UK’s PM Terresa May has to Face Russia over Use of Nerve Agent

Posted on March 12, 2018March 12, 2018 by Denise Simon

May says it is very clear that the use of this nerve agent goes against the spirit of the chemical weapons treaty. This is part of a group of nerve agents known as Novichok.

Using nerve agents of this kind is banned under international conventions, developed in secret to get around those treaties and designed to avoid detection. And it is banned in part because of its potency, and the horrible effects that could stem from its use.

Novichok was first developed in the 1970s and 80s by what was then the Soviet Union. The name means “newcomer” in Russian, and indicates the fact that when it was developed it marked a major breakthrough in the power of such chemical weapons.

That new potency meant that it was by some way the most powerful nerve agent in the world, and it continues to be thought one of the most deadly weapons available.

They work like all nerve agents, by overriding neurotransmitters in the body and shutting down the way it normally works. By forcing muscles to contract by attacking the nervous system, important parts of the body start to shut down – soon after someone comes into contact with such a nerve agent, the heart and diaphragm will shut down and death can result either through heart failure or suffocation.

Though it was developed to be as dangerous as possible when used, it was also designed so that it could be relatively easily transported. The nerve agent is made out of different “precursors” – which are relatively safe until they are mixed so that they can be used in a weapon. Novichok became famous in the 90s, when a Soviet scientist called Vil Mirzayanov revealed that the country had secretly developed the powerful nerve gas – which was far more potent than anything in the US. Though the Soviet Union had been developing it for some time, it didn’t become known for as much as a decade after it was actually available, because it had been kept entirely secret. More here.

Russia deployed a military grade nerve agent in a city of 40,000 people. Chemical warfare experts were sent to the scene and hundreds of people may have been poisoned in Britain.

British PM May: “The government has concluded that it is highly likely that Russia was responsible” for nerve agent attack on Russian ex-spy. “There are only two plausible explanations… Either this was a direct act by the Russian state against our country, or the Russian government lost control of its potentially catastrophically damaging nerve agent and allowed it to get into the hands of others.”

British PM May says she’ll give Russia until Wednesday to respond: “Should there be no credible response, we will conclude that this action amounts to an unlawful use of force by the Russian state against the United Kingdom.”

British emergency services workers in hazard suits put a tent on Thursday over the bench where Sergei Skripal and his daughter, Yulia, were found. Ben Stanstall / AFP – Getty Images

19 others treated after nerve agent attack on Russian ex-spy Sergei Skripal, his daughter

by Daniel Arkin

A police sergeant who assisted a former Russian spy and his daughter after a nerve agent attack in Britain is receiving medical treatment, as well as 18 other people who may have been exposed to the poison, police said Thursday.

The attack on Sergei Skripal, 66, and his daughter, Yulia, 33, is being treated as attempted murder, authorities have said. The two remain hospitalized in critical condition after being found unconscious Sunday on a bench near a shopping mall in Salisbury, 90 miles west of London.

Sgt. Nick Bailey, an officer from the Wiltshire police who assisted the two victims, also remained hospitalized on Thursday but appeared to be making progress, said Kier Pritchard, the acting Wiltshire police chief.

“Of course he’s very anxious, very concerned,” Pritchard told reporters.

Some of those who were treated after the nerve agent attack received blood tests, support and hospital advice, Pritchard said. He would not say whether the other victims were other officers, medical workers or bystanders.

At a news conference, Britain’s home secretary, Amber Rudd, described Bailey as “still seriously unwell,” but “engaging and awake and talking to point.”

Police have not offered any specifics about the attack, including the type of nerve agent used or how it was delivered.

Skripal, a former military intelligence officer, was sentenced to 13 years in prison in 2006 after being convicted in Russia of spying for Britain.

He passed the identity of dozens of spies to the United Kingdom’s MI6 foreign intelligence agency, according to news reports. He was freed in 2010 as part of a U.S.-Russian spy swap that also included Anna Chapman, who was arrested in New York earlier that year.

The incident has drawn parallels to the death of former Russian agent Alexander Litvinenko, who was poisoned with radioactive polonium 11 years ago in London.

Litvinenko, 43, an outspoken critic of Russian President Vladimir Putin, fled Russia for Britain six years before he was poisoned. He died after drinking green tea laced with the rare and very potent radioactive isotope at London’s Millennium Hotel.

In a report published in 2016, a British judge found that Litvinenko was killed in an assassination carried out by Russia’s security services — with the probable approval of Putin. Russia has denied any responsibility for Litvinenko’s death.

There is no evidence of any Kremlin connection in Skripal’s case. But intelligence analyst Glenmore Trenear-Harvey, who formerly worked for MI6, told NBC News that he believes that the case has the hallmarks of Putin’s involvement.

Pritzker, Boxer, Sherman and MoveOn.org, the Strike Force

Posted on March 12, 2018March 12, 2018 by Denise Simon

The top person on John Kerry’s Iran JPOA team was Wendy Sherman. But then we have Obama’s dear friend Penny Pritzker in the mix too, along with Barbara Boxer and Hillary’s Jake Sherman all part of this National Security Action team, which is all things against Trump. So, while we do have the Director of MoveOn in the mix…this group likely has some robust funding from Soros.

This is a strike force that even includes Jeremy Bash.

He served as Chief of Staff of the CIA (2009-2011) and Defense Department (2011-2013), was Panetta’s right hand person and perhaps we should remember it was Panetta that allowed Hollywood access to top secret information to make a movie, that Zero Dark Thirty movie.

According to a June 15, 2011, email from Benjamin Rhodes, Deputy National Security Advisor for Strategic Communications, the Obama White House was intent on “trying to have visibility into the UBL (Usama bin Laden) projects and this is likely a high profile one.”

photo

Ben Rhodes the aspiring novelist became Obama’s top advisor even when Rhodes security clearance was denied.

In early July 2012, Obama’s senior White House adviser on Iran, Puneet Talwar, and Secretary of State Hillary Clinton’s right-hand man, Jake Sullivan, arrived in the sleepy Arabian sultanate of Oman, 150 miles across sparkling Gulf waters from the Iranian coast. It was the first significant back-channel contact with Tehran.

FNC: A group of about 50 former Obama administration officials recently formed a think tank called National Security Action to attack the Trump administration’s national security policies.

The mission statement of the group is anything but subtle: “National Security Action is dedicated to advancing American global leadership and opposing the reckless policies of the Trump administration that endanger our national security and undermine U.S. strength in the world.”

National Security Action plans to pursue typical liberal foreign policy themes such as climate change, challenging President Trump’s leadership, immigration and allegations of corruption between the president and foreign powers.

This organization uses the acronym NSA, which is ironic. Three of its founding members – Ben Rhodes, Susan Rice and Samantha Power – likely were involved in abusing intelligence from the federal NSA (National Security Agency) to unmask the names of Trump campaign staff from intelligence reports and to leak NSA intercepts to the media to hurt Donald Trump politically. This included a leak to the media of an NSA transcript in February 2017 of former National Security Adviser Michael Flynn’s discussion with Russian Ambassador to the U.S. Sergei Kislyak. No one has been prosecuted for this leak.

Given the likely involvement of Rhodes, Rice and Power to weaponize intelligence against the Trump presidential campaign, will their anti-Trump NSA issue an apology for these abuses?

It is interesting that the new anti-Trump group says nothing in its mandate about protecting the privacy of Americans from illegal surveillance, preventing the politicization of U.S. intelligence agencies or promoting aggressive intelligence oversight. Maybe this is because the founders plan to abuse U.S. intelligence agencies to spy on Republican lawmakers and candidates if they join a future Democratic administration.

It takes a lot of chutzpah for this group of former Obama officials, who were part of the worst U.S. foreign policy in history, to condemn the current president’s successful international leadership and foreign policy.

After all, ISIS was born on President Obama’s watch because of his mismanagement of the U.S. withdrawal from Iraq and his “leading from behind” Middle East policy. The Syrian civil war spun out of control because of the incompetence of President Obama and his national security team.

This was a team that provided false information to the American people about the 2012 terrorist attack on the U.S. consulate in Benghazi and the nuclear deal with Iran. I wonder if the anti-Trump NSA will include videos on its website of former National Security Adviser Susan Rice falsely claiming on five Sunday morning news shows in September 2012 that the attack on the Benghazi consulate was “spontaneous” and in response to an anti-Muslim video.

And of course there’s the North Korean nuclear and missile programs that surged during the Obama years due to the administration’s “Strategic Patience” policy, an approach designed to kick this problem down the road to the next president. Because of President Obama’s incompetence, North Korean dictator Kim Jong Un may have an H-bomb that he soon will be able to load onto an intercontinental ballistic missile to attack the United States.

It must appall this group of former Obama national security officials that President Trump is succeeding as he undoes everything they worked on.

ISIS will soon control no territory in Iraq or Syria because of the Trump administration’s intensified attacks on it and arming of Kurdish militias.

In sharp contrast to President Obama, President Trump drew a chemical weapons red line in Syria and enforced it.

North Korea is pushing for talks with the U.S. in response to strong United Nations sanctions the U.S. worked to obtain in 2017. And compliance with the new sanctions has been significantly improved, especially by China, as the result of President Trump’s actions.

President Trump repaired the damage done to U.S.-Israel relations by President Obama and has recognized Jerusalem as the capital of Israel – something several previous presidents promised but failed to do.

Iranian harassment of U.S. ships in the Persian Gulf stopped in 2017, likely due to the more assertive Iran policy of President Trump. This includes the president’s successful effort to build a stronger U.S. relationship with Saudi Arabia.

President Trump is right when he says he inherited a mess on national security from the Obama administration. This is because President Obama and his national security team undermined U.S. credibility and left President Trump a much more dangerous world. I doubt the new anti-Trump National Security Action think tank will succeed in convincing Americans otherwise.

The war on 5G Nationally and Internationally

Posted on March 9, 2018March 9, 2018 by Denise Simon

The first, 1G, was invented by Motorola in 1973. The 1G networks provided basic phone service with analog protocols and speeds of 2.4 kilobits per second. Compare that to today’s 4G network speed of 100 megabits per second and 5G’s proposed 100 gigabits per second. Also in 1973, IEEE Member Robert M. Metcalf invented Ethernet, one of the key enablers of wireless and local Internet access. Ethernet is part of the IEEE 802 suite of standards that underpins wireless networking applications and includes access to the Internet. The 802.11 standard is better known by its trademark name: Wi-Fi. More here.

***

When fourth generation (4G) services launched early this decade, the U.S. led the way. The Federal Communications Commission (FCC) unlocked valuable spectrum, and carriers responded by accommodating a radical, 20-fold growth in global mobile data traffic. The massive investment in wireless network infrastructure rewarded American consumers with faster wireless speeds at affordable prices. In addition to speeding up smartphones in our pockets, the U.S. economy saw an estimated increase in GDP between $73–$151 billion and up to 700,000 new jobs as a result and America was established as the test bed for innovation in the global digital economy.

Now our country faces a similar opportunity and challenge with fifth generation (5G) mobile networks, and it warrants the attention of consumers, the mobile industry, and policymakers. The economic stakes for 5G may be significantly higher than for 4G, led by large-scale job creation and incubation of new devices, applications, and business models that could dramatically stimulate the U.S. economy. More here.

***

As of 2017, development of 5G is being led by several companies, including Samsung, Intel, Qualcomm, Nokia, Huawei, Ericsson, ZTE and others. Huawei and ZTE are part of the Chinese government and all our intelligence agencies have declared they are NOT safe to use in the government realm or the private sector. Canadian media is warning the same due to cyber vulnerabilities. This is all about the expanding digital economy where various cyber currencies will prevail over tangible currency and those respective values cannot be controlled or managed.

*** Image result for 5g photo

President Donald Trump signed an executive order in January calling on federal agencies “to use all viable tools” to build broadband in rural areas on federal lands.

“Those towers are going to go up, and you’re going to have great, great broadband,” Trump said.

But telecom companies don’t have plans to expand 5G to rural areas. Where are they going? To urban and suburban neighborhoods where the business-friendly FCC is considering rules that would limit local governments from having as much of a say over where they go, how they look and how much they can charge for use of public property. Published in partnership with the New York Times

Small cells, the next generation of wireless technology that telecommunications firms and cell-tower builders want to place on streetlights and utility poles throughout neighborhoods nationwide. The small cells come with a host of equipment, including antennas, power supplies, electric meters, switches, cabling and boxes often strapped to the sides of poles. Some may have refrigerator-sized containers on the ground. And they will be placed about every 500 or so feet along residential streets and throughout business districts.

Telecom companies say the cells will be both unobtrusive and safe, and insist the technology is needed to bring faster internet speeds required by a more connected world.

Telecommunications companies say the current 4G network is becoming overloaded as more people stream more videos and use more data-heavy apps. The advent of driverless cars, smart homes, telemedicine and virtual-reality will create more demand on wireless networks, requiring more bandwidth and faster speeds.

An ad from AT&T shows the uses and benefits of 5G. YouTube

What’s needed, the wireless industry says, is 5G. The next generation network, still in development, is a combination of advanced hardware and standards such as distributed antenna systems, more fiber-optic cable, new data management practices and higher frequencies that will enable the network to carry more data up to 100 times faster than 4G.

5G will depend on so-called millimeter waves. These high-frequency bands, however, don’t travel as far as the signals 4G relies on and are easily blocked by walls, trees and even rain. So the network needs to be dense, with cells placed much closer together. That means way more wireless facilities. More than 300,000 cells are now in operation nationwide, and estimates for the number of small cells needed to make 5G work range from hundreds of thousands to millions more.

The rollout of 5G will be evolutionary, with the standards for the full complement of advanced technologies expected after 2020. Small cells already are being erected with 5G tests in many cities, and as that’s happened, citizens have descended on government meetings to express their anger — from Woodbury, New York; to Liberty Township, Ohio; to Charlotte; to Pasco County, Florida; to Olympia, Washington.

5G promises to generate huge profits for the wireless companies, with as much as $250 billion in service revenue expected annually by 2025. And 5G will unleash an economic boom, say supporters of pre-empting local rules. They frequently cite a report by the consulting firm Accenture, which concluded that wireless firms will invest $275 billion over the next seven years deploying small cells, creating 3 million jobs and eventually boosting the national economy by $500 billion annually.

The study appears everywhere — mentioned by FCC commissioners in speeches, cited in an official FCC docket, in wireless carriers’ comments, and in statements by the powerful Washington associations that represent them. What most don’t mention is that the study was paid for by the wireless association CTIA, one of Washington’s top lobbying spenders.

The wireless industry argues that localities’ high fees, design requirements and delays in processing permits have effectively prohibited the deployment of broadband, which they argue is a violation of federal law; they’ve asked the FCC to make that clear in reining in cities and counties.

Opponents of the FCC’s push to curtail local governments’ small-cell rules have circulated this slide created by Omar Masry, a senior analyst for the city of San Francisco.

Omar Masry, AICP via FCC

Wireless carriers and the companies that build towers for them have begun flooding city and county permitting offices with applications for attaching small cells to poles and building new ones. Cities that normally see a few dozen such applications yearly began in 2016 to get hundreds, such as Houston. Montgomery County said it had at one point more applications filed in four months than in the previous 18 years.

Wireless companies complain local governments can’t process the permits fast enough because their systems are set up to review applications for massive cell towers, not the small cells they claim are less intrusive. The process needs to move quickly, they say, because 5G requires so many more cells, and they want to beat other countries to set standards.

The FCC issued a notice in April that it would consider rules to streamline cell deployment by reducing the time cities’ and counties’ have to review applications. The agency also said it would study, with the possibility of proposing rules later, both how the FCC could limit cities’ requirements on the look and design of small cells, and if local fees to attach to poles are excessive. The FCC also asked for ways it could amend its own rules. The agency may consider the proposals by the summer.

Pai, a former attorney for Verizon, also created last year a committee of representatives mostly from the wireless industry to develop model codes that cities and counties can adopt to speed the permitting of small cells and to reduce costs to telecoms. The committee is considering proposals, which it plans to formally submit to the FCC later this spring, that run the gamut, from simply calling on cities and the wireless industry to work together to controversial recommendations such as capping what cities charge to attach to public property.

Mayor Sam Liccardo of San Jose, California, one of the few members on the committee representing local interests and who has been critical of wireless companies’ efforts to weaken local rules, resigned from the group in January, saying the wireless industry “has sought to create a set of rules that will provide it with easy access to publicly-funded infrastructure at taxpayer-subsidized rates, without any obligation to provide broadband access to underserved residents.”

In response, Pai said in a statement that the committee has “brought together 101 participants from a range of perspectives” and he looks forward to working with the committee and others “to remove regulatory barriers to broadband deployment and to extend digital opportunity to all Americans.”

Bipartisan agreement

Congress is also weighing in — in rare bipartisan fashion — on the side of the telecom firms. Numerous bills in both the Senate and House would ease regulations and fees for erecting cells on federal lands, such as a bill the Senate passed last summer that would exempt certain small-cell deployments from environmental and historic reviews. The bill, which the House has yet to consider, is sponsored by South Dakota Sen. John Thune, the Republican chairman of the Commerce, Science and Transportation committee, and Sen. Bill Nelson, D-Fla., the ranking member of the committee.

Also last year, Thune joined Democratic Sen. Brian Schatz from Hawaii to circulate a draft bill that rolls back local government control over wireless facilities including small cells, including shortening the permit review times to 60 days on applications to collocate wireless facilities and 90 days for other wireless applications — the same time frames wireless providers are asking the FCC to consider.

Sens. Roger Wicker, R-Miss., and Catherine Cortez Masto, D-Nev., introduced a bill that would exempt small cells being deployed in a public right of way from environmental and historical reviews under certain circumstances. A companion bill is in the House. Numerous other bills are moving through the House

Wicker and Thune are among the top 25 senators who have received the most campaign contributions from AT&T and Verizon since 2010, pulling in $32,500 and $30,500, respectively, according to the Center for Responsive Politics. Schatz has received $29,000 from the two carriers, the third most among senators since 2014, when he ran his first campaign.

With such bipartisan support in Congress, and with an FCC that is sympathetic to telecoms, cities view their control over small cells as slipping away. That leaves people like King resigned to what is coming.

“A Russian woman stood up to speak at one of these public meetings, and she said that when she lived in Russia, the government slam dunked her and she had no say,” King said. “Now she lives in the United States of America, where she’s getting slam dunked by the government and she has no say. That gives you a window into what’s going on here.”

Do the Russians have the Voting Machines Source Codes?

Posted on March 8, 2018March 8, 2018 by Denise Simon

On February 28th, the Senate asks what NSA and Cyber Command are doing about Russian election interference. Admiral Rogers’s answer, in brief, is that his organizations lack the authorities to do much (that he can openly discuss, that is).

US senator grills CEO over the myth of the hacker-proof voting machine

Nation’s biggest voting machine maker reportedly relies on remote-access software.

WASHINGTON (Reuters) – Two Democratic senators on Wednesday asked major vendors of U.S. voting equipment whether they have allowed Russian entities to scrutinize their software, saying the practice could allow Moscow to hack into American elections infrastructure.

The letter from Senators Amy Klobuchar and Jeanne Shaheen followed a series of Reuters reports saying that several major global technology providers have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government.

The senators requested that the three largest election equipment vendors – Election Systems & Software, Dominion Voting Systems and Hart Intercivic – answer whether they have shared source code, or inner workings, or other sensitive data about their technology with any Russian entity.

They also asked whether any software on those companies’ products had been shared with Russia and for the vendors to explain what steps they have taken to improve the security of those products against cyber threats to the election.

The vendors could not immediately be reached for comment. It was not immediately clear whether any of the vendors had made sales in Russia, where votes are submitted via written ballots and usually counted by hand.

“According to voting machine testing and certification from the Election Assistance Commission, most voting machines contain software from firms which were alleged to have shared their source code with Russian entities,” the senators wrote. “We are deeply concerned that such reviews may have presented an opportunity for Russian intelligence agents looking to attack or hack the United States’ elections infrastructure.”

U.S. voters in November will go to the polls in midterm elections, which American intelligence officials have warned could be targeted by Russia or others seeking to disrupt the process.

There is intense scrutiny of the security of U.S. election systems after a 2016 presidential race in which Russia interfered, according to American intelligence agencies, to try to help Donald Trump win with presidency. Trump in the past has been publicly skeptical about Russian election meddling, and Russia has denied the allegations.

Twenty-one states experienced probing of their systems by Russian hackers during the 2016 election, according to U.S. officials.

Though a small number of networks were compromised, voting machines were not directly affected and there remains no evidence any vote was altered, according to U.S. officials and security experts.

Related reading:

Top intel official says US hasn’t deterred Russian meddling (Fifth Domain) “I believe that President (Vladimir) Putin has clearly come to the conclusion that there’s little price to pay and that therefore, ‘I can continue this activity,‘” Adm. Mike Rogers, director of both the U.S. Cyber Command and the National Security Agency, told Congress.

Senators: Cyber Command should disrupt Russian influence campaigns (Fifth Domain) Senators pressed Cyber Command on how they can use their national mission force to combat Russian cyber intrusions.

Rogers: CyberCom lacks authority, resources to defend all of cyberspace (FCW) The outgoing NSA and U.S. Cyber Command chief told lawmakers CyberCom is not sitting on its hands when it comes to potential Russian cyber interference, but it lacks the authority to do more absent additional presidential direction.

NSA: Trump’s Lukewarm Response on Russia Will Embolden Putin (Infosecurity Magazine) NSA: Trump’s Lukewarm Response on Russia Will Embolden Putin. Expect more election interference, Cyber Command boss warns

Decoding NSA director Mike Rogers’ comments on countering Russian cyberattacks (Washington Examiner) It’s not as simple as ‘I’m not authorized to do anything.’

*** Footnotes:

Electronic Systems and Software:

1. In 2014, ES&S claimed that “in the past decade alone,” it had installed more than 260,000 voting systems, more than 15,000 electronic poll books, provided services to more than 75,000 elections. The company has installed statewide voting systems in Alabama, Arkansas, Georgia, Idaho, Iowa, Maine, Maryland, Minnesota, Mississippi, Montana, Nebraska, New Mexico, North Carolina, North Dakota, Rhode Island, South Carolina, South Dakota, and West Virginia. ES&S claims a U.S. market share of more than 60 percent in customer voting system installations.

The company maintains 10 facilities in the United States, two field offices in Canada (Pickering, Ontario; and Vancouver, British Columbia) and a warehouse in Jackson, Mississippi.

2. Dominion Voting Systems is a global provider of end-to-end election tabulation solutions and services. The company’s international headquarters are in Toronto, Canada, and its U.S. headquarters are in Denver, Colorado. Dominion Voting also maintains a number of additional offices and facilities in the U.S. and Europe.

Dominion’s technology is currently used in 33 U.S. states, including more than 2,000 customer jurisdictions. The company also has 100+ municipal customers in Canada.

3. Hart InterCivic Inc. is a privately held United States company that provides elections, and print solutions to jurisdictions nationwide. While headquartered in Austin, Texas, Hart products are used by hundreds of jurisdictions nationwide, including counties in Texas, the entire states of Hawaii and Oklahoma, half of Washington and Colorado, and certain counties in Ohio, California, Idaho, Illinois, Indiana, Kentucky, Oregon, Pennsylvania, and Virginia.

Hart entered the elections industry in 1912, printing ballots for Texas counties. (Side note: As Republican and Democratic state legislators hustle to pass a law moving Georgia toward paper ballot voting technology, election integrity advocates said they’re concerned a bill that already cleared the state Senate could lead to a new vulnerability in Georgia’s next voting system, if it becomes law.

One way a new system might work is through a touchscreen computer similar to those currently used in Georgia. It would print a paper ballot with a visual representation of a voter’s choices so they themselves can check for accuracy.

In some systems, counting the votes means scanning an entire image of the ballot that may include a timestamp and precinct information.

In other systems, barcodes or QR codes on a ballot would correspond with the voter’s choices, which can make counting easier and faster for election officials, said Peter Lichtenheld, vice president of operations with Hart Intercivic, one of several election technology companies that hired lobbyists at the statehouse this year.)

*** The text of the letter to the three vendors is below:

The full text of the senators’ letter is below:

Dear Mr. Braithwaite, Mr. Burt, and Mr. Poulos:

Recent reports of U.S. IT and software companies submitting to source code reviews in order to access foreign markets have raised concern in Congress given the sensitivity of the information requested by countries like China and the Russian Federation. As such, we write to inquire about the security of the voting machines you manufacture and whether your company has been asked to share the source code or other sensitive or proprietary details associated with your voting machines with the Russian Federation.

The U.S. intelligence community has confirmed that Russia interfered with the 2016 presidential elections. As a part of a multi-pronged effort, Russian actors attempted to hack a U.S. voting software company and at least 21 states’ election systems. According to the Chicago Board of Elections, information on thousands of American voters was exposed after an attack on their voter registration system.

Foreign access to critical source code information and sensitive data continues to be an often overlooked vulnerability. The U.S. government and Congress have recently taken steps to address some cyber vulnerabilities, including by banning the use Kaspersky Lab, a Moscow-based cybersecurity firm that has maintained a relationship with Russia’s military and intelligence sectors, from all U.S. government computers. Now, we must also ensure the security of our voting machines and associated software.

Recent reports indicate that U.S. based firms operating on U.S. government platforms gave Russian authorities access to their software. In order to sell their software within Russia, these companies allowed Russian authorities to review their source code for flaws that could be exploited. While some companies maintain this practice is necessary to find defects in software code, experts have warned that it could jeopardize the security of U.S. government computers if these reviews are conducted by hostile actors or nations. U.S. tech companies, the Pentagon, former U.S. security officials, and a former U.S. Department of Commerce official with knowledge of the source code review process have expressed concerns with this practice.

In addition, Russia’s requests for source code reviews have increased. According to eight current and former U.S. officials, four company executives, three U.S. trade attorneys, and Russian regulatory documents, between 1996 and 2013 Russia conducted reviews for 13 technology products from Western companies, but has conducted 28 such reviews in the past three years alone.

As the three largest election equipment vendors, your companies provide voting machines and software used by ninety-two percent of the eligible voting population in the U.S. According to voting machine testing and certification from the Election Assistance Commission, most voting machines contain software from firms which were alleged to have shared their source code with Russian entities. We are deeply concerned that such reviews may have presented an opportunity for Russian intelligence agents looking to attack or hack the United States’ elections infrastructure. Further, if such vulnerabilities are not quickly examined and mitigated, future elections will also remain vulnerable to attack.

In order to help the security and integrity of our systems and to understand the scope of any potential access points into our elections infrastructure, we respectfully request answers to the following questions:

Have you shared your source code or any other sensitive data related to your voting machines or other products with any Russian entity?
To your knowledge, has any of the software that runs on your products been shared with any Russian entity?
What steps have you taken or will you take in order to upgrade existing technologies in light of the increased threat against our elections?

The 2018 election season is upon us. Primaries have already begun and time is of the essence to ensure any security vulnerabilities are addressed before 2018 and 2020.

Thank you for your attention to this matter, and we look forward to working with you to secure our elections.

Sincerely,

Seems the FBI Loves Best Buy’s Geek Squad, Hello Strzok?

Posted on March 7, 2018March 7, 2018 by Denise Simon

Now many of the emails I receive about certain FBI cases make sense.

*** The document referring to the FBI tour of the Geek Squad facility in Kentucky.

Image result for geek squad repair facility kentucky photo and more details

After the prosecution of a California doctor revealed the FBI’s ties to a Best Buy Geek Squad computer repair facility in Kentucky, new documents released to EFF show that the relationship goes back years. The records also confirm that the FBI has paid Geek Squad employees as informants.

EFF filed a Freedom of Information Act (FOIA) lawsuit last year to learn more about how the FBI uses Geek Squad employees to flag illegal material when people pay Best Buy to repair their computers. The relationship potentially circumvents computer owners’ Fourth Amendment rights.

The documents released to EFF show that Best Buy officials have enjoyed a particularly close relationship with the agency for at least 10 years. For example, an FBI memo from September 2008 details how Best Buy hosted a meeting of the agency’s “Cyber Working Group” at the company’s Kentucky repair facility.

The memo and a related email show that Geek Squad employees also gave FBI officials a tour of the facility before their meeting and makes clear that the law enforcement agency’s Louisville Division “has maintained close liaison with the Geek Squad’s management in an effort to glean case initiations and to support the division’s Computer Intrusion and Cyber Crime programs.”

Another document records a $500 payment from the FBI to a confidential Geek Squad informant. This appears to be one of the same payments at issue in the prosecution of Mark Rettenmaier, the California doctor who was charged with possession of child pornography after Best Buy sent his computer to the Kentucky Geek Squad repair facility.

Other documents show that over the years of working with Geek Squad employees, FBI agents developed a process for investigating and prosecuting people who sent their devices to the Geek Squad for repairs. The documents detail a series of FBI investigations in which a Geek Squad employee would call the FBI’s Louisville field office after finding what they believed was child pornography.

The FBI agent would show up, review the images or video and determine whether they believe they are illegal content. After that, they would seize the hard drive or computer and send it to another FBI field office near where the owner of the device lived. Agents at that local FBI office would then investigate further, and in some cases try to obtain a warrant to search the device.

Some of these reports indicate that the FBI treated Geek Squad employees as informants, identifying them as “CHS,” which is shorthand for confidential human sources. In other cases, the FBI identifies the initial calls as coming from Best Buy employees, raising questions as to whether certain employees had different relationships with the FBI.

In the case of the investigation into Rettenmaier’s computers, the documents released to EFF do not appear to have been made public in that prosecution. These raise additional questions about the level of cooperation between the company and law enforcement.

For example, documents reflect that Geek Squad employees only alert the FBI when they happen to find illegal materials during a manual search of images on a device and that the FBI does not direct those employees to actively find illegal content.

But some evidence in the case appears to show Geek Squad employees did make an affirmative effort to identify illegal material. For example, the image found on Rettenmaier’s hard drive was in an unallocated space, which typically requires forensic software to find. Other evidence showed that Geek Squad employees were financially rewarded for finding child pornography. Such a bounty would likely encourage Geek Squad employees to actively sweep for suspicious content.

Although these documents provide new details about the FBI’s connection to Geek Squad and its Kentucky repair facility, the FBI has withheld a number of other documents in response to our FOIA suit. Worse, the FBI has refused to confirm or deny to EFF whether it has similar relationships with other computer repair facilities or businesses, despite our FOIA specifically requesting those records. The FBI has also failed to produce documents that would show whether the agency has any internal procedures or training materials that govern when agents seek to cultivate informants at computer repair facilities.

We plan to challenge the FBI’s stonewalling in court later this spring. In the meantime, you can read the documents produced so far here and here.