An affordable price is probably the major benefit persuading people to buy drugs at www.americanbestpills.com. The cost of medications in Canadian drugstores is considerably lower than anywhere else simply because the medications here are oriented on international customers. In many cases, you will be able to cut your costs to a great extent and probably even save up a big fortune on your prescription drugs. What's more, pharmacies of Canada offer free-of-charge shipping, which is a convenient addition to all other benefits on offer. Cheap price is especially appealing to those users who are tight on a budget
Service Quality and Reputation Although some believe that buying online is buying a pig in the poke, it is not. Canadian online pharmacies are excellent sources of information and are open for discussions. There one can read tons of users' feedback, where they share their experience of using a particular pharmacy, say what they like or do not like about the drugs and/or service. Reputable online pharmacy canadianrxon.com take this feedback into consideration and rely on it as a kind of expert advice, which helps them constantly improve they service and ensure that their clients buy safe and effective drugs. Last, but not least is their striving to attract professional doctors. As a result, users can directly contact a qualified doctor and ask whatever questions they have about a particular drug. Most likely, a doctor will ask several questions about the condition, for which the drug is going to be used. Based on this information, he or she will advise to use or not to use this medication.

Category Archives: Cyber War

Do the Russians have the Voting Machines Source Codes?

Posted on by

On February 28th, the Senate asks what NSA and Cyber Command are doing about Russian election interference. Admiral Rogers’s answer, in brief, is that his organizations lack the authorities to do much (that he can openly discuss, that is).

US senator grills CEO over the myth of the hacker-proof voting machine
Nation’s biggest voting machine maker reportedly relies on remote-access software.

WASHINGTON (Reuters) – Two Democratic senators on Wednesday asked major vendors of U.S. voting equipment whether they have allowed Russian entities to scrutinize their software, saying the practice could allow Moscow to hack into American elections infrastructure.

The letter from Senators Amy Klobuchar and Jeanne Shaheen followed a series of Reuters reports saying that several major global technology providers have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government.

The senators requested that the three largest election equipment vendors – Election Systems & Software, Dominion Voting Systems and Hart Intercivic – answer whether they have shared source code, or inner workings, or other sensitive data about their technology with any Russian entity.

They also asked whether any software on those companies’ products had been shared with Russia and for the vendors to explain what steps they have taken to improve the security of those products against cyber threats to the election.

The vendors could not immediately be reached for comment. It was not immediately clear whether any of the vendors had made sales in Russia, where votes are submitted via written ballots and usually counted by hand.

“According to voting machine testing and certification from the Election Assistance Commission, most voting machines contain software from firms which were alleged to have shared their source code with Russian entities,” the senators wrote. “We are deeply concerned that such reviews may have presented an opportunity for Russian intelligence agents looking to attack or hack the United States’ elections infrastructure.”

U.S. voters in November will go to the polls in midterm elections, which American intelligence officials have warned could be targeted by Russia or others seeking to disrupt the process.

There is intense scrutiny of the security of U.S. election systems after a 2016 presidential race in which Russia interfered, according to American intelligence agencies, to try to help Donald Trump win with presidency. Trump in the past has been publicly skeptical about Russian election meddling, and Russia has denied the allegations.

Twenty-one states experienced probing of their systems by Russian hackers during the 2016 election, according to U.S. officials.

Though a small number of networks were compromised, voting machines were not directly affected and there remains no evidence any vote was altered, according to U.S. officials and security experts.

Related reading:

Top intel official says US hasn’t deterred Russian meddling (Fifth Domain) “I believe that President (Vladimir) Putin has clearly come to the conclusion that there’s little price to pay and that therefore, ‘I can continue this activity,‘” Adm. Mike Rogers, director of both the U.S. Cyber Command and the National Security Agency, told Congress.

Senators: Cyber Command should disrupt Russian influence campaigns (Fifth Domain) Senators pressed Cyber Command on how they can use their national mission force to combat Russian cyber intrusions.

Rogers: CyberCom lacks authority, resources to defend all of cyberspace (FCW) The outgoing NSA and U.S. Cyber Command chief told lawmakers CyberCom is not sitting on its hands when it comes to potential Russian cyber interference, but it lacks the authority to do more absent additional presidential direction.

NSA: Trump’s Lukewarm Response on Russia Will Embolden Putin (Infosecurity Magazine) NSA: Trump’s Lukewarm Response on Russia Will Embolden Putin. Expect more election interference, Cyber Command boss warns

Decoding NSA director Mike Rogers’ comments on countering Russian cyberattacks (Washington Examiner) It’s not as simple as ‘I’m not authorized to do anything.’

*** Footnotes:

Electronic Systems and Software:

1. In 2014, ES&S claimed that “in the past decade alone,” it had installed more than 260,000 voting systems, more than 15,000 electronic poll books, provided services to more than 75,000 elections. The company has installed statewide voting systems in Alabama, Arkansas, Georgia, Idaho, Iowa, Maine, Maryland, Minnesota, Mississippi, Montana, Nebraska, New Mexico, North Carolina, North Dakota, Rhode Island, South Carolina, South Dakota, and West Virginia. ES&S claims a U.S. market share of more than 60 percent in customer voting system installations.

The company maintains 10 facilities in the United States, two field offices in Canada (Pickering, Ontario; and Vancouver, British Columbia) and a warehouse in Jackson, Mississippi.

2. Dominion Voting Systems is a global provider of end-to-end election tabulation solutions and services. The company’s international headquarters are in Toronto, Canada, and its U.S. headquarters are in Denver, Colorado. Dominion Voting also maintains a number of additional offices and facilities in the U.S. and Europe.

Dominion’s technology is currently used in 33 U.S. states, including more than 2,000 customer jurisdictions. The company also has 100+ municipal customers in Canada.

3. Hart InterCivic Inc. is a privately held United States company that provides elections, and print solutions to jurisdictions nationwide. While headquartered in Austin, Texas, Hart products are used by hundreds of jurisdictions nationwide, including counties in Texas, the entire states of Hawaii and Oklahoma, half of Washington and Colorado, and certain counties in Ohio, California, Idaho, Illinois, Indiana, Kentucky, Oregon, Pennsylvania, and Virginia.

Hart entered the elections industry in 1912, printing ballots for Texas counties. (Side note: As Republican and Democratic state legislators hustle to pass a law moving Georgia toward paper ballot voting technology, election integrity advocates said they’re concerned a bill that already cleared the state Senate could lead to a new vulnerability in Georgia’s next voting system, if it becomes law.

One way a new system might work is through a touchscreen computer similar to those currently used in Georgia. It would print a paper ballot with a visual representation of a voter’s choices so they themselves can check for accuracy.

In some systems, counting the votes means scanning an entire image of the ballot that may include a timestamp and precinct information.

In other systems, barcodes or QR codes on a ballot would correspond with the voter’s choices, which can make counting easier and faster for election officials, said Peter Lichtenheld, vice president of operations with Hart Intercivic, one of several election technology companies that hired lobbyists at the statehouse this year.)

*** The text of the letter to the three vendors is below:

The full text of the senators’ letter is below:

Dear Mr. Braithwaite, Mr. Burt, and Mr. Poulos:

Recent reports of U.S. IT and software companies submitting to source code reviews in order to access foreign markets have raised concern in Congress given the sensitivity of the information requested by countries like China and the Russian Federation. As such, we write to inquire about the security of the voting machines you manufacture and whether your company has been asked to share the source code or other sensitive or proprietary details associated with your voting machines with the Russian Federation.

The U.S. intelligence community has confirmed that Russia interfered with the 2016 presidential elections. As a part of a multi-pronged effort, Russian actors attempted to hack a U.S. voting software company and at least 21 states’ election systems. According to the Chicago Board of Elections, information on thousands of American voters was exposed after an attack on their voter registration system.

Foreign access to critical source code information and sensitive data continues to be an often overlooked vulnerability. The U.S. government and Congress have recently taken steps to address some cyber vulnerabilities, including by banning the use Kaspersky Lab, a Moscow-based cybersecurity firm that has maintained a relationship with Russia’s military and intelligence sectors, from all U.S. government computers. Now, we must also ensure the security of our voting machines and associated software.

Recent reports indicate that U.S. based firms operating on U.S. government platforms gave Russian authorities access to their software. In order to sell their software within Russia, these companies allowed Russian authorities to review their source code for flaws that could be exploited. While some companies maintain this practice is necessary to find defects in software code, experts have warned that it could jeopardize the security of U.S. government computers if these reviews are conducted by hostile actors or nations. U.S. tech companies, the Pentagon, former U.S. security officials, and a former U.S. Department of Commerce official with knowledge of the source code review process have expressed concerns with this practice.

In addition, Russia’s requests for source code reviews have increased. According to eight current and former U.S. officials, four company executives, three U.S. trade attorneys, and Russian regulatory documents, between 1996 and 2013 Russia conducted reviews for 13 technology products from Western companies, but has conducted 28 such reviews in the past three years alone.

As the three largest election equipment vendors, your companies provide voting machines and software used by ninety-two percent of the eligible voting population in the U.S. According to voting machine testing and certification from the Election Assistance Commission, most voting machines contain software from firms which were alleged to have shared their source code with Russian entities. We are deeply concerned that such reviews may have presented an opportunity for Russian intelligence agents looking to attack or hack the United States’ elections infrastructure.  Further, if such vulnerabilities are not quickly examined and mitigated, future elections will also remain vulnerable to attack.

In order to help the security and integrity of our systems and to understand the scope of any potential access points into our elections infrastructure, we respectfully request answers to the following questions:

  1. Have you shared your source code or any other sensitive data related to your voting machines or other products with any Russian entity?
  2. To your knowledge, has any of the software that runs on your products been shared with any Russian entity?
  3. What steps have you taken or will you take in order to upgrade existing technologies in light of the increased threat against our elections?

The 2018 election season is upon us. Primaries have already begun and time is of the essence to ensure any security vulnerabilities are addressed before 2018 and 2020.

Thank you for your attention to this matter, and we look forward to working with you to secure our elections.

Sincerely,

 

Seems the FBI Loves Best Buy’s Geek Squad, Hello Strzok?

Posted on by

Now many of the emails I receive about certain FBI cases make sense.

*** The document referring to the FBI tour of the Geek Squad facility in Kentucky.

Image result for geek squad repair facility kentucky photo and more details

After the prosecution of a California doctor revealed the FBI’s ties to a Best Buy Geek Squad computer repair facility in Kentucky, new documents released to EFF show that the relationship goes back years. The records also confirm that the FBI has paid Geek Squad employees as informants.

EFF filed a Freedom of Information Act (FOIA) lawsuit last year to learn more about how the FBI uses Geek Squad employees to flag illegal material when people pay Best Buy to repair their computers. The relationship potentially circumvents computer owners’ Fourth Amendment rights.

The documents released to EFF show that Best Buy officials have enjoyed a particularly close relationship with the agency for at least 10 years. For example, an FBI memo from September 2008 details how Best Buy hosted a meeting of the agency’s “Cyber Working Group” at the company’s Kentucky repair facility.

The memo and a related email show that Geek Squad employees also gave FBI officials a tour of the facility before their meeting and makes clear that the law enforcement agency’s Louisville Division “has maintained close liaison with the Geek Squad’s management in an effort to glean case initiations and to support the division’s Computer Intrusion and Cyber Crime programs.”

Another document records a $500 payment from the FBI to a confidential Geek Squad informant. This appears to be one of the same payments at issue in the prosecution of Mark Rettenmaier, the California doctor who was charged with possession of child pornography after Best Buy sent his computer to the Kentucky Geek Squad repair facility.

Other documents show that over the years of working with Geek Squad employees, FBI agents developed a process for investigating and prosecuting people who sent their devices to the Geek Squad for repairs. The documents detail a series of FBI investigations in which a Geek Squad employee would call the FBI’s Louisville field office after finding what they believed was child pornography.

The FBI agent would show up, review the images or video and determine whether they believe they are illegal content. After that, they would seize the hard drive or computer and send it to another FBI field office near where the owner of the device lived. Agents at that local FBI office would then investigate further, and in some cases try to obtain a warrant to search the device.

Some of these reports indicate that the FBI treated Geek Squad employees as informants, identifying them as “CHS,” which is shorthand for confidential human sources. In other cases, the FBI identifies the initial calls as coming from Best Buy employees, raising questions as to whether certain employees had different relationships with the FBI.

In the case of the investigation into Rettenmaier’s computers, the documents released to EFF do not appear to have been made public in that prosecution. These raise additional questions about the level of cooperation between the company and law enforcement.

For example, documents reflect that Geek Squad employees only alert the FBI when they happen to find illegal materials during a manual search of images on a device and that the FBI does not direct those employees to actively find illegal content.

But some evidence in the case appears to show Geek Squad employees did make an affirmative effort to identify illegal material. For example, the image found on Rettenmaier’s hard drive was in an unallocated space, which typically requires forensic software to find. Other evidence showed that Geek Squad employees were financially rewarded for finding child pornography. Such a bounty would likely encourage Geek Squad employees to actively sweep for suspicious content.

Although these documents provide new details about the FBI’s connection to Geek Squad and its Kentucky repair facility, the FBI has withheld a number of other documents in response to our FOIA suit. Worse, the FBI has refused to confirm or deny to EFF whether it has similar relationships with other computer repair facilities or businesses, despite our FOIA specifically requesting those records. The FBI has also failed to produce documents that would show whether the agency has any internal procedures or training materials that govern when agents seek to cultivate informants at computer repair facilities.

We plan to challenge the FBI’s stonewalling in court later this spring. In the meantime, you can read the documents produced so far here and here.

YouTube’s Trusted Flagger Program, a Sham

Posted on by
The legal complaint is here.

No wonder Dennis Prager (Prager University) is suing YouTube for censorship.

Image result for youtube trusted flagger program photo

YouTube Trusted Flagger program

The YouTube Trusted Flagger program was developed by YouTube to help provide robust tools for government agencies and non-governmental organizations (NGOs) that are particularly effective at notifying YouTube of content that violates our Community Guidelines.

Individuals who are part of the YouTube Contributors program also frequently report videos that may violate YouTube’s Community Guidelines.

The YouTube Trusted Flagger program includes:

  • A bulk-flagging tool that allows for reporting multiple videos at one time
  • Private forum support for questions about the policy enforcement process
  • Visibility into decisions on flagged content
  • Prioritized flag reviews for increased actionability

Program eligibility

Government agencies and NGOs are eligible for participation in the YouTube Trusted Flagger program. Ideal candidates flag frequently and with a high rate of accuracy.

Before becoming deputized for participation, applicants must attend a YouTube training to learn about our Community Guidelines and enforcement processes. These trainings are led by YouTube’s Trust & Safety and Public Policy teams.

Flag review process

Videos flagged by trusted flaggers are reviewed by YouTube content moderators according to YouTube’s Community Guidelines. Content flagged by trusted flaggers is not automatically removed or subject to any differential policy treatment — the same standards apply for flags received from other users. However, because of their high degree of accuracy, flags from trusted flagger are prioritized for review by our teams.

The Trusted Flagger program exists exclusively for the reporting of possible Community Guideline violations. It is not a flow for reporting content that may violate local law. Requests based on local law can be filed through our content removal form.

Google, really?

YouTube Trusted Flaggers help Google fight terrorism online, along with better automated detection, content warnings, and counter-radicalization content

Google and YouTube are working along with Facebook, Microsoft and Twitter to help fight terrorism online.

Google has pledged a four-pronged strategy:

1. Improving automated systems that detect problematic videos.

We will now devote more engineering resources to apply our most advanced machine learning research to train new “content classifiers” to help us more quickly identify and remove extremist and terrorism-related content.

2. Expanding the Trusted Flagger program

Trusted flaggers – both individuals and organizations – flag content correctly more than 90% of the time.

We will expand this programme by adding 50 expert NGOs to the 63 organisations who are already part of the programme, and we will support them with operational grants. This allows us to benefit from the expertise of specialised organisations working on issues like hate speech, self-harm, and terrorism. We will also expand our work with counter-extremist groups to help identify content that may be being used to radicalise and recruit extremists.

3. Making inflammatory content harder to find and endorse

In future [videos that do not clearly violate policy, but contain inflammatory religious or supremecist content] will appear behind an interstitial warning and they will not be monetised, recommended or eligible for comments or user endorsements.

4. Using the “Redirect Method” for counter-radicalization efforts

… we are working with Jigsaw to implement the “Redirect Method” more broadly across Europe. This promising approach harnesses the power of targeted online advertising to reach potential Isis recruits, and redirects them towards anti-terrorist videos that can change their minds about joining. In previous deployments of this system, potential recruits have clicked through on the ads at an unusually high rate, and watched over half a million minutes of video content that debunks terrorist recruiting messages.

*** So…..they use the Southern Poverty Law Center as a trusted flagger?

The Southern Poverty Law Center is assisting YouTube in policing content on their platform, The Daily Caller has learned.

The left-wing nonprofit — which has more recently come under fire for labeling legitimate conservative organizations as “hate groups” — is one of the more than 100 nongovernment organizations (NGOs) and government agencies in YouTube’s “Trusted Flaggers” program, a source with knowledge of the arrangement told TheDC.

The SPLC and other program members help police YouTube for extremist content, ranging from so-called hate speech to terrorist recruiting videos.

All of the groups in the program have confidentiality agreements, a spokesperson for Google, YouTube’s parent company, previously told TheDC. A handful of YouTube’s “Trusted Flaggers,” including the Anti-Defamation League and No Hate Speech — a European organization focused on combatting intolerance — have gone public with their participation in the program. The vast majority of the groups in the program have remained hidden behind their confidentiality agreements.

The SPLC’s close involvement in policing content on YouTube is likely to cause consternation among conservatives who worry that they may not be treated fairly. The left-wing group has consistently labeled pedestrian conservative organizations as “hate groups” and has been directly tied to violence against conservatives in the past. Floyd Lee Corkins, who opened fire at the Family Research Center in 2012, said he chose the FRC for his act of violence because the SPLC listed them as a “hate group.”

It’s unclear when the SPLC joined YouTube’s “Trusted Flaggers” program. The program goes back to 2012 but exploded in size in recent years amid a Google push to increase regulation of the content on its platforms, which followed pressure from advertisers. Fifty of the 113 program members joined in 2017 as YouTube stepped up its content policing, YouTube public policy director Juniper Downs told a Senate committee in January.

Downs said the third-party groups work closely with YouTube’s employees to crack down on extremist content in two ways, both of which a Google spokesperson previously confirmed to TheDC.

First, the flaggers are equipped with digital tools allowing them to mass flag content for review by YouTube personnel. Second, the partner groups act as guides to YouTube’s content monitors and engineers designing the algorithms policing the video platform but may lack the expertise needed to tackle a given subject.

“We work with over 100 organizations as part of our Trusted Flagger program and we value the expertise these organizations bring to flagging content for review. All trusted flaggers attend a YouTube training to learn about our policies and enforcement processes. Videos flagged by trusted flaggers are reviewed by YouTube content moderators according to YouTube’s Community Guidelines. Content flagged by trusted flaggers is not automatically removed or subject to any differential policies than content flagged from other users,” said a YouTube spokesperson, who would not specifically comment on the SPLC’s participation in the program.

The SPLC did not return multiple voicemails and emails seeking comment.

The overwhelming majority of the content policing on Google and YouTube is carried out by algorithms. The algorithms make for an easy rebuttal against charges of political bias: it’s not us, it’s the algorithm. But actual people with actual biases write, test and monitor the algorithms.

As noted above, Google’s anonymous outside partners (such as the SPLC) work closely with the internal experts designing the algorithms. This close collaboration has upsides, Google’s representatives have said, such as in combatting terrorist propaganda on the platform.

But it also provides little transparency, forcing users to take Google’s word that they’re being treated fairly.

The SPLC has faced criticism for its cavalier definitions of “hate group” and “extremist.” The organization stoked controversy in 2015 by labeling Dr. Ben Carson, now the Secretary of Housing and Urban Development (HUD), an anti-gay “extremist.” After a backlash, the SPLC reversed its ruling and apologized to Carson.

The organization  faced a similarly intense backlash in 2016 for labeling Maajid Nawaz, a respected counter-extremism activist, an “anti-Muslim extremist.”(RELATED: SPLC Says Army Bases Are Confederate Monuments That Need To Come Down)

The Washington Examiner’s Emily Jashinsky noted last year that “the SPLC’s claim to objectivity is nothing less than fraudulent, a reality that informed observers of its practices from both the Left and Right accept.”

“The routine of debunking their supposedly objective classifications occurs like clockwork each time a major outlet makes the mistake of turning to them when reporting on the many conservative thinkers and nonprofits the group absurdly designates as hateful.”

The SPLC has faced tough criticisms not just from conservatives but from the mainstream press as well.

“At a time when the line between ‘hate group’ and mainstream politics is getting thinner and the need for productive civil discourse is growing more serious, fanning liberal fears, while a great opportunity for the SPLC, might be a problem for the nation,” Politico Magazine’s Ben Schreckinger wrote last year.

Bloomberg columnist Megan McArdle similarly noted last year that the SPLC commonly lumps in principled conservatives alongside actual racists and extremists and warned of the possibility that tech companies could rely on the SPLC’s misleading definitions.

“Given the increasing tendency of powerful tech companies to flex their muscle against hate groups,” she wrote, “we may see more and more institutions unwittingly turned into critics or censors, not just of Nazi propaganda, but also of fairly mainstream ideas.”

Obama, McDonough Lied by Omission: 2016 Election 7 States

Posted on by

Image result for dhs voting

photo

DHS disputes the NBC reporting with the following:

Jeanette Manfra, National Protection and Programs Directorate (NPPD) Assistant Secretary for the Office of Cybersecurity and Communications, released the following statement regarding the recent NBC news coverage on the Department of Homeland Security’s efforts to combat election hacking.

“Recent NBC reporting has misrepresented facts and confused the public with regard to Department of Homeland Security and state and local government efforts to combat election hacking. First off, let me be clear: we have no evidence – old or new – that any votes in the 2016 elections were manipulated by Russian hackers. NBC News continues to falsely report my recent comments on attempted election hacking – which clearly mirror my testimony before the Senate Intelligence Committee last summer – as some kind of “breaking news,” incorrectly claiming a shift in the administration’s position on cyber threats. As I said eight months ago, a number of states were the target of Russian government cyber actors seeking vulnerabilities and access to U.S. election infrastructure. In the majority of cases, only preparatory activity like scanning was observed, while in a small number of cases, actors were able to access the system but we have no evidence votes were changed or otherwise impacted.

“NBC’s irresponsible reporting, which is being roundly criticized elsewhere in the media and by security experts alike, undermines the ability of the Department of Homeland Security, our partners at the Election Assistance Commission, and state and local officials across the nation to do our incredibly important jobs. While we’ll continue our part to educate NBC and others on the threat, more importantly, the Department of Homeland Security and our state and local partners will continue our mission to secure the nation’s election systems.

“To our state and local partners in the election community: there’s no question we’re making real and meaningful progress together. States will do their part in how they responsibly manage and implement secure voting processes. For our part, we’re going to continue to support with risk and vulnerability assessments, offer cyber hygiene scans, provide real-time threat intel feeds, issue security clearances to state officials, partner on incident response planning, and deliver cybersecurity training. The list goes on of how we’re leaning forward and helping our partners in the election community. We will not stop, and will stand by our partners to protect our nation’s election infrastructure and ensure that all Americans can have confidence in our democratic elections.”

U.S. intel: Russia compromised seven states prior to 2016 election

The U.S. intelligence community developed substantial evidence that state websites or voter registration systems in seven states were compromised by Russian-backed covert operatives prior to the 2016 election — but never told the states involved, according to multiple U.S. officials.

Top-secret intelligence requested by President Barack Obama in his last weeks in office identified seven states where analysts — synthesizing months of work — had reason to believe Russian operatives had compromised state websites or databases.

Three senior intelligence officials told NBC News that the intelligence community believed the states as of January 2017 were Alaska, Arizona, California, Florida, Illinois, Texas and Wisconsin.

The officials say systems in the seven states were compromised in a variety of ways, with some breaches more serious than others, from entry into state websites to penetration of actual voter registration databases.

While officials in Washington informed several of those states in the run-up to the election that foreign entities were probing their systems, none were told the Russian government was behind it, state officials told NBC News.

All state and federal officials who spoke to NBC News agree that no votes were changed and no voters were taken off the rolls.

After NBC’s report on the compromised states aired Tuesday night, Department of Homeland Security (DHS) Acting Press Secretary Tyler Houlton challenged its accuracy in a series of tweets. “NBC’s reporting tonight on the 2016 elections is not accurate and is actively undermining efforts of the Department of Homeland Security to work in close partnership with state and local governments to protect the nation’s elections systems from foreign actors,” wrote Houlton.

“As we have consistently said, DHS has shared information with affected states in a timely manner and we will continue to do so. We have no intelligence — new or old — that corroborates NBC’s reporting that state systems in seven states were compromised by Russian government actors. We believe tonight’s story to be factually inaccurate and misleading.”

On Wednesday morning, however, Michael Daniel, the top White House cybersecurity official at the end of the Obama administration, told NBC News that the government’s assessment when he left the White House in January 2017 was that networks in seven states were compromised. He said he could not account for whether that assessment had changed in the past year.

Daniel, who is now president of the Cyber Threat Alliance, an industry group, said it was the intention of the Obama administration to inform those states, “but clearly it didn’t happen the way that we wanted it to.”

He said he could not name the states because some of the assessment was based on classified information.

“This continued debate about whether or not the states were notified is actually distracting from the larger point, which is that we need to build the relationship between the federal government and state governments in the electoral area to improve cybersecurity,” he said.

“It is also easy to get lost in the cybersecurity industry’s ability to parse words, and the differing definitions of malicious cyber activity. But between what the states themselves detected and what the federal government detected through law enforcement and intelligence, it clearly showed a really broadbased Russian campaign to probe and figure out how they could gain access to different components of our electoral systems.”

According to classified intelligence documents, the intelligence community defines compromised as actual “entry” into election websites, voter registration systems and voter look-up systems.

NBC News reached out to all seven states that were compromised, as well as 14 additional states that DHS says were probed during the 2016 election.

To this day, six of the seven states deny they were breached, based on their own cyber investigations. It’s a discrepancy that underscores how unprepared some experts think America is for the next wave of Russian interference that intelligence officials say is coming.

Eight months after the assessment, in September 2017, the Trump administration’s DHS finally contacted election officials in all 50 states to tell them whether or not their systems had been targeted. It told 21 states they had been targeted, and U.S. officials acknowledged that some of those attempts had been successful.

“I think the Obama administration should have been doing much more to push back against the Russians across the board,” said Juan Zarate, an NBC News analyst who was deputy national security adviser for combating terrorism under President George W. Bush. “I think the U.S. was very meek and mild in how we responded to Russian aggression.”

Denis McDonough, who was Obama’s last chief of staff, strongly disagrees, arguing the administration acted to thwart the Russians before and after the election. Obama administration spokespeople also say they transmitted sensitive intelligence regarding state compromises to congressional leaders.

“The administration took a series of steps to push back against the Russians to include far-ranging sanctions, diplomatic steps to push people associated with the Russian effort out of this country and also warning our friends and allies,” he said.

The Trump DHS, like under the Obama administration, has declined to share the intelligence assessment of which states were actually compromised, according to state election officials.

This month, in an exclusive interview with NBC News, Jeanette Manfra, the current head of cybersecurity at DHS, said that “an exceptionally small number” of those 21 states “were actually successfully penetrated.” But Manfra declined to answer questions about the classified intelligence assessment, or to say specifically how many states had been penetrated.

Top election officials from all 50 states met in Washington this month for a National Association of Secretaries of State conference and received temporary security clearances for a classified threat briefing from intelligence officials. According to two officials present, one from the intelligence community and the other a state official, the actual intelligence on state compromises was not shared.

While numerous state election officials told NBC News that the Department of Homeland Security has been stepping up communications with them, many say they’re worried they are still not getting enough information from Washington.

Illinois itself had detected a “malicious cyberattack” on its voter registration system in the summer of 2016 and reported it to DHS, saying its voter rolls had been accessed but nothing had been altered. It is the only state to acknowledge actual compromise.

The other six states from the January 2017 assessment, however, say that when DHS told them last September that their systems had been targeted, it still did not tell them that their systems had been compromised. All six also say that based on their own cyber investigations, they believe their election systems were never compromised.

Three states said publicly in September that while some state websites were affected, none were directly related to voting; specifically, Texas, Wisconsin and California say some sites were “scanned.” But a former senior intelligence official told NBC News that these types of probes can also be serious, either as gateways to other networks or as reconnoitering for future attacks.

Fears of a repeat in 2018

Nearly 16 months after the presidential election, and more than eight months before the critical midterms, many state and federal officials are convinced the Russians will be back. They’re concerned that 2016 was laying the groundwork for a possible future attack.

“We have an extreme sense of urgency on insuring security of the 2018 elections, because you don’t get a chance to do it over,” said Alex Padilla, California’s secretary of state, who said there was no evidence of a successful hack in California.

Several state election officials, including Padilla, told NBC News they think they should have been told that U.S. intelligence agencies believed they’d been breached whether or not that turned out to be true.

“It is hugely imperative that intelligence be shared with state elections officials immediately in order to protect our election infrastructure and the integrity of election results,” Padilla said.

Reluctance to share the information may be due, in part, to the classification of the intelligence itself. Multiple intelligence officials told NBC News that determining the Russian government was behind the hacks depended on “exceptionally sensitive sources and methods” including human spies and eavesdropping on Russian communications.

No state election official at the time had a security clearance sufficient to permit access to such sensitive information, according to DHS.

“Look, whether or not state elections officials had the proper clearance has unfortunately been an excuse in my opinion, a bureaucratic response for why information or intelligence hasn’t been more quickly shared with state elections officials,” Padilla said.

“We’ve got to fix that right away, because it does us no good, [when somebody is] sitting in Washington, D.C., with a bit of information about a significant cyberthreat and elections officials and locals are completely unaware. That doesn’t help anybody and that needs to be addressed,” Padilla said.

Zarate said that he thought “too much of this has happened behind the veil of the government,” and that “much more has to be discussed openly with the public about what we know of the kinds of attacks that are happening, who may be behind them, and how we defend ourselves against [them].”

A spokesperson for Florida’s secretary of state, Mark Ard, said the state was informed by DHS in September 2017 that Florida had been targeted by hackers in 2016. “This attempt was not in any way successful and Florida’s online elections databases and voting systems remained secure,” Ard said.

Texas Secretary of State Rolando Pablos said in a statement that his agency had not seen any evidence that any voting or voting registration systems in Texas were compromised before the 2016 elections.

The public information officer for the Wisconsin Elections Commission said the commission has never detected a successful hack on its system, “nor has it ever been notified of one by the Department of Homeland Security or any other state or federal agency.”

A spokesperson for the Arizona secretary of state, Matt Roberts, said the state had still not been informed of a successful hack, and had seen no evidence of one. Roberts said the state had not been told that “ANY Arizona voting system has been compromised, nor do we have any reason to believe any votes were manipulated or changed. No evidence, no report, no nothing.”

Alaska did not respond to repeated requests for comment, but has previously denied that any breach occurred.

Bradley Moss, a lawyer specializing in national security, tried to lift the veil and find out what U.S. intelligence knew about the Russian attempts to compromise the voter system. He sued for disclosure of government files and won last week, receiving 118 top-secret pages from the intelligence community. The pages referred to “compromises” and other breaches but the pages were almost completely blacked out for security reasons.

Said Moss: “The spreadsheets show that there were documented breaches of election networks. That there were documented, numerous documented instances of attempted breaches of state election networks, and that there was a widespread concern among several agencies in the intelligence committee about the sanctity and the integrity of these election networks.”

In a statement, DHS said it has been working with state and local officials for more than a year on the issue.

“This relationship is built on trust and transparency, and we have prioritized sharing threat and mitigation information with election officials in a timely manner to help them protect their systems,” DHS acting press secretary Tyler Houlton said.

“In addition to granting state officials clearances to give them access to classified information, we work to declassify information rapidly and have the ability to grant one-day waivers when necessary to provide state officials with information they may need to protect their systems.

“We are committed to this work and will continue to stand by our partners to protect our nation’s election infrastructure and ensure that all Americans can have the confidence that their vote counts — and is counted correctly.”

A statement from the Office of the Director of National Intelligence said only: “The declassified Intelligence Community Assessment of January 6, 2017, found that Russian actors did not compromise vote tallying systems. That assessment has not changed.”

Next steps

At a Senate hearing on Tuesday, the National Security Agency director, Adm. Mike Rogers, acknowledged that the White House has not directed him to try to stop Moscow from meddling in U.S. elections.

Sen. Claire McCaskill, D-Mo., said that was “outrageous” and asked whether the U.S. was in a position to stop Russia from “doing this again.”

“We’re taking steps but we’re probably not doing enough,” Rogers said.

“I want to know, why the hell not?” McCaskill shot back. “What’s it going to take?”

While the FBI and the Department of Homeland Security say they are taking steps to shore up cyberdefenses, FBI Director Christopher Wray told Congress this month that the instructions did not come from the top.

When Sen. Jack Reed, D-R.I., asked Wray if the president had directed him or the bureau to take “specific actions to confront and blunt” ongoing Russian activities, Wray said, “We’re taking a lot of specific efforts to blunt Russian efforts.”

Reed then asked, “Specifically directed by the president?” Wray answered, “Not as specifically directed by the president.”

The White House on Tuesday pushed back on any suggestion they’re not doing enough, saying President Trump is “looking at a number of different ways of making sure that Russia doesn’t meddle in our elections.”

For the future, Zarate suggests taking a lesson from the past.

“After 9/11, the walls between law enforcement and intelligence sources had to be broken down in order to connect the dots,” Zarate said. “There has to be a whole-of-government and whole-of-nation approach to dealing with what is an assault on American democracy.”

Cyber: ‘Our adversaries have grown more emboldened’

Posted on by

Primer:

Russia hasn’t been sufficiently penalized for its meddling in the 2016 U.S. elections and that has emboldened Moscow to continue interfering in American elections, Adm. Michael Rogers, Commander of the U.S. Cyber Command, told the Senate Armed Services Committee on Tuesday.

“They haven’t paid a price sufficient to change their behavior,” Rogers said under questioning by Sen. Richard Blumenthal, D-Conn. Although the United States has taken some actions, including imposing additional sanctions and Special Counsel Robert S. Mueller III has indicted more than a dozen Russians for their role in the interference, “it hasn’t changed the calculus,” Rogers said, adding that “it hasn’t generated the change in behavior that we all know we need.”

In another exchange with Sen. Elizabeth Warren, D-Mass., Rogers said that Russian President Vladimir Putin has probably come to the conclusion that “that there’s little price to pay here so I can continue the activity” of interfering in the U.S. election system. More here.

*** In context however, where is Senator(s) Warren and Blumenthal’s proposed legislation on sanctions or punishment toward Russia for cyber and active measures interference? It was political posturing by Warren and Blumenthal when they can introduce multi-faceted legislation as Russia, China and North Korea continue to attack the United States via layered cyber operations including espionage.

Meanwhile…. Image result for admiral rogers nsa photo

WASHINGTON, Feb. 27, 2018

Although competitors such as China and Russia remain the greatest threat to U.S. security, rogue regimes such as Iran and North Korea have increased in capabilities and have begun using aggressive methods to conduct malicious cyberspace activities, the military’s top cyber officer told Congress today.

Navy Adm. Michael S. Rogers, director of the National Security Agency, commander of U.S. Cyber Command and chief of the Central Security Service, testified at a Senate Armed Services Committee hearing.

“Our adversaries have grown more emboldened, conducting increasingly aggressive activities to extend their influence without fear of significant consequence,” Rogers said. “We must change our approaches and responses here if we are to change this dynamic.”

But as the cyber domain has evolved, Rogers told the senators, Cybercom’s three major mission areas endure: protecting the Department of Defense Information Network; enabling other joint force commanders by delivering effects in and through cyberspace; and defending the nation against cyber threats through support to the Department of Homeland Security and others when directed to do so by the president or secretary of defense.

Cybercom Milestones

Rogers highlighted milestones in Cybercom’s growth.

Joint Force Headquarters DODIN, the subordinate headquarters responsible for securing, operating and defending the Defense Department’s complex information technology infrastructure, has achieved full operational capability, he said.

Joint Task Force Ares, created to lead the fight in cyber against the Islamic State of Iraq and Syria, has successfully integrated cyberspace operations into broader military campaigns, has achieved some “excellent results,” and will continue to pursue ISIS in support of the nation’s objectives, the admiral told the Senate panel.

Cybercom also has significantly enhanced training in cyber operation platforms to prepare the battlespace against key adversaries, he said.

Milestones expected to be achieved this year include Cyber Command’s elevation to a combatant command responsible for providing mission-ready cyberspace operations forces to other combatant commanders, Rogers said.

New Facility

In addition, the admiral said, Cybercom will be moving into a state-of-the-art integrated cyber center and joint operations facility at Fort Meade, Maryland, enhancing the coordination and planning of operations against cyber threats.

“Without cyberspace superiority in today’s battlefield, risk to mission increases across all domains and endangers our security,” Rogers said.

Cybercom’s focus on innovation and rapid tech development has extended all the way to small businesses and working with the private sector while maintaining cybersecurity, Rogers told the committee.

“We intend in the coming year to create an unclassified collaboration venue where businesses and academia can help us tackle tough problems without needing to jump over clearance hurdles, for example, which for many are very difficult barriers,” Rogers explained.

After serving more than four years as a commander of Cybercom and after nearly 37 years of service as a naval officer, Rogers is set to retire this spring.

“I will do all I can during the intervening period to ensure the mission continues, that our men and women remain ever motivated, and that we have a smooth transition,” he said.