An affordable price is probably the major benefit persuading people to buy drugs at www.americanbestpills.com. The cost of medications in Canadian drugstores is considerably lower than anywhere else simply because the medications here are oriented on international customers. In many cases, you will be able to cut your costs to a great extent and probably even save up a big fortune on your prescription drugs. What's more, pharmacies of Canada offer free-of-charge shipping, which is a convenient addition to all other benefits on offer. Cheap price is especially appealing to those users who are tight on a budget
Service Quality and Reputation
Although some believe that buying online is buying a pig in the poke, it is not. Canadian online pharmacies are excellent sources of information and are open for discussions. There one can read tons of users' feedback, where they share their experience of using a particular pharmacy, say what they like or do not like about the drugs and/or service. Reputable online pharmacy canadianrxon.com take this feedback into consideration and rely on it as a kind of expert advice, which helps them constantly improve they service and ensure that their clients buy safe and effective drugs. Last, but not least is their striving to attract professional doctors. As a result, users can directly contact a qualified doctor and ask whatever questions they have about a particular drug. Most likely, a doctor will ask several questions about the condition, for which the drug is going to be used. Based on this information, he or she will advise to use or not to use this medication.
President Donald Trump may not have realized on Monday that his executive order would step on Russia’s toes. Its official target was Venezuela, specifically the country’s plan to create the world’s first state-backed cryptocurrency, the petro, which went on sale Tuesday.
But behind the scenes, the petro was in fact a collaboration—a half-hidden joint venture between Venezuelan and Russian officials and businessmen, whose aim was to erode the power of U.S. sanctions, sources familiar with the effort told TIME.
Trump’s executive order did not mention the petro’s Russian backers, whose role has not previously been reported. Citing economic sanctions that the U.S. imposed against Venezuela in August, the order simply made clear that anyone who buys or uses the new cryptocurrency would be in breach of those sanctions, as would anyone under U.S. jurisdiction who helps Venezuela develop the petro. “Any conspiracy formed to violate any of the prohibitions set forth in this order is prohibited,” the document states. More here.
***
Meanwhile the House Intelligence Committee released the Russia report.
Is the United States doing enough to respond to Russia? Still curious? Given the dramatic increase in military spending in the Omnibus, we are not prepared yet to take on the alleged star war weapons Putin advertises.
In his address to the parliament earlier this month the Russian president unveiled a small zoo of strategic programs that are supposed to counter U.S. missile defense (or make it “impotent and obsolete”). Some of these systems were not entirely new – we knew about the ejection test of the Sarmat missile, the Status-6 underwater drone, and, of course, about the Avangard hypersonic glider that was known as Project 4202 or Yu-71. A number of people pointed out that the Kinzhal “hypersonic” missile appears to be an air-launched modification of the Iskander ballistic missile and that there were reports about something like that in the past. The only genuinely new system seems to be the nuclear-powered cruise missile, which doesn’t have a name yet.
With the exception of Kinzhal, none of these systems appear to be close to operational capability. Yes, it’s been said that tests were successful, but for Sarmat it was only the first ejection test; Status-6 and the cruise missile seem to be at the point of proof-of-principle tests of their nuclear reactors and propulsion systems. As for Avangard, it probably had two successful test flights, but is not clear if it is fully ready for deployment. On the other hand, there is no reason to believe that these systems cannot become operational in the next few years, now that they are likely to be treated as priority programs.
It is not surprising that the defense industry used the specter of missile defense to get support for its programs. In fact, we have seen this before. In 1985, the Soviet defense industry put together a series of programs that were supposed to counter U.S. Strategic Defense Initiative. I described the history of these programs in my “Did Star Wars Helped End the Cold War?” paper last year. But I thought that the list of those programs may be of some interest as well. That list comes from Vitaly Katayev’s notes – he compiled a table of the programs that were included in the four anti-SDI programs at the time. Here is the document:
The table contains some interesting entries. For example, the hypersonic glider is there – it was known as Albatross then. A few other programs survived to this day as well, but most were abandoned. One word of caution – most of the anti-SDI systems existed before SDI, but of course the missile defense presented a perfect excuse for the industry to put everything in one package to ensure that they get the support they wanted. The current list of anti-missile defense programs seems to be much shorter, but the basic idea is the same.
*** Lots of questions are being asked in congressional hearings. The summary is such:
The nation’s nuclear deterrence enterprise remains as important as ever in light of the return of superpower competition and rogue nation threats presented by North Korea and Iran, senior Defense Department officials told the House Armed Services Committee’s strategic forces subcommittee here today.
The officials discussed national security policies with regard to DoD’s fiscal year 2019 budget request and within context of the country’s nuclear force posture.
Rood’s opening remarks quoted Defense Secretary James N. Mattis: “[The Nuclear Posture Review] rests on a bedrock truth. Nuclear weapons have, and will continue to play, a critical role in deterring a nuclear attack, and in preventing large-scale conventional warfare between nuclear armed states for the foreseeable future. U.S. nuclear weapons not only defend our allies against conventional nuclear threats, they also help them avoid the need to develop their own nuclear arsenals. This, in turn, furthers global security.”
Sustaining Modernization Efforts
According to Rood, the 2018 Nuclear Posture Review reflects DoD’s strategic priority to maintain a safe, secure, survivable and effective nuclear deterrent. While the diverse capabilities of the current nuclear triad provide necessary flexibility and resilience, each leg of the triad has surpassed its intended operating lifecycle.
While the U.S. remains the strongest military in the world, the advantages are eroding as adversaries continue to modernize conventional and nuclear forces, now fielding broad arsenals of nuclear missiles capable of reaching the American homeland, Rood said.
“Weakness invites challenge and provocation,” he said. “Our task at the Defense Department is to ensure that the U.S. military advantages endure, and in combination with other elements of national power, we are able to fully meet the increasing challenges to our national security.”
At the direction of U.S. Strategic Command, a recent reorganization of authority took place within Air Force Global Strike Command, Rood said. In September, Rand became dual-hatted, assuming the duties of Joint Force Air Component Command, Air Forces Strategic-Air, a position created to streamline authorizations for bomber and intercontinental ballistic missile forces under one line of authority. This, along with other current and future initiatives, are a priority for Rand and Global Strike Command in the continued defense of the nation.
“Modernization of [America’s] nuclear force is absolutely critical,” Rand said. “The key to Global Strike Command’s continued success will remain on our ability to modernize, sustain, and recapitalize our force.”
Looking Toward the Future
The Navy is currently in the process of implementing life-extension programs for defense weapons. Benedict said those programs are on track and within budget constraints. Benedict said existing efforts will ensure effective and credible sea-based deterrents until the 2040s, and the Navy is also taking steps to provide credible weapons systems beyond the 2040s.
The Nuclear Posture Review directs the Navy to begin studies in 2020 to define a cost-effective, credible and effective sea-launched ballistic missile that can be deployed beyond the life of the Columbia-class submarine nuclear weapons system, Benedict said. The first of the Columbia-class submarines, which are to replace the present Ohio-class Trident nuclear submarines, is slated to come into service in 2021.
Benedict added that budget requests included funding for modernization efforts in partnership with the National Nuclear Security Administration to bolster the U.S. deterrence posture.
The NNSA, according to Gordon-Hargerty, has three main objectives, to maintain the safety, security and reliability of the U.S. nuclear weapons stockpile, reduce the threat of nuclear proliferation and nuclear terrorism around the world and provide nuclear propulsion for the Navy’s fleet of aircraft carriers and submarines.
To meet those objectives, Gordon-Hargerty said the president’s fiscal year 19 budget request included increased spending in areas such as weapons activities, defense nuclear nonproliferation and naval reactors.
“This request moves us forward to a deterrent that is modern, robust, flexible, resilient, ready and appropriately tailored to meet current and future uncertainties as outlined in the 2018 Nuclear Posture Review,” she said.
Gordon-Hagerty said this added funding will also provide the resources required to ensure protection of the U.S. and its allies and partners.
“In an increasingly complex and threatening security environment, the DoD must sustain the capabilities needed to deter and defend against attacks on our homeland,” Rood said. “Along with our allies and partners, we must ensure we have the capabilities now, and into the future, to protect our people and the freedoms we so cherish, and are able to engage our adversaries, diplomatically, from a position of strength.”
2232 pages of stupid and everyone should take the time to just scan the $1.3 trillion spending bill. I got to page 184 last night and went to bed mad. There is no line item veto but there should be. President Trump can veto the whole truck load of crap and should. In place of the line item veto, he can wield his pen and sign an Executive Order eliminating countless crazy spending things or suspend some of the acts for the rest of his term. Something like the Food for Progress Act. And we are still bailing out the healthcare insurance companies…. anyway…there is also $687 million to address Russian interference. Just what is that plan?
How about the Cloud Act? Foreign governments get access to our data? WHAT? 2. Okay how about Trump’s “wall funding.” It’s not a wall. It’s repairs, drones and pedestrian fencing – no construction. 3. Then we have the House Freedom Caucus with their letter to President Trump: So…need more? Conservative Review has these 10 items for your consideration.Here are the top 10 problems with the bill:
1) Eye-popping debt: This bill codifies the $143 billion busting of the budget caps, which Congress adopted in February, for the remainder of this fiscal year. This is on top of the fact that government spending already increased $130 billion last year over the final year of Obama’s tenure. Although the Trump administration already agreed to this deal in February, the OMB put out a memo suggesting that Congress appropriate only $10 billion of the extra $63 billion in non-defense discretionary spending. Now it’s up to Trump to follow through with a veto threat. It’s not just about 2018. This bill paves the road to permanently bust the budget caps forever, which will lead to trillions more in spending and cause interest payments on the debt to surge past the cost of the military or even Medicaid in just eight years.
Keep in mind that all the additional spending will be stuffed into just six months remaining to the fiscal year, not a 12-month period. A number of onerous bureaucracies will get cash booster shots instead of the cuts President Trump wanted.
Remember when Mick Mulvaney said the fiscal year 2017 budget betrayal was needed so that he could do great things with the fiscal year 2018 budget? Good times.
2) Bait and switch on the wall: Since this bill increases spending for everything, one would think that at least the president would get the $15 billion or so needed for the wall. No. The bill includes only $641 million for 33 miles of new border fencing but prohibits that funding for being used for concrete barriers. My understanding is that President Trump already has enough money to begin construction for roughly that much of the fence, and pursuant to the Secure Fence Act, he can construct any barrier made from any This actually weakens current law.
3) Funds sanctuary cities: When cities and states downright violate federal law and harbor illegal aliens, Congress’ silence in responding to it is deafening. Cutting off block grants to states as leverage against this dangerous crisis wasn’t even under discussion, even as many other extraneous and random liberal priorities were seriously considered.
4) Doesn’t fund interior enforcement: Along with clamping down on sanctuary cities, interior enforcement at this point is likely more important than a border wall. After Obama’s tenure left us with a criminal alien and drug crisis, there is an emergency to ramp up interior enforcement. Trump requested more ICE agents and detention facilities, but that call was ignored in this bill. Trump said that the midterms must focus on Democrats’ dangerous immigration policies. Well, this bill he is supporting ensures that they will get off scot-free.
5) Doesn’t defund court decisions: Some might suggest that this bill was a victory because at least it didn’t contain amnesty. But we have amnesty right now, declared, promulgated, and perpetuated by the lawless judiciary. For Congress to pass a budget bill and not defund DACA or defund the issuance of visas from countries on Trump’s immigration pause list in order to fight back against the courts is tantamount to Congress directly passing amnesty.
6) Funds Planned Parenthood: We have no right to a border wall or more ICE funding, but somehow funding for a private organization harvesting baby organs was never in jeopardy or even under discussion as a problem.
7) Gun control without due process: Some of you might think I’m being greedy, demanding that “extraneous policies” be placed in a strict appropriations bill. Well, gun control made its way in. They slipped in the “Fix NICS” bill, which pressures and incentivizes state and federal agencies to add more people to the system even though there is already bipartisan recognition that agencies are adding people who should not be on the list, including veterans, without any due process in a court of law. They are passing this bill without the House version of the due process protections and without the promised concealed carry reciprocity legislation. Republicans were too cowardly to have an open debate on such an important issue, so they opted to tack it onto a budget bill, which is simply unprecedented. The bill also throws more funding at “school violence” programs when they refuse to repeal the gun-free zone laws that lie at the root of the problem.
8) More “opioid crisis funding” without addressing the problem: The bill increases funding for “opioid addiction prevention and treatment” by $2.8 billion relative to last year, on top of the $7 billion they already spent in February. This is the ultimate joke of the arsonist pretending to act as the firefighter, because as we’ve chronicled in detail, these funds are being used to clamp down on legitimate prescription painkillers and create a de facto national prescription registry so that government can violate privacy and practice medicine. Meanwhile, the true culprits are illicit drugs and Medicaid expansion, exacerbated by sanctuary cities, as the president observed himself. Yet those priorities are jettisoned from the bill.
9) Student loan bailout: The bill offers $350 million in additional student loan forgiveness … but only for graduates who take “lower-paid” government jobs or work for some non-profits! This was a big priority of Sen. Elizabeth Warren. Government created this problem of skyrocketing student debt by fueling it with subsidies and giving the higher education cartel a monopoly of accreditation, among other things. Indeed, this very same bill increases Pell grants by $2 billion. But more money is always the solution, especially when it helps future government workers.
10) Schumer’s Gateway projects earmark: Conservatives had a wish list of dozens of items, but it’s Schumer’s local bridge and tunnel project that got included. While the bill didn’t contain as much as Schumer asked for (remember the tactic of starting off high), the program would qualify for up to $541 million in new transportation funding. Also, the bill would open up $2.9 billion in grants through the Federal Transit Administration for this parochial project that should be dealt with on a state level. New York has high taxes for a reason.
Just how literate are you about social media platforms and the use of your keystrokes/interaction on Facebook?
Zuckerberg hopes you are not too literate regarding your data on Facebook and he says he is sorry, wont happen again….really? Media even uses the trending hashtags for their headlines and lead news items applying their own political twist. How about those apps you keep installing? Danger zone? yup…
Everything you do on Facebook is sold elsewhere and other platforms such as Twitter or Instagram is a database and being analyzed. The revenue for these social media companies comes from selling you and you cannot opt out unless you divorce yourself from the relationship and go back to old fashioned communications. Well sorta…
Paul Ford penned an interesting solution below that should begin an interesting debate…
It’s time for a digital protection agency. It’s clear ethics don’t scale, and it’s not just Facebook’s problem.
By Paul Ford
Illustration: Sally Thurer for Bloomberg Businessweek
Over and over in the last 20 years we’ve watched low-cost or free internet communications platforms spring from the good intentions or social curiosity of tech folk. We’ve watched as these platforms expanded in power and significance, selling their influence to advertisers. Twitter, Facebook, LinkedIn, Google—they grew so fast. One day they’re a lovable new way to see kid pix, next thing you know they’re reconfiguring democracy, governance, and business.
Facebook’s recent debacle is illustrative. It turns out that the company let a researcher spider through its social network to gather information on 50 million people. Then the Steve Bannon-affiliated, Robert Mercer-backed U.K. data analysis firm Cambridge Analytica used that data to target likely Trump voters. Facebook responded that, no, this was not a “breach.”
OK, sure, let’s not call it a breach. It’s how things were designed to work. That’s the problem.
For years we’ve been talking and thinking about social networks as interesting tools to model and understand human dynamics. But it’s no longer academic—Facebook has reached a scale where it’s not a model of society as much as an engine of culture. A researcher gained legitimate access to the platform and then just … kept going, and Cambridge Analytica ended up with those 50 million profiles. The “hack” was a true judo move that used the very nature of the platform against itself—like if you gave MacGyver a phone book and he somehow made it into a bomb.
So this is an era of breaches and violations and stolen identities. Big companies can react nimbly when they fear regulation is actually on the horizon—for example, Google, Facebook, and Twitter have agreed to share data with researchers who are tracking disinformation, the result of a European Union commission on fake news. But for the most part we’re dealing with global entities that own the means whereby politicians garner votes, have vast access to capital to fund lobbying efforts, and are constitutionally certain of their own moral cause. That their platforms are used for awful ends is just a side effect on the way to global transparency, and shame on us for not seeing that.
So are we doomed to let them take our data or that of our loved ones and then to watch as that same data is used against us or shared by hackers? Yes, frankly. We’re doomed. Equifax Inc. sure won’t save us. Do we trust Congress to bring change? Do we trust Congress to plug in a phone charger? I’ll be overjoyed to find out I’m wrong. In the meantime, turn on two-factor authentication everywhere (ideally using a hardware dongle like a YubiKey), invest in a password manager, and hold on tight.
The word “leak” is right. Our sense of control over our own destinies is being challenged by these leaks. Giant internet platforms are poisoning the commons. They’ve automated it. Take a non-Facebook case: YouTube. It has users who love conspiracy videos, and YouTube takes that love as a sign that more and more people would love those videos, too. Love all around! In February an ex-employee tweeted: “The algorithm I worked on at Google recommended [InfoWars personality and lunatic conspiracy-theory purveyor] Alex Jones’ videos more than 15,000,000,000 times, to some of the most vulnerable people in the nation.”
The head of YouTube, Susan Wojcicki, recently told a crowd at SXSW that YouTube would start posting Wikipedia’s explanatory text next to conspiracy videos (like those calling a teen who survived the Parkland, Fla., shooting a “crisis actor”). Google apparently didn’t tell Wikipedia about this plan.
The activist and internet entrepreneur Maciej Ceglowski once described big data as “a bunch of radioactive, toxic sludge that we don’t know how to handle.” Maybe we should think about Google and Facebook as the new polluters. Their imperative is to grow! They create jobs! They pay taxes, sort of! In the meantime, they’re dumping trillions of units of toxic brain poison into our public-thinking reservoir. Then they mop it up with Wikipedia or send out a message that reads, “We take your privacy seriously.”
Given that the federal government is currently one angry man with nuclear weapons and a Twitter account, and that it’s futile to expect reform or self-regulation from internet giants, I’d like to propose something that will seem impossible but I would argue isn’t: Let’s make a digital Environmental Protection Agency. Call it the Digital Protection Agency. Its job would be to clean up toxic data spills, educate the public, and calibrate and levy fines.
How might a digital EPA function? Well, it could do some of the work that individuals do today. For example, the website of Australian security expert Troy Hunt, haveibeenpwned.com (“pwned” is how elite, or “l33t,” hackers, or “hax0rs,” spell “owned”), keeps track of nearly 5 billion hacked accounts. You give it your email, and it tells you if you’ve been found in a data breach. A federal agency could and should do that work, not just one very smart Australian—and it could do even better, because it would have a framework for legally exploring, copying, and dealing with illegally obtained information. Yes, we’d probably have to pay Booz Allen or Accenture or whatever about $120 million to get the same work done that Troy Hunt does on his own, but that’s the nature of government contracting, and we can only change one thing at a time.
When it comes to toxic data spills, it’s hard to know just how exposed you are. Literally all of us have been hacked—hard and a lot and mostly behind our backs. At least we could start to understand how bad it is. We could teach high school students to check the DPA site, to manage their own breaches. You’d go to the website to get good information about recovering from identity theft or a new social security number (we should also get rid of social security numbers as identification, but that’s another subject). It would have the forms you need to restore your identity, assert that you’d been hacked, and protect yourself. A nice thing for a government to do.
Let’s keep going! Imagine ranking banks and services by the number of data breaches they’ve experienced. Or a national standard for disclosure of how our private information is shared. (These ideas have been floated before in lots of different forms; the point is, how nice would it be if there was one government agency insisting on it in the same way that we have nutrition labels and calorie counts on our packaged foods?) The Consumer Financial Protection Bureau was headed in this direction—if it can survive the current maelstrom, maybe its mandate could be expanded.
So: Lots of helpful information, plenty of infographics, a way to track just how badly you’ve been screwed, and, ideally, some teeth—the DPA needs to be able to impose fines. I’m sure there’d be some fuss and opposition, but, come on. The giants have so much money it would hardly matter. And consider this from their perspective: How much better will it be to have your lawyers negotiate with the DPA’s lawyers instead of being hauled before Congress every time someone blows a whistle on your breaches?
The EPA’s budget is more than $8 billion, a little on the high side for the digital version. You could pull this off with $15 million or $20 million for tech infrastructure and to support a team—four engineers to build the platform, some designers, and then a few dozen graphic artists to make the charts and tables. Add on $2 billion for management and lawyers, and you’ve got yourself a federal agency.
I know that when you think of a Superfund site, you think of bad things, like piles of dead wildlife or stretches of fenced-off, chemical-infused land or hospital wings filled with poisoned families. No one thinks about all the great chemicals that get produced, or the amazing consumer products we all enjoy. Nobody sets out to destroy the environment; they just want to make synthetic fibers or produce industrial chemicals. The same goes for our giant tech platforms. Facebook never expected to be an engine that destroys America. Lots of nice people work there. Twitter didn’t expect to become the megaphone of despots and white nationalists. But the simple principles of “more communication is better” and “let’s build community” and “we take your privacy seriously” didn’t stand a chance under the pressure of hypergrowth and unbelievable wealth creation.
Unfortunately, ethics don’t scale as well as systems. We’ve poisoned ourselves, and more than a little. Given the money and power at stake, it’s going to be hard to get everyone to admit we’re sick. But we owe ourselves—and, cliché though it may be, we owe our children—to be more pragmatic about treating the symptoms.
There are 47 pages of regulations for Department of Defense personnel using Citigroup credit cards while traveling.
Pentagon confirms hack attempt against Defense Department credit card holders
The Pentagon on Thursday confirmed that there was a hacking attempt against an online financial services portal that Citigroup manages for the Defense Department.
Citigroup had told CNBC that a “malicious actor” attempted to gain access to several Citi credit card accounts tied to the Department of Defense.
The attack, which included 1.3 million attempts, occurred over this past weekend.
The Pentagon on Thursday confirmed that there was a hacking attempt this past weekend against an online financial services portal that Citigroup manages for Defense Department credit card holders.
The bank had responded to CNBC’s inquiry regarding an attempted hack this past weekend. The Pentagon, citing information from Citigroup, confirmed to CNBC on Thursday that there was an attack over the weekend of March 10.
The bank told the Defense Department that the attack came from a computer system that was randomly guessing cardholder account usernames and passwords.
The program hit Citigroup’s Pentagon online account application more than 1.3 million times. The hackers did successfully guess 318 Pentagon cardholders’ usernames and passwords, but they did not get past a secondary layer of account authentication.
“No data compromise occurred,” Citi told the Pentagon.
Citi provides financial services for the Government Travel Charge Card, or GTCC, which is used by Department of Defense personnel to pay for authorized expenses when on official travel.
CitiManager is the online portal used by the Defense Department to view statements online, make payments and confirm account balances.
*** Back in 2016, there was a hacker contest held by the Pentagon under Secretary Ash Carter….guess they missed that payment portal vulnerability possibility.
When the Pentagon announced the “Hack the Pentagon” event back in March, many wondered what kinds of vulnerabilities hackers would find when checking government websites for bugs. Now we know.
According to Defense Secretary Ash Carter, more than 250 participants out of the 1,400 submitted at least one vulnerability report, with 138 of those vulnerabilities determined to be “legitimate, unique and eligible for a bounty,” he said. The bounties ranged per person from $100 to around $15,000 if someone submitted multiple bugs.
The pilot program, which ran from April 18 to May 12, cost about $150,000, with around half of that going to participants. The results were released on Friday, according to the Department of Defense’s website.
“Hack the Pentagon” was deemed a cost-effective way to scour five of the US defense departments’ websites (defense.gov, dodlive.mil, dvidshub.net, myafn.net and dimoc.mil, according to a DoD spokesman) for security bugs. Instead of going to outside security firms, which would’ve cost upwards of $1 million, the government instead recruited amateur hackers to do it for much less, some who were only in high school.
In addition to reporting on the number of bugs, Carter also said that the government has worked with HackerOne, a bug bounty platform, to fix the vulnerabilities and that the department has “built stronger bridges to innovative citizens who want to make a difference to our defense mission.” Carter wants the “bug bounty” program to extend to other areas of the government and wants to ensure that hackers and researchers can report bugs without a dedicated program.
“When it comes to information and technology, the defense establishment usually relies on closed systems,” he said. “But the more friendly eyes we have on some of our systems and websites, the more gaps we can find, the more vulnerabilities we can fix, and the greater security we can provide to our warfighters.”
Many website already have bug bounty programs in place, but it was the first time the federal government had come up with such a program. It’s good experience for young hackers and security fiends who want to try and hack a government agency, although that’s a small amount of money for their time.
If there is no transportation, there is no food, medicine or basic supplies….what country is ready to deal with this?
British cities would be uninhabitable within days and the country is only a few meals from anarchy if the National Grid was taken down in a cyber attack or solar storm, disaster and security experts have warned.
Modern life is so reliant on electricity that a prolonged blackout would quickly lead to a loss of water, fuel, banking, transport and communications that would leave the country “in the Stone Age”.
The U.S. government has just released an important cybersecurity alert that confirms Russian government cyberattacks targeting energy and other critical infrastructure sectors in the United States.
While there has recently been a significant rise in cyberattacks in these industries, up to now we’ve only been able to speculate on who the actors are, or what their motives may be. In this case the threat actor and their strategic intent has been clearly confirmed, something the U.S. government rarely does publicly.
In addition, the US-CERT alert provides descriptions of each stage of the attack, detailed indicators of compromise (IOCs), and a long list of detection and prevention measures. Many of the attack tactics are like Dragonfly 2.0, so much so that one might call this an expanded playbook for Dragonfly. The Nozomi Networks solution ships today with an analysis toolkit that identifies the presence of Dragonfly 2.0 IOCs.
This article is intended to help you gain perspective on this recent alert, provide additional guidance on what security measures to take, and describe how the Nozomi Networks solution can help.
U.S. energy facilities, like this one, are one of the critical infrastructure targets of the Russian cyberattacks.
Multi-Stage Campaigns Provide Opportunities for Early Detection
The US-CERT alert characterizes this attack as a multi-stage cyber intrusion campaign where Russian cyber actors conducted spear phishing and gained remote access into targeted industrial networks. After obtaining access, the threat vectors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).
This pattern of behavior is typical of APTs (Advanced Persistent Threats). APTs occur over an extended period, meaning there is an opportunity to detect and stop them before damage is done. With the right technology monitoring the industrial network, it is much harder for them to go unobserved before their final attack.
In this case the Russian cyberattacks started by infecting staging targets, which are peripheral organizations, such as trusted third-party suppliers, as pivot points for attacking the final intended targets.
The attackers used a multitude of tactics involving information relevant to industrial control professionals for initial infection of the staging targets. Examples include:
Altering trade publication websites
Sending emails containing resumes for ICS personnel as infected Microsoft Word attachments
Analyzing publicly available photos that inadvertently contained information about industrial systems
The credentials of staging targets’ staff were in turn used to send spear phishing emails to the staff of the intended targets. They received malicious .docx files, which communicated with a command and control (C2) server to steal their credentials.
The SMB (Server Message Block) network protocol was used throughout the spear phishing phases to communicate with external servers, as was described for the Dragonfly 2.0 attacks.This is a distinctive tactic. SMB is usually only used to communicate within LANs, not for outbound communications. Now that this is known, asset owners should ensure their firewalls are locked down for outbound service restrictions.
The credentials of the intended targets were used to access victim’s networks. From there, the malware established multiple local administrator accounts, each with a specific purpose. The goals ranged from creation of additional accounts to cleanup activity. For the report, click here.
Forensic analysis shows that the threat actors sought information on network and organizational design and control system capabilities within the organization. In one instance, the report says, the threat actors downloaded a small photo from a publicly accessible human resource page, which, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background. The threat actors also compromised third-party suppliers to download source code for several intended targets’ websites. They also attempted to remotely access corporate web-based email and virtual private network (VPN) connections.
Once inside the intended target’s network, the threat actors used privileged credentials to access domain controllers via remote desktop protocols (RDP) and then used the batch scripts to enumerate hosts and users, as well as to capture screenshots of systems across the network.
The threat is inside. US-CERT on March 15 warned that threat actors associated with the Russian government had infiltrated ICS and SCADA systems at power plants using a variety of tactics. This image is a DHS reconstruction of a screenshot fragment of a human machine interface (HMI) that the threat actors accessed. Source: US-CERT
Along with publishing an extensive list of indicators of compromise, the DHS and FBI recommended that network administrators review IP addresses, domain names, file hashes, network signatures, and a consolidated set of YARA rules for malware associated with the intrusion authored by the National Cybersecurity and Communications Integration Center. YARA is an open-source and multiplatform tool that provides a mechanism to exploit code similarities between malware samples within a family.
2. Okay how about Trump’s “wall funding.” It’s not a wall. It’s repairs, drones and pedestrian fencing – no construction. 
3. Then we have the House Freedom Caucus with their letter to President Trump: 
So…need more? Conservative Review has these 10 items for your consideration.Here are the top 10 problems with the bill:
