Category Archives: Presidential campaign

Do the Russians have the Voting Machines Source Codes?

Posted on by

On February 28th, the Senate asks what NSA and Cyber Command are doing about Russian election interference. Admiral Rogers’s answer, in brief, is that his organizations lack the authorities to do much (that he can openly discuss, that is).

US senator grills CEO over the myth of the hacker-proof voting machine
Nation’s biggest voting machine maker reportedly relies on remote-access software.

WASHINGTON (Reuters) – Two Democratic senators on Wednesday asked major vendors of U.S. voting equipment whether they have allowed Russian entities to scrutinize their software, saying the practice could allow Moscow to hack into American elections infrastructure.

The letter from Senators Amy Klobuchar and Jeanne Shaheen followed a series of Reuters reports saying that several major global technology providers have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government.

The senators requested that the three largest election equipment vendors – Election Systems & Software, Dominion Voting Systems and Hart Intercivic – answer whether they have shared source code, or inner workings, or other sensitive data about their technology with any Russian entity.

They also asked whether any software on those companies’ products had been shared with Russia and for the vendors to explain what steps they have taken to improve the security of those products against cyber threats to the election.

The vendors could not immediately be reached for comment. It was not immediately clear whether any of the vendors had made sales in Russia, where votes are submitted via written ballots and usually counted by hand.

“According to voting machine testing and certification from the Election Assistance Commission, most voting machines contain software from firms which were alleged to have shared their source code with Russian entities,” the senators wrote. “We are deeply concerned that such reviews may have presented an opportunity for Russian intelligence agents looking to attack or hack the United States’ elections infrastructure.”

U.S. voters in November will go to the polls in midterm elections, which American intelligence officials have warned could be targeted by Russia or others seeking to disrupt the process.

There is intense scrutiny of the security of U.S. election systems after a 2016 presidential race in which Russia interfered, according to American intelligence agencies, to try to help Donald Trump win with presidency. Trump in the past has been publicly skeptical about Russian election meddling, and Russia has denied the allegations.

Twenty-one states experienced probing of their systems by Russian hackers during the 2016 election, according to U.S. officials.

Though a small number of networks were compromised, voting machines were not directly affected and there remains no evidence any vote was altered, according to U.S. officials and security experts.

Related reading:

Top intel official says US hasn’t deterred Russian meddling (Fifth Domain) “I believe that President (Vladimir) Putin has clearly come to the conclusion that there’s little price to pay and that therefore, ‘I can continue this activity,‘” Adm. Mike Rogers, director of both the U.S. Cyber Command and the National Security Agency, told Congress.

Senators: Cyber Command should disrupt Russian influence campaigns (Fifth Domain) Senators pressed Cyber Command on how they can use their national mission force to combat Russian cyber intrusions.

Rogers: CyberCom lacks authority, resources to defend all of cyberspace (FCW) The outgoing NSA and U.S. Cyber Command chief told lawmakers CyberCom is not sitting on its hands when it comes to potential Russian cyber interference, but it lacks the authority to do more absent additional presidential direction.

NSA: Trump’s Lukewarm Response on Russia Will Embolden Putin (Infosecurity Magazine) NSA: Trump’s Lukewarm Response on Russia Will Embolden Putin. Expect more election interference, Cyber Command boss warns

Decoding NSA director Mike Rogers’ comments on countering Russian cyberattacks (Washington Examiner) It’s not as simple as ‘I’m not authorized to do anything.’

*** Footnotes:

Electronic Systems and Software:

1. In 2014, ES&S claimed that “in the past decade alone,” it had installed more than 260,000 voting systems, more than 15,000 electronic poll books, provided services to more than 75,000 elections. The company has installed statewide voting systems in Alabama, Arkansas, Georgia, Idaho, Iowa, Maine, Maryland, Minnesota, Mississippi, Montana, Nebraska, New Mexico, North Carolina, North Dakota, Rhode Island, South Carolina, South Dakota, and West Virginia. ES&S claims a U.S. market share of more than 60 percent in customer voting system installations.

The company maintains 10 facilities in the United States, two field offices in Canada (Pickering, Ontario; and Vancouver, British Columbia) and a warehouse in Jackson, Mississippi.

2. Dominion Voting Systems is a global provider of end-to-end election tabulation solutions and services. The company’s international headquarters are in Toronto, Canada, and its U.S. headquarters are in Denver, Colorado. Dominion Voting also maintains a number of additional offices and facilities in the U.S. and Europe.

Dominion’s technology is currently used in 33 U.S. states, including more than 2,000 customer jurisdictions. The company also has 100+ municipal customers in Canada.

3. Hart InterCivic Inc. is a privately held United States company that provides elections, and print solutions to jurisdictions nationwide. While headquartered in Austin, Texas, Hart products are used by hundreds of jurisdictions nationwide, including counties in Texas, the entire states of Hawaii and Oklahoma, half of Washington and Colorado, and certain counties in Ohio, California, Idaho, Illinois, Indiana, Kentucky, Oregon, Pennsylvania, and Virginia.

Hart entered the elections industry in 1912, printing ballots for Texas counties. (Side note: As Republican and Democratic state legislators hustle to pass a law moving Georgia toward paper ballot voting technology, election integrity advocates said they’re concerned a bill that already cleared the state Senate could lead to a new vulnerability in Georgia’s next voting system, if it becomes law.

One way a new system might work is through a touchscreen computer similar to those currently used in Georgia. It would print a paper ballot with a visual representation of a voter’s choices so they themselves can check for accuracy.

In some systems, counting the votes means scanning an entire image of the ballot that may include a timestamp and precinct information.

In other systems, barcodes or QR codes on a ballot would correspond with the voter’s choices, which can make counting easier and faster for election officials, said Peter Lichtenheld, vice president of operations with Hart Intercivic, one of several election technology companies that hired lobbyists at the statehouse this year.)

*** The text of the letter to the three vendors is below:

The full text of the senators’ letter is below:

Dear Mr. Braithwaite, Mr. Burt, and Mr. Poulos:

Recent reports of U.S. IT and software companies submitting to source code reviews in order to access foreign markets have raised concern in Congress given the sensitivity of the information requested by countries like China and the Russian Federation. As such, we write to inquire about the security of the voting machines you manufacture and whether your company has been asked to share the source code or other sensitive or proprietary details associated with your voting machines with the Russian Federation.

The U.S. intelligence community has confirmed that Russia interfered with the 2016 presidential elections. As a part of a multi-pronged effort, Russian actors attempted to hack a U.S. voting software company and at least 21 states’ election systems. According to the Chicago Board of Elections, information on thousands of American voters was exposed after an attack on their voter registration system.

Foreign access to critical source code information and sensitive data continues to be an often overlooked vulnerability. The U.S. government and Congress have recently taken steps to address some cyber vulnerabilities, including by banning the use Kaspersky Lab, a Moscow-based cybersecurity firm that has maintained a relationship with Russia’s military and intelligence sectors, from all U.S. government computers. Now, we must also ensure the security of our voting machines and associated software.

Recent reports indicate that U.S. based firms operating on U.S. government platforms gave Russian authorities access to their software. In order to sell their software within Russia, these companies allowed Russian authorities to review their source code for flaws that could be exploited. While some companies maintain this practice is necessary to find defects in software code, experts have warned that it could jeopardize the security of U.S. government computers if these reviews are conducted by hostile actors or nations. U.S. tech companies, the Pentagon, former U.S. security officials, and a former U.S. Department of Commerce official with knowledge of the source code review process have expressed concerns with this practice.

In addition, Russia’s requests for source code reviews have increased. According to eight current and former U.S. officials, four company executives, three U.S. trade attorneys, and Russian regulatory documents, between 1996 and 2013 Russia conducted reviews for 13 technology products from Western companies, but has conducted 28 such reviews in the past three years alone.

As the three largest election equipment vendors, your companies provide voting machines and software used by ninety-two percent of the eligible voting population in the U.S. According to voting machine testing and certification from the Election Assistance Commission, most voting machines contain software from firms which were alleged to have shared their source code with Russian entities. We are deeply concerned that such reviews may have presented an opportunity for Russian intelligence agents looking to attack or hack the United States’ elections infrastructure.  Further, if such vulnerabilities are not quickly examined and mitigated, future elections will also remain vulnerable to attack.

In order to help the security and integrity of our systems and to understand the scope of any potential access points into our elections infrastructure, we respectfully request answers to the following questions:

  1. Have you shared your source code or any other sensitive data related to your voting machines or other products with any Russian entity?
  2. To your knowledge, has any of the software that runs on your products been shared with any Russian entity?
  3. What steps have you taken or will you take in order to upgrade existing technologies in light of the increased threat against our elections?

The 2018 election season is upon us. Primaries have already begun and time is of the essence to ensure any security vulnerabilities are addressed before 2018 and 2020.

Thank you for your attention to this matter, and we look forward to working with you to secure our elections.

Sincerely,

 

Susan Rice Unmasked the Names in the Seychelles Meeting

Posted on by

Who is George Nader? 

Image result for george nader lebanese

A Lebanese-American businessman, Nader currently serves as an adviser to Emirati Crown Prince Mohammed bin Zayed Al-Nahyan, who has developed a close relationship with Jared Kushner. For years, Nader has been a well-known, if somewhat off-the-radar, figure in certain political circles. According to the Times, Nader worked with the Bill Clinton administration in its attempt to broker a peace deal between Syria and Israel, convincing the White House that he could leverage his influential contacts with the Syrian government. After the 2003 invasion of Iraq, Nader worked with Prince’s private security company, Blackwater—which is now known as Academi—as a “business-development consultant,” according to a 2010 deposition. At the time of the 2016 election, he was serving as an adviser to Prince Mohammed, and was a frequent visitor to the White House during the early months of the Trump administration, where he met with Kushner and former chief strategist Steve Bannon.

***

George Nader, a Middle East expert connected to several associates of President Donald Trump, is now cooperating with the special counsel Robert Mueller and has testified before a grand jury in the Russia investigation, The New York Times reported Tuesday.

FBI investigators approached Nader when he landed at Washington Dulles International Airport in January and served him with search warrants and a grand jury subpoena, the report said. At the time, Nader was en route to Mar-a-Lago to meet with President Donald Trump and his associates to celebrate the anniversary of Trump’s first year in office.

The meeting was said to have raised red flags within the US intelligence community because the government was not notified of Crown Prince Mohammed’s visit. The Obama administration felt misled by the UAE as a result, which prompted then-national security adviser Susan Rice to request that Trump associates’ names be unmasked in intelligence reports detailing the meeting.

A senior Middle East official acknowledged to CNN last year that the UAE did not inform the US of the crown prince’s visit in advance but denied that the UAE had misled the Obama administration. The official said that the December Trump Tower meeting was merely part of an effort to build a relationship with the incoming administration.

Mueller’s prosecutors have repeatedly questioned Nader about the meeting, as well as his meetings in the White House with Kushner and Bannon following Trump’s inauguration.

That same month, Kushner met with Sergei Kislyak, then Russia’s ambassador to the US, and reportedly proposed setting up a secure back-channel of communication between Trump and Moscow using Russian facilities.

Shortly after, Kushner had a separate meeting with Sergei Gorkov, the CEO of the sanctioned Russian state-owned bank Vnesheconombank, which was reportedly orchestrated by Kislyak. The interaction piqued investigators’ scrutiny as the FBI began examining whether Russian officials suggested to Kushner that Russian banks could finance Trump associates’ business ventures if US sanctions were lifted or relaxed.

Kushner’s meeting with Gorkov came as he was looking for investors to shore up financing for a building on Fifth Avenue in New York that his family’s real-estate company had purchased.

Prince told the House Intelligence Committee last year that he knew Kirill Dmitriev was a Russian fund manager but did not know it was a sanctioned fund that was controlled by the Russian government.

Image result for seychelles map photo

Image result for seychelles photo

 

After the Seychelles meeting, Dmitriev also met with Anthony Scaramucci, who would later become the White House communications director, at the World Economic Forum in Davos, Switzerland.

Russian state media quoted Scaramucci as saying, after his meeting with Dmitriev, that the Obama administration’s new sanctions on Russia — which were imposed that month to penalize it for interfering in the 2016 election — were ineffective and detrimental to the US-Russia relationship.

Dmitriev’s company, the Russian Direct Investment Fund, was included on the list of Russian economic entities that were penalized as part of that decision.

An RDIF spokesperson reached out to Business Insider to clarify that the fund was included on the US sanctions list because of its status as a former subsidiary of Vnesheconombank. More here.

When it comes to the Russian Direct Investment Fund, Americans and people with ties to the U.S. have held some of the top spots at RDIF. For years, a deputy CEO at the fund was Sean Glodek, a Stanford alum and Wharton MBA graduate who previously worked at Deutsche Bank and Lehman Brothers. The current deputy co-director for RDIF’s Russia-China investment fund is Oleg Chizh, a Brandeis and Columbia graduate. Other Americans have served in top investor relations and advisory roles.

Part of its mission is to make outsiders more comfortable investing in Russia by pairing their capital with RDIF funds. It was formerly part of VEB, the bank that doubles as Russian President Vladimir Putin’s “private slush fund,” according to Atlantic Council fellow Anders Aslund. More here.

Sessions DoJ Sues California

Posted on by

California, Gov. Jerry Brown and state Attorney General Xavier Becerra as co-defendants in the DoJ lawsuit.

Attorney General Jeff Sessions on Wednesday attacked the mayor of Oakland, California for warning residents about impending immigration raids, one day after filing a lawsuit against the state alleging it obstructs federal immigration enforcement.
“How dare you needlessly endanger the lives of law enforcement just to promote your radical open borders agenda,” Sessions said of Oakland Mayor Libby Schaaf.

Image result for doj lawsuit california photo

***

In his remarks, Sessions noted “worrisome” trends as violent crime increased in 2014 and 2015, particularly a surge in homicide and drug availability. He said that a lawful immigration system was part of tackling such trends.

Sessions said that while America admits the highest number of legal immigrants in the world, the American people deserve a legal, rational immigration system that protects the nation and preserves the national interest.

“It cannot be the policy of a great nation to reward those who unlawfully enter its country with legal status, Social Security, welfare, food stamps, and work permits and so forth. How can this be a sound policy?” he asked.

“Meanwhile, those who engage in this process lawfully and patiently and wait their turn are discriminated against, it seems, at every turn.”

Turning to California, he described “open borders” policies that refuse to apprehend and deport illegal immigrants as a “radical, irrational idea that cannot be accepted” and rejected the right of states to obstruct federal immigration law.

“There is no nullification. There is no secession,” he said. “Federal law is the supreme law of the land. I would invite any doubters to go to Gettysburg, or to the tombstones of John C. Calhoun and Abraham Lincoln.”

He then tore into Oakland Mayor Libby Schaaf, who tipped off the public to an immigration raid in the San Francisco Bay Area last week — a move he said led to as many 800 illegal immigrants evading capture and put both residents and law enforcement at risk. More here.

The 18 page complaint is here.

The lawsuit, filed in federal court in the state capital of Sacramento, challenges three specific laws:

— SB 54, which restricts law enforcement officials from notifying federal immigration agents about the release dates for prisoners in their custody who have been convicted and therefore face deportation. It also prohibits local officials from transferring those prisoners to federal custody.

As a result, the Justice Department says, immigration agents face greater danger in re-arresting the former prisoners once they’re back on the streets.

— AB 450, which forbids private employers from cooperating with immigration agents who conduct worksite enforcement operations. The law also requires employers to tell their workers when federal agents are coming to conduct inspections.

The Justice Department said a committee of the state legislature described the law as an effort to frustrate “an expected increase in federal immigration enforcement actions.”

— And AB 103, which requires the state to inspect detention facilities where federal authorities are holding immigrants who face deportation.

 

CFIUS, what is Worse than Uranium One?

Posted on by

When Douglas Campbell, the FBI informant and Uranium One whistle-blower says that Obama himself approved the deal, he was right. Campbell has delivered in February, written testimony annexed with full evidence to three congressional committees. Further, he was provided an monetary award/reward for his remarkable work as an informant. For the full summary and details, go here.

Campbell’s lawyer of record, Victoria Toensing has sent a letter to Attorney General Jeff Sessions to further investigate the matter and the media smearing of Campbell himself including committee leaks. That letter is found here.

AG Sessions has not responded at the time of this post.

Image result for cfius photo

Related reading: Cfius, Powerful and Unseen, Is a Gatekeeper on Major Deals

Meanwhile, looking deeper into Obama and CFIUS….

By law, CFIUS, Committee on Foreign Investment in the United States, does not publicly disclose information provided to CFIUS by parties to a transaction, nor does it reveal the fact that the parties have submitted the transaction for review. If CFIUS determines that the transaction poses national security concerns that cannot be resolved, it will refer the transaction to the President which the President has 15 days after completion of CFIUS’s investigation to decide. The President must publicly announce his decision.

CFIUS provides an annual report to Congress, but the last report was dated 2015. This report is in accordance with section 721(m) of the Defense Production Act of 1950 and the amended section of the Foreign Investment and National Security Act of 2007.

The Process  

During the review period, CFIUS members examine the transaction in order to identify and address, as appropriate, any national security concerns that arise as a result of the transaction. CFIUS concludes action on the preponderant majority of transactions during or at the end of the initial 30-day review period.  In certain circumstances defined in section 721 and at § 800.503 of the regulations, CFIUS may initiate a subsequent investigation, which must be completed within 45 days.  In certain circumstances described at section 6(c) of Executive Order 11858, as amended, and § 800.506 of the regulations, CFIUS may also refer a transaction to the President for decision.  In such case, section 721 requires the President to announce a decision with respect to a transaction within 15 days of CFIUS’s completion of the investigation. If CFIUS finds that a covered transaction presents national security risks and that other provisions of law do not provide adequate authority to address the risks, then CFIUS may enter into an agreement with, or impose conditions on, parties to mitigate such risks or may refer the case to the President for action.

Where CFIUS has completed all action with respect to a covered transaction or the President has announced a decision not to exercise his authority under section 721 with respect to the covered transaction, then the parties receive a “safe harbor” with respect to that transaction, as described in § 800.601 of the regulations and section 7(f) of Executive Order 11858, as amended.

Rejection

During the entire term of President, he only got one referral that he rejected. President Obama blocked a privately owned Chinese company from building wind turbines close to a Navy military site in Oregon due to national security concerns, and the company said it would challenge the action in court.

Ralls Corp, which had been installing wind turbine generators made in China by Sany Group, has four wind farm projects that are within or in the vicinity of restricted air space at a naval weapons systems training facility, according to the Obama administration.

“There is credible evidence that leads me to believe” that Ralls Corp, Sany Group and the two Sany Group executives who own Ralls “might take action that threatens to impair the national security of the United States,” Obama said in issuing his decision.

Industry Sectors

From 2009-2015, 75% of the foreign transactions included finance, information, mining, utilities and transportation. From 2013-2015, China was the largest country with transactions by far with manufacturing being the majority of the transactions. If there are concerns with any part of the transaction, CFIUS will work on mitigation measures as they relate to national security such that CFIUS earnestly wants the transaction(s) to occur. CFIUS offers onsite compliance, assigns additional staff and offers tracking systems as well as instructions and procedures from in-house expertise to meet stipulations and standards where on other issues, waivers can be designated if compliance is too difficult or adverse to national security standards and law.

Review Concerns

Expanded conditions for national security considerations include vulnerabilities, cyber, sabotage and exploitation. Further, if any transaction leads to complications to critical infrastructure or energy production or would affect the U.S. financial system and would in some conditions have access to sensitive government information, classified material or in any manner threaten a government employee, involve activities related to weapons, munitions, aerospace, satellite or radar system(s), these items would impair the approval process or under the CFIUS review, mitigation procedures would be applied.

Little is of consequence when a foreign company that under cover is actually controlled by a foreign government which is a terrifying condition. A 2011 Office of the National Counterintelligence Executive report to Congress stated that the pace of foreign economic collection and industrial espionage activities against major U.S corporations and U.S. government agencies is accelerating.

photo

Are we sure we want China, Russia or any Middle Eastern country investing in any form or part in the United States when we have the likes of Warren Buffet or Bill Gates and those billions?

Sens. Tom Cotton (R-Ark.) and Marco Rubio (R-Fla.) introduced legislation on Wednesday to prevent the U.S. government from using products from certain Chinese telecommunications firms.

The impetus for Cotton and Rubio’s legislation is concern over the Chinese government using hypothetical backdoors in ZTE and Huawei phones to spy on U.S. government officials.

“Huawei is effectively an arm of the Chinese government, and it’s more than capable of stealing information from U.S. officials by hacking its devices,” Cotton said in a statement. “There are plenty of other companies that can meet our technology needs, and we shouldn’t make it any easier for China to spy on us.”

Uranium One violated all conditions set forth in the CFIUS law. China is yet a larger security issue and all agency members of CFIUS are aware of this and the history of both Russia and China.

The risks and violations of law are well known in Congress and legislation has been introduced to address major concerns, yet still the United States is and has sold out to at least 2 rogue countries and no security assessments have been published.

 

 

 

DACA and the Temporary Protected Status Back in Play, Check Houston

Posted on by

How about some White House officials visit Houston…

More than 100 countries are represented in Houston. Routinely ranked top in the country for job growth, with a school system where 80 percent of students are disadvantaged. For details, go here.

Lee High School for instance has 1700 students, a Vietnamese principal and student are from 40 different countries.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Illegal immigrant “Dreamers” said they staged a sit-in to block the entrance to the Democratic National Committee’s offices in Washington on Monday in order to show they blame Democrats as well as Republicans for missing President Trump’s March 5 deadline for action.

Immigrant-rights activists who are U.S. citizens and who are supporting the Dreamers will also cancel their membership in the Democratic Party in order to make their point, the organizations said.

Monday marked six months since Mr. Trump announced a phaseout of the Obama-era DACA deportation amnesty. The president had said Congress should use the phaseout period to approve a new plan, with full congressional authorization, to grant DACA recipients legal status.

Mr. Trump offered a middle-ground approach, but the security enhancements went too far for Democrats, while his proposed amnesty for illegal immigrants went too far for many Republicans, and the bill stalled.

While Democrats have blamed the GOP, activists made clear Monday they will pin some of the blame on Democrats.

“The Democrats made the calculation to kick the can down the road and allow hundreds of thousands of us undocumented youth to live in uncertainty. We are anxious and we are scared of being torn away from their homes and our community”, said Maria Duarte, one of 683,000 people covered by DACA.

DNC Chairman Tom Perez, though, said Mr. Trump is the problem, calling his phaseout “cruel and reckless.”

“Donald Trump’s decision to end DACA created an unnecessary crisis that has left hundreds of thousands of Dreamers uncertain about their future. And now his arbitrary deadline has passed without any action from the president or Republicans in Congress,” Mr. Perez said in a statement.

The protesters Monday were part of the Seed Project, which staged a march from New York to Washington late last month, in anticipation of the March 5 deadline.

The protesters said they expect Congress to pass a “clean” bill granting perhaps 2 million illegal immigrants citizenship rights — without agreeing to any other provisions such as Mr. Trump’s planned border wall or changes to legal immigration policy.

Work permits expiring March 31 are automatically extended through Sept. 27

WASHINGTON—Current beneficiaries of Temporary Protected Status (TPS) under Syria’s designation who want to maintain their status through Sept. 30, 2019, must re-register between March 5, and May 4, 2018. Re-registration procedures, including how to renew employment authorization documentation, have been published in the Federal Register and on the USCIS website.

All applicants must submit Form I-821, Application for Temporary Protected Status. Applicants may also request an Employment Authorization Document (EAD) by submitting a completed Form I-765, Application for Employment Authorization, when they file Form I-821, or separately at a later date. Both forms are free on USCIS’ website at uscis.gov/tps.

USCIS will issue new EADs with a Sept. 30, 2019, expiration date to eligible Syrian TPS beneficiaries who timely re-register and apply for EADs. However, given the timeframes involved with processing TPS re-registration applications, USCIS is automatically extending the validity of EADs with an expiration date of March 31 for 180 days, through Sept. 27.

To be eligible for TPS under Syria’s current designation, individuals must have continuously resided in the United States since Aug. 1, 2016, and have been continuously physically present in the United States since Oct. 1, 2016, along with meeting the other eligibility requirements.

On Jan. 31, Secretary of Homeland Security Kirstjen M. Nielsen announced her determination that the conditions supporting Syria’s TPS designation continue. The secretary made her decision after reviewing country conditions and consulting with appropriate U.S. government agencies. Before the 18-month extension ends, the secretary will review conditions in Syria to determine whether its TPS designation should be extended again or terminated.