Why Doesn't Matthew Rosenfeld Say A Word About The Origin Of Signal?

TAC |  Recent political turmoil has driven a stampede of smartphone users to encrypted messaging services, so much so that service providers are having a hard time keeping up with demand. The exodus to these digital havens might come across as reasonable given social media’s newfound penchant for censorship and deplatforming. However, the public record shows that encrypted messaging apps, despite the litany of high-profile celebrity endorsements, aren’t what they appear to be. Lurking beneath the assurances of confidentiality are unsettling facts that raise doubts about the wisdom of following the herd.

The mainstream press has been talking up apps like Signal and Telegram. The New York Times in particular. That, in and of itself, should set off alarm bells. Signal, for example, has received millions of dollars over the years from a bureaucratic spin-off of the Central Intelligence Agency (CIA). The Broadcast Board of Governors, rebranded as the U.S. Agency for Global Media, has been an ardent supporter of Signal through its Open Technology Fund. The U.S. Agency for Global Media is the foreign propaganda arm of the State Department and has historical links to clandestine regime-change operations.

The Signal project is run by a guy who won’t tell anyone his real name. Would you buy insurance from someone like that, much less trust them with your physical safety? Another indicator that something is amiss. Said guy goes by the handle of Moxie Marlinspike. He likes to create the impression of a radical anarchist who’s leading a noble battle against government surveillance. Which is unusual considering how acquainted Marlinspike appears to be with government officials. Indeed, they liked him so much they financed him.

Telegram likewise has some notable advocates despite its questionable security. Enrique Tarrio, who currently leads the Proud Boys, described Telegram’s platform as “the darkest part of the web.” Which sounds like a glowing testimonial by an ostensibly credible figure. Readers should note that based on court documents viewed by Reuters, federal officials indicate that Tarrio has worked with law enforcement as an informant on a number of cases. In an interview with Reuters Tarrio stated, “I don’t recall any of this.” Keep in mind that infiltration and subversion are genuine threats to secure messaging systems. In fact, online providers could even facilitate such monitoring by adding hidden members to messaging groups.

Don’t even ask about Facebook’s WhatsApp messenger. The company openly admits that it collects more than enough metadata to dispel any illusions about personal privacy.

All of this underscores an inconvenient truth about apps which Ken Thompson, the creator of UNIX, spelled out nearly four decades ago. In his excellent Turing Award Lecture Thompson warned, “You can’t trust code that you did not totally create yourself.” Primarily because, as the SolarWinds debacle illustrated, backdoors are a grave threat. And it just so happens that the American intelligence community has a heavily documented record of planting backdoors in software, one that goes all the way back to the beginning of the Cold War, with global business interests like Crypto AG that outwardly appeared to be legitimate. The Swiss are neutral, right? Nope, not when they’re in bed with the CIA. Please understand that the organizations which deployed the compromised encryption technology sold by Crypto AG mistakenly believed that it was going to make them more secure. Allied governments naively trusted state secrets to gear that they didn’t design, giving spies a perfect opportunity.

 

(B x C x D = AHH) Biological Knowledge X Computing Power X Data = Ability To Hack Humans

Reuters |  BGI Group, the world’s largest genomics company, has worked with China’s military on research that ranges from mass testing for respiratory pathogens to brain science, a Reuters review of research, patent filings and other documents has found.

The review, of more than 40 publicly available documents and research papers in Chinese and English, shows BGI’s links to the People’s Liberation Army (PLA) include research with China’s top military supercomputing experts. The extent of those links has not previously been reported.

BGI has sold millions of COVID-19 test kits outside China since the outbreak of the new coronavirus pandemic, including to Europe, Australia and the United States. Shares of BGI Genomics Co, the company’s subsidiary listed on the Shenzhen stock exchange, have doubled in price over the past 12 months, giving it a market value of about $9 billion.

But top U.S. security officials have warned American labs against using Chinese tests because of concern China was seeking to gather foreign genetic data for its own research. BGI has denied that.

The documents reviewed by Reuters neither contradict nor support that U.S. suspicion. Still, the material shows that the links between the Chinese military and BGI run deeper than previously understood, illustrating how China has moved to integrate private technology companies into military-related research under President Xi Jinping.

The U.S. government has recently been warned by an expert panel that adversary countries and non-state actors might find and target genetic weaknesses in the U.S. population and a competitor such as China could use genetics to augment the strength of its own military personnel.

BGI has worked on PLA projects seeking to make members of the ethnic Han Chinese majority less susceptible to altitude sickness, Reuters found, genetic research that would benefit soldiers in some border areas.

Elsa Kania, an adjunct senior fellow at the Center for a New American Security think tank, who has provided testimony to U.S. Congressional committees, told Reuters that China’s military has pushed research on brain science, gene editing and the creation of artificial genomes that could have an application in future bioweapons. She added that such weapons are not currently technically feasible.

BGI’s pattern of collaboration with the Chinese military was a “reasonable concern to raise” for U.S. officials, said Kania.

 

Uh..., You See Wha'Happened Wuz....,

hedge fund manager is not doing well pic.twitter.com/6RrdEfykil

— kylie brakeman (@deadeyebrakeman) January 28, 2021

americancompass |  Certainly don’t laze about smoking weed, or even worse, mango Juul pods, playing that god-forsaken game machine. That PS fucking 4, or whatever. My generation, we didn’t sit staring at a computer, wasting our days away. We made things. We worked out our bodies. We built things. Come on. Make something of yourself. What are you going to do all your life? Stock shelves during the day, and eat nuggets and play that game at night? What are you, a loser? Be like Jim. You remember Jim. He studied hard, went to Harvard, and now works at a big financial firm. Come on, you lazy loser. Make something of yourself.

It is pretty simple. At the very, very top of our meritocracy is a big game called Wall Street, that the smartest and cleverest get to play, and get paid big bucks for it. They get to choose their character: Trader, Salesperson, Broker, or Lawyer. The traders get to choose their weapon: Stocks, Bonds, Mortgages, Derivatives. Then they are off, navigating different levels, slaying this and that company, currency, or country.

Below that is that vast landscape of losers who spend their days building roads, growing food, flipping hamburgers, teaching kids, building small businesses, landscaping yards, and their nights shooting hoops, or reading books, or caring for kids, or going to church. Or, God forbid, playing XBOX or PS4. Those are the worst.

A lot of those losers, of every variety but especially the people who play video games, also spend a lot of time on Reddit, or Discord, or Twitch, live-streaming, shitposting, and just having fun.

When they were doing this, some of them noticed that Wall Street was also just a game, and a very profitable one. Sure, it was a little different than Zelda, or Grand Theft Auto, or Demon Souls, but it was a game nonetheless. So they started dipping their toes in and learning this pretty cool and serious game. Then they started telling their friends about it, who told their friends and so on and so on.

Some made a little money here and there, others got run over, but hey, it was just another game. Cool. Of course they were the outsiders, the losers, the clowns fucking around for shits and giggles. They understood that. They knew nobody treated them seriously. Hell, they had been called lazy losers all their lives. Might as well embrace that. So they proudly named themselves “Degenerates” and “Autistic Retards.” Own the stigma, because you ain’t gonna ever shake it or lose it no matter how hard you try.

They dabbled here and there, got a little better at it, and soon attracted a few serious players with serious money into their fold. Wall Street players, slumming it, who saw a community of misfits they could lead, teach, or scam, depending on their ethics.

So it went, and their numbers and ability grew, and then this summer some of the cleverest Wall Street players, who specialized in making big bets on companies failing, came after GameStop, something they had personal views on. That perked up their interest. Making it even cooler, some legitimately skilled Wall Street players who had joined their island of misfit toys pointed out that GameStop was a good buy, not a good sell, and convinced some of the degenerates to join them.

Then Scoops The Liminal Perspective On The Current Political Moment

CTH |  Everything from within the DC system is designed to lie to you.  Accept that and you begin to realize how events are NEVER what they appear on the surface.

The owner of the New York Stock Exchange (NYSE) is Jeffrey Sprecher.  Remember the position of Senate Majority Leader Mitch McConnell in regards to Senator Loeffler?  Well, Mr. Sprecher is the husband of former Senator Kelly Loeffler.

Kelly Loeffler’s seat was purchased by their elite status and position.  Why would a billionaire run for an elected office paying a few hundred thousand?

Majority Leader Mitch McConnell positioned Loeffler with committee assignments based on that status of influence and affluence.

Jeffrey Sprecher and Kelly Loeffler entered politics for their elite interests.

The ruse of the DecptiCons is always that a motive to the benefit of the republic lies behind their candidacy. This is the same ruse that lay behind Mitt Romney, another DeceptiCon.  There are no purely altruistic motives behind these politicians, particularly in the Senate.

Their motives are all about status, power and greed.  They are not representatives of the people; they are representative of their own elite fellowship and interests, and this crosses both parties.  Everything else is chaff and countermeasures to ensure their position.

That is the brutal and uncomfortable reality to accept.  The entire system is corrupt.

The swamp is deep and filled with DeceptiCons who will strike at any given moment once they attain a useful position. President Trump went to Georgia to campaign for Senator Kelly Loeffler. Simultaneous to President Trump’s visible support, Loeffler’s husband Jeffrey Sprecher, owner of the New York Stock Exchange (NYSE), announced the NYSE will not blacklist Chinese telecommunications firms outlined in Trump’s executive order.

 

Conservative Treehouse Does An Exceptionally Fine Job Explaining The Gamestop Situation

CTH |  It started with a bunch of smart ordinary Wall Street market watchers assembling on Reddit and noticing that hedgefunds were making millions destroying the stock value of GameStop (GME) -and others-  by short selling the stock and trading the position.

[Short Lesson to Understand Short-Selling Here]

The hedgefunds were so greedy the short-sellers borrowed more than 140% of the total number of shares of stock of GME (GameStop) in order to destroy it.  The stock value dropped from $20 to $4 as the sharks made millions in the short-sells.  That’s when the Reddit investment community,Wall Street Bets, noticed an opportunity.

One of the issues with short-selling is that short-sellers must always eventually purchase the stocks they borrowed.  That means if the stock value increases you are committed to buying it, you will lose money, and you cannot get away from the loss in your short-sell position so long as the stock value is high.

Knowing the borrowed shares were more than the total number of outstanding shares of the entire GME stock, the rebellious alliance knew the short-sellers (hedgefunds) would have to eventually buy them.  So the independent group, mass numbers of individual investors, started purchasing shares and driving up the GameStop stock value.

My, My, My..., Does The Great Reset Have Its Sights Set On The Global Electronic Infrastructure?

unlimitedhangout |  The devastating hack on SolarWinds was quickly pinned on Russia by US intelligence. A more likely culprit, Samanage, a company whose software was integrated into SolarWinds’ software just as the “back door” was inserted, is deeply tied to Israeli intelligence and intelligence-linked families such as the Maxwells.

In mid-December of 2020, a massive hack compromised the networks of numerous US federal agencies, major corporations, the top five accounting firms in the country, and the military, among others. Despite most US media attention now focusing on election-related chaos, the fallout from the hack continues to make headlines day after day.

The hack, which affected Texas-based software provider SolarWinds, was blamed on Russia on January 5 by the US government’s Cyber Unified Coordination Group. Their statement asserted that the attackers were “likely Russian in origin,” but they failed to provide evidence to back up that claim.

Since then, numerous developments in the official investigation have been reported, but no actual evidence pointing to Russia has yet to be released. Rather, mainstream media outlets began reporting the intelligence community’s “likely” conclusion as fact right away, with the New York Times subsequently reporting that US investigators were examining a product used by SolarWinds that was sold by a Czech Republic–based company, as the possible entry point for the “Russian hackers.” Interest in that company, however, comes from the fact that the attackers most likely had access to the systems of a contractor or subsidiary of SolarWinds. This, combined with the evidence-free report from US intelligence on “likely” Russian involvement, is said to be the reason investigators are focusing on the Czech company, though any of SolarWinds’ contractors/subsidiaries could have been the entry point.

Such narratives clearly echo those that became prominent in the wake of the 2016 election, when now-debunked claims were made that Russian hackers were responsible for leaked emails published by WikiLeaks. Parallels are obvious when one considers that SolarWinds quickly brought on the discredited firm CrowdStrike to aid them in securing their networks and investigating the hack. CrowdStrike had also been brought on by the DNC after the 2016 WikiLeaks publication, and subsequently it was central in developing the false declarations regarding the involvement of “Russian hackers” in that event.

There are also other parallels. As Russiagate played out, it became apparent that there was collusion between the Trump campaign and a foreign power, but the nation was Israel, not Russia. Indeed, many of the reports that came out of Russiagate revealed collusion with Israel, yet those instances received little coverage and generated little media outrage. This has led some to suggest that Russiagate may have been a cover for what was in fact Israelgate.

Similarly, in the case of the SolarWinds hack, there is the odd case and timing of SolarWinds’ acquisition of a company called Samanage in 2019. As this report will explore, Samanage’s deep ties to Israeli intelligence, venture-capital firms connected to both intelligence and Isabel Maxwell, as well as Samange’s integration with the Orion software at the time of the back door’s insertion warrant investigation every bit as much as SolarWinds’ Czech-based contractor.

 

Red Ants Getting SHOOK!!! That Bell Curve NOT Working In Their Favor...,

About a week ago I posted thus: Oh Yes, but you have guns you say. Well those pasty faced, namby, pamby West Coast transgender wokeists, as you call them, may not be able to shoot straight but they have drones, swarming drones, robots and God knows what else in the way of weapons. They have satellite data and  almost perfect intelligence regarding your behaviour. They don't have to shoot accurately, they have machines to do that. They can and will commit unspeakable acts of murder and destruction before they turn off the monitor and jog off for a Latte. After all if you are not with us you are a domestic terrorist aren't you? There is no middle ground. smdh....,  this is on a grad student's budget with open source technology. DAYYUM!!!

FACES OF

THE RIOT

wired |  When hackers exploited a bug in Parler to download all of the right-wing social media platform's contents last week, they were surprised to find that many of the pictures and videos contained geolocation metadata revealing exactly how many of the site's users had taken part in the invasion of the US Capitol building just days before. But the videos uploaded to Parler also contain an equally sensitive bounty of data sitting in plain sight: thousands of images of unmasked faces, many of whom participated in the Capitol riot. Now one website has done the work of cataloging and publishing every one of those faces in a single, easy-to-browse lineup.

Late last week, a website called Faces of the Riot appeared online, showing nothing but a vast grid of more than 6,000 images of faces, each one tagged only with a string of characters associated with the Parler video in which it appeared. The site's creator tells WIRED that he used simple open source machine learning and facial recognition software to detect, extract, and deduplicate every face from the 827 videos that were posted to Parler from inside and outside the Capitol building on January 6, the day when radicalized Trump supporters stormed the building in a riot that resulted in five people's deaths. The creator of Faces of the Riot says his goal is to allow anyone to easily sort through the faces pulled from those videos to identify someone they may know or recognize who took part in the mob, or even to reference the collected faces against FBI wanted posters and send a tip to law enforcement if they spot someone.

"Everybody who is participating in this violence, what really amounts to an insurrection, should be held accountable," says the site's creator, who asked for anonymity to avoid retaliation. "It's entirely possible that a lot of people who were on this website now will face real-life consequences for their actions." Fist tap Dale.

Patriot Act As Worthless As Patriot Missiles In A Genuine War On Terror

jacobin |  Nearly two decades since its initial passage in the aftermath of the 9/11 attacks, the Patriot Act has continued to linger in our collective memory. Though few Americans probably remember much about its provisions or specifics, the Bush-era legislation long ago entered into general usage as an synonym for heavy-handed domestic surveillance and institutional overreach — the words “Patriot Act” now being practically synonymous with secrecy, eavesdropping, and the rolling back of civil liberties under the intentionally broad guise of “national security.”

Given the law’s contents and implications in practice, this reputation is well deserved. Passing the Senate with only a single dissenting vote, the Patriot Act dramatically expanded the power of federal authorities to spy on ordinary Americans with minimal oversight: enabling the FBI to obtain detailed information about citizens’ banking history and personal communications without having to seek judicial approval and even allowing “sneak and peek” searches of homes and offices. “The Patriot Act,” in the rather blunt words of a brief prepared by the ACLU, “[turned] regular citizens into suspects.”

Predictably, a great deal of law enforcement activity resulted from the ludicrously titled law (USA PATRIOT was a backronym for “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism”). According to data released by the Department of Justice, the FBI made hundreds of thousands of incursions into personal phone, computer, and financial records in the years immediately following its passage — the utility of these searches in identifying or preventing actual terrorist activities being debatable, to say the least.

Despite passing with widespread support, the Patriot Act was still considered extreme enough for lawmakers to attach sunset clauses to several of its major provisions, guaranteeing their expiry in lieu of congressional renewal (which, incidentally, eventually came under George W. Bush and again under Barack Obama).

One prominent Delaware lawmaker, however, felt it didn’t go far enough.

Ahead of the nearly unanimous October 25, 2001, Senate vote on the Patriot Act, Joe Biden was regularly claiming the law as his own, boasting in an interview with the New Republic: “I drafted a terrorism bill after the Oklahoma City bombing. And the bill John Ashcroft sent up was my bill.” Biden wasn’t wrong. In fact, key parts of the Bush administration’s signature national security law were drawn from provisions contained in Biden’s own 1995 anti-terrorism bill. Originally called the Omnibus Counterterrorism Act, Jacobin’s Branco Marcetic summarized it contents as follows:

The bill made “terrorism” a new federal crime, allowed those charged with terrorism to be automatically detained before trial, outlawed donations to government-designated terrorist groups, allowed electronic surveillance of suspected terrorists, and created a special court to deport noncitizens accused of terrorism (ironically, when Bush had proposed a similar measure years before, Biden had denounced it as “the very antithesis of our legal system”). It also let the government use evidence from secret sources in those trials.

Calling the Patriot Act “measured and prudent” during an approving speech on the Senate floor, Biden would nonetheless lament the removal of sections from his 1995 bill that would have given police even more sweeping powers of surveillance.

Rebellious Rednecks In Hotter Water As Internet "Researcher" Downloaded All Of Parler's Posts...,

great job, everyone pic.twitter.com/22gooTH4sl

— crash override (@donk_enby) January 11, 2021

gizmodo |  In the wake of the violent insurrection at the U.S. Capitol by scores of President Trump’s supporters, a lone researcher began an effort to catalogue the posts of social media users across Parler, a platform founded to provide conservative users a safe haven for uninhibited “free speech” — but which ultimately devolved into a hotbed of far-right conspiracy theories, unchecked racism, and death threats aimed at prominent politicians.

The researcher, who asked to be referred to by their Twitter handle, @donk_enby, began with the goal of archiving every post from January 6, the day of the Capitol riot; what she called a bevy of “very incriminating” evidence. According to the Atlantic Council’s Digital Forensic Research Lab, among other sources, Parler is one of a several apps used by the insurrections to coordinate their breach of the Capitol, in a plan to overturn the 2020 election results and keep Donald Trump in power. 

Hoping to create a lasting public record for future researchers to sift through, @donk_enby began by archiving the posts from that day. The scope of the project quickly broadened, however, as it became increasingly clear that Parler was on borrowed time. Apple and Google announced that Parler would be removed from their app stores because it had failed to properly moderate posts that encouraged violence and crime. The final nail in the coffin came Saturday when Amazon announced it was pulling Parler’s plug.  

Operating on little sleep, @donk_enby began the work of archiving all of Parler’s posts, ultimately capturing around 99 percent of its content. In a tweet early Sunday, @donk_enby said she was crawling some 1.1 million Parler video URLs. “These are the original, unprocessed, raw files as uploaded to Parler with all associated metadata,” she said. Included in this data tranche, now more than 56 terabytes in size, @donk_enby confirmed that the raw video files include GPS metadata pointing to exact locations of where the videos were taken.

@donk_enby later shared a screenshot showing the GPS position of a particular video, with coordinates in latitude and longitude.

The privacy implications are obvious, but the copious data may also serve as a fertile hunting ground for law enforcement. Federal and local authorities have arrested dozens of suspects in recent days accused of taking part in the Capitol riot, where a Capitol police officer, Brian Sicknick, was fatally wounded after being struck in the head with a fire extinguisher.

@donk_enby describes herself as hacker, in the sense that she’s “someone with a creative, but skeptical attitude toward technology,” to paraphrase a definition offered by the Chaos Computer Club, Europe’s largest hacker association. “I want this to be a big middle finger to those who say hacking shouldn’t be political,” she said. @donk_enby work has aided other researchers, including one at New York University’s Center for Cybersecurity.

@donk_enby, whose efforts are documented on the website ArchiveTeam.org, said the data will eventually be hosted by the Internet Archive. (The two sites are not affiliated.)

 

Call It What You Like - But Complete Access To Digital DNA Has No Precedent

 wired |  In terms of the SolarWinds incident, the deterrence game is not yet over. The breach is still ongoing, and the ultimate end game is still unknown. Information gleaned from the breach could be used for other detrimental foreign policy objectives outside of cyberspace, or the threat actor could exploit its access to US government networks to engage in follow-on disruptive or destructive actions (in other words, conduct a cyberattack).

But what about the Department of Defense’s new defend forward strategy, which was meant to fill in the gap where traditional deterrence mechanisms might not work? Some view this latest incident as a defend-forward failure because the Defense Department seemingly did not manage to stop this hack before it occurred. Introduced in the 2018 Defense Department Cyber Strategy, this strategy aims to “disrupt or halt malicious cyber activity at its source.” This represented a change in how the Defense Department conceptualized operating in cyberspace, going beyond maneuvering in networks it owns, to operating in those that others may control. There has been some controversy about this posture. In part, this may be because defend forward has been described in many different ways, making it hard to understand what the concept actually means and the conditions under which it is meant to apply.

Here’s our take on defend forward, which we see as two types of activities: The first is information gathering and sharing with allies, partner agencies, and critical infrastructure by maneuvering in networks where adversaries operate. These activities create more robust defense mechanisms, but largely leave the adversary alone. The second includes countering adversary offensive cyber capabilities and infrastructure within the adversaries’ own networks. In other words, launching cyberattacks against adversary hacking groups—like threat actors associated with the Russian government. It isn’t clear how much of this second category the Defense Department has been doing, but the SolarWinds incident suggests the US could be doing more.

How should the US cyber strategy adapt after SolarWinds? Deterrence may be an ineffective strategy for preventing espionage, but other options remain. To decrease the scope and severity of these intelligence breaches, the US must improve its defenses, conduct counterintelligence operations, and also conduct counter-cyber operations to degrade the capabilities and infrastructure that enable adversaries to conduct espionage. That’s where defend forward could be used more effectively.

This doesn’t mean deterrence is completely dead. Instead, the US should continue to build and rely on strategic deterrence to convince states not to weaponize the cyber intelligence they collect.

Solarwinds, mRNA Vaccines, Lockdowns, Look What We Can Do To You Any Time....,

Slate |  To understand the difference between the SolarWinds compromise and the other high-profile cybersecurity incidents you’ve read about in recent years—Equifax or Sony Pictures or Office of Personnel Management, for instance—it’s important to understand both how the SolarWinds malware was delivered and also how it was then used as a platform for other attacks. Equifax, Sony Pictures, and OPM are all examples of computer systems that were specifically targeted by intruders, even though they used some generic, more widely used pieces of malware. For instance, to breach OPM, the intruders stole contractor credentials and registered the domain opmsecurity.org so that their connections to OPM servers would look less suspicious coming from that address.

This meant that there were some very clear sources that could be used to trace the scope of the incident after the fact—what had the person using those particular stolen credentials installed or looked at? What data had been accessed via the fraudulent domains? It also meant that the investigators could be relatively confident the incident was confined to a particular department or target system and that wiping and restoring those systems would be sufficient to remove the intruders’ presence. That’s not to say that cleaning up the OPM breach—or Sony Pictures or Equifax, for that matter—was easy or straightforward, just that it was a fairly well-bounded problem by comparison to what we’re facing with SolarWinds.

The compromised SolarWinds update that delivered the malware was distributed to as many as 18,000 customers. The SolarWinds Orion products are specifically designed to monitor the networks of systems and report on any security problems, so they have to have access to everything, which is what made them such a perfect conduit for this compromise. So there are no comparable limiting boundaries on its scope or impacts, as has been made clear by the gradual revelation of more and more high-value targets. Even more worrisome is the fact that the attackers apparently made use of their initial access to targeted organizations, such as FireEye and Microsoft, to steal tools and code that would then enable them to compromise even more targets. After Microsoft realized it was breached via the SolarWinds compromise, it then discovered its own products were then used “to further the attacks on others,” according to Reuters.

This means that the set of potential victims is not just (just!) the 18,000 SolarWinds customers who may have downloaded the compromised updates, but also all of those 18,000 organizations’ customers, and potentially the clients of those second-order organizations as well—and so on. So when I say the SolarWinds cyberespionage campaign will last years, I don’t just mean, as I usually do, that figuring out liability and settling costs and carrying out investigations will take years (though that is certainly true here). The actual, active theft of information from protected networks due to this breach will last years.

 

Congressional Democrats Liken Solarwinds Epic Fail To A RUSSIAN INVASION!

 c4isrnet |  The Senate’s No. 2 Democrat said Russia’s apparent hack into multiple government agencies is a “virtual invasion” that demands the U.S. show Russia and other adversaries there is “a price to pay” for breaching American systems.

In a Senate floor speech Thursday, Senate Minority Leader Dick Durbin, D-Ill., said the U.S. needs to “respond in kind” and that Russian President Vladimir Putin is not a friend. A day earlier on CNN, he called the hack “virtually a declaration of war by Russia on the United States, and we should take it that seriously.”

“No, I’m not calling for an invasion myself or all-out war. I don’t want to see that happen, but it’s no longer a buddy-buddy arrangement between the United States and Vladimir Putin,” Durbin said Thursday. “When adversaries such as Russia torment us, tempt us, breach the security of our nation, we need to respond in kind.”

Durbin’s remarks came hours before President-elect Joe Biden issued an announcement that he had instructed his team to learn as much as possible about the breach. He vowed a tough response, beyond expanding investment in cyber defense.

“But a good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place,” Biden said in a statement. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners. Our adversaries should know that, as President, I will not stand idly by in the face of cyber assaults on our nation.”

This week brought the disclosure of a global cyberespionage campaign that penetrated multiple U.S. government agencies by compromising a common network management tool from the company SolarWinds used by thousands of organizations. Russia, the prime suspect, denied involvement.

Cybersecurity investigators said the hack’s impact extends far beyond the affected U.S. agencies, which include the Treasury and Commerce departments. Defense contractors like General Dynamics and Huntington Ingalls Industries were on SolarWinds’ client list, but those two firms have declined to comment.

SolarWinds counts all five military services, the Pentagon and the National Security Agency among its clientele, and the New York Times reported that the State Department, the Department of Homeland Security and parts of the Pentagon were compromised.

Congressional Democrats have generally been more vocal about the hack than Republicans, pointing fingers at President Donald Trump, who fired Cyber and Infrastructure Security Agency chief Christopher Krebs in November. As Washington continued to assess the extent of the hack, Democrats criticized Trump’s silence on the matter.

“We need to gather more facts. But early indications suggest Pres Trump’s tepid response to previous cyber transgressions by Russian hackers emboldened those responsible,” Rhode Island Sen. Jack Reed said in a tweet Wednesday. He is the Senate Armed Services Committee’s top Democrat and sits on the Senate Intelligence Committee.

 

 

Russian Hackers Are EVERYWHERE!!!

theintercept |  State-sponsored hackers believed to be from Russia have breached the city network of Austin, Texas, The Intercept has learned. The breach, which appears to date from at least mid-October, adds to the stunning array of intrusions attributed to Russia over the past few months.

The list of reported victims includes the departments of Commerce, Homeland Security, State, and the Treasury; the Pentagon; cybersecurity firm FireEye; IT software company SolarWinds; and assorted airports and local government networks across the United States, among others. The breach in Austin is another apparent victory for Russia’s hackers. By compromising the network of America’s 11th-most populous city, they could theoretically access sensitive information on policing, city governance, and elections, and, with additional effort, burrow inside water, energy, and airport networks. The hacking outfit believed to be behind the Austin breach, Berserk Bear, also appears to have used Austin’s network as infrastructure to stage additional attacks.

While the attacks on SolarWinds, FireEye, and U.S. government agencies have been linked to a second Russian group — APT29, also known as Cozy Bear — the Austin breach represents another battlefront in a high-stakes cyber standoff between the United States and Russia. Both Berserk Bear and Cozy Bear are known for quietly lurking in networks, often for months, while they spy on their targets. Berserk Bear — which is also known as Energetic Bear, Dragonfly, TEMP.Isotope, Crouching Yeti, and BROMINE, among other names — is believed to be responsible for a series of breaches of critical U.S. infrastructure over the past year.

The Austin breach, which has not been previously reported, was revealed in documents prepared by the Microsoft Threat Intelligence Center, or MSTIC, and obtained by The Intercept, as well as in publicly available malware activity compiled by the site VirusTotal. “While we are aware of this hacking group, we cannot provide information about ongoing law enforcement investigations into criminal activity,” a spokesperson for the city of Austin wrote in response to a list of emailed questions.

On Sunday, Reuters reported that a state-sponsored hacking group had breached the Treasury and Commerce departments, sparking an emergency weekend meeting of the National Security Council. The Washington Post later attributed the attacks to Cozy Bear, citing anonymous sources, and reported that the group breached the agencies by infecting a software update to Orion, a popular network management product made by SolarWinds, a firm based in Austin. “Fewer than 18,000” users downloaded the malicious software update, which has been available since March, SolarWinds said in a federal securities filing on Monday. The Intercept has seen no evidence that the Austin breach and the SolarWinds hack are related.

 

Who Will Be The Rulers?

mises |  Individual liberty is at risk again. What may lie ahead was projected in November 2016 when the WEF published “8 Predictions for the World in 2030.” According to the WEF’s scenario, the world will become quite a different place from now because how people work and live will undergo a profound change. The scenario for the world in 2030 is more than just a forecast. It is a plan whose implementation has accelerated drastically since with the announcement of a pandemic and the consequent lockdowns. 

According to the projections of the WEF’s “Global Future Councils,” private property and privacy will be abolished during the next decade. The coming expropriation would go further than even the communist demand to abolish the property of production goods but leave space for private possessions. The WEF projection says that consumer goods, too, would be no longer private property.

If the WEF projection should come true, people would have to rent and borrow their necessities from the state, which would be the sole proprietor of all goods. The supply of goods would be rationed in line with a social credit points system. Shopping in the traditional sense would disappear along with the private purchases of goods. Every personal move would be tracked electronically, and all production would be subject to the requirements of clean energy and a sustainable environment. 

In order to attain “sustainable agriculture,” the food supply will be mainly vegetarian. In the new totalitarian service economy, the government will provide basic accommodation, food, and transport, while the rest must be lent from the state. The use of natural resources will be brought down to its minimum. In cooperation with the few key countries, a global agency would set the price of CO₂ emissions at an extremely high level to disincentivize its use.

In a promotional video, the World Economic Forum summarizes the eight predictions in the following statements:

1. People will own nothing. Goods are either free of charge or must be lent from the state.

2. The United States will no longer be the leading superpower, but a handful of countries will dominate.

3. Organs will not be transplanted but printed.

4. Meat consumption will be minimized.

5. Massive displacement of people will take place with billions of refugees.

6. To limit the emission of carbon dioxide, a global price will be set at an exorbitant level.

7. People can prepare to go to Mars and start a journey to find alien life.

8. Western values will be tested to the breaking point..

Deplorables Official Status Reduced To Expendables...,

taibbi |  In sum, it’s okay to stoke public paranoia, encourage voters to protest legal election results, spread conspiracy theories about stolen elections, refuse to endorse legal election tallies, and even to file lawsuits challenging the validity of presidential results, so long as all of this activity is sanctified by officials in the right party, or by intelligence vets, or by friendlies at CNN, NBC, the New York Times, etc.

If, however, the theories are coming from Donald Trump or some other disreputable species of un-credentialed American, then it’s time for companies like YouTube to move in and wipe out 8000+ videos and nudge people to channels like CBS and NBC, as well as to the home page of the federal Cybersecurity and Infrastructure Security Agency. This is a process YouTube calls “connecting people to authoritative information.”

Cutting down the public’s ability to flip out removes one of the only real checks on the most dangerous kind of fake news, the official lie. Imagine if these mechanisms had been in place in the past. Would we disallow published claims that the Missile Gap was a fake? That the Gulf of Tonkin incident was staged? How about Watergate, a wild theory about cheating in a presidential election that was universally disbelieved by “reputable” news agencies, until it wasn’t? It’s not hard to imagine a future where authorities would ask tech platforms to quell “conspiracy theories” about everything from poisoned water systems to war crimes.

There’s no such thing as a technocratic approach to truth. There are official truths, but those are political rather than scientific determinations, and therefore almost always wrong on some level. The people who created the American free press understood this, even knowing the tendency of newspapers to be idiotic and full of lies. They weighed that against the larger potential evil of a despotic government that relies upon what Thomas Jefferson called a “standing army of newswriters” ready to print whatever ministers want, “without any regard for truth.”

We allow freedom of religion not because we want people believing in silly religions, but because it’s the only defense against someone establishing one officially mandated silly religion. With the press, we put up with gossip and errors and lies not because we think those things are socially beneficial, but because we don’t want an aristocratic political establishment having a monopoly on those abuses. By allowing some conspiracy theories but not others, that’s exactly the system we’re building.

Most of blue-state America is looking aghast at news stories about 17 states joining in a lawsuit to challenge the election results. Conventional wisdom says that half the country has been taken over by a dangerous conspiracist movement that must be tamed by any means necessary. Acts like the YouTube ban not only don’t accomplish this, they’ll almost certainly further radicalize this population. This is especially true in light of the ongoing implication that Trump’s followers are either actual or unwitting confederates of foreign enemies.

That insult is bad enough when it’s leveled in words only, but when it’s backed up by concrete actions to change a group’s status, like reducing an ability to air grievances, now you’re removing some of the last incentives to behave like citizens. Do you want 70 million Trump voters in the streets with guns and go-bags? Tell them you consider them the same as foreign enemies, and start treating them accordingly. This is a stupid, dangerous, wrong policy, guaranteed to make things worse.

Students Have No 4th Amendment Rights Administrators Are Bound To Acknowledge

gizmodo |  In May 2016, a student enrolled in a high-school in Shelbyville, Texas, consented to having his phone searched by one of the district’s school resource officers. Looking for evidence of a romantic relationship between the student and a teacher, the officer plugged the phone into a Cellebrite UFED to recover deleted messages from the phone. According to the arrest affidavit, investigators discovered the student and teacher frequently messaged each other, “I love you.” Two days later, the teacher was booked into the county jail for sexual assault of a child.

The Cellebrite used to gather evidence in that case was owned and operated by the Shelby County Sheriff’s Office. But these invasive phone-cracking tools are not only being purchased by police departments. Public documents reviewed by Gizmodo indicate that school districts have been quietly purchasing these surveillance tools of their own for years.

Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial surveillance technology. Known as mobile device forensic tools (MDFTs), this type of tech is able to siphon text messages, photos, and application data from student’s devices. Together, the districts encompass hundreds of schools, potentially exposing hundreds of thousands of students to invasive cell phone searches.

The Los Angeles Unified School District, the second-largest school district in the country with over 630,000 students enrolled in over 1,000 institutions in the 2018-2019 school year, has a Cellebrite device it says is used by a team that investigates complaints of employee misconduct against students. Its listed description for the job of Digital Forensics Investigator states, those with that role assist with “student safety issues, fraud, collusion, and/or conflicts of interest,” specifically mentioning expertise with Cellebrite as a qualification.

The Fourth Amendment protects people in the United States from unreasonable government searches and seizures, including their cell phones. While a search without a warrant is generally considered unreasonable, the situation in schools is a little different.

In the case New Jersey v. T.L.O, the U.S. Supreme Court ruled that schools do not necessarily need a warrant to search students so long as officials have a reasonable belief a student has broken the law or school policy, and the search is not unnecessarily intrusive and reasonably related in scope to the circumstances under which the search was originally justified. The “reasonableness” standard is extremely broad, largely deferential to the whims of school officials, and can serve as the basis for fishing expeditions; courts have only rarely ruled that school searches violate the Fourth Amendment.

“The problem is as much with the legal standards as with the technology,” said Barbara Fedders, an assistant professor of law at University of North Carolina at Chapel Hill, who focuses on the intersection of criminal law and school discipline. “Schools take student’s cell phones for all kinds of reasons, not because they think they are doing anything pernicious; you can see where racial bias could factor into this.”

Cell phones are deeply personal items, and it’s easy to imagine how embarrassing and potentially catastrophic it would be if an administrator or school resource officer used a Cellebrite to download students’ private text messages, photos, social media posts, location history, and more.