13 Russians Indicted, Election Interference

Posted on February 16, 2018February 16, 2018 by Denise Simon

Hoorah for Rosenstein and Mueller!

Rosenstein: “No Allegations That Any American Had Any Knowledge” Of Russian Election Influence Operation

The Department of Justice indictment is here.

Image result for internet research agency Internet Research Agency, St. Petersburg, Russia NBC

The Department of Justice has issued charges against 13 Russian nationals involved with the Internet Research Agency, an organization at the center of fake news and trolling during the 2016 presidential election.

The US Justice Department has filed charges against 13 Russian nationals and three Russian groups for interfering with the 2016 presidential election.

In an indictment released on Friday (.pdf), the Justice Department called out the Internet Research Agency, a notorious group behind the Russian propaganda effort across social media. Employees for the agency created troll accounts and used bots to prop up arguments and sow political chaos during the 2016 presidential campaign.

Facebook, Twitter and Google have struggled to deal with fake news, trolling campaigns and bots on their platforms, facing the scorn of Capitol Hill over their mishandlings.

The indictment lists 13 Russian nationals tied to the effort. Prosecutors said the efforts began as early as 2014 to interfere with US politics, with trolls posing as Americans, creating false personalities and spreading fake news across Facebook, Twitter and YouTube.

“These groups and pages, which addressed divisive U.S. political and social issues, falsely claimed to be controlled by US activists when, in fact, they were controlled by defendants,” the indictment said.

More here.

List of Companies, Amicus Brief Against Trump’s Sanctuary City Policy

Posted on February 15, 2018February 15, 2018 by Denise Simon

The Senate defeated a GOP proposal based on President Donald Trump’s immigration framework.
The plan would have offered a path to citizenship for “Dreamers” and increased border security while also cutting legal immigration.
The vote was 39-60, with 60 votes needed for approval.

I say GOOD. It was fraught with loopholes and the actual number of illegals in question remained unknown.

Meanwhile, there is more going on with the whole sanctuary city thing. Hold on, you wont like this.

In 2017, State Atty. Gen. Xavier Becerra on Wednesday filed a brief in support of a Santa Clara County lawsuit challenging President Trump’s executive order targeting “sanctuary” cities that refuse to help federal authorities enforce immigration laws.

The amicus brief cites Trump’s threat to withhold federal funds from sanctuary cities and counties as well as the state’s interest in protecting state laws and policies that promote public safety and protect the constitutional rights of residents, Becerra said.

*** It gets worse… to read how the brief is cherry-picked on facts, go here.

So, there is a pile of companies that have filed an amicus brief against the Trump administration position on sanctuary cities.

The full list of tech companies (and a few others) that signed the amicus brief opposing President Trump’s executive order on immigration.

The full brief is available online.

1. AdRoll, Inc.

2. Aeris Communications, Inc.

3. Airbnb, Inc.

4. AltSchool, PBC

5. Ancestry.com, LLC

6. Appboy, Inc.

7. Apple Inc.

8. AppNexus Inc.

9. Asana, Inc.

10. Atlassian Corp Plc

11. Autodesk, Inc.

12. Automattic Inc.

13. Box, Inc.

14. Brightcove Inc.

15. Brit + Co

16. CareZone Inc.

17. Castlight Health

18. Checkr, Inc.

19. Chobani, LLC

20. Citrix Systems, Inc.

21. Cloudera, Inc.

22. Cloudflare, Inc.

23. Copia Institute

24. DocuSign, Inc.

25. DoorDash, Inc.

26. Dropbox, Inc.

27. Dynatrace LLC

28. eBay Inc.

29. Engine Advocacy

30. Etsy Inc.

31. Facebook, Inc.

32. Fastly, Inc.

33. Flipboard, Inc.

34. Foursquare Labs, Inc.

35. Fuze, Inc.

36. General Assembly

37. GitHub

38. Glassdoor, Inc.

39. Google Inc.

40. GoPro, Inc.

41. Harmonic Inc.

42. Hipmunk, Inc.

43. Indiegogo, Inc.

44. Intel Corporation

45. JAND, Inc. d/b/a Warby Parker

46. Kargo Global, Inc.

47. Kickstarter, PBC

48. KIND, LLC

49. Knotel

50. Levi Strauss & Co.

51. LinkedIn Corporation

52. Lithium Technologies, Inc.

53. Lyft, Inc.

54. Mapbox, Inc.

55. Maplebear Inc. d/b/a Instacart

56. Marin Software Incorporated

57. Medallia, Inc.

58. A Medium Corporation

59. Meetup, Inc.

60. Microsoft Corporation

61. Motivate International Inc.

62. Mozilla Corporation

63. Netflix, Inc.

64. NETGEAR, Inc.

65. NewsCred, Inc.

66. Patreon, Inc.

67. PayPal Holdings, Inc.

68. Pinterest, Inc.

69. Quora, Inc.

70. Reddit, Inc.

71. Rocket Fuel Inc.

72. SaaStr Inc.

73. Salesforce.com, Inc.

74. Scopely, Inc.

75. Shutterstock, Inc.

76. Snap Inc.

77. Spokeo, Inc.

78. Spotify USA Inc.

79. Square, Inc.

80. Squarespace, Inc.

81. Strava, Inc.

82. Stripe, Inc.

83. SurveyMonkey Inc.

84. TaskRabbit, Inc

85. Tech:NYC

86. Thumbtack, Inc.

87. Turn Inc.

88. Twilio Inc.

89. Twitter Inc.

90. Uber Technologies, Inc.

91. Via

92. Wikimedia Foundation, Inc.

93. Workday

94. Y Combinator Management, LLC

95. Yelp Inc.

96. Zynga Inc.

ADDED Feb. 6, 2017

97. Adobe Systems Inc.

98. Affirm, Inc.

99. Ampush LLC

100. Brocade Communications Systems Inc.

101. Bungie, Inc.

102. Casper Sleep, Inc.

103. Cavium, Inc.

104. Chegg, Inc.

105. ClassPass Inc.

106. Coursera

107. EquityZen Inc.

108. Evernote

109. Gusto

110. Handy Technologies, Inc.

111. HP Inc.

112. IAC/InterActive Corp.

113. Linden Lab

114. Managed by Q Inc.

115. MobileIron

116. New Relic, Inc.

117. Pandora Media, Inc.

118. Planet Labs Inc.

119. RPX Corporation

120. Shift Technologies, Inc.

121. Slack Technologies, Inc.

122. SpaceX

123. Tesla, Inc.

124. TripAdvisor, Inc.

125. Udacity, Inc.

126. Zendesk, Inc.

127. Zenefits

Where is the Legislation/Law Mandating Against Cyber Intrusions?

Posted on February 14, 2018February 14, 2018 by Denise Simon

No one in Washington DC or media talks about the ever constant cyber attacks against all things United States.

There have been countless hearings on The Hill about Russian operations against the election architecture in the United States as well as other allied countries. While Russia is one of the top threats, Iran and North Korea are also guilty, yet China likely ranks number two behind Russia.

So, anti-Trump people inside the Beltway blame the Trump White House for the lack of leadership on the issue(s) especially when it comes to protections on the voter-roll databases at the state level and the learning curve of vulnerabilities of the voting machines themselves. So…where are these lawmakers and the bills they have introduced for debate, committee and eventual passage in both Houses of Congress anyway?

Who is protecting data across the board, our data? Where is the Department of Homeland Security and the FBI on the matter? Both those agencies were assigned to collaborate with threatened State Elections Commissions during the General election. Remember that?

This all began during the Obama administration where the ultimate punishment was to expel Russian diplomatic officials, close two dachas and the Russian compound in San Francisco. Has that sent a message to Moscow and fixed the problem(s)? NO….

There are thousands of experts outside the Federal government that do offer assistance with investigations and attributions and they too can offer some in sight into legislative frameworks and yet no one knows if that has been forthcoming.

*** Russian Attacks Will Continue

UPDATE: As the nation’s top intelligence chiefs testified before the Senate Intelligence Committee Tuesday, spelling out the very real threat Russia continues to pose to our democracy, Director of National Intelligence Dan Coats admitted “there is no single agency leading the United States’ efforts to respond to and combat Russian election meddling.”

Multiple Senators on the panel expressed their concern for President Trump’s ongoing unwillingness to acknowledge Russian interference in the 2016 election, echoing a common sentiment among national security experts that an absence of leadership at the top is hindering U.S. efforts to fight back.

CNN:

… Coats said Tuesday “there should be no doubt” that Russia sees the 2018 US elections as a target.

Coats and the other top national security officials told the Senate Intelligence Committee on Tuesday that they still view Moscow as a threat to the 2018 elections, a stance that appears at odds with President Donald Trump’s repeated dismissals of Russian election meddling.

“We expect Russia to continue using propaganda, social media, false-flag personas, sympathetic spokesmen and other means to influence, to try to build on its wide range of operations and exacerbate social and political fissures in the United States,” Coats said at a hearing on worldwide threats. “There should be no doubt that Russia perceives its past efforts as successful and views the 2018 US midterm elections as a potential target for Russian influence operations.”

(…)

Sen. Angus King, I-Maine, pressed on the disparity between the intelligence community’s viewpoint and the president’s — urging the intelligence chiefs to persuade the president to accept their findings that Russia interfered in the 2016 election.

“My problem is, I talk to people in Maine who say the whole thing is a witch hunt and a hoax ‘because the President told me’,” King said. “There’s no doubt, as you all have testified today, we cannot confront this threat, which is a serious one, with a whole of government response when the leader of the government continues to that deny it exists.”

The Atlantic:

John Sipher, a former chief of station for the CIA who served for 28 years in Russia, Europe, and Asia, told me that the intelligence community will continue to be focused on Russia’s threat “no matter what the White House says or doesn’t say.” Ultimately, though, it will be up to Trump to implement meaningful changes.

“The IC is not the most important in this case,” Sipher said, referring to the intelligence community. “They may uncover what the Russians are up to but they can’t really defend against it or take actions to deter it, unless the President supports a covert action effort to screw with the Russians, like with a cyber attack.”

“Tightening up our social media, protecting voter-registration systems and procedures—those things are beyond the ability or mandate of the IC,” Sipher said. “And I don’t think we have done nearly enough to deter or defend against Russian attacks.

US intel chiefs unanimous that Russia is targeting 2018 elections (CNN)

Russia Will Meddle in the Midterms (The Atlantic)

No Agency Leading U.S. Response to Russian Election Meddling, Says Intel Chief (The Daily Beast)

As the Senate Intelligence Committee hears from the nation’s top intelligence and national security officials on worldwide threats, a prepared written assessment warns of ongoing Russian efforts to undermine democracy.

NBC News:

“Foreign elections are critical inflection points that offer opportunities for Russia to advance its interests both overtly and covertly,” says the assessment. “The 2018 US mid-term elections are a potential target for Russian influence operations.”

(…)

“We assess that the Russian intelligence services will continue their efforts to disseminate false information via Russian state-controlled media and covert online personas about US activities to encourage anti-US political views,” the statement says.

“Moscow seeks to create wedges that reduce trust and confidence in democratic processes, degrade democratization efforts, weaken US partnerships with European allies, undermine Western sanctions, encourage anti-US political views, and counter efforts to bring Ukraine and other former Soviet states into European institutions.”

In his opening statement, Vice Chairman Mark Warner (D-VA) noted President Trump’s absence of leadership on the issue.

Sen. Mark Warner, D-Va., the top Democrat on the committee, said in prepared remarks that “the President inconceivably continues to deny the threat posed by Russia. He didn’t increase sanctions on Russia when he had a chance to do so. He hasn’t even Tweeted a single concern. This threat demands a whole-of-government response, and that needs to start with leadership at the top.”

U.S. intel agencies expect Russia to escalate election meddling efforts (NBC News)

Worldwide Threat Assessment (pdf)

22 Agencies Trump’s Proposed Budget Eliminates

Posted on February 13, 2018February 13, 2018 by Denise Simon

Only 22? C’mon POTUS….there are thousands…

How about Alhurra TV? Or Mediation and Conciliation Service, Presidio Trust, National Mediation Board?

Image result for government agencies photo

President Trump on Monday unveiled his budget proposal for the 2019 fiscal year, which makes significant cuts to some federal agencies and projects as part of an effort to slash the federal deficit by $3 trillion over the next 10 years.

As part of that effort, Trump has proposed eliminating funding for several agencies, grant programs and institutes.

While lawmakers are unlikely to enact most of Trump’s proposal, here’s a look at some of the centers and agencies the White House wants to abolish.

1. The McGovern-Dole International Food for Education, which donates agricultural commodities and financial assistance to carry out school feeding programs in foreign countries.

2. The Rural Business and Cooperative Service, which provides loans, grants and payments intended to increase opportunities in rural communities.

3. The Economic Development Administration, which provides federal grants to communities in support of locally-developed economic plans.

4. The Manufacturing Extension Partnership, which subsidizes advisory and consulting services for small and medium-size manufacturers.

5. 21st Century Community Learning Centers, which helps communities establish or expand centers to provide before- and after-school programs and summer school programs.

6. Gaining Early Awareness and Readiness for Undergraduate Programs, an Education Department program that provides grants to support college preparation for low-income students.

7. The Agency for Healthcare Research and Quality, which researches ways to enhance the effectiveness of health services.

8. The Advanced Research Projects Agency, which provides support for Energy Department projects.

9. The National Wildlife Refuge Fund, which compensates communities for lost tax revenue when the federal government acquires their land.

10. The Global Climate Change Initiative, a proposal that reflects Trump’s decision last year to withdraw from the Paris climate agreement.

11. The NASA Office of Education, which provides grants to colleges and universities, museums and science centers. The funding would be redirected within NASA.

12. The Chemical Safety Board, which is tasked with investigating accidents at chemical facilities.

13. The Corporation for National and Community Service, which funds service opportunities, promotes volunteering and helps nonprofit organizations find volunteers.

14. The Corporation for Public Broadcasting, which funds public television and radio stations including Public Broadcasting Service and NPR.

15. The Institute of Museum and Library Services, which funds museums and libraries nationwide with grants.

16. The Legal Services Corporation, a nonprofit that provides civil legal assistance for low-income individuals.

17. The National Endowment for the Arts, which funds American artists and projects with grants.

18. The National Endowment for the Humanities, which provides grants to American humanities scholars.

19. The Neighborhood Reinvestment Corporation, which funds community development projects nationwide.

20. The Denali Commission, the Delta Regional Authority and the Northern Border Regional Commission, which fund infrastructure and economic projects in specified areas.

21. The U.S. Trade and Development Agency, which provides U.S. goods and services for foreign projects.

22. The Woodrow Wilson International Center for Scholars, a think tank focused on international affairs and foreign policy.

Do You Know What CTIIC is? You Should

Posted on February 13, 2018February 13, 2018 by Denise Simon

First…there is no policy as admitted in a Senate Intelligence Hearing of the heads of the intelligence agencies and confirmed by Senator Angus King (Maine).

Image result for CTIIC

CTIIC is the federal lead for intelligence support in response to significant cyber incidents, working—on behalf of the IC—to integrate analysis of threat trends and events, build situational awareness, and support interagency efforts to develop options for degrading or mitigating adversary threat capabilities.

The idea of creating a cyber threat framework came from observations among the US policy community that cyber was being described by different agencies in a variety of ways that made consistent understanding difficult. There are over a dozen analytic models being used across government, academia, and the private sector. Each model reflects the priorities and interests of its developer, but the wide disparities across models made it difficult to facilitate efficient situational analysis that was based on objective data.

The framework will be scalable and facilitate data sharing at “machine speed.” Implementation within the USG will include processes to reduce or eliminate double-counting of threat data.

Cyber Threat Framework Frequently Asked Questions

A Common Threat Framework Food for Thought

Cyber Threat Framework – Overview

Cyber Threat Framework – How to Use Lesson Plan

Cyber Threat Framework – Lexicon

A Common Cyber Threat Framework: A Foundation for Communication

A Common Cyber Threat Framework: A Foundation for Communication – Short Version

So….In 2017 Equifax confirmed it has suffered a massive data breach, cyber criminals stole sensitive personal records of 145 million belonging to US citizens and hundreds of thousands Canada and in the UK.

Attackers exploited the CVE-2017-5638 Apache Struts vulnerability. The vulnerability affects the Jakarta Multipart parser upload function in Apache and could be exploited by an attacker to make a maliciously crafted request to an Apache web server.

The vulnerability was fixed back in March, but the company did not update its systems, the thesis was also reported by an Apache spokeswoman to the Reuters agency.

Compromised records include names, social security numbers, birth dates, home addresses, credit-score dispute forms, and for some users also the credit card numbers and driver license numbers.

Now experts argue the Equifax hack is worse than previously thought, according to documents provided by Equifax to the US Senate Banking Committee the attackers also stole taxpayer identification numbers, phone numbers, email addresses, and credit card expiry dates belonging to some Equifax customers.

This means that crooks have all necessary data to arrange any king of fraud by steal victims’ identities. More here.

Further, the Trump administration appears to omitted any reference to the Chinese cyber threat domestically….here is a clue on their activity and how they cannot be trusted…and we have not even mentioned Russia..

In 2012 Chinese companies Huawei and ZTE were considered high threat risks to the United States and sadly, both were introduced again at this same Senate hearing on February 13, 2018.

China’s government has denied reports that it spied on the servers at the African Union’s Chinese-built headquarters for more than five years, gaining access to confidential information.

In an investigation published by French newspaper Le Monde, China, which also paid and built the computer network at the AU, allegedly inserted a backdoor (in French) that allowed it to transfer data. The hack wasn’t detected until Jan. 2017 when technicians noticed that between midnight and 2 am every night, there was a peak in data usage even though the building was empty. After investigating, it was found that the continental organization’s confidential data was being copied on to servers in Shanghai.

China’s ambassador to the AU dismissed the reports as “absurd” and “preposterous.” Kuang Weilin told reporters in Ethiopia that it was “very difficult to understand” Le Monde’s claims and that the story was certain to “create problems for China-Africa relations.”

The revelations come as African presidents convene in Addis Ababa to attend the continental summit on governance. In 2012, when the AU building was completed, it was signified as a symbolic gesture aimed at solidifying Sino-Africa relations. The landmark 20-story office tower overlooking a pearl-shaped conference center was “a gift” from the Chinese government to help African nations integrate better and improve their institutional capacity.

But the alleged data theft puts a spin on that rosy affair and might strain the relationship between the two sides. China is heavily involved in Africa, with its companies and entrepreneurs conducting trade and investing heavily in African countries. Chinese aid has also been blamed for propping up authoritarian regimes, constructing shoddy roads and infrastructure built by imported Chinese workers, and focusing mainly on countries home to oil, minerals, and other resources that China needs. But China is also cultivating the next generation of African leaders, with Beijing taking thousands of African leaders, bureaucrats, students, and business people to China for training and education. More here.

For sure there is no policy and lawmakers are dumbfounded on introducing any kind of offensive or consequential legislation. Hello Angus?