Russia Bought BLM Ads Dupes Were Willing

Posted on September 26, 2017September 26, 2017 by Denise Simon

photo

This website has published countless articles warning of these operations going back as far as 2014. This site has also warned of Russian hybrid warfare as noted by the Gerasimov Doctrine.

Russian State, Non-State Cyber Intrusions Sway Voting/Political Decisions

Russian Troll Operations Continue, What are You Reading?

During the campaign season, the Obama White House knew more than they were telling or sharing. Furthermore, that same White House refused to take any real action with regard to Russian interference.

Huddled in a private room on the sidelines of a meeting of world leaders in Lima, Peru, two months before Trump’s inauguration, Obama made a personal appeal to Zuckerberg to take the threat of fake news and political disinformation seriously. Unless Facebook and the government did more to address the threat, Obama warned, it would only get worse in the next presidential race.

Zuckerberg acknowledged the problem posed by fake news. But he told Obama that those messages weren’t widespread on Facebook and that there was no easy fix, according to people briefed on the exchange, who spoke on the condition of anonymity to share details of a private conversation. More here.

Russian operatives used Facebook ads to exploit divisions over Black Lives Matter, Muslims

ChicagoTribune: The batch of more than 3,000 Russian-bought ads that Facebook is preparing to turn over to Congress shows a deep understanding of social divides in American society, with some ads promoting African-American rights groups including Black Lives Matter and others suggesting that these same groups pose a rising political threat, say people familiar with the covert influence campaign.

The Russian campaign — taking advantage of Facebook’s ability to simultaneously send contrary messages to different groups of users based on their political and demographic characteristics — also sought to sow discord among religious groups. Other ads highlighted support for Democrat Hillary Clinton among Muslim women.

These targeted messages, along with others that have surfaced in recent days, highlight the sophistication of an influence campaign slickly crafted to mimic and infiltrate U.S. political discourse while also seeking to heighten tensions between groups already wary of one another.

The nature and detail of these ads has troubled investigators at Facebook, on Capitol Hill and at the U.S. Justice Department, say people familiar with the advertisements who spoke on the condition of anonymity to share matters still under investigation.

The House and Senate Intelligence committees plan to begin reviewing the Facebook ads in coming weeks as they attempt to untangle the operation and other matters related to Russia’s bid to help elect Trump in 2016.

“Their aim was to sow chaos,” said Sen. Mark Warner, D-Va., vice-chairman of the Senate Intelligence Committee. “In many cases, it was more about voter suppression rather than increasing turnout.”

The top Democrat on the House Intelligence Committee, Rep. Adam Schiff of California, said he hoped the public would be able to review the ad campaign.

“I think the American people should see a representative sample of these ads to see how cynical the Russian were using these ads to sow division within our society,” he said, noting that he had not yet seen the ads but had been briefed on them, including the ones mentioning “things like Black Lives Matter.”

The ads which Facebook found raise troubling questions for a social networking and advertising platform that reaches two billion people each month and offer a rare window into how Russian operatives carried out their information operations during an especially tumultuous period in U.S. politics.

Investigators at Facebook discovered the Russian ads in recent weeks, the company has said, after months of trying in vain to trace disinformation efforts back to Russia. The company has said it had identified at least $100,000 in ads purchased through 470 phony Facebook pages and accounts. Facebook has said this spending represented a tiny fraction of the political advertising on the platform for the 2016 campaign.

The previously-undisclosed ads suggest that Russian operatives worked off of evolving lists of racial, religious, political and economic themes. They used these to create pages, write posts and craft ads that would appear in user’s news feeds — with the apparent goal of appealing to one audience and alienating another. In some cases, the pages even tried to organize events.

“The idea of using Facebook to incite anti-black hatred and anti-Muslim prejudice and fear while provoking extremism is an old tactic. It’s not unique to the United States and it’s a global phenomenon,” said Malkia Cyril, a Black Lives Matter activist in Oakland, California. and the executive director for the Center for Media Justice. Social media companies “have a mandate to standup and take deep responsibility for how their platforms are being abused.”

Facebook declined to comment on the contents of the ads being turned over to congressional investigators, and pointed to a Sept. 6 statement by Alex Stamos, the company’s chief security officer, who noted that the vast majority of the ads run by the 470 pages and accounts did not specifically reference the U.S. presidential election, voting or any particular candidate.

“Rather, the ads and accounts appeared to focus on amplifying divisive social and political messages across the idealogical spectrum — touching on topics from LGBT matters to race issues to immigration to gun rights,” Stamos said at the time.

Moscow’s interest in U.S. race relations date back decades.

In Soviet times, operatives didn’t have the option of using the Internet, so they spread their messages by taking out ads in newspapers, posting fliers and organizing meetings.

Much like the online ads discovered by Facebook, messages spread by Soviet-era operatives were meant to look as though they were written by bonafide political activists in the United States, thereby disguising the involvement of an adversarial foreign power.

Russian information operations didn’t end with the collapse of the Soviet Union.

After a lull in tensions, Russia’s spy agencies became more assertive under the leadership of President Vladimir Putin. In recent years, those services have updated their propaganda protocols to take advantage of new technologies and the proliferation of social media platforms.

“Is it a goal of the Kremlin to encourage discord in American society? The answer to that is yes,” said former U.S. ambassador to Russia Michael McFaul, director of the Freeman Spogli Institute for International Studies at Stanford University. “More generally, Putin has an idea that our society is imperfect, that our democracy is not better than his, so to see us in conflict on big social issues is in the Kremlin’s interests.”

Clinton Watts, part of a research team that was among the first to warn publicly of the Russian propaganda campaign during the 2016 election, said that identifying and exploiting existing social and cultural divisions are common Russian disinformation tactics dating back to the Cold War.

“We have seen them operating on both sides” said Watts, a fellow with the Foreign Policy Research Institute and a former FBI agent.

When Mark Zuckerberg founded Facebook in his college dorm room in 2004, no one could have anticipated the company would become an advertising juggernaut worth almost half a trillion dollars — the largest online advertising company in the world after Google. Roughly a third of the world’s population now log in monthly.

As Facebook’s user base rapidly expanded, it wrote the playbook for digital targeting in the smartphone era — and for the type of micro-targeting that has become critical to modern political campaigns.

The social network invested heavily in building highly-sophisticated automated advertising tools that could target specific groups of people who had expressed their preferences and interests on Facebook, from newlyweds who studied at Dartmouth College to hockey enthusiasts living in a particular zip code in Michigan.

The migration from traditional personal computers to smartphones and tablets also helped Facebook gain a major edge: The company pioneered techniques to help advertisers reach the same user on their desktop and mobile devices, leading Facebook to grow seven-fold in its value since it went public in 2012. Today, advertisers who want to target Facebook users by demographics or interests have tens of thousands of categories to choose from, and they are able to flood users with ads wherever they go on the Internet.

Unlike most websites, where ads appear alongside content, ads on Facebook have directly appeared in people’s newsfeeds since 2012. If users like a page, the administrators of that page can pay for ads and post content that will then appear in the cascade of information from publishers and friends that users see right away when they log onto Facebook.

Since the 2012 presidential election, Facebook has become an essential tool for political campaigns that wish to target potential voters. During the height of election season, political campaigns are among the largest advertisers on Facebook. Facebook has built a large sales staff of account executives, some of whom have backgrounds in politics, that are especially trained to assist campaigns in spreading their messages, increasing engagement, and getting immediate feedback on how they are performing.

The Trump campaign used these tools to great effect, while Clinton’s campaign preferred to rely on its own social media experts, according to people familiar with the campaigns.

Since taking office, Putin has on occasion sought to spotlight racial tensions in the United States as a means of shaping perceptions of American society.

Putin injected himself in 2014 into the race debate after protests broke out in Ferguson, Missouri, over the fatal shooting of Michael Brown, an African-American, by a police officer who was white.

“Do you believe that everything is perfect now from the point of view of democracy in the United States?” Putin told CBS’ 60 Minutes. “If everything was perfect, there wouldn’t be the problem of Ferguson. There would be no abuse by the police. But our task is to see all these problems and respond properly.”

In addition to the ads described to The Post, Russian operatives used Facebook to promote anti-immigrant and anti-Muslim messages. Facebook has said that one-quarter of the ads bought by the Russian operatives identified so far were targeted to a particular geographic area.

While Facebook has downplayed the impact of the Russian ads on the election, Dennis Yu, chief technology officer for BlitzMetrics, a digital marketing company that focuses on Facebook ads, said that $100,000 worth of Facebook ads could have been viewed hundreds of millions of times.

“$100,000 worth of very concentrated posts is very, very powerful,” he said. “When you have a really hot post, you often get this viral multiplier. So when you buy this one ad impression, you can get an extra 20- to 40-times multiplier because those people comment and share it.”

Watts, the Foreign Policy Research Institute fellow, has not seen the Facebook ads promised to Congress, but he and his team saw similar tactics playing out on Twitter and other platforms during the campaign.

Watts said such efforts were most likely to have been effective in mid-Western swing states such as Wisconsin and Michigan, where Democratic primary rival Sen. Bernie Sanders had beaten Clinton. Watts said the disinformation pushed by the Russians includes messages designed to reinforce the idea that Sanders had been mistreated by the Democratic Party and that his supporters shouldn’t bother to vote during the general election in November.

“They were designed around hitting these fracture points, so they could see how they resonate and assess their effectiveness,” Watts said. “I call it reconnaissance by social media.”

Trump Makes Official a Cyber Command

Posted on August 18, 2017August 18, 2017 by Denise Simon

In a statement, Trump said the unit would be ranked at the level of Unified Combatant Command focused on cyberspace operations. Cyber Command’s elevation reflects a push to strengthen U.S. capabilities to interfere with the military programs of adversaries such as North Korea’s nuclear and missile development and Islamic State’s ability to recruit, inspire and direct attacks, three U.S. intelligence officials said this month, speaking on the condition of anonymity. The Pentagon did not specify how long the elevation process would take.

Current and former officials said a leading candidate to head U.S. Cyber Command was Army Lt. Gen. William Mayville, currently director of the Pentagon’s Joint Staff. More here.

There has not only been resistance to this, but it appears one or more agencies are launching their own cyber departments.

The State Department quietly established a new office earlier this year within its Diplomatic Security Service to safeguard against and respond to cybersecurity threats.

The State Department officially launched the new office, called the Cyber and Technology Security (CTS) directorate, on May 28, a department official confirmed. The establishment of the directorate was first reported by Federal News Radio last week.

However:

At the direction of the president, the Defense Department today initiated the process to elevate U.S. Cyber Command to a unified combatant command.

“This new unified combatant command will strengthen our cyberspace operations and create more opportunities to improve our nation’s defense,” President Donald J. Trump said in a written statement.

The elevation of the command demonstrates the increased U.S. resolve against cyberspace threats and will help reassure allies and partners and deter adversaries, the statement said. The elevation also will help to streamline command and control of time-sensitive cyberspace operations by consolidating them under a single commander with authorities commensurate with the importance of those operations and will ensure that critical cyberspace operations are adequately funded, the statement said.

Defense Secretary Jim Mattis is examining the possibility of separating U.S. Cyber Command from the National Security Agency, and is to announce his recommendations at a later date.

Growing Mission

The decision to elevate U.S. Cyber Command is consistent with Mattis’ recommendation and the requirements of the fiscal year 2017 National Defense Authorization Act, Kenneth P. Rapuano, assistant secretary of defense for homeland defense and global security, told reporters at the Pentagon today.

“The decision is a welcome and necessary one that ensures that the nation is best positioned to address the increasing threats in cyberspace,” he added.

Cybercom’s elevation from its previous subunified command status demonstrates the growing centrality of cyberspace to U.S. national security, Rapuano said, adding that the move signals the U.S. resolve to “embrace the changing nature of warfare and maintain U.S. military superiority across all domains and phases of conflict.”

Cybercom was established in 2009 in response to a clear need to match and exceed enemies seeking to use the cyber realm to attack the United States and its allies. The command is based at Fort George G. Meade, Maryland, with the National Security Agency. Navy Adm. Michael S. Rogers is the commander of U.S. Cyber Command and the National Security Agency director. The president has directed Mattis to recommend a commander for U.S. Cyber Command, and Rogers for now remains in the dual-hatted role, Rapuano said.

More Strategic Role

Since its establishment, Cybercom has grown significantly, consistent with DoD’s cyber strategy and reflective of major increases in investments in capabilities and infrastructure, Rapuano said. The command reached full operational capability Oct. 31, 2010, but it is still growing and evolving. The command is concentrating on building its Cyber Mission Force, which should be complete by the end of fiscal year 2018, he said.

The force is expected to consist of almost 6,200 personnel organized into 133 teams. All of the teams have already reached initial operational capability, and many are actively conducting operations. The force incorporates reserve component personnel and leverages key cyber talent from the civilian sector.

“This decision means that Cyber Command will play an even more strategic role in synchronizing cyber forces and training, conducting and coordinating military cyberspace operations, and advocating for and prioritizing cyber investments within the department,” Rapuano said.

Cybercom already has been performing many responsibilities of a unified combatant command. The elevation also raises the stature of the commander of Cyber Command to a peer level with the other unified combatant command commanders, allowing the Cybercom commander to report directly to the secretary of defense, Rapuano pointed out.

The new command will be the central point of contact for resources for the department’s operations in the cyber domain and will serve to synchronize cyber forces under a single manager. The commander will also ensure U.S. forces will be interoperable.

“This decision is a significant step in the department’s continued efforts to build its cyber capabilities, enabling Cyber Command to provide real, meaningful capabilities as a command on par with the other geographic and functional combat commands,” Rapuano said.

DreamHost/DistruptJ20 Warrant is an Outrage

Posted on August 15, 2017August 15, 2017 by Denise Simon

The warrant is here.

The response delivered from DreamHost to the Justice Department is 60 pages and found here.

What is this Justice Department and Judge thinking? Of note, Jeff Sessions was not sworn in as Attorney General until February 9th. The warrant was signed off by John W, Borchert who was assigned to the Criminal Division’s Fraud Division.

The Electronic Frontier Foundation is aiding DreamHost as noted in this extensive blog post.

DreamHost is fighting DoJ request for 1.3M IP addresses of visitors to anti-Trump protest site

Web hosting service DreamHost is fighting a Department of Justice demand to scoop up all the IP addresses of visitors to an anti-Trump website. The website in question, disruptj20.org, organized participants of political protests against the current U.S. administration.

Blogging about its objections to the warrant yesterday, DreamHost’s general counsel describes it as “a highly untargeted demand that chills free association and the right of free speech afforded by the Constitution”.

DreamHost says it has not been able to see the affidavit pertaining to the warrant as those records are sealed. The search warrant can be found here.

In the warrant the DoJ demands that DreamHost hand over 1.3 million visitor IP addresses to the disruptj20.org website, along with contact information, email content, and photos of thousands of people.

“That information could be used to identify any individuals who used this site to exercise and express political speech protected under the Constitution’s First Amendment. That should be enough to set alarm bells off in anyone’s mind,” argues DreamHost.

“This is, in our opinion, a strong example of investigatory overreach and a clear abuse of government authority.”

The latest developments in what has been a months-long disagreement already, are that DreamHost has now filed arguments in opposition of the DoJ demand.

Its counsel will be attending a court hearing on the matter on August 18 in Washington, D.C.

DreamHost initially challenged the government to narrow the scope of the warrant but says instead the DoJ filed a motion in the Washington, D.C. Superior Court asking for an order to compel it to produce the records.

Also blogging about the issue yesterday, the Electronic Frontier Foundation accuses D.C. prosecutors of using “unconstitutional methods” to pursue their investigation into the J20 protests, aka the day President Trump was inaugurated.

“In just one example of the staggering overbreadth of the search warrant, it would require DreamHost to turn over the IP logs of all visitors to the [disruptj20.org] site. Millions of visitors — activists, reporters, or you (if you clicked on the link) — would have records of their visits turned over to the government. The warrant also sought production of all emails associated with the account and unpublished content, like draft blog posts and photos,” the EFF writes.

“No plausible explanation exists for a search warrant of this breadth, other than to cast a digital dragnet as broadly as possible. But the Fourth Amendment was designed to prohibit fishing expeditions like this. Those concerns are especially relevant here, where DOJ is investigating a website that served as a hub for the planning and exercise of First Amendment-protected activities.”

57,000 Detections, 74 Countries Affected by Global Ransomware

Posted on May 12, 2017May 12, 2017 by Denise Simon

Go here for more information on malware affections.

Further, US-CERT, by DHS has this information.

Older machines running XP do not appear to be affected. Meanwhile, about a month ago:

Microsoft responds to NSA’s Windows exploits, urges customers to upgrade to supported versions

Remember, this NSA vault toolkit was stolen, leaked and published by WikiLeaks, Julian Assange. In some cases, it could be a deadly threat to life considering the intrusions into hospitals. The other blame goes to the Russian cyber gang, ShadowBrokers.

Russian-linked cyber gang Shadow Brokers blamed for NHS computer hack

Courtesy: TelegraphUK: Ransom message found on NHS computers

CyberScoop: Large organizations on every continent are being hit by a global campaign of ransomware attacks on Friday, unfortunately, average ransomware demand has increased significantly. Machines are being infected using exploits developed by the U.S. National Security Agency and leaked by the group known as ShadowBrokers, according to authorities.

More than 57,000 detections in 74 countries have been recorded. Russia appears to be the most infected country by far, according to cybersecurity firms Kaspersky and Avast.

The “number [is] still growing fast,” according to Costin Raiu, Kaspersky’s director of research.

Hospitals across England were forced to divert emergency patients, according to the National Health Service. Other hospitals are asking patients to avoid coming in except for emergencies, news reports said.

In Spain, victims including the telecommunications company Telefónica told employees to shut down machines and networks in an effort to stop the spread of the malware. Other victims include Gas Natural and Iberdrola, an electric utility firm.

The ransomware campaign is caused by “exploiting the vulnerability described in bulletin MS17-010 using EternalBlue / DoublePulsar,”Spain’s Computer Emergency Readiness Team explained on Friday. “Infection of a single computer can end up compromising the entire corporate network.”

EternalBlue and DoublePulsar are code names for NSA hacking tools used to infect thousands of machines around the world since the NSA tools leaked in April.

That description from Spanish authorities and the work of several researchers point directly to NSA tools hacked and leaked by ShadowBrokers. The patch that Microsoft published in March assigned the designation MS17-010 to the vulnerability.

A widespread “bloodbath” from criminals has been expected by experts since the leak.

The ransomware “infects the machine by encrypting all its files and, using a remote command execution vulnerability through SMB, is distributed to other Windows machines on the same network. Microsoft published the vulnerability on March 14 in its bulletin and a few days ago a proof of concept was released that seems to have been the trigger of the campaign.” SMB is Microsoft’s Server Message Block protocol for network file sharing.

The attacks in different countries have been linked to the same group, according to the Financial Times.

The U.S. Department of Homeland Security is “coordinating with our international cyber partners” in Europe and Asia, a spokesperson told CyberScoop. “The Department of Homeland Security stands ready to support any international or domestic partner’s request for assistance. We routinely provide cybersecurity assistance upon request, including technical analysis and support. Information shared with DHS as part of these efforts, including whether a request has been made, is confidential.”

Security researcher Kevin Beaumont advised patching machines immediately:

** Kevin Beaumont?Verified account @GossiTheDog5h5 hours ago

Confirmed – wcry ransomware spreading across Europe uses EternalBlue/MS17-010/SMB. PATCH NOW EVERYWHERE.

Spanish authorities confirmed the ransomware is a version of WannaCry (also known as WannaCrypt0r), according to the National Cryptology Center. In Spain, the newspaper El Mundo is reporting that “early indications point to an attack originating in China.”

“Given the rapid, prolific distribution of this ransomware, we consider this activity poses high risks that all organizations using potentially vulnerable Windows machines should address,” a spokesperson from the cybersecurity firm FireEye told CyberScoop. “Organizations seeking to take risk management steps related to this campaign can implement patching for the MS17-010 Microsoft Security bulletin and leverage the indicators of compromise identified as associated with this activity.”

FireEye has yet to see a U.S.-based company be affected by the ransomware worm.

An estimated 25 health facilities in London and across England have been hit, according to the NHS. St Bartholomew’s Hospital in London, one of the victims, received warnings earlier this year that computers using Windows XP were vulnerable, reported the technology news site the Inquirer. Increasingly, some infected hospitals are not accepting phone calls or internet communications. The Derbyshire Community Health Services NHS Trust has reportedly shut down all of its IT systems.

“At this stage we do not have any evidence that patient data has been accessed,” an NHS statement said. “We will continue to work with affected organizations to confirm this.”

East and North Hertfordshire NHS trust, a hospital just north of London, publicly acknowledged “a major IT problem” that is “believed to be caused by a cyber attack.”

“The trust is postponing all non-urgent activity for today and is asking people not to come to A&E – please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency,” according to a statement. “To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust’s hospitals continued to receive the care they need.”

News of the English hospitals being hit with ransomware spread quickly among doctors and hospital employees, including in a widely shared message from an English doctor now making the rounds on social media.

**

If.ra? @asystoly6h6 hours ago Why would you cyber attack a hospital and hold it for ransom? The state of the world

“So our hospital is down,” the doctor wrote. “We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone.”

Think Tank Predicted Russian Cyberwar v. United States

Posted on May 3, 2017May 3, 2017 by Denise Simon

Washington, D.C., May 3, 2017 – A Rand Corporation 1967 paper predicted many of the cyber dilemmas faced by policy makers today, and a 2017 expanded analysis of the “GRIZZLY STEPPE” hacking by Russian cyber operators disclosed key findings about the techniques the hackers used and ways to mitigate them, according to the National Security Archive publication today of 40+ highlighted primary sources from the critically-praised “Cyber Vault” at http://nsarchive.gwu.edu/cybervault.

Compiled and edited by noted intelligence historian Dr. Jeffrey T. Richelson, the Cyber Vault collection of primary sources is growing by a dozen or more documents every week, and includes the declassified briefings provided by the National Security Agency to the George W. Bush and Barack Obama transition teams in 2000 and 2009, respectively. The collection also includes a 2016 order from the U.S. Cyber Command to set up a unit with the mission of debilitating and destroying computer and communications operations of the terrorist group ISIS.

The Cyber Vault team obtained the 2016 order under the Freedom of Information Act (FOIA). The project has filed scores of other FOIA and declassification requests as part of a multi-year documentation contribution to the growing field of cyber studies, with the support of the William and Flora Hewlett Foundation.

The 2000 transition briefing explicitly foreshadowed the Edward Snowden controversy, warning the new White House team that the 4th Amendment-protected communications of Americans were inextricably mixed with those of foreigners on the Internet. The 2016 U.S. Cyber Command order established a joint task force designed to bring the resources of the Defense Department, Intelligence Community, and Justice Department to bear against the terrorist group that the Trump administration has since designated its top foreign policy priority.

Cyber Vault Highlights

By Jeffrey T. Richelson

On March 30, 2016, the National Security Archive opened its Cyber Vault, a repository of documents on all aspects of cyber activity – including computer network defense (and other other aspects of cybersecurity), computer network attack, and computer network exploitation. The more than 750 documents currently in the vault have been drawn from a variety of sources – Freedom of Information Act releases, websites of both U.S. federal and state government organizations, courts, foreign government organizations, NATO, government contractors, think-tanks, advocacy groups, and media websites (including Wikileaks and those that posted documents provided by Edward Snowden).

In addition to relying on a multitude of sources to populate the Cyber Vault, the Archive has sought to accumulate a diverse set of documents – which has guided its collection strategy. As a result, the Cyber Vault includes significant documents from the 1960s and each subsequent decade, on cyber organization, on policy and strategy, on domestic and foreign cyber activities, on cybersecurity requirements, and on cyber crimes and the related investigations. Also included are intelligence assessments and theses. The documents also represent a spectrum of classifications, from unclassified, to formerly classified, and – in the cases of Wikileaks and Snowden documents – currently classified documents. Many of the documents cut across a number of categories.

Among the documents represented from the 1960s and 1970s are two seminal papers. One is Willis Ware’s 1967 effort, Secrecy and Privacy in Computer Systems (Document 1), written for the RAND Corporation, and one of the very first systematic approaches to information leakage, security, and privacy. The other (Document 2), produced by a staff member of Britain’s signals intelligence agency, the Government Communications Headquarters (GCHQ), represents the initial development of public key cryptography – although it was not declassified until years after the concept had been made public by American mathematicians.

That document is also one of several illustrating or concerning foreign government cyber efforts. A much more recent GCHQ product (Document 29) was one of the documents provided to Glenn Greenwald and Laura Poitras by Edward Snowden – a briefing on efforts to deanonymize users of The Onion Router (TOR) network, which had been developed by members of the U.S. Naval Research Laboratory (Document 32) as a means of protecting online communications. Chinese cyber organization, policy, and operations are covered, collectively, by two documents – an unclassified paper (Document 36) produced under the auspices of the NATO Cooperative Cyber Defence Centre of Excellence and a Top Secret codeword NSA briefing (Document 24) on the People Republic of China’s computer network exploitation activity. Current Russian cyber activities are discussed in an extract (Document 35) from the controversial “Trump Dossier,” written by a former British Secret Intelligence Service officer.

Other documents concern hostile cyber activities from an earlier era. One, from 1998 (Document 12) provides information to the then director of the FBI, Louis Freeh, concerning the SOLAR SUNRISE investigation concerning intrusions into at least 11 unclassified DoD Computer systems at various locations in the United States. Another FBI memo (Document 13), concerns a 1999 investigation into intrusions into computer systems in the United States, the United Kingdom, Canada, Brazil, and Germany – an investigation which took some of the investigators to Moscow. In a newly released portion, it discusses possible response to intrusions – including the creation of “honeypots” containing “beacon” files.

In addition to being the victim of intrusions, the U.S. has also debated and formulated policy, granted authority over, and conducted intrusions in pursuit of national security objectives. In March 1997, Secretary of Defense William Cohen assigned the responsibility for computer network attack and exploitation to the National Security Agency in a short memo (Document 10). During that Spring a senior NSA official addressed the issue of cyberwar in a Secret article (Document 11) in a NSA journal. Many years later, according to a number of accounts, U.S. and Israeli cyber personnel were able to penetrate industrial control systems associated with the Iranian nuclear program and damage centrifuges that could produce weapons-grade material. While there have been no publicly released executive branch documents concerning the “Stuxnet” operation, it has been the subject of reports by RAND and the Congressional Research Service. (Document 26).

Concern over possible Russian intrusion into U.S. computer systems related to elections became a significant subject of discussion in the 2016 presidential election. Apprehensions over the possibility of such intrusions go back at least a decade. A December 2007 report (Document 20) was commissioned by Ohio’s Secretary of State, and contained disturbing results about the vulnerability of Ohio’s electronic voting systems. In the wake of a poorly-received, brief analysis of alleged Russian cyber activity related to the 2016 election, the Department of Homeland Security’s National Cybersecurity and Communications Integration Center produced more detailed examination (Document 41) of the GRIZZLY STEPPE activity.

By the time the DHS report was issued, President Trump had been presented with a draft executive order on cybersecurity (Document 40 ), which would undoubtedly have been the first of a significant number of presidential actions on cybersecurity – just as President Obama had signed a number of cyber-related executive orders and presidential directives, including one (Document 34) that established a Cyber Threat Intelligence Integration Center. Ultimately, the Trump draft order became the first in a series of drafts, and no order has yet been signed.