens.

Among those blacklisted was Preet Bharara, then the United States attorney in Manhattan, who led notable convictions of Russian arms and drug dealers. Mr. Bharara was abruptly fired in March, after previously being asked to stay on by President Trump.

One of Ms. Veselnitskaya’s clients is Denis Katsyv, the Russian owner of Prevezon Holdings, an investment company based in Cyprus. He is the son of Petr Katsyv, the vice president of the state-owned Russian Railways and a former deputy governor of the Moscow region. In a civil forfeiture case prosecuted by Mr. Bharara’s office, the Justice Department alleged that Prevezon had helped launder money linked to the $230 million corruption scheme exposed by Mr. Magnitsky by putting it in New York real estate and bank accounts. Prevezon recently settled the case for $6 million without admitting wrongdoing.

Ms. Veselnitskaya and her client also hired a team of political and legal operatives to press the case for repeal. And they tried but failed to keep Mr. Magnitsky’s name off a new law that takes aim at human-rights abusers across the globe. The team included Rinat Akhmetshin, an √©migr√© to the United States who once served as a Soviet military officer and who has been called a Russian political gun for hire. Fusion GPS, a consulting firm that produced an intelligence dossier that contained unverified allegations about Mr. Trump, was also hired to do research for Prevezon.

Ms. Veselnitskaya was also deeply involved in the making of a film that disputes the widely accepted version of Mr. Magnitsky’s life and death. In the film and in her statement, she said the true culprit of the fraud was William F. Browder, an American-born financier who hired Mr. Magnitsky to investigate the fraud after three of his investment funds companies in Russia were seized.

Mr. Browder called the film a state-sponsored smear campaign.

“She’s not just some private lawyer,” Mr. Browder said of Ms. Veselnitskaya. “She is a tool of the Russian government.”

John O. Brennan, a former C.I.A. director, testified in May that he had been concerned last year by Russian government efforts to contact and manipulate members of Mr. Trump’s campaign. “Russian intelligence agencies do not hesitate at all to use private companies and Russian persons who are unaffiliated with the Russian government to support their objectives,” he said.

The F.B.I. began a counterintelligence investigation last year into Russian contacts with any Trump associates. Agents focused on Mr. Manafort and a pair of advisers, Carter Page and Roger J. Stone Jr.

Among those now under investigation is Michael T. Flynn, who was forced to resign as Mr. Trump’s national security adviser after it became known that he had falsely denied speaking to the Russian ambassador about sanctions imposed by the Obama administration over the election hacking.

Congress later discovered that Mr. Flynn had been paid more than $65,000 by companies linked to Russia, and that he had failed to disclose those payments when he renewed his security clearance and underwent an additional background check to join the White House staff.

In May, the president fired the F.B.I. director, James B. Comey, who days later provided information about a meeting with Mr. Trump at the White House. According to Mr. Comey, the president asked him to end the bureau’s investigation into Mr. Flynn; Mr. Trump has repeatedly denied making such a request. Robert S. Mueller III, a former F.B.I. director, was then appointed as special counsel.

The status of Mr. Mueller’s investigation is not clear, but he has assembled a veteran team of prosecutors and agents to dig into any possible collusion.

Saturday, June 24, 2017

Obama’s secret struggle to punish Russia for Putin’s election assault

Early last August, an envelope with extraordinary handling restrictions arrived at the White House. 

Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladi­mir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.

At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent.

Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks.

https://www.washingtonpost.com/graphics/2017/world/national-security/obama-putin-election-hacking/?utm_term=.12a31b9dd507&hpid=hp_hp-top-table-main_russiaobama-banner-7a%3Ahomepage%2Fstory

2016 election is officially illegitimate. TIME: Hackers Altered Voter Rolls

http://time.com/4828306/russian-hacking-election-widespread-private-data/

Election Hackers Altered Voter Rolls, Stole Private Data, Officials Say
Massimo Calabresi - Jun 22, 2017

The hacking of state and local election databases in 2016 was more extensive than previously reported, including at least one successful attempt to alter voter information, and the theft of thousands of voter records that contain private information like partial Social Security numbers, current and former officials tell TIME.

In one case, investigators found there had been a manipulation of voter data in a county database but the alterations were discovered and rectified, two sources familiar with the matter tell TIME. Investigators have not identified whether the hackers in that case were Russian agents.

The fact that private data was stolen from states is separately providing investigators a previously unreported line of inquiry in the probes into Russian attempts to influence the election. In Illinois, more than 90% of the nearly 90,000 records stolen by Russian state actors contained drivers license numbers, and a quarter contained the last four digits of voters’ Social Security numbers, according to Ken Menzel, the General Counsel of the State Board of Elections.

Congressional investigators are probing whether any of this stolen private information made its way to the Trump campaign, two sources familiar with the investigations tell TIME.

“If any campaign, Trump or otherwise, used inappropriate data the questions are, How did they get it? From whom? And with what level of knowledge?” the former top Democratic staffer on the House Intelligence Committee, Michael Bahar, tells TIME. “That is a crux of the investigation."

Saturday, May 20, 2017

Comey’s FBI Computer Illegally Accessed: Data Given To Russian Diplomats

Exclusive: Sources close to the intelligence community report that Director Comey’s FBI computer was illegally accessed immediately after he was dismissed from his post. They further report that ‘removable media’ was used in the commission of this crime. ‘Removable media’ is a category describing physical devices that can be placed into a computer, either to download information or to upload it, such as a memory card, a USB stick, a removable hard drive, a thumb drive or similar items.

Sources further report that a person or persons allied to Donald Trump passed data accessed from Director Comey’s computer to Russian diplomats. It is not known when or how this took place. A piece of removable media containing all the data in question has been recovered from hostile actors, sources say, and is now in the possession of the Justice Department.

Director Comey is said to have known in advance that Mr. Trump would dismiss him. He took careful steps, these sources say, to leave not only a paper trail as we have seen in the story of the ‘Comey Memo’ but also a digital one. Director Comey’s own primary work computer, and other computers in and around his former office, were fitted with sophisticated intelligence community software allowing the Justice Department to see precisely how and when they were attacked.
comey fired
The official Foreign Ministry of Russia’s Twitter account posted a tweet showing Foreign Minister Lavarov laughing with Rex Tillerson, the Secretary of State who has won the Order of Friendship of Vladimir Putin, over Director Comey’s firing, on the day Donald Trump hosted the Russians in the White House and verbally gave them top-secret allied intelligence, later published by the Russian news agency Tass.

White House sources say Trump has already discussed his resignation more than once. Perhaps when he discovers that the justice and intelligence communities are well aware he breached Director Comey’s computer and handed FBI data to Russia, he may decide to spare the nation further trauma and resign.

If he becomes President, Mike Pence will be unable to pardon Donald Trump for any crimes at the state level.

More on this story as we receive it.

https://patribotics.blog/2017/05/17/comeys-fbi-computer-illegally-accessed-data-given-to-russian-diplomats/

Thursday, March 9, 2017

Rachel Maddow Drops Major Reality Check: Trump-Russia Collusion Looks Increasingly Likely

The MSNBC host told America to "get back to the main point," which is that it's slowly looking like the Trump campaign was working with Russia to topple Hillary Clinton.

On MSNBC’s Rachel Maddow Show on Tuesday, the liberal superstar dropped another Russian reality check on viewers, telling America to “get back to the main point,” which is that it’s slowly looking like the Trump campaign was working with Russia to topple Hillary Clinton last year.

In her opening segment, Maddow focused on a so-far unsubstantiated dossier released in January that details damning links between Trump and high-ranking Russian officials. While Trump and his apologists try to muddy the waters, point fingers, and deny any wrongdoing, more and more of that controversial dossier has become verified as truth.

As Maddow said, pieces from that document continue to fall into place, which is slowly raising the likelihood that Russia and Trump’s campaign worked together.

Rachel Maddow notes that while the dossier of intelligence about Donald Trump ties to Russia remains unconfirmed, pieces of it have checked out upon investigation by the press, though the primary government investigators are former Trump campaign officials.



Maddow said:
Forget all the salacious personal stuff. Forget all the stuff that made the White House so mad when this was published. The bottom line of this dossier, the bottom line allegation, the point of it is that the Trump campaign didn’t just benefit from Russia interfering in our presidential campaign. The point of this is that they colluded, they helped, they were in on it. The money quote from this dossier is, “The operation had been conducted with the full knowledge of Trump and senior members of his campaign team.” That’s basically what this whole dossier alleges – that the Trump folks were in on it.  There were multiple people close to Trump, involved in the Trump campaign, who were in contact with the Russian government about the Russian government’s attacks on Hillary Clinton, while those attacks were happening, while Russia was waging these attacks. Overall, yes, we still have to describe this as a sheaf of uncorroborated allegations, but little pieces supporting that bottom line thesis really do keep falling in line.
Maddow then listed the series of Russian revelations – and secret meetings between Trump associates and the Russian officials – that have come out over the past several weeks, despite initial claims from the president that nobody on his team met with the Russians during the campaign.

It turns out that more than a half-dozen Trump associates are linked to Russia, including Jeff Sessions, Michael Flynn, Carter Page, J.D. Gordon, Paul Manafort, Roger Stone and Michael Cohen.

As Maddow noted in her coverage, it was reported by Politico on Tuesday that one of those associates, Carter Page, was given permission by the Trump campaign last year to make a visit to Russia in the heat of the 2016 election cycle.

The president himself even met with Russian ambassador Sergey Kislyak before giving a campaign speech last year.

All of these bits of information are turning what was previous an unverified dossier into a credible document implicating Donald Trump’s presidential campaign in what would be the biggest political scandal in U.S. history.

Even though there is so much going on in our politics right now, much of it disturbing and distracting, we must not lose focus on this scandal.

Thursday, February 16, 2017

Intel Community Is Sabotaging Trump! - Warns Notable DEMOCRAT

Dennis Kucinich explains the recent national security moves that were made and how it might drastically affect the future.

Jimmy Dore breaks it down.

Wednesday, January 11, 2017

INTEL CHIEFS PRESENTED TRUMP WITH CLAIMS OF RUSSIAN EFFORTS TO COMPROMISE HIM PER CNN

By DemocratSinceBirth

 Suggestion they have compromising information on him !!!

Communications between Trump and Russian officials.

This is beyond huge !!!

Intel chiefs presented Trump with claims of Russian efforts to compromise him
By Evan Perez, Jim Sciutto, Jake Tapper and Carl Bernstein, CNN
Updated 5:15 PM ET, Tue January 10, 2017

(CNN) Classified documents presented last week to President Obama and President-elect Trump included allegations that Russian operatives claim to have compromising personal and financial information about Mr. Trump, multiple US officials with direct knowledge of the briefings tell CNN.

The allegations were presented in a two-page synopsis that was appended to a report on Russian interference in the 2016 election. The allegations came, in part, from memos compiled by a former British intelligence operative, whose past work US intelligence officials consider credible. The FBI is investigating the credibility and accuracy of these allegations, which are based primarily on information from Russian sources, but has not confirmed many essential details in the memos about Mr. Trump. 

The classified briefings last week were presented by four of the senior-most US intelligence chiefs -- Director of National Intelligence James Clapper, FBI Director James Comey, CIA Director John Brennan, and NSA Director Admiral Mike Rogers. 

One reason the nation's intelligence chiefs took the extraordinary step of including the synopsis in the briefing documents was to make the President-elect aware that such allegations involving him are circulating among intelligence agencies, senior members of Congress and other government officials in Washington, multiple sources tell CNN. 

These senior intelligence officials also included the synopsis to demonstrate that Russia had compiled information potentially harmful to both political parties, but only released information damaging to Hillary Clinton and Democrats. This synopsis was not an official part of the report from the intelligence community case about Russian hacks, but some officials said it augmented the evidence that Moscow intended to harm Clinton's candidacy and help Trump's, several officials with knowledge of the briefings tell CNN. 

The two-page synopsis also included allegations that there was a continuing exchange of information during the campaign between Trump surrogates and intermediaries for the Russian government, according to two national security officials

Sources tell CNN that these same allegations about communications between the Trump campaign and the Russians, mentioned in classified briefings for congressional leaders last year, prompted then-Senate Democratic Leader Harry Reid to send a letter to FBI Director Comey in October, in which he wrote, "It has become clear that you possess explosive information about close ties and coordination between Donald Trump, his top advisors, and the Russian government -- a foreign interest openly hostile to the United States." 

CNN has confirmed that the synopsis was included in the documents that were presented to Mr. Trump but cannot confirm if it was discussed in his meeting with the intelligence chiefs.
The Trump transition team declined repeated requests for comment. 

CNN has reviewed a 35-page compilation of the memos, from which the two-page synopsis was drawn. The memos originated as opposition research, first commissioned by anti-Trump Republicans, and later by Democrats. At this point, CNN is not reporting on details of the memos, as it has not independently corroborated the specific allegations. But, in preparing this story, CNN has spoken to multiple high ranking intelligence, administration, congressional and law enforcement officials, as well as foreign officials and others in the private sector with direct knowledge of the memos.

Some of the memos were circulating as far back as last summer. What has changed since then is that US intelligence agencies have now checked out the former British intelligence operative and his vast network throughout Europe and find him and his sources to be credible enough to include some of the information in the presentations to the President and President-elect a few days ago. 

On the same day that the President-elect was briefed by the intelligence community, the top four Congressional leaders, and chairmen and ranking members of the House and Senate intelligence committees -- the so-called "Gang of Eight" -- were also provided a summary of the memos regarding Mr. Trump, according to law enforcement, intelligence and administration sources. 

The two-page summary was written without the detailed specifics and information about sources and methods included in the memos by the former British intelligence official. That said, the synopsis was considered so sensitive it was not included in the classified report about Russian hacking that was more widely distributed, but rather in an annex only shared at the most senior levels of the government: President Obama, the President-elect, and the eight Congressional leaders.

CNN has also learned that on December 9, Senator John McCain gave a full copy of the memos -- dated from June through December, 2016 -- to FBI Director James Comey. McCain became aware of the memos from a former British diplomat who had been posted in Moscow. But the FBI had already been given a set of the memos compiled up to August 2016, when the former MI6 agent presented them to an FBI official in Rome, according to national security officials. 

The raw memos on which the synopsis is based were prepared by the former MI6 agent, who was posted in Russia in the 1990s and now runs a private intelligence gathering firm. His investigations related to Mr. Trump were initially funded by groups and donors supporting Republican opponents of Mr. Trump during the GOP primaries, multiple sources confirmed to CNN. Those sources also said that once Mr. Trump became the nominee, further investigation was funded by groups and donors supporting Hillary Clinton.

Spokespeople for the FBI and the Director of National Intelligence declined to comment. Officials who spoke to CNN declined to do so on the record given the classified nature of the material.
Some of the allegations were first reported publicly in Mother Jones one week before the election.

One high level administration official told CNN, "I have a sense the outgoing administration and intelligence community is setting down the pieces so this must be investigated seriously and run down. I think concern was to be sure that whatever information was out there is put into the system so it is evaluated as it should be and acted upon as necessary."

http://www.cnn.com/2017/01/10/politics/donald-trump-intelligence-report-russia/index.html

Saturday, December 31, 2016

When did Trump develop fealty to Russia, & why does it persist after their cyber attack?


ALTHOUGH PRESIDENT Obama’s sanctions against Russia for interfering with the U.S. presidential election came late, his action on Thursday reflected a bipartisan consensus that penalties must be imposed for Moscow’s audacious hacking and meddling. 

But one prominent voice in the United States reacted differently. President-elect Donald Trump said “it’s time for our country to move on to bigger and better things.” Earlier in the week, he asserted that the “whole age of computer has made it where nobody knows exactly what is going on.”

No, Mr. Trump, it is not time to move on. U.S. intelligence agencies are in agreement about “what is going on”: a brazen and unprecedented attempt by a hostile power to covertly sway the outcome of a U.S. presidential election through the theft and release of material damaging to Democratic nominee Hillary Clinton. The president-elect’s dismissive response only deepens unanswered questions about his ties to Russia in the past and his plans for cooperation with Vladi­mir Putin.

For his part, Mr. Putin seems to be eagerly anticipating the Trump presidency. On Friday, he promised to withhold retaliatory sanctions, clearly hoping the new Trump administration will nullify Mr. Obama’s acts. Then Mr. Trump cheered on Twitter: “Great move on delay (by V. Putin) — I always knew he was very smart!”

For any American leader, an attempt to subvert U.S. democracy ought to be unforgivable — even if he is the intended beneficiary. Some years ago, then-Defense Secretary Leon Panetta warned of a “cyber-Pearl Harbor,” and the fear at the time was of a cyberattack collapsing electric grids or crashing financial markets. Now we have a real cyber-Pearl Harbor, though not one that was anticipated. Mr. Obama has pledged a thorough investigation and disclosure; the information released on Thursday does not go far enough. Congress should not shrink from establishing a select committee for a full-scale probe.

Mr. Obama also hinted at additional retaliation, possibly unannounced, and we believe it would be justified to deter future mischief. How about shedding a little sunshine on Mr. Putin’s hidden wealth and that of his coterie?

Mr. Trump has been frank about his desire to improve relations with Russia, but he seems blissfully untroubled by the reasons for the deterioration in relations, including Russia’s instigation of an armed uprising in Ukraine, its seizure of Crimea, its efforts to divide Europe and the crushing of democracy and human rights at home.

Why is Mr. Trump so dismissive of Russia’s dangerous behavior? Some say it is his lack of experience in foreign policy, or an oft-stated admiration for strongmen, or naivete about Russian intentions. But darker suspicions persist. Mr. Trump has steadfastly refused to be transparent about his multibillion-dollar business empire. Are there loans or deals with Russian businesses or the state that were concealed during the campaign? Are there hidden communications with Mr. Putin or his representatives? We would be thrilled to see all the doubts dispelled, but Mr. Trump’s odd behavior in the face of a clear threat from Russia, matched by Mr. Putin’s evident enthusiasm for the president-elect, cannot be easily explained.

Read more on this topic:
 
Greg Sargent: The Trump camp’s spin on Russian interference is falling apart
Ruth Marcus: On Russia, Trump is incapable of looking past politics
Jennifer Rubin: A moment of truth on Russia

Friday, September 16, 2016

Over 500,000 People Have Installed A Pokemon Go Related App That Roots And Hijacks Android Devices











Friday, August 19, 2016

Malware Infected All Eddie Bauer Stores In U.S., Canada

By Brian Krebs

Clothing store chain Eddie Bauer said today it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach. The acknowledgement comes nearly six weeks after KrebsOnSecurity first notified the clothier about a possible intrusion at stores nationwide.

ebstore

On July 5, 2016, KrebsOnSecurity reached out to Bellevue, Wash., based Eddie Bauer after hearing from several sources who work in fighting fraud at U.S. financial institutions. All of those sources said they’d identified a pattern of fraud on customer cards that had just one thing in common: They were all recently used at some of Eddie Bauer’s 350+ locations in the U.S. The sources said the fraud appeared to stretch back to at least January 2016.

A spokesperson for Eddie Bauer at the time said the company was grateful for the outreach but that it hadn’t heard any fraud complaints from banks or from the credit card associations.

Earlier today, however, an outside public relations firm circled back on behalf of Eddie Bauer. That person told me Eddie Bauer — working with the FBI and an outside computer forensics firm — had detected and removed card-stealing malware from cash registers at all of its locations in the United States and Canada.

The retailer says it believes the malware was capable of capturing credit and debit card numbers from customer transactions made at all 350 Eddie Bauer stores in the United States and Canada between January 2, 2016 to July 17, 2016. The company emphasized that this breach did not impact purchases made at the company’s online store eddiebauer.com.

“While not all transactions during this period were affected, out of an abundance of caution, Eddie Bauer is offering identity protection services to all customers who made purchases or returns during this period,” the company said in a press release issued directly after the markets closed in the U.S. today.

Given the volume of point-0f-sale malware attacks on retailers and hospitality firms in recent months, it would be nice if each one of these breach disclosures didn’t look and sound exactly the same. For example, in addition to offering customers the predictable and irrelevant credit monitoring services topped with bland assurances that the “security of our customers’ information is a top priority,” breached entities could offer the cyber defenders of the world just a few details about the attack tools and online staging grounds the intruders used.

That way, other companies could use the information to find out if they are similarly victimized and to stop the bleeding of customer card data as quickly as possible. Eddie Bauer’s spokespeople say the company has no intention of publishing these so-called “indicators of compromise,” but emphasized that Eddie Bauer worked closely with the FBI and outside security experts.

For more on the importance of IOCs in helping to detect and ultimately stymie cybercrime, check out last Saturday’s story about IOCs released by Visa in connection with the recent intrusion at Oracle’s MICROS point-of-sale unit. And for the record, I have no information connecting this breach or any other recent POS malware attack with the breach at Oracle’s MICROS unit. If that changes, hopefully you’ll read about it here first.

Saturday, April 30, 2016

The Blacklist - The Artax Network S3 E20

Reeling with grief, the task force hunts the organization behind Liz's failed abduction - who is Solomon working for and why was Liz the target? Meanwhile, Red confronts a man from his past. Brian Dennehy guest stars.


Friday, April 15, 2016

‘Blackhole’ Exploit Kit Author Gets 7 Years In Jail

By Brian Krebs

A Moscow court this week convicted and sentenced seven hackers for breaking into countless online bank accounts — including “Paunch,” the nickname used by the author of the infamous “Blackhole” exploit kit.  Once an extremely popular crimeware-as-a-service offering, Blackhole was for several years responsible for a large percentage of malware infections and stolen banking credentials, and likely contributed to tens of millions of dollars stolen from small to mid-sized businesses over several years.

Paunch, the accused creator of the Blackhole Exploit Kit, stands in front of his Porche Cayenne.
Fedotov, the convicted creator of the Blackhole Exploit Kit, stands in front of his Porche Cayenne in an undated photo.

According to Russia’s ITAR-TASS news network, Dmitry “Paunch” Fedotov was sentenced on April 12 to seven years in a Russian penal colony. In October 2013, the then 27-year-old Fedotov was arrested along with an entire team of other cybercriminals who worked to sell, develop and profit from Blackhole.

According to Russian security firm Group-IB, Paunch had more than 1,000 customers and was earning $50,000 per month from his illegal activity. The image above shows Paunch standing in front of his personal car, a Porsche Cayenne.

First spotted in 2010, BlackHole is commercial crimeware designed to be stitched into hacked or malicious sites and exploit a variety of Web-browser vulnerabilities for the purposes of installing malware of the customer’s choosing.

The price of renting the kit ran from $500 to $700 each month. For an extra $50 a month, Paunch also rented customers “crypting” services; cryptors are designed to obfuscate malicious software so that it remains undetectable by antivirus software.

Paunch worked with several other cybercriminals to purchase new exploits and security vulnerabilities that could be rolled into Blackhole and help increase the success of the software. He eventually sought to buy the exploits from other cybercrooks directly to fund a pricier ($10,000/month) and more exclusive exploit pack called “Cool Exploit Kit.”

The main page of the Blackhole exploit kit Web interface.
The main page of the Blackhole exploit kit Web interface.

As documented on this blog in January 2013 (see Crimeware Author Funds Exploit Buying Spree), Paunch contracted with a third-party exploit broker who announced that he had a $100,000 budget for buying new, previously undocumented “zero-day” vulnerabilities.

Not long after that story, the individual with whom Paunch worked to purchase those exclusive exploits — a miscreant who uses the nickname “J.P. Morgan” — posted a message to the Darkode[dot]com crime forum, stating that he was doubling his exploit-buying budget to $200,000.


In October 2013, shortly after news of Paunch’s arrest leaked to the media, J.P. Morgan posted to Darkode again, this time more than doubling his previous budget — to $450,000.

“Dear ladies and gentlemen! In light of recent events, we look to build a new exploit kit framework. We have budgeted $450,000 to buy vulnerabilities of a browser and its plugins, which will be used only by us afterwards! ”

J.P. Morgan alludes to his former partner's arrest, and ups his monthly exploit buying budget to $450,000.
J.P. Morgan alludes to his former partner’s arrest, and ups his monthly exploit buying budget to $450,000.

The Russian Interior Ministry (MVD) estimates that Paunch and his gang earned more than 70 million rubles, or roughly USD $2.3 million. But this estimate is misleading because Blackhole was used as a means to perpetrate a vast array of cybercrimes. I would argue that Blackhole was perhaps the most important driving force behind an explosion of cyber fraud over the past three years. A majority of Paunch’s customers were using the kit to grow botnets powered by Zeus and Citadel, banking Trojans that are typically used in cyberheists targeting consumers and small businesses.

For more about Paunch, check out Who is Paunch?, a profile I ran in 2013 shortly after Fedotov’s arrest that examines some of the clues that connected his online criminal persona with his personal social networking profiles.

Tuesday, February 23, 2016

Why The Apple VS Govt Storyline Is A Fake Designed To Distract The Public

 
The backdoor is already in the IPhone.
 

The media is erupting over the FBI’s demand that Apple help it decrypt an iPhone belonging to Syed Rizwan Farook, one of the attackers involved in the assault in San Bernardino this past December.

Originally Apple wanted the FBI to keep things on the down low, asking the Feds to present their application for access under seal. But for whatever reason the FBI decided to go public. Apple then put on a big show of resistance and now there are legislators threatening to change the law in favor of the FBI. Yet concealed amid this unfolding drama is a vital fact that very few outlets are paying attention to.

Tim Cook protests that Apple is being asked to create “a new version of the iPhone operating system.” This glib talking point distracts attention from the reality that there’s essentially a backdoor on every new iPhone that ships around the world: the ability to load and execute modified firmware without user intervention.

Ostensibly software patches were intended to fix bugs. But they can just as easily install code that compromises sensitive data. I repeat: without user intervention. Apple isn’t alone in this regard. Has anyone noticed that the auto-update feature deployed with certain versions of Windows 10 is impossible to turn off using existing user controls?

Update features, it would seem, are a bullseye for spies. And rightly so because they represent a novel way to quietly execute malicious software. This past September the Washington Post published a leaked memo from the White House which proposed that intelligence agencies leverage “provider-enabled remote access to encrypted devices through current update procedures.” Yep, the same update procedures that are marketed as helping to keep users safe. And it would appear that the spies are making progress. There’s news from Bloomberg of a secret memo that tasked spymasters with estimating the budgetary requirements needed to develop “encryption workarounds.”

And, finally, please notice throughout this whole ordeal how the Director of the NSA, unlike the vociferous FBI director, has been relatively silent. With a budget on the order of $10 billion at its disposal the NSA almost certainly has something equivalent to what the courts have asked Apple to create. The NSA probably doesn’t want to give its bypass tool to the FBI and blow its operational advantage. After all, the NSA is well versed in the art of firmware-level manipulation. Experts have opined that for a few million (a drop in the bucket for a spy outfit like the NSA or CIA) this capability could be implemented. NSA whistleblower William Binney tends to agree. When asked what users could do to protect themselves from the Deep State’s prying eyes Binney replied:
“Use smoke signals! With NSA’s budget of over $10 bill a year, they have more resources to acquire your data than you can ever hope to defend against.
This has to be addressed in law and legislation. Call your local governmental representative and complain, otherwise, if you sit and do nothing… you are fucked!!!”
So while Apple manufactures the perception that it’s fighting for user privacy, keep in mind that the media’s Manichean narrative of “good vs. evil” doesn’t necessarily explain what’s transpiring.

Despite cheerleading by Ed Snowden and others Apple is not the company that it would have us believe it is. Apple has a long history of helping the government crack iPhones and security researchers have already unearthed any number of hidden services lurking below the iPhones surface.

The public record over the past several decades informs that ersatz public opposition often conceals private collusion. And Apple, dear reader, is no stranger when it comes to clandestine government programs. The sad truth is that government spies and corporate data hoarders assemble in the corridors of the American Deep State protected by a veil of official secrecy and sophisticated propaganda.

Related Stories

Saturday, November 28, 2015

Stop stores and airports from tracking your movements

By Kim Komando

Did you know that for several months Wal-Mart tested a facial recognition system that can pick an individual out of a crowd and track them automatically through a store? It's true. Wal-Mart was mainly using the system to spot known shoplifters, but I'm sure you can think of more worrying purposes.

Facial recognition is one of many technologies that brick-and-mortar retailers are testing to get real-time data on their customers. Online stores can see exactly what products and ads a user looks at, but offline retailers traditionally only know what people buy. They want to change that so they can maximize their marketing and profits.

How retailers track you

While facial recognition is still in limited use, many retailers, and other locations with a lot of traffic like airports, are using Mobile Location Analytics to track your exact location. For example, authorities at an airport know how much time you spent in a shop, moving through security or at the baggage claim. A store knows when you move from one department to another, or even linger in a certain aisle. How do they do this?

MLA uses the Wi-Fi and Bluetooth in your smartphone or tablet. Every mobile gadget has a unique 12-digit hardware identifier called a MAC address that it broadcasts via Wi-Fi and Bluetooth. As your gadget comes in range of the various Wi-Fi routers and Bluetooth hubs scattered around a store or airport, the MLA system picks up your MAC address.

Companies collect this information over time and use it to track traffic flow, line wait times, popular products or aisles, tweak employee work schedule and more. But could they use the information to do something more?

The good news is that on its own, your gadget's MAC address tells the store nothing about you. Your name, email and phone number aren't transmitted. At most, it might be able to figure out what manufacturer made your phone.

Most of the companies that handle this tracking have also signed agreements that they won't try to tie your MAC address to any other information they might have about you. Of course, those agreements are voluntary and there are ways a company could identify you.

How a company could learn your identity

One way is by using in-store beacons. These beacons use Wi-Fi, Bluetooth or Near-Field Communication to connect with your phone and send you deals on products you're walking past. To receive these deals, however, you have to be running the store's app, or have signed up to receive them. So, there's no real privacy concern.

However, imagine if a store were to combine your MAC address location with a beacon pushing a deal to your phone. You likely signed up to receive the deals with your name and email address. It's a simple matter to link that information up with the company's records of your purchase history from your credit card or loyalty card. The store could have a full profile on you in seconds.

Then there's facial recognition, as we talked about earlier. If a company knows your gadget's location, it's a simple matter to point a camera at you. Granted, most facial recognition systems require a photo on file to make a match. However, if a company has your name and email address, it's a short leap to get your profile picture from Facebook and spot you as you walk into the store. Of course, that's unlikely for the foreseeable future because of the backlash it would cause.

However, it doesn't have to be the store that's tracking you. If law enforcement was doing an investigation and got your gadget, they could technically subpoena records from MLA companies for the gadget's MAC address and learn about your movements. Or if the MAC address records were lost in a data breach, I'm sure hackers could find some use for them.

How to stop the tracking

The Future of Privacy Forum has set up a site called Smart Store Privacy. If you go there, you can put in your Wi-Fi and Bluetooth MAC addresses and it will tell participating tracking companies (there are 12 signed on at the moment) not to track those addresses. You don't have to give any other information.

Finding your Wi-Fi and Bluetooth MAC addresses is a little tricky depending on your gadget. Here are some general instructions.

APPLE

For Apple gadgets, go to Settings>General>About and look under Wi-Fi Address and Bluetooth. You're looking for a 12-digit number like 91:17:7B:82:C2:A5 or 91-17-7B-82-C2-A5. It should be clearly labeled. If you don't see an address, you should turn on Wi-Fi and Bluetooth and then check again.

Note: If you're using an Apple gadget running iOS 8 or higher, it changes its MAC address every time it connects to a Wi-Fi or Bluetooth hotspot. So, a store won't be able to track you because it will look like a new gadget every time.

ANDROID

For Android gadgets, every phone manufacturer has things set up a little differently. First, make sure Wi-Fi and Bluetooth are turned on. Then go to Settings>About Phone, or Settings>About Tablet. It might be under Hardware Information or Status. If you can't find it, check your gadget's manual for the precise location.

WINDOWS PHONE

For Wi-Fi, go to Start>Settings>Connections>Wireless LAN>Advanced. Look in the MAC field. Wi-Fi needs to be on for this to work.

For Bluetooth, go to
Start>Settings>Connections>Bluetooth>Accessibility and look under Address. Bluetooth needs to be on for the address to show up.

BLACKBERRY

For Wi-Fi, go to Setup>Options>Device>Device and Status Information, and look under the WLAN MAC heading.

On Blackberry gadgets running OS 5 or earlier, go to Options>Status and look under WLAN MAC.

For getting the Bluetooth address, go to Connections>Bluetooth>Properties to find the MAC address.

Of course, there are tracking companies out there not signed up with Smart Store Privacy. To totally avoid tracking, you'll have to turn off your Wi-Fi and Bluetooth before entering a store. That keeps your MAC address from broadcasting.

Don't forget that stores are also tracking you online. Learn how advertisers track where you go online and how to put a stop to it. They're also tracking where you browse on your smartphone or tablet. Find out how to keep that from happening.

On the Kim Komando Show, the nation's largest weekend radio talk show, Kim takes calls and dispenses advice on today's digital lifestyle, from smartphones and tablets to online privacy and data hacks. For her daily tips, free newsletters and more, visit her website at Komando.com. Kim also posts breaking tech news 24/7 at News.Komando.com.

Wednesday, November 4, 2015

Hackers Expose 11 Major Security Flaws In Samsung Galaxy S6 Edge