An affordable price is probably the major benefit persuading people to buy drugs at www.americanbestpills.com. The cost of medications in Canadian drugstores is considerably lower than anywhere else simply because the medications here are oriented on international customers. In many cases, you will be able to cut your costs to a great extent and probably even save up a big fortune on your prescription drugs. What's more, pharmacies of Canada offer free-of-charge shipping, which is a convenient addition to all other benefits on offer. Cheap price is especially appealing to those users who are tight on a budget
Service Quality and Reputation
Although some believe that buying online is buying a pig in the poke, it is not. Canadian online pharmacies are excellent sources of information and are open for discussions. There one can read tons of users' feedback, where they share their experience of using a particular pharmacy, say what they like or do not like about the drugs and/or service. Reputable online pharmacy canadianrxon.com take this feedback into consideration and rely on it as a kind of expert advice, which helps them constantly improve they service and ensure that their clients buy safe and effective drugs. Last, but not least is their striving to attract professional doctors. As a result, users can directly contact a qualified doctor and ask whatever questions they have about a particular drug. Most likely, a doctor will ask several questions about the condition, for which the drug is going to be used. Based on this information, he or she will advise to use or not to use this medication.
Peter Smith and Michael Flynn knew each other and communicated often. Peter Smith was 81 years old when he died, but what does Flynn have when it comes to 30,000 emails that Hillary deleted? Once Smith was able to located Russian hackers that admitted hacking Hillary’s emails, the question is where are they and why were they never published?
Performing attribution, ensuring they are real, confirming they have not been doctored is the challenge, after all Russians are in the equation. However, cyber experts performing the review have an above 90% certainty. Peter Smith was not associated at all with any part of the Trump camp but did support his race for the White House.
Meanwhile, special council Robert Mueller and his team are likely passing out subpoenas to get all the pieces of the electronic trail on this.
Peter Smith/NYDailyNews
Humm…let’s go deeper for background and context. Once you read below, you will have thousands of questions and some are answered here in the follow up podcast with the WSJ journalist that broke the story.
The Wall Street Journal describes how one Trump supporter reached out to hackers — and dropped Flynn’s name.
A tantalizing new report from Shane Harris of the Wall Street Journal gives the strongest indication yet that collusion may have occurred — or was at least attempted — between supporters of Donald Trump’s 2016 presidential campaign and Russian hackers who targeted Democrats’ emails.
And it raises serious questions about whether fired National Security Adviser Michael Flynn was involved in these efforts to contact hackers.
Harris describes an effort by Peter Smith, a Trump-supporting GOP operative and private equity executive, to track down Hillary Clinton’s infamous 30,000 or so deleted emails during the fall of 2016.
The effort, described on the record to Harris by Smith (the 81-year old man died a week and a half after their interview), entailed outreach to several hacker groups, including at least two that Smith believed to be Russian-tied, to see if they had hacked the emails and could release them.
The emails — which Clinton said she deleted because they were personal and unrelated to her work as secretary of state — never surfaced. And Smith didn’t work for the Trump campaign.
But this new report could be especially significant because of one name that keeps coming up: Michael Flynn, who at the time was advising the Trump campaign.
Smith repeatedly claimed that he was in contact with Flynn about the effort to find Clinton’s emails, per Harris’s sources.
“He said, ‘I’m talking to Michael Flynn about this — if you find anything, can you let me know?’” said Eric York, a computer-security expert from Atlanta who searched hacker forums on Mr. Smith’s behalf for people who might have access to the emails. …
… In phone conversations, Mr. Smith told a computer expert he was in direct contact with Mr. Flynn and his son, according to this expert. … The expert said that based on his conversations with Mr. Smith, he understood the elder Mr. Flynn to be coordinating with Mr. Smith’s group in his capacity as a Trump campaign adviser.
Furthermore, Harris describes, apparently for the first time, US intelligence reports claiming Russian hackers discussed how to get hacked emails to Flynn through a third party.
Investigators have examined reports from intelligence agencies that describe Russian hackers discussing how to obtain emails from Mrs. Clinton’s server and then transmit them to Mr. Flynn via an intermediary, according to U.S. officials with knowledge of the intelligence.
If accurate, all this is enough to raise serious questions about just what Flynn knew about this or any other attempted outreach to Russian hackers.
How this story fits into the timeline of the hackings
It’s no secret that Trump wanted someone to find Clinton’s deleted emails — he said as much publicly.
To recap: When word got out that Clinton had used a personal email account for all her work at the State Department, she agreed to hand over the work-related emails on that account to government investigators. But it turned out that she had previously deemed about 32,000 emails (about half of the total) to be “personal” rather than work-related, and deleted them.
Many conservatives didn’t take Clinton’s explanation for why she deleted the emails at face value, and questioned whether the deleted emails could have included some incriminating information that might reveal scandalous behavior of some kind. One of those Republicans was Trump, who repeatedly referenced the deleted emails on the campaign trail.
In July 2016, hacked emails from the Democratic National Committee were publicly released, and the hacks were thought to be the work of Russia. And at the time, Trump said in public that he hoped there would be email releases to come — including Clinton’s deleted ones.
“Russia, if you’re listening, I hope you’re about to find the 30,000 [Hillary Clinton] emails that are missing,” he said at a press conference. “I think you will probably be rewarded mightily by our press. Let’s see if that happens. That will be next.”
A few months after this, in fall 2016, Peter Smith launched the effort reported by the Journal to try to get the emails from hacking groups that he thought might have them — including hacking groups he understood to be tied to the Russian government.
Again, though, it seems that no one did have Clinton’s deleted emails. The biggest Russia-linked email hacks and dumps involved the DNC accounts (released in July 2016) and Clinton campaign chair John Podesta’s emails (released in October 2016), but no emails from Clinton’s own server.
Michael Flynn’s potential involvement could be highly significant
Still, one major question has always been whether any Trump associates were involved in these or other hacking efforts.
There’s been a whole lot of evidence that several Trump associates (including Flynn) had ties to Russian officials, and of course it was clear that Trump’s public policies were far more pro-Russia than the Republican norm.
But there really hasn’t been very much evidence tying anyone in Trumpworld to any hacking — making it plausible that the hacking operations were carried out without any coordination or contacts with anyone in Trump’s camp.
Harris’s story changes that somewhat. Now we know of Smith’s outreach to Russian hackers — and, more importantly, his claims that Flynn (who was close to Trump) may have known too. And there’s that other claim that US intelligence suggests Russian hackers were discussing giving hacked emails to Flynn. Where would they get that idea?
Any involvement from Flynn could be quite significant. He’s known to have had many contacts with Russian officials, and he advised Trump on foreign policy matters during the presidential campaign.
Afterward, Trump named him national security adviser. But he didn’t last long in the post, resigning in February due to controversy over whether he falsely described his contacts with Russian Ambassador Sergey Kislyak during the transition.
By then, the White House had been told that Flynn was under federal investigation. And then-FBI Director James Comey has since testified that the day after Flynn’s firing, President Trump took him aside and told him, “I hope you can see your way clear to letting this go, to letting Flynn go. He is a good guy. I hope you can let this go.”
So Trump has already been trying to shield Flynn from investigators — making the question of just what Flynn might know ever more interesting, and one that will certainly be on special counsel Robert Mueller’s mind.
Well, at least two Supreme Court judges were angry enough to write an opinion blasting the court’s rejection to hear the challenge to the 2nd Amendment regarding the right to carry a weapon outside the home.
FNC: Justices Clarence Thomas and Neil Gorsuch issued a scathing dissent Monday to a Supreme Court decision turning away yet another gun rights case.
On a busy morning of decisions, the court on Monday rejected a challenge out of California regarding the right to carry guns outside their homes, leaving in place a San Diego sheriff’s strict limits on issuing permits for concealed weapons.
But Thomas, in a dissent joined by Gorsuch, countered that the case raises “important questions” – and warned that Second Amendment disputes aren’t getting the attention they deserve from the Supreme Court.
“The Court’s decision … reflects a distressing trend: the treatment of the Second Amendment as a disfavored right,” they wrote.
The case in question involved a San Diego man who said state and county policies requiring “good cause” — a specific reason or justifiable need to legally carry a concealed weapon — were too restrictive. A federal appeals court had ruled for the state, and now those restrictions will stay in place.
But Thomas and Gorsuch – the court’s newest member – called the appeals court’s decision to limit its review only to the “good cause” provision “indefensible.”
“The Court has not heard argument in a Second Amendment case in over seven years,” they wrote. “… This discrepancy is inexcusable, especially given how much less developed our jurisprudence is with respect to the Second Amendment as compared to the First and Fourth Amendments.”
The justices concluded by warning the court is in danger of acting dismissive toward the right to bear arms:
“For those of us who work in marbled halls, guarded constantly by a vigilant and dedicated police force, the guarantees of the Second Amendment might seem antiquated and superfluous. But the Framers made a clear choice: They reserved to all Americans the right to bear arms for self-defense. I do not think we should stand by idly while a State denies its citizens that right, particularly when their very lives may depend on it. I respectfully dissent.”
The high court decided in 2008 that the Constitution guarantees the right to a gun, at least for self-defense at home.
But the justices have refused repeated pleas to spell out the extent of gun rights in the United States, allowing permit restrictions and assault weapons bans to remain in effect in some cities and states.
More than 40 states already broadly allow gun owners to be armed in public.
The high court also turned away a second case involving guns and the federal law that bars people convicted of crimes from owning guns.
The Trump administration had urged the court to review an appellate ruling that restored the rights of two men who had been convicted of non-violent crimes to own guns.
The federal appeals court in Philadelphia ruled for the two men. The crimes were classified as misdemeanors, which typically are less serious, but carried potential prison sentences of more than a year. Such prison terms typically are for felonies, more serious crimes.
The administration says that the court should have upheld the blanket prohibition on gun ownership in the federal law and rejected case-by-case challenges.
Justices Ruth Bader Ginsburg and Sonia Sotomayor said they would have heard the administration’s appeal.
*** BusinessInsider
The petition for a writ of certiorari is denied.
JUSTICE THOMAS, with whom JUSTICE GORSUCH joins, dissenting from the denial of certiorari.
The Second Amendment to the Constitution guarantees that “the right of the people to keep and bear Arm[s] shall not be infringed.” At issue in this case is whether that guarantee protects the right to carry firearms in public for self-defense. Neither party disputes that the issue is one of national importance or that the courts of appeals have already weighed in extensively. I would therefore grant the petition for a writ of certiorari.
I California generally prohibits the average citizen from carrying a firearm in public spaces, either openly or concealed. With a few limited exceptions, the State prohibits open carry altogether. Cal. Penal Code Ann. §§25850, 26350 (West 2012). It proscribes concealed carry unless a resident obtains a license by showing “good cause,” among other criteria, §§26150, 26155, and it authorizes counties to set rules for when an applicant has shown good cause,§26160.In the county where petitioners reside, the sheriff has interpreted “good cause” to require an applicant to show that he has a particularized need, substantiated by documentary evidence, to carry a firearm for self-defense. The sheriff ’s policy specifies that “concern for one’s personal safety” does not “alone” satisfy this requirement.
(internal quotation marks omitted). Instead, an applicant must show “a set of circumstances that distinguish the applicant from the mainstream and cause him to be placed in harm’s way.” Id., at 1169 (internal quotation marks and alterations omitted). “[A] typical citizen fearing for his personal safety—by definition—cannot distinguish himself from the mainstream.” Ibid. (emphasis deleted; internal quotation marks and alterations omitted). As a result, ordinary, “law-abiding, responsible citizens,” District of Columbia v. Heller, 554 U. S. 570, 635 (2008), may not obtain a permit for concealed carry of a firearm in public spaces.
Petitioners are residents of San Diego County (plus an association with numerous county residents as members)who are unable to obtain a license for concealed carry due to the county’s policy and, because the State generally bans open carry, are thus unable to bear firearms in public in any manner. They sued under Rev. Stat. §1979, 42
U. S. C. §1983, alleging that this near-total prohibition on public carry violates their Second Amendment right to bear arms. They requested declaratory and injunctive relief to prevent the sheriff from denying licenses based on his restrictive interpretation of “good cause,” as well as other “relief as the Court deems just and proper.” First Amended Complaint in No. 3:09–cv–02371, (SD Cal.) ¶¶149, 150, 152. The District Court granted respondents’ motion for summary judgment, and petitioners appealed to the Ninth Circuit.
In a thorough opinion, a panel of the Ninth Circuit reversed. 742 F. 3d 1144. The panel examined the constitutional text and this Court’s precedents, as well as historical sources from before the founding era through the end of the 19th century. Id., at 1150–1166. Based on these sources, the court concluded that “the carrying of an operable handgun outside the home for the lawful purpose of self-defense . . . constitutes ‘bear[ing] Arms’ within the meaning of the Second Amendment.” Id., at 1166. It thus reversed the District Court and held that the sheriff ’s interpretation of “good cause” in combination with the other aspects of the State’s regime violated the Second Amendment’s command that a State “permit some form of carry for self-defense outside the home.” Id., at 1172.
The Ninth Circuit sua sponte granted rehearing en banc and, by a divided court, reversed the panel decision. In the en banc court’s view, because petitioners specifically asked for the invalidation of the sheriff ’s “good cause” interpretation, their legal challenge was limited to that aspect of the applicable regulatory scheme. The court thus declined to “answer the question of whether or to what degree the Second Amendment might or might not protect a right of a member of the general public to carry firearms openly in public.” Peruta v. County of San Diego, 824
F. 3d 919, 942 (2016). It instead held only that “the Second Amendment does not preserve or protect a right of a member of the general public to carry concealed firearms in public.” Id., at 924 (emphasis added).
Inside and outside cyber experts are making attributions to Russia.
The Russian government is suspected of being behind a cyber-attack on parliament that breached dozens of email accounts belonging to MPs and peers.
Although the investigation is at an early stage and the identity of those responsible may prove impossible to establish with absolute certainty, Moscow is deemed the most likely culprit.
The British security services believe that responsibility for the attack is more likely to lie with another state rather than a small group of individual hackers.
The number of states who might mount such an attack on the UK is limited, and, in addition to Russia, includes North Korea, China and Iran.
A security source said: “It was a brute force attack. It appears to have been state-sponsored.”
“The nature of cyber-attacks means it is notoriously difficult to attribute an incident to a specific actor.”
MPs contacted by the Guardian said the immediate suspicion had fallen upon foreign governments such as Russia and North Korea, both of which have been accused of being behind hacking attempts in the UK before. More from the Guardian.
BBC: Up to 90 email accounts were compromised during the cyber-attack on Parliament on Friday.
Fewer than 1% of the 9,000 users of the IT system were impacted by the hacking, said a parliamentary spokesman.
The hack prompted officials to disable remote access to the emails of MPs, peers and their staff as a safeguard.
The spokesman said the attack was a result of “weak passwords” and an investigation is under way to determine whether any data has been lost.
Both Houses of Parliament will meet as planned on Monday and plans are being put in place to allow it to resume its wider IT services, said officials.
A number of MPs confirmed to the BBC they were unable to access their parliamentary email accounts outside of the Westminster estate following the hacking.
‘Passwords for sale’
The spokesman said the parliamentary network was compromised due to “weak passwords” which did not conform to guidance from the Parliamentary Digital Service.
They added: “As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way.”
The incident comes just over a month after 48 of England’s NHS trusts were hit by a cyber-attack.
International Trade Secretary Liam Fox said: “We have seen reports in the last few days of even cabinet ministers’ passwords being for sale online.
“We know that our public services are attacked so it is not at all surprising that there should be an attempt to hack into parliamentary emails.
“And it’s a warning to everybody, whether they are in Parliament or elsewhere, that they need to do everything possible to maintain their own cyber-security.”
The latest attack was publicly revealed by Liberal Democrat peer Lord Rennard on Twitter as he asked his followers to send any “urgent messages” to him by text.
The National Cyber Security Centre and National Crime Agency are investigating the incident.
WASHINGTON — CIA Director Mike Pompeo says he thinks disclosure of America’s secret intelligence is on the rise, fueled partly by the “worship” of leakers like Edward Snowden.
“In some ways, I do think it’s accelerated,” Pompeo told MSNBC in an interview that aired Saturday. “I think there is a phenomenon, the worship of Edward Snowden, and those who steal American secrets for the purpose of self-aggrandizement or money or for whatever their motivation may be, does seem to be on the increase.”
Pompeo said the United States needs to redouble its efforts to stem leaks of classified information. More here.
***
A Cyberattack ‘the World Isn’t Ready For’
Golan Ben-Oni, of the IDT Corporation, which was attacked in April with two cyberweapons stolen from the National Security Agency. Justin T. Gellerson for The New York Times
NEWARK — There have been times over the last two months when Golan Ben-Oni has felt like a voice in the wilderness.
On April 29, someone hit his employer, IDT Corporation, with two cyberweapons that had been stolen from the National Security Agency. Mr. Ben-Oni, the global chief information officer at IDT, was able to fend them off, but the attack left him distraught.
In 22 years of dealing with hackers of every sort, he had never seen anything like it. Who was behind it? How did they evade all of his defenses? How many others had been attacked but did not know it?
Since then, Mr. Ben-Oni has been sounding alarm bells, calling anyone who will listen at the White House, the Federal Bureau of Investigation, the New Jersey attorney general’s office and the top cybersecurity companies in the country to warn them about an attack that may still be invisibly striking victims undetected around the world.
And he is determined to track down whoever did it.
“I don’t pursue every attacker, just the ones that piss me off,” Mr. Ben-Oni told me recently over lentils in his office, which was strewn with empty Red Bull cans. “This pissed me off and, more importantly, it pissed my wife off, which is the real litmus test.”
Two weeks after IDT was hit, the cyberattack known as WannaCry ravaged computers at hospitals in England, universities in China, rail systems in Germany, even auto plants in Japan. No doubt it was destructive. But what Mr. Ben-Oni had witnessed was much worse, and with all eyes on the WannaCry destruction, few seemed to be paying attention to the attack on IDT’s systems — and most likely others around the world.
The strike on IDT, a conglomerate with headquarters in a nondescript gray building here with views of the Manhattan skyline 15 miles away, was similar to WannaCry in one way: Hackers locked up IDT data and demanded a ransom to unlock it.
But the ransom demand was just a smoke screen for a far more invasive attack that stole employee credentials. With those credentials in hand, hackers could have run free through the company’s computer network, taking confidential information or destroying machines.
Worse, the assault, which has never been reported before, was not spotted by some of the nation’s leading cybersecurity products, the top security engineers at its biggest tech companies, government intelligence analysts or the F.B.I., which remains consumed with the WannaCry attack.
Were it not for a digital black box that recorded everything on IDT’s network, along with Mr. Ben-Oni’s tenacity, the attack might have gone unnoticed.
Scans for the two hacking tools used against IDT indicate that the company is not alone. In fact, tens of thousands of computer systems all over the world have been “backdoored” by the same N.S.A. weapons. Mr. Ben-Oni and other security researchers worry that many of those other infected computers are connected to transportation networks, hospitals, water treatment plants and other utilities.
An attack on those systems, they warn, could put lives at risk. And Mr. Ben-Oni, fortified with adrenaline, Red Bull and the house beats of Deadmau5, the Canadian record producer, said he would not stop until the attacks had been shut down and those responsible were behind bars.
“The world is burning about WannaCry, but this is a nuclear bomb compared to WannaCry,” Mr. Ben-Oni said. “This is different. It’s a lot worse. It steals credentials. You can’t catch it, and it’s happening right under our noses.”
And, he added, “The world isn’t ready for this.”
Targeting the Nerve Center
Mr. Ben-Oni, 43, a Hasidic Jew, is a slight man with smiling eyes, a thick beard and a hacker’s penchant for mischief. He grew up in the hills of Berkeley, Calif., the son of Israeli immigrants.
Even as a toddler, Mr. Ben-Oni’s mother said, he was not interested in toys. She had to take him to the local junkyard to scour for typewriters that he would eventually dismantle on the living room floor. As a teenager, he aspired to become a rabbi but spent most of his free time hacking computers at the University of California, Berkeley, where his exploits once accidentally took down Belgium’s entire phone system for 15 minutes.
To his parents’ horror, he dropped out of college to pursue his love of hacking full time, starting a security company to help the city of Berkeley and two nearby communities, Alameda and Novato, set up secure computer networks.
He had a knack for the technical work, but not the marketing, and found it difficult to get new clients. So at age 19, he crossed the country and took a job at IDT, back when the company was a low-profile long-distance service provider.
As IDT started acquiring and spinning off an eclectic list of ventures, Mr. Ben-Oni found himself responsible for securing shale oil projects in Mongolia and the Golan Heights, a “Star Trek” comic books company, a project to cure cancer, a yeshiva university that trains underprivileged students in cybersecurity, and a small mobile company that Verizon recently acquired for $3.1 billion.
Which is to say he has encountered hundreds of thousands of hackers of every stripe, motivation and skill level. He eventually started a security business, IOSecurity, under IDT, to share some of the technical tools he had developed to keep IDT’s many businesses secure. By Mr. Ben-Oni’s estimate, IDT experiences hundreds of attacks a day on its businesses, but perhaps only four each year give him pause.
Nothing compared to the attack that struck in April. Like the WannaCry attack in May, the assault on IDT relied on cyberweapons developed by the N.S.A. that were leaked online in April by a mysterious group of hackers calling themselves the Shadow Brokers — alternately believed to be Russia-backed cybercriminals, an N.S.A. mole, or both.
The WannaCry attack — which the N.S.A. and security researchers have tiedto North Korea — employed one N.S.A. cyberweapon; the IDT assault used two.
Both WannaCry and the IDT attack used a hacking tool the agency had code-named EternalBlue. The tool took advantage of unpatched Microsoft servers to automatically spread malware from one server to another, so that within 24 hours North Korea’s hackers had spread their ransomware to more than 200,000 servers around the globe.
The attack on IDT went a step further with another stolen N.S.A. cyberweapon, called DoublePulsar. The N.S.A. used DoublePulsar to penetrate computer systems without tripping security alarms. It allowed N.S.A. spies to inject their tools into the nerve center of a target’s computer system, called the kernel, which manages communications between a computer’s hardware and its software.
In the pecking order of a computer system, the kernel is at the very top, allowing anyone with secret access to it to take full control of a machine. It is also a dangerous blind spot for most security software, allowing attackers to do what they want and go unnoticed. In IDT’s case, attackers used DoublePulsar to steal an IDT contractor’s credentials. Then they deployed ransomware in what appears to be a cover for their real motive: broader access to IDT’s businesses.
Mr. Ben-Oni learned of the attack only when a contractor, working from home, switched on her computer to find that all her data had been encrypted and that attackers were demanding a ransom to unlock it. He might have assumed that this was a simple case of ransomware.
But the attack struck Mr. Ben-Oni as unique. For one thing, it was timed perfectly to the Sabbath. Attackers entered IDT’s network at 6 p.m. on Saturday on the dot, two and a half hours before the Sabbath would end and when most of IDT’s employees — 40 percent of whom identify as Orthodox Jews — would be off the clock. For another, the attackers compromised the contractor’s computer through her home modem — strange.
The black box of sorts, a network recording device made by the Israeli security company Secdo, shows that the ransomware was installed after the attackers had made off with the contractor’s credentials. And they managed to bypass every major security detection mechanism along the way. Finally, before they left, they encrypted her computer with ransomware, demanding $130 to unlock it, to cover up the more invasive attack on her computer.
Mr. Ben-Oni estimates that he has spoken to 107 security experts and researchers about the attack, including the chief executives of nearly every major security company and the heads of threat intelligence at Google, Microsoft and Amazon.
With the exception of Amazon, which found that some of its customers’ computers had been scanned by the same computer that hit IDT, no one had seen any trace of the attack before Mr. Ben-Oni notified them. The New York Times confirmed Mr. Ben-Oni’s account via written summaries provided by Palo Alto Networks, Intel’s McAfee and other security firms he used and asked to investigate the attack.
“I started to get the sense that we were the canary,” he said. “But we recorded it.”
Since IDT was hit, Mr. Ben-Oni has contacted everyone in his Rolodex to warn them of an attack that could still be worming its way, undetected, through victims’ systems.
“Time is burning,” Mr. Ben-Oni said. “Understand, this is really a war — with offense on one side, and institutions, organizations and schools on the other, defending against an unknown adversary.”
‘No One Is Running Point’
Since the Shadow Brokers leaked dozens of coveted attack tools in April, hospitals, schools, cities, police departments and companies around the world have largely been left to fend for themselves against weapons developed by the world’s most sophisticated attacker: the N.S.A.
A month earlier, Microsoft had issued a software patch to defend against the N.S.A. hacking tools — suggesting that the agency tipped the company off to what was coming. Microsoft regularly credits those who point out vulnerabilities in its products, but in this case the company made no mention of the tipster. Later, when the WannaCry attack hit hundreds of thousands of Microsoft customers, Microsoft’s president, Brad Smith, slammed the government in a blog post for hoarding and stockpiling security vulnerabilities.
For his part, Mr. Ben-Oni said he had rolled out Microsoft’s patches as soon as they became available, but attackers still managed to get in through the IDT contractor’s home modem.
Six years ago, Mr. Ben-Oni had a chance meeting with an N.S.A. employee at a conference and asked him how to defend against modern-day cyberthreats. The N.S.A. employee advised him to “run three of everything”: three firewalls, three antivirus solutions, three intrusion detection systems. And so he did.
But in this case, modern-day detection systems created by Cylance, McAfee and Microsoft and patching systems by Tanium did not catch the attack on IDT. Nor did any of the 128 publicly available threat intelligence feeds that IDT subscribes to. Even the 10 threat intelligence feeds that his organization spends a half-million dollars on annually for urgent information failed to report it. He has since threatened to return their products.
“Our industry likes to work on known problems,” Mr. Ben-Oni said. “This is an unknown problem. We’re not ready for this.”
No one he has spoken to knows whether they have been hit, but just this month, restaurants across the United States reported being hit with similar attacks that were undetected by antivirus systems. There are now YouTube videos showing criminals how to attack systems using the very same N.S.A. tools used against IDT, and Metasploit, an automated hacking tool, now allows anyone to carry out these attacks with the click of a button.
Worse still, Mr. Ben-Oni said, “No one is running point on this.”
Last month, he personally briefed the F.B.I. analyst in charge of investigating the WannaCry attack. He was told that the agency had been specifically tasked with WannaCry, and that even though the attack on his company was more invasive and sophisticated, it was still technically something else, and therefore the F.B.I. could not take on his case.
The F.B.I. did not respond to requests for comment.
So Mr. Ben-Oni has largely pursued the case himself. His team at IDT was able to trace part of the attack to a personal Android phone in Russia and has been feeding its findings to Europol, the European law enforcement agency based in The Hague.
The chances that IDT was the only victim of this attack are slim. Sean Dillon, a senior analyst at RiskSense, a New Mexico security company, was among the first security researchers to scan the internet for the N.S.A.’s DoublePulsar tool. He found tens of thousands of host computers are infected with the tool, which attackers can use at will.
“Once DoublePulsar is on the machine, there’s nothing stopping anyone else from coming along and using the back door,” Mr. Dillon said.
More distressing, Mr. Dillon tested all the major antivirus products against the DoublePulsar infection and a demoralizing 99 percent failed to detect it.
“We’ve seen the same computers infected with DoublePulsar for two months and there is no telling how much malware is on those systems,” Mr. Dillon said. “Right now we have no idea what’s gotten into these organizations.”
In the worst case, Mr. Dillon said, attackers could use those back doors to unleash destructive malware into critical infrastructure, tying up rail systems, shutting down hospitals or even paralyzing electrical utilities.
Could that attack be coming? The Shadow Brokers resurfaced last month, promising a fresh load of N.S.A. attack tools, even offering to supply them for monthly paying subscribers — like a wine-of-the-month club for cyberweapon enthusiasts.
In a hint that the industry is taking the group’s threats seriously, Microsoft issued a new set of patches to defend against such attacks. The company noted in an ominously worded message that the patches were critical, citing an “elevated risk for destructive cyberattacks.”
Mr. Ben-Oni is convinced that IDT is not the only victim, and that these tools can and will be used to do far worse.
“I look at this as a life-or-death situation,” he said. “Today it’s us, but tomorrow it might be someone else.”
FP: On Nov. 25, 2001, two CIA officers discovered a bearded 19-year-old English speaker among a group of captured Taliban fighters in Afghanistan.
The bedraggled teen stood out. “Irish? Ireland?” a CIA officer asked the prisoner, who gave no reply.
He turned out to be an American. And hours later, one of his CIA interrogators was killed when the captured Taliban prisoners staged an uprising.
Photographed naked and bound, California-born John Walker Lindh became detainee #001 in the global war on terrorism and dubbed the “American Taliban.” Branded a traitor and terrorist back home, he was convicted of supporting the Taliban and sentenced to 20 years in prison in a media firestorm that captured the zeitgeist of the post-9/11 era.
Now 36 years old, Lindh is set to be released in less than two years. And he’ll leave prison with Irish citizenship and a stubborn refusal to renounce violent ideology, according to the U.S. government. Foreign Policy obtained two government documents that express concerns about Lindh: One details the communications of Lindh and other federal prisoners convicted of terrorism-related charges, and the second, written by the National Counterterrorism Center, addresses the intelligence community’s larger concerns over these inmates, once released.
“As of May 2016, John Walker Lindh (USPER) — who is scheduled to be released in May 2019 after being convicted of supporting the Taliban — continued to advocate for global jihad and to write and translate violent extremist texts,” reads the National Counterterrorism Center document prepared earlier this year.
The report, marked “For Official Use Only” and dated Jan. 24, 2017, provides a window into how the intelligence community looks at the prospect of releasing American citizens still considered potential threats. The document indicates that intelligence and law enforcement agencies are already worried that “homegrown violent extremists,” like other criminals, could have high rates of recidivism.
The document, which cites various Federal Bureau of Prisons intelligence summaries, claims that in March of last year, Lindh “told a television news producer that he would continue to spread violent extremist Islam upon his release.”
The television news producer is not identified, no specific statements are quoted, and there is no public record that Lindh has participated in media interviews.
While Lindh’s case is the most prominent among these prisoners, it’s not unique. U.S. authorities are monitoring dozens of other inmates who they deem to be “homegrown violent extremists” and who will be released within the next several years.
By the end of 2016, according to the National Counterterrorism Center, there were 300 terrorism offenders in prison, including 80 arrested in the past two years. “We assess that at least some of the more than 90 homegrown violent extremists incarcerated in the US who are due to be released in the next five years will probably reengage in terrorist activity,” the report says, “possibly including attack plotting, because they either remain radicalized or are susceptible to re-radicalization as has already been demonstrated overseas.”
Back in 2002, Lindh’s case posed difficult challenges for a government just starting to grapple with how to prosecute the war on terrorism on the battlefield and in the courts. Fifteen years later, as Lindh approaches his release from prison, the federal government will again be venturing into unchartered waters as sentences for other convicted extremists expire.
Now it will be up to President Donald Trump to decide one of the trickiest legacies of the war on terrorism: how to treat so-called homegrown terrorists after they’ve served their time.
Several attorneys who worked on terrorism cases told FP the government doesn’t have any specific conditions in place for extremists once they’re released. Most of the emphasis is on the prosecution up front, and not what happens after they leave prison, they say.
Most sentences for terror-related cases involving U.S. citizens in the post-9/11 era “are ripening into release just now,” said Joshua Dratel, a lawyer who has defended suspected terrorists in federal court. “The government is just starting to run into the dilemma of what to do with them.”
Lindh’s journey from a liberal suburb in Marin County, California to northern Afghanistan began as an adolescent, when he watched the film Malcolm X. He told FBI interrogators that the movie inspired him to convert to Islam. In 1998, at just 17 years old, he dropped out of school and went to Yemen to learn Arabic, with his parents’ support.
From there, he traveled to Pakistan, where he spent time with a paramilitary group fighting for Kashmir’s independence from India. Then he made his way to Afghanistan, prior to the Sept. 11 attacks, to fight with the Taliban, which controlled much of the country and was waging a war with the Northern Alliance. It was then that he lost contact with his family, who wouldn’t hear from him again until after his capture.
Lindh spent seven weeks at a training camp near Kandahar, which was used to prepare Taliban militants for combat and al Qaeda volunteers for terrorist attacks. He met Osama bin Laden at least once and spoke briefly with the al Qaeda leader, who thanked the American and other foreign fighters for taking part in the jihad, according to the FBI’s account of his interrogation.
In November 2001, U.S. forces found Lindh among a group of Taliban fighters whose commander had surrendered to the Northern Alliance near Mazar-i-Sharif. Hours after Lindh was interrogated, his fellow prisoners staged a revolt in which some 500 were killed, including a CIA operations officer, Johnny Michael Spann. Lindh was shot in the leg during the fighting. He was one of only 86 who survived the uprising.
Lindh’s parents only learned of his whereabouts when CNN aired an interview with him shortly after his capture.
During more than 50 days of detention, U.S. authorities sometimes had Lindh blindfolded, naked and bound to a stretcher with duct tape. Although his family had retained a defense lawyer and told U.S. authorities about it, Lindh knew nothing about his attorney for a month.
Left: 14-year-old John Walker Lindh (Photo credit: Courtesy Frank Lindh); Right: The home of Frank Lindh on Dec. 3, 2001 in San Rafael, California. (Photo credit: JUSTIN SULLIVAN/Getty Images)
Brought back to the United States, Lindh found himself facing charges of terrorism, even though there was no evidence he plotted against Americans. In the frenzied aftermath of the Sept. 11 attacks on New York and Washington, then-Attorney General John Ashcroft described Lindh as an al Qaeda-trained terrorist who “chose to embrace fanatics.”
In the first legal case of the “war on terror,” Lindh was charged with providing material support for terrorism. The government’s case eventually collapsed over questions about Lindh’s treatment and confession while he was held by the U.S. military in Afghanistan and on U.S. naval ships.
With the defense team ready to shine an embarrassing light on Lindh’s treatment, federal prosecutors — at the urging of the Defense Department — dropped nine of the ten counts, including charges he tried to kill a CIA officer or support terrorism. Lindh ultimately pleaded guilty to violating an executive order prohibiting aid to the Taliban, and for carrying weapons in Afghanistan, and he agreed to drop any claims that he was abused by the U.S. military.
At his sentencing, Lindh, then 21, denounced Osama bin Laden, expressed regret over joining the Taliban, and renounced terrorism. “I condemn terrorism on every level — unequivocally,” he said in a prepared statement. “My beliefs about jihad are those of mainstream Muslims around the world.”
More than 15 years after he was captured on the battlefield in Afghanistan, Lindh’s case remains the subject of debate and intense speculation. Is he a dangerous traitor or the victim of an angry nation lashing out after a terrorist attack?
“We’ll never know what actually happened to John Walker Lindh,” said Wells Dixon of the Center for Constitutional Rights. “John Walker Lindh, in many respects, was a victim of the time. It was the aftermath of 9/11.”
Marc Sageman, a former CIA operations officer and a terrorism expert, said Lindh’s rise to public infamy and lengthy prison term was an “overreaction” to the new threat of terrorism in the aftermath of the 9/11 attacks. “Of course he pled guilty to some kinds of charges. Because the country was ready to lynch him,” Sageman said.
For Sageman, Lindh was more of a foot soldier fighting for a U.S. adversary rather than a terrorist plotting attacks. “People bandy about the word terrorism when they describe him,” he added. “I don’t see him as a terrorist.”
John Walker Lindh knows he won’t walk out of prison as just another ex-convict, and will likely face a hostile American public. While in prison, he came up with the plan of possibly moving to Ireland, according to a Bureau of Prisons intelligence summary. The document, prepared by the Federal Bureau of Prisons Counter Terrorism Unit, summarizes communications of prisoners convicted of terrorism-related crimes, and includes excerpted emails in which Lindh discuss his desire to leave the United States after his release.
Lindh secured Irish citizenship in 2013, according to the intelligence summary. Sources familiar with the matter confirmed his Irish citizenship to FP, and said it was obtained thanks to his paternal grandmother, Kathleen Maguire, an Irish citizen from Donegal born in 1929.
His father, Frank Lindh, hopes that his son could build a new life in Ireland after his release. But under Irish law, even with his new citizenship, the Irish government could refuse to issue a passport on grounds that Lindh posed a threat to national security. The U.S. government also could bar him from traveling abroad for at least three years, under the terms of his “supervised release” from prison, and even after that, legal experts say.
When asked about Lindh’s case, the Irish Embassy in Washington said it “does not comment on individual cases.” U.S. authorities also declined to comment.
In his initial years in prison at Terre Haute, Indiana, John Walker Lindh was kept under what are known as “special administrative measures,” which heavily restricted his communications with the outside world. Those measures were lifted in 2009, though the Bureau of Prisons declined to say if any specific restrictions are currently applied to Lindh.
Whether by choice or government constraint, Lindh has communicated little about his life in Terre Haute, though some details can be gleaned from his lawsuits against the Bureau of Prisons. In 2013, he won the right for communal prayer, and in December 2014, Lindh joined another legal battle, this time arguing for the right to wear his pants above his ankle, in line with Muslim tenets.
The Bureau of Prisons intelligence summary obtained by FP indicates that Lindh does have email contact with his father and an advocacy group working on his behalf.
“Regarding the Ireland issue, I really don’t know what to expect from the Irish government. I know virtually nothing about them. I think the only reasonable way to present my case to them is to explain my unique circumstances that make my survival in the US practically impossible,” Lindh wrote to CAGE, a nongovernmental organization that advocates on behalf of prisoners and detainees caught up in the war on terrorism. “Essentially I am seeking asylum from one country where I am a citizen in another country where I am also a citizen. The worst they can do is to decline my request. I figure it is worth at least trying,” Lindh wrote.
In an email to his son in December 2016, Frank Lindh recounted his “hope-inducing conversation” with CAGE about emigrating. But first, CAGE required the assistance of an American defense lawyer to communicate with U.S. government officials, Frank Lindh informed his son.
There was one hitch: The renowned attorney who represented Lindh in his 2002 trial, James Brosnahan, had “dropped” his client, according to the intelligence summary. (Brosnahan did not respond to a request for comment.)
Frank urged his son “to mend fences with Jim,” referring to his former lawyer, adding that Brosnahan would likely demand that Lindh explicitly reject violence.
“We can discuss this in our next phone call, but one thing I anticipate Jim will absolutely demand is that you be willing to condemn, in all sincerity, publicly if needed, and without any reservation whatsoever, depravity of any kind, whoever commits it,” he wrote.
“You can visualize yourself what the list of depraved acts might consist of. I believe such a request should be easy for you, to fulfill as a devout Muslim and person of conscience.”
But John Walker Lindh refused. Replying to his father, he wrote: “I am not interested in renouncing my beliefs or issuing condemnations in order to please Brosnahan or anybody else.”
The Bureau of Prisons document says that “inmate Walker Lindh made pro ISIS statements to various reporters and was subsequently dropped by counsel.” It does not indicate which counsel, nor does it cite any specific statements.
CAGE has been at the center of its own controversy in recent years; proponents praise its work with detainees while critics accuse of it apologizing for terrorists. Amnesty International dropped its partnership with CAGE in 2015 and still refuses to share a public platform with the group, according to an Amnesty spokesperson. Despite the political baggage, it appears Frank Lindh is pinning his hopes on this organization.
Over the years, John Walker Lindh’s father has campaigned to win a possible commutation of his son’s sentence. In 2009, he participated in an interview with GQ in which he said, “I’m proud of my son.”
Lindh’s father has sought to portray his son as a spiritual, well-intentioned young man unjustly labeled as a terrorist. “Like Ernest Hemingway during the Spanish Civil War, John had volunteered for the army of a foreign government battling an insurgency,” he wrote in a 2011 New York Times op-ed. “His decision was rash and blindly idealistic, but not sinister or traitorous.”
Frank Lindh declined several requests for comment. A letter sent to John Walker Lindh at Terre Haute went unanswered. The Bureau of Prisons said that John Walker Lindh declined a request to comment for this article.
In October 2016, in the waning days of the Barack Obama’s presidency, the writer Paul Theroux published an op-ed in the New York Times asking that Lindh’s sentence be commuted, arguing that what Lindh did was comparable to his own youthful experience supporting rebels in Malawi in the 1960s. Theroux said that Lindh was “taking risks to help people perceived as oppressed; and like me, he did not fully understand the bigger picture, was in over his head, and was overtaken by events.”
The next month, Donald Trump, who has railed against the threat of Islamic extremism, was elected president, potentially snuffing out any chance of a commutation. It is now unclear how the government will deal with Lindh or others convicted of terrorism-related charges upon release.
It’s difficult to create a one-size-fits-all rehabilitation program for extremists because there are so few of these cases and each one is unique, said a former U.S. attorney who prosecuted numerous high-profile terrorists. “In this area of trying to rehabilitate extremists, it is really all over the map,” said the former U.S. attorney, who requested to remain anonymous. “The threshold question is what’s effective?
The National Counterterrorism Center suggested one option would be to widen government programs designed to counter violent extremism to include probation and parole officers, and to track convicted terrorists upon release. There’s a precedent with Megan’s Law, the document notes, which requires sex offenders to register their home address and check in frequently with law enforcement.
Lindh, for his part, does not appear to be optimistic. He tells his father in a December 2016 email quoted in the intelligence summary that he likely will have to “abandon this project” to move to Ireland. He says an earlier request to be released to Puerto Rico had not been answered, and that he anticipates having to endure threats and hostility on the U.S. mainland.
“I will just have to stay here for a while and deal with the lynch mobs as best as I can,” he writes. “It is a daunting predicament that I’m in, but many people around the world are in even more difficult situations and find ways to manage, so I am not worried.”
Peter Smith/NYDailyNews
Clarion
TheBlaze