Tag Archives: Elections

Friday News

It was only a matter of time.  Researchers say that they have discovered “things” on the blockchain.  Not so nice things.  Like child porn.  If true, and I have no reason to doubt the researchers, that would make possession of a copy of the blockchain illegal in 112 countries.  And, since we know that you can’t change the blockchain, now what?  Normally, when the cops find child porn on a web site, they get it removed or shut it down.  Do you have any idea how to shut down a distributed database with tens of millions of copies on every continent of the globe, expect, maybe, not Antarctica.  Me neither.   And think about it.  You could use this technology to distribute any kind of illegal information that you want to.  Hidden in plain sight and unstoppable.  (source: PC Magazine).

Department of Homeland Security Secretary Kirstjen Nielsen testified before the Senate Intelligence Committee this week that they have completed the security clearance process on 20 election officials to be able to share classified intelligence about foreign government attempts to hack into their election systems.  Given there are about 10,000 election jurisdictions, at this rate it may take a while to complete.

Suffice it to say, it would seem that after 14 months, this administration is a tiny little bit behind the 8 ball when it comes to protecting our election process.  (source: Axios).

Possibly in the wake of the Cambridge Analytica “situation”, the Facebook security chief, Alex Stamos quit.  Followed, the next day by Michael Coates, head of security for Twitter quitting.  Followed the next day by Michael Zalewski, Director of information Security Engineering at Google.  Not a great week.  Is someone sending the big guys a message?  (source: National Herald).

Mossack Fonseca, the law firm at the eye of the storm of the Panama Papers leak of millions of documents of the rich and famous announced they are shutting down due to reputational damage, media attention to a company that would rather operate in the shadows and other fallout from their breach.  While their breach was very public, their finances were deep.  However when customers started deserting them like rats deserting a sinking ship, their ship was doomed.  While it took a couple of years, it was inevitable. (source: The Guardian).

The government has filed civil and criminal charges against a former Equifax exec for insider trading.  Jun Ying, a not very smart tech exec at the company heard rumors about a breach and decided it would be a good time to sell all of his vested stock options, netting him almost a million bucks in profit.  And, possibly, ten years at the crossbar hotel.  Not very subtle on his part.  Hopefully only the beginning of going after folks at Equifax, buy who knows.  (source: Reuters)

After 14 Months of Russia Probe, Justice is Going to Study What to Do

If I seem a bit skeptical, that is because I am.  Attorney General Jeff Sessions announced yesterday that the Justice Department  is going to form a committee to study the subject.

Last week the leaders of several of the branches of the Intelligence Community testified before Congress saying, publicly, that the Russians did interfere with the 2016 elections and are already interfering with the upcoming 2018 election,

Given that testimony, the Executive Branch likely felt they had to do something or get blamed when the inevitable does happen this summer and fall.

So, they have formed a team of people inside the Justice Department – the same department that did not do anything to protect the integrity of the 2016 elections, both federal and local.

Some security experts say that the committee lacks focus and a clear mission.

The task force has to deliver its report in June – after many of the primaries are over and only a few months before the general election.

And the problem is not a single problem.  You have fake social media posts, identity theft, election fraud, hacking voting systems and voter rolls, illegal campaign funding and many other issues.

If they started  looking into this last February and reported out last June, that might have given them time to do something before this election, but these are hard problems – distributed problems that are the responsibility of 50 states and 3,500 plus local governments.  There is no way this can realistically fixed between June and, well, last year.

And then, of course, there is the issue of how do we pay for it.

Stay tuned for a report in June.  Are there some things Justice can do without Congress acting?  Likely.  After all, Mueller indicted 13 people, so there are existing laws that are likely being broken.  Probably the number of people that did illegal things is many times that number.

I hope I am wrong and this committee does some good.  We will just have to wait.

Information for this post came from Reuters.

DHS Says Russians Penetrated US Voter Systems in 2016

While the head of cybersecurity at DHS said the details of which states were compromised is classified, she admitted that 21 states were targeted during the 2016 elections and that some of them were penetrated.

Former DHS Secretary Jeh Johnson said 2016 was a wakeup call and now it is up to the government(s) to do something about it.

Even though the President isn’t quite sure of it, DHS says that the Russian government was behind the attacks,

The good news is that there is no EVIDENCE that the voter rolls in those states that the Russians were successful at hacking were changed.

Many people think the 2016 election attacks were merely a test.  That test will likely continue in 2018 with plans to take more aggressive action for the 2020 presidential elections.

Even though Secretary Johnson designated the states’ voting systems critical infrastructure before he left office over a year ago, he says that the states have done little to nothing to actually harden the systems.

The head of DHS cybersecurity disagreed with Secretary Johnson.  She said that the states have taken it seriously.

I am not quite sure that her statement in any way, shape or form conflicts with Secretary Johnson’s statement that the states haven’t actually done anything about it.  You could certainly take the threat seriously and not do anything about it.

The National Association of Secretaries of State say that they are only aware of one state that was hacked.  Depending on your level of cynicism, you could say that means that they are ignorant, either intentionally or unintentionally or are being willfully blind.  Alternatively, you could say that DHS doesn’t know what they are doing.  Since DHS doesn’t seem inclined to provide us with any data, the reader is left to draw his or her own conclusion with regard to what really happened.

In the states’ defense that they don’t know, many of the states complained that DHS wouldn’t share details of the attacks with them, supporting their assertion that they don’t know about the attacks.  DHS says they don’t have clearances to access the classified data.

And, with a level of speed that would make a snail proud, DHS says that now, two years later, they are processing the clearances.  Since it often takes a year to get a clearance, depending on the level of clearance, it is certainly possible that the 2018 midterm elections will be long over before the states see the data and for sure, the window to fix anything will definitely be long over.

Other states are saying they are waiting for DHS to help them (I assume that help from DHS is free;  if they were really concerned they would pay someone to help them).  DHS says there is no waiting list for help and DHS “will get to everyone”.  When they will get to everyone they didn’t say.

How, exactly, the public is supposed to figure out the truth here is completely non-obvious to me.

Some states objected to the feds designating their voting systems as critical infrastructure, preferring, instead, to put their egos ahead of their citizens.  Secretary Johnson pulled even fewer punches saying that the Secretaries that were objecting were being naive and irresponsible to the people they are supposed to serve.  He is not likely to be getting a Christmas card from any of the Secretaries of State next year.

Rex Tillerson, the current U.S. Secretary of State says that the Russians are already meddling in the 2 018 election, a statement that likely puts him at odds with the Oval Office.

Given all of the above, it seems likely that the Russians will continue to successfully meddle in the U.S. election process this year and that the states will have made only minor progress to protect themselves.

Information for this post came from NBC News.

Senators, Staffers Next on Russia’s Cyber Hit List

According to the cyber security firm Trend Micro, the members of the U.S. Senate and their staff could be the next target of the Russian hacking group Fancy Bear – the same group linked to the DNC hack an election meddling across the Middle East  and Europe.

Trend says that digital breadcrumbs found so far in spear phishing campaigns link back to the Russian hacking group,

And, in a way, it makes perfect sense.  If the Russian’s objective is to meddle in elections across the globe, then the U.S. mid-term elections later this year would be a perfect target.  Spear phishing emails are pretty low tech but they lead to compromised userids and passwords (and was pretty lethal during last year’s elections).  Also consider that politicians and bureaucrats are addicted to email.  That makes them  a perfect target.

Some of the emails pretend to be Microsoft Exchange messages warning of expired passwords.  Low tech but pretty effective, unfortunately.

The researchers said that these spear phishing attacks looked a lot like the attacks rolling up to last year’s French elections.

If it ain’t broke, don’t fix it.  If it worked against the DNC,  if it worked against the French.  It is well known art.  It may well work against the Senate.

Senator Sasse (R-Neb) said that he thinks Putin is very happy that Washington is obsessed with partisan politics and is ignoring 2018 and 2020.  He is likely right.  To really fix things will require a lot of work and at least some money – something Washington doesn’t seem to be concerned about.  And it is a very distributed problem.  There are 50 states, 3600+ counties, the feds, government organizations, social media – a lot of targets of opportunities.

Which is not terribly surprising given that, before last year’s election there were only 5 people between both houses that had a computer science degree (I don’t know how the election changed things, but it likely didn’t change much).

Given all of the events coming up in the next year, including the Olympics and elections world wide and the apparent lack of interest in doing anything about it, we should assume that Russia will continue to be successful in their efforts influence politics – conspiracies or not.

Information for this post came from FCW.

Russian Hacker Admits to Hacking DNC Last Year

A Russian hacker has confessed in court to hacking the DNC during last year’s election.  The Russian web site that is reporting this has not been friendly to Putin, so there are lots of dimensions to this conversation.

The web site says that Konstantin Kozlovsky stated that he was doing this on the direction of Russian state intelligence organizations.

Kozlovsky was arrested earlier this year for hacking Russian banks to the tune of $50 million.  He is currently being detained and the admission came from a pre-trial hearing regarding his detention.

He said that he reported to a major-general in the FSB, one of Russia’s spy organizations.  The intention was to manipulate the U.S. election process according to Kozlovsky.

He is now in prison for treason for reporting this information to U.S. intelligence agencies.  Is this part of the source for the U.S. intelligence community’s determination that Russia hacked our election last year?  Don’t know.

Suffice it to say that this will make some interesting fodder for all of the Russia investigations going on in Washington.

It is not clear to me what Koslovsky has to gain by either admitting he did that or by confessing to something he didn’t do.

*IF* Putin had admitted that he orchestrated the attack and was looking for a fall guy, then maybe lying about it, under coercion, might make sense, but in this case, it makes Putin a liar and our President, well, duped by Putin.  Based on that, none of this makes any sense.

Neither Putin nor Trump have said anything about this testimony, so at this point all there is to is stand to the side and watch the fight.

Information for this post came from Fortune.