Tag Archives: cybersecurity

Geek Squad’s Relationship with FBI Is Cozier Than We Thought

 

By Aaron Mackey. Published 3-5-2018 by Electronic Freedom Foundation

After the prosecution of a California doctor revealed the FBI’s ties to a Best Buy Geek Squad computer repair facility in Kentucky, new documents released to EFF show that the relationship goes back years. The records also confirm that the FBI has paid Geek Squad employees as informants.

EFF filed a Freedom of Information Act (FOIA) lawsuit last year to learn more about how the FBI uses Geek Squad employees to flag illegal material when people pay Best Buy to repair their computers. The relationship potentially circumvents computer owners’ Fourth Amendment rights. Continue reading

Share

Trump, Congress and the case for Treason

What happens when a sitting president kicks the legs of Democracy’s stool?

Written by Carol Benedict

President Donald Trump delivered his 2018 State of the Union address on January 20, 2018. Since that time, the consequences and ramifications put forth in that speech are still being discussed after having set new precedents to the tone, nature and policies spelled out to the American people.

Congress has always held the tradition that when the sitting president delivers these speeches, the opposing party withholds applause and ovations for most the speech, and only the most basic and inarguable points receive unanimous approval. Like all traditions in Washington since Trump’s inauguration, this too has now changed.

Agreeing with a critic who called the actions of the democrats “treasonous” and “un-American” for not applauding policies they disagree with, Trump has taken a step into an entirely new territory that should have caused alarm bells to go for all.

“You’re up there, you’ve got half the room going totally crazy, wild—they loved everything, they want to do something great for our country. And you have the other side, even on positive news—really positive news, like that—they were like death and un-American. Un-American,” the president said. “Somebody said, ‘treasonous.’ I mean, yeah, I guess, why not? Can we call that treason? Why not? I mean, they certainly didn’t seem to love our country very much.”

The White House quickly defended Trump’s words, saying it was meant as a joke. When the President of the United States makes a JOKE of calling for the DEATHS of the opposing party’s members of Congress, we have entered a perception and introduction to authoritarian rule and dictatorship. Opposing the president is not punishable by death in the US, and to suggest otherwise demonstrates total ignorance or self-absorption. In fact, the 1st Amendment to the Constitution provides for the right of every American to not only disagree with the government or even the President, but to also assemble together to make their grievances known. Most people know this concept as “protest” or “dissent.”

In service to our country, we have put together a short refresher course about the history of Treason charges in the US since World War II. Let’s begin with what the law states as the punishment for Treason.

“Whoever, owing allegiance to the United States, levies war against them or adheres to their enemies, giving them aid and comfort within the United States or elsewhere, is guilty of treason and shall suffer death, or shall be imprisoned not less than five years and fined under this title but not less than $10,000; and shall be incapable of holding any office under the United States.”
(June 25, 1948, ch. 645, 62 Stat. 807; Pub. L. 103–322, title XXXIII, § 330016(2)(J), Sept. 13, 1994, 108 Stat. 2148.)

One person convicted of treason was Tomoya Kawakita, a Japanese-American sentenced to death in 1952 for tormenting American prisoners of war during World War II. Even such a clear-cut case created qualms; Kawakita was commuted to a life sentence and was eventually deported to Japan and barred from ever entering the United States again.

On June 19, 1953, Julius and Ethel Rosenberg were executed after being convicted of committing espionage for the Soviet Union. They were accused of transmitting nuclear weapon designs to the Soviet Union; at that time the United States was the only country with nuclear weapons. They were also accused of providing top-secret information about radar, sonar, and jet propulsion engines to the USSR. Espionage is considered a treasonable act.

Treason is a serious, non-jokable charge with very unfunny consequences. But don’t overlook this as just another benign statement from an overly-vociferous president. What he is actually demanding here is a One Party System that does not allow dissent or protest, that prevents a press from publishing negative articles and results in job losses of federal employees who oppose his authority.

His latest claim is that if he does not get his way on immigration, he will shut down the government. This holds the American people hostage and in economic jeopardy and is questionably illegal.

The irony in all of this is that for all intents and purposes, this president has walked up to the line of committing Treason himself, and is so close in reality that only legal experts can parse out if or why he has not actually committed that crime. In psychology, this is called “Projectionalism;” to accuse others of what you are carry inside yourself.

Since taking office, Trump has assembled quite a laundry list of things he has done for the benefit of the Russian government.

* Shortly after his inauguration, Russian officials were invited to an Oval Office meeting, in which Trump revealed to Foreign Minister Lavrov secrets that compromised the coordination of intelligence gathering with Israeli operatives, jeopardizing Israeli and the U.S. ability to track down terrorists and proliferates.
* Following the events in the Ukraine in 2014 and Russian interference in the 2016 elections, Congress imposed sanctions against Russia and individual operatives of the Russian government. Since taking office, Trump has refused to take actions to impose these sanctions, despite the fact the law requires him to do so.
* The recent meeting in the United States dealing with cybersecurity and counterterrorism between CIA Director Mike Pompeo and the heads of Russia’s intelligence agencies, one of which is included in the above mentioned sanctions and not allowed travel to the US.
* The Gasleys, a tanker carrying Russian LPG, docked in Boston and unloaded its cargo recently. Russia’s gas and oil industry is currently under sanctions, or is supposed to be at any rate.
* The Nunes memo and the Republican efforts to discredit the FBI and other intelligence services as a way to slow or stop Robert Mueller’s investigation has weakened the trust between Congress and the intelligence community, and has shown sources that their identities may not be protected.
* On April 7, 2017, the Trump administration launched a cruise missile strike against Shayrat airbase in Syria. The US launched 58 cruise missiles at the base, yet the base was operational within two days of the attack. Why? Because Trump had warned the Russians about the attack, so most of the planes, etc. had been moved before the missiles were even launched.

Moreover, words in the State of the Union address called for extending presidential powers and other non-restrictive measures which, in effect, abolish the Rule of Law for the President and his Administration’s activities.

America is now teetering on the balance between being ruled, not governed; in complete spineless fear, the GOP clenches their power at the cost of democracy and nation, shredding the ideals of the Constitution as fast as this administration has shed regulations protecting the American people, environment, public lands and diverse society.

At the fulcrum, we wait for something – anything – to prevent further decay of the country once known as a shining example of democracy.

About the Author:
Carol Benedict is an independent researcher and human rights activist. She is also an independent Journalist and a professional member of the US Press Association.

Share

Citing Poor Care for Mental Health in US Prisons, UK Court Refuses Extradition Request

For a second time in six years, the U.K. has declined to send an accused hacker to the U.S. out of concern for his safety in the care of the Department of Justice

By Julia Conley, staff writer for CommonDreams. Published 4-6-2018 

Lauri Love. Photo: HackRead

An accused hacker will not be extradited to the United States after a British appeals court ruled that detaining the man in U.S. prisons would be harmful to his health and safety.

Lauri Love, who is accused to stealing information from U.S. military agencies and private companies in 2012 and 2013, had argued that his medical and mental health conditions—including severe depression and Asperger’s syndrome—would likely be mistreated in the U.S. prison system, putting him at risk for suicide. Continue reading

Share

Senate Votes to Give Trump Vast Domestic Spying Powers “No President Should Have”

“Instead of instituting much needed reforms, lawmakers voted to give the Trump administration broad powers to spy on Americans and foreigners at home and abroad without a warrant.”

By Jon Queally, staff writer for CommonDreams. Published 1-18-2018

Photo: YouTube

Defenders of civil liberties and privacy advocates expressed their discontent on Thursday after the U.S. Senate passed a bill that reauthorizes and expands the ability of the goverment to spy on the digital communications without a warrant.

With a final vote of 65-34 vote in favor, the passage of the FISA Amendments Reauthorization Act of 2017—now headed to President Donald Trump’s desk for a signature—will extend for six years a provision known as Section 702 of the Foreign Intelligence Surveillance Act (FISA) which allows for call the “unconstitutional spying” on emails, text messages, and other digital communications of both Americans and foreign nationals without a warrant. Continue reading

Share

House GOP Quietly Moves to Kill Commission Charged With Securing Elections

House Committee also voted to abolish public financing for presidential elections

By Lauren McCauley, staff writer for Common Dreams. Published 2-7-2017

Tuesday’s votes by GOP committee members, as The Nation’s Ari Berman put it, are “more proof of how the GOP’s real agenda is to make it harder to vote.” (Photo: Keith Ivey/cc/flickr)

Amid national outrage over possible foreign interference in the 2016 election and President Donald Trump’s own lies about so-called voter fraud, House Republicans on Tuesday quietly advanced two bills that “could profoundly impact the way we administer and finance national elections,” watchdogs are warning.

The GOP-dominated Committee on House Administration voted along party lines to approve the Election Assistance Commission (EAC) Termination Act (HR 634), which would abolish the only “federal agency charged with upgrading our voting systems” and “helping to protect our elections from hacking,” as Wendy Weiser, director of the Democracy Program at NYU School of Law’s Brennan Center for Justice, put it. Continue reading

Share

Top 5 Stories You Missed in 2016 While Everyone Mourned Dead Celebrities

By Jake Anderson. Published 1-3-2017 by The Anti-Media

Photo: Chris Barker

First of all, let me confess that I shed some tears when David Bowie died. I know all 20+ of his albums by heart, and it felt like a piece of my childhood had disappeared. A few years ago, when Philip Seymour Hoffman died, I also cried. It’s a strange emotional symbiosis that occurs when you mourn for a deceased celebrity, and the point of this article is not to cast aspersions. However, 2016 has basically become known as the year a bunch of celebrities died, so there’s no better time to assess the phenomenon (and make sure it doesn’t distract us from other issues).

Over Christmas weekend, millions of people mourned the loss of George Michael and Carrie Fisher. They were advocates for gay rights and mental illness, respectively, and the nation reeled from the passing of two beloved iconic figures. Earlier this year, music legend Prince passed away, devastating tens of millions of fans for whom the musician represented everything from their adolescence in the 1980s to political statements of gender-bending. The list of celebrities who died in 2016 is extensive and, for some, unnerving. Continue reading

Share

US Government Quietly Starts Asking Travelers for Social Media Accounts

Controversial program met with opposition from civil liberties groups when first proposed in June

By Nadia Prupis, staff writer for Common Dreams. Published 12-23-2016

Social media accounts are “gateways into an enormous amount of [users’] online expression and associations, which can reflect highly sensitive information about that person’s opinions, beliefs, identity, and community.” (Photo: The Hamster Factor/flickr/cc)

The U.S. government has quietly started to ask foreign travelers to hand over their social media accounts upon arriving in the country, a program that aims to spot potential terrorist threats but which civil liberties advocates have long opposed as a threat to privacy.

The program has been active since Tuesday, asking travelers arriving to the U.S. on visa waivers to voluntarily enter information associated with their online presence, including “Facebook, Google+, Instagram, LinkedIn, and YouTube, as well as a space for users to input their account names on those sites,” Politico reports. Continue reading

Share

UN Expert Decries Global Assault on Freedom of Expression

The findings reveal ‘how policies and laws against terrorism and other criminal activity risk unnecessarily undermining the media, critical voices, and activists’

By Andrea Germanos, staff writer for Common Dreams. Published 10-21-2016

"Censorship in all its forms reflects official fear of ideas and information," said U.N. Special Rapporteur on the freedom of opinion and expression, David Kaye. (Photo: Rachel Hinman/flickr/cc)

“Censorship in all its forms reflects official fear of ideas and information,” said U.N. Special Rapporteur on the freedom of opinion and expression, David Kaye. (Photo: Rachel Hinman/flickr/cc)

“Governments are treating words as weapons,” a United Nations expert has warned, previewing a report on the global attack on the freedom of expression.

The report, based on communications with governments stemming from allegations of human rights law violations—reveal “sobering” trends of threats worldwide and “how policies and laws against terrorism and other criminal activity risk unnecessarily undermining the media, critical voices, and activists.” Continue reading

Share

Thai Court Conviction of Activist Sends Shockwaves Through Global Human Rights Community

British activist Andy Hall was accused of criminal defamation by a company for his work exposing the abuse of migrant workers at their pineapple processing plant

By Lauren McCauley, staff writer for Common Dreams. Published 9-20-2016

"Andy Hall has spent years working to protect the rights of marginalized workers in Thailand. He should be commended for his efforts, not fined and sentenced," said Malaysian Parliament member and Asian Parliamentarians for Human Rights chairperson Charles Santiago. (Photo via UN Human Rights- Asia/Facebook)

“Andy Hall has spent years working to protect the rights of marginalized workers in Thailand. He should be commended for his efforts, not fined and sentenced,” said Malaysian Parliament member and Asian Parliamentarians for Human Rights chairperson Charles Santiago. (Photo via UN Human Rights- Asia/Facebook)

Setting a chilling precedent for human rights defenders worldwide, a British activist on Tuesday was convicted of criminal defamation and cyber crimes by a Thai court for his work exposing the abuse of migrant workers at a pineapple processing plant.

Andy Hall, with the Migrant Worker Rights Network, had contributed to the 2013 report Cheap Has a High Price (pdf) by Finnwatch, a Finnish civil society organization, that outlined allegations of serious human rights violations by Natural Fruit Company Ltd. Continue reading

Share

How vulnerable to hacking is the US election cyber infrastructure?

Richard Forno, University of Maryland, Baltimore County

Voting stand and the notorious "butterfly ballot", from Palm Beach County from the disputed 2000 U.S. Presidential election. Photo: Infrogmation (Own work) [CC BY 2.5 ], via Wikimedia Commons

Voting stand and the notorious “butterfly ballot”, from Palm Beach County from the disputed 2000 U.S. Presidential election. Photo: Infrogmation (Own work) [CC BY 2.5], via Wikimedia Commons

Following the hack of Democratic National Committee emails and reports of a new cyberattack against the Democratic Congressional Campaign Committee, worries abound that foreign nations may be clandestinely involved in the 2016 American presidential campaign. Allegations swirl that Russia, under the direction of President Vladimir Putin, is secretly working to undermine the U.S. Democratic Party. The apparent logic is that a Donald Trump presidency would result in more pro-Russian policies. At the moment, the FBI is investigating, but no U.S. government agency has yet made a formal accusation.

The Republican nominee added unprecedented fuel to the fire by encouraging Russia to “find” and release Hillary Clinton’s missing emails from her time as secretary of state. Trump’s comments drew sharp rebuke from the media and politicians on all sides. Some suggested that by soliciting a foreign power to intervene in domestic politics, his musings bordered on criminality or treason. Trump backtracked, saying his comments were “sarcastic,” implying they’re not to be taken seriously.

Of course, the desire to interfere with another country’s internal political processes is nothing new. Global powers routinely monitor their adversaries and, when deemed necessary, will try to clandestinely undermine or influence foreign domestic politics to their own benefit. For example, the Soviet Union’s foreign intelligence service engaged in so-called “active measures” designed to influence Western opinion. Among other efforts, it spread conspiracy theories about government officials and fabricated documents intended to exploit the social tensions of the 1960s. Similarly, U.S. intelligence services have conducted their own secret activities against foreign political systems – perhaps most notably its repeated attempts to help overthrow pro-communist Fidel Castro in Cuba.

Although the Cold War is over, intelligence services around the world continue to monitor other countries’ domestic political situations. Today’s “influence operations” are generally subtle and strategic. Intelligence services clandestinely try to sway the “hearts and minds” of the target country’s population toward a certain political outcome.

What has changed, however, is the ability of individuals, governments, militaries and criminal or terrorist organizations to use internet-based tools – commonly called cyberweapons – not only to gather information but also to generate influence within a target group.

So what are some of the technical vulnerabilities faced by nations during political elections, and what’s really at stake when foreign powers meddle in domestic political processes?

Ohio citizens using electronic voting machines during the 2012 presidential election. Aaron Josefczyk/Reuters

Vulnerabilities at the electronic ballot box

The process of democratic voting requires a strong sense of trust – in the equipment, the process and the people involved.

One of the most obvious, direct ways to affect a country’s election is to interfere with the way citizens actually cast votes. As the United States (and other nations) embrace electronic voting, it must take steps to ensure the security – and more importantly, the trustworthiness – of the systems. Not doing so can endanger a nation’s domestic democratic will and create general political discord – a situation that can be exploited by an adversary for its own purposes.

As early as 1975, the U.S. government examined the idea of computerized voting, but electronic voting systems were not used until Georgia’s 2002 state elections. Other states have adopted the technology since then, although given ongoing fiscal constraints, those with aging or problematic electronic voting machines are returning to more traditional (and cheaper) paper-based ones.

New technology always comes with some glitches – even when it’s not being attacked. For example, during the 2004 general election, North Carolina’s Unilect e-voting machines “lost” 4,438 votes due to a system error.

But cybersecurity researchers focus on the kinds of problems that could be intentionally caused by bad actors. In 2006, Princeton computer science professor Ed Felten demonstrated how to install a self-propagating piece of vote-changing malware on Diebold e-voting systems in less than a minute. In 2011, technicians at the Argonne National Laboratory showed how to hack e-voting machines remotely and change voting data.

Voting officials recognize that these technologies are vulnerable. Following a 2007 study of her state’s electronic voting systems, Ohio Secretary of State Jennifer L. Brunner announced that

the computer-based voting systems in use in Ohio do not meet computer industry security standards and are susceptible to breaches of security that may jeopardize the integrity of the voting process.

As the first generation of voting machines ages, even maintenance and updating become an issue. A 2015 report found that electronic voting machines in 43 of 50 U.S. states are at least 10 years old – and that state election officials are unsure where the funding will come from to replace them.

A rigged (and murderous) voting machine on ‘The Simpsons’ satirized the issue in 2008.

Securing the machines and their data

In many cases, electronic voting depends on a distributed network, just like the electrical grid or municipal water system. Its spread-out nature means there are many points of potential vulnerability.

First, to be secure, the hardware “internals” of each voting machine must be made tamper-proof at the point of manufacture. Each individual machine’s software must remain tamper-proof and accountable, as must the vote data stored on it. (Some machines provide voters with a paper receipt of their votes, too.) When problems are discovered, the machines must be removed from service and fixed. Virginia did just this in 2015 once numerous glaring security vulnerabilities were discovered in its system.

Once votes are collected from individual machines, the compiled results must be transmitted from polling places to higher election offices for official consolidation, tabulation and final statewide reporting. So the network connections between locations must be tamper-proof and prevent interception or modification of the in-transit tallies. Likewise, state-level vote-tabulating systems must have trustworthy software that is both accountable and resistant to unauthorized data modification. Corrupting the integrity of data anywhere during this process, either intentionally or accidentally, can lead to botched election results.

However, technical vulnerabilities with the electoral process extend far beyond the voting machines at the “edge of the network.” Voter registration and administration systems operated by state and national governments are at risk too. Hacks here could affect voter rosters and citizen databases. Failing to secure these systems and records could result in fraudulent information in the voter database that may lead to improper (or illegal) voter registrations and potentially the casting of fraudulent votes.

And of course, underlying all this is human vulnerability: Anyone involved with e-voting technologies or procedures is susceptible to coercion or human error.

Voting machines in the warehouse before they are sent out to local precincts. Chris Keane/Reuters

How can we guard the systems?

The first line of defense in protecting electronic voting technologies and information is common sense. Applying the best practices of cybersecurity, data protection, information access and other objectively developed, responsibly implemented procedures makes it more difficult for adversaries to conduct cyber mischief. These are essential and must be practiced regularly.

Sure, it’s unlikely a single voting machine in a specific precinct in a specific polling place would be targeted by an overseas or criminal entity. But the security of each electronic voting machine is essential to ensuring not only free and fair elections but fostering citizen trust in such technologies and processes – think of the chaos around the infamous hanging chads during the contested 2000 Florida recount. Along these lines, in 2004, Nevada was the first state to mandate e-voting machines include a voter-verified paper trail to ensure public accountability for each vote cast.

Proactive examination and analysis of electronic voting machines and voter information systems are essential to ensuring free and fair elections and facilitating citizen trust in e-voting. Unfortunately, some voting machine manufacturers have invoked the controversial Digital Millennium Copyright Act to prohibit external researchers from assessing the security and trustworthiness of their systems.

However, a 2015 exception to the act authorizes security research into technologies otherwise protected by copyright laws. This means the security community can legally research, test, reverse-engineer and analyze such systems. Even more importantly, researchers now have the freedom to publish their findings without fear of being sued for copyright infringement. Their work is vital to identifying security vulnerabilities before they can be exploited in real-world elections.

Because of its benefits and conveniences, electronic voting may become the preferred mode for local and national elections. If so, officials must secure these systems and ensure they can provide trustworthy elections that support the democratic process. State-level election agencies must be given the financial resources to invest in up-to-date e-voting systems. They also must guarantee sufficient, proactive, ongoing and effective protections are in place to reduce the threat of not only operational glitches but intentional cyberattacks.

Democracies endure based not on the whims of a single ruler but the shared electoral responsibility of informed citizens who trust their government and its systems. That trust must not be broken by complacency, lack of resources or the intentional actions of a foreign power. As famed investor Warren Buffett once noted, “It takes 20 years to build a reputation and five minutes to ruin it.”

In cyberspace, five minutes is an eternity.

The Conversation

Richard Forno, Senior Lecturer, Cybersecurity & Internet Researcher, University of Maryland, Baltimore County

This article was originally published on The Conversation. Read the original article.

Share