Tag Archives: Hacking

VIPS MEMO: To Nancy Pelosi — Did Russia Hack the DNC Emails?

The Veteran Intelligence Professionals for Sanity established fairly on that the DNC emails were downloaded, not hacked. From the VIPS at consortiumnews.com:

The lack of detail demanded by Pelosi may simply mean the absence of credible evidence of Russian interference as well as the absence of Clapperesque officials to conjure it up.

MEMORANDUM FOR: Speaker Nancy Pelosi

FROM: Veteran Intelligence Professionals for Sanity

SUBJECT: Did Russia Hack the DNC Emails?

Dear Madam Speaker:

After your intelligence briefing Friday, Politico reported that you were sharply frustrated by the lack of detail presented on “Russia’s continued interference in the 2020 election campaign.” You were quoted as saying you thought the administration was “withholding” evidence of foreign election meddling and added, “What I am concerned about is that the American people should be better informed.” We share your concern and, having followed this issue closely from the perspective of non-partisan, veteran intelligence officials, we are able to throw considerable light on it.

The narrative that Russia hacked Democratic National Committee emails in 2016 and gave them to WikiLeaks to hurt Hillary Clinton’s candidacy has become an article of faith for about half of Americans — somewhat fewer than the number misled into believing 18 years ago that there were weapons of mass destruction in Iraq — but it is still considerable.

Because of a bizarre, but highly instructive media lapse these past three months, most Americans remain unaware that the accusation that Russia “hacked” the DNC has evaporated.It turns out the accusation was fabricated — just like the presence of weapons of mass destruction in Iraq. In fact, some of the same U.S. officials were involved in both deceptions. For example, James Clapper, Obama’s director of national intelligence, played a key role 18 years ago in covering up the fact that no WMD had been identified in satellite imagery of Iraq; more recently he helped conjure up evidence of Russian hacking.

We quote below the horse’s-mouth testimony of Shawn Henry, head of CrowdStrike, the cyber security outfit paid by the DNC, and certified as a “high-class entity” by FBI Director James Comey, to look into the “hacking” of the DNC. Mr. Henry admitted in sworn testimony on December 5, 2017 that his firm has no concrete evidence that the DNC emails were hacked — by Russia or anyone else. This testimony was finally declassified and released on May 7, 2020, but you will not find a word about it in The New York Times, Washington Post or other “mainstream” outlets. (We wonder if you yourself were made aware of Henry’s testimony.)

Continue reading→

Every Keystroke on Every Device Is Logged Somewhere, by Sandra D. Lane

Everything you do on communications and computer devices is recorded, and hacking is ubiquitous. There are, however, ways to at least partially protect yourself. From Sandra D. Lane at theorganicprepper.com:

This isn’t supposition, or assumption, or even an opinion. It’s a fact.

If you have the minimum of a standard smartphone and/or leave your house at any time, what you say, what you type, what you do, is being listened to, recorded, monitored, and analyzed by software, technology, people, or all of the above. Cameras in the phone, virtual assistants, GPS (Global Positioning System) tracking, traffic cameras, store cameras, otherpeople’s phones, cameras and recording devices, dash cams, body cams, and even satellite and drone cameras, all watch, listen, and monitor what we do. And that’s just the tip of the iceberg.

Electronic anything is monitored and recorded. Every keystroke on a phone, every letter and number on a tablet, every ad clicked on a laptop or notebook, every site visited on any computer device, every subject entered on every single search engine ever created, is logged and held forever waiting for someone to request that information. Or to hack it. Even DuckDuckGo (which has been quietly added as a search engine option for Google).

Continue reading→

 

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc, by Nicole Periroth and Scott Shane

The NSA won’t even admit that a trick has been stolen from its bag of tricks, but it’s playing hell with a number of local governments. From Nicole Periroth and Scott Shane at nytimes.com:

The National Security Agency headquarters in Maryland. A leaked N.S.A. cyberweapon, EternalBlue, has caused billions of dollars in damage worldwide. A recent attack took place in Baltimore, the agency’s own backyard.CreditCreditJim Lo Scalzo/EPA, via REX, via Shutterstock

For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.

But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case.

Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.

It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.

Continue reading→

 

The Looming Crisis You’re Not Hearing About, by Jim Rickards

It doesn’t get much press, but America’s infrastructure is exquisitely vulnerable to hacking and other malfeasance. From Jim Rickards at dailyreckoning.com:

All the talk about Russian tampering with the 2016 presidential election, which is vastly overstated by the way, diverts attention from the more fundamental problem:

The vulnerability of America’s critical infrastructure to cyberattack by hostile actors.

When I say critical infrastructure, I mean the power grid, hydroelectric systems, nuclear power plants, energy pipelines, railroads, air traffic control systems, internet and stock exchanges.

These are large, complex systems that affect the entire country. And they are computerized and automated like never before. The scale and degree of interconnectedness are increasing, which creates great vulnerabilities.

If any of them fail, it could lead to massive disruptions, panic and social unrest.

Look at the chaos that followed Hurricane Katrina in 2005, for example. That was an interesting case study in what I call the veneer of civilization and how quickly it can break down under emergency conditions.

Imagine what would happen, for example, if a virus implanted in the control system of a hydroelectric dam opened floodgates to inundate downstream targets, killing thousands by drowning and destroying bridges, roads and agriculture.

Meanwhile, hackers have targeted nuclear power plants. Last year alone, government sources say a dozen U.S. nuclear power plants were targeted, possibly by Russian hackers.

Now, the operations of most nuclear power plants use older analog systems, so they aren’t vulnerable to cyberattacks. They aren’t connected to the net. It’s one case where older and less sophisticated is better.

But hackers are extremely creative, and increasing digitization of these plants could allow hackers backdoor entry points into critical operating systems. I don’t need to spell out the possibilities.

Or think of what would happen if the power grid went down for an extended stretch. Imagine what it would mean for air travel if air traffic control systems were down for a long period.

That’s just for starters.

To continue reading: The Looming Crisis You’re Not Hearing About

The Cost Of Arrogance, by Karl Denninger

The computer security infrastructure is riddled with holes. What happened with WannaCry this past weekend will happen again and again, and future incidents will be even more serious. From Karl Denninger at theburningplatform.com:

I hate having to use this….

smiley

It wasn’t that long ago that I wrote a few articles on the hubris of our government thinking they were the smartest people in the room when it came to computer hacking.  I pointed out that while we undoubtedly have very smart people working for the NSA and other three-letter agencies so do other nations and their people, along with “unaffiliated” folks who are just plain old-fashioned troublemakers, are equally smart.

Indeed, that was the focus of an article from 10/2014 in relation to one of Comey’s brain-farts in which he implored Congress to basically force back doors into US-made equipment and software.

Now we get treated to the outcome without the force first, because the NSA was writing that code anyway and a group of crooks got their hands on it, perverted it to force cryptolocker software on computers and is spamming it all over the globe.

 How did they get their hands on it?  That’s the subject of much debate. Many are pointing to the “all Russians, all the time” narrative run by many in the so-called “security industry” (including some who have been caught lying in the past) along with half the left-leaning idiocracy parade that makes up most of the mainstream media punditry.
A more-plausible explanation is that it was an inside job, although in reality it doesn’t matter because the entire point is that no matter how good you are someone’s equal or better and thus whether they work for you or someone else it only takes one such person with their own motives and you’re toast.
What we do know is that the “weaponization” of this apparent NSA code took mere hours after the password to the encrypted archive was posted publicly.
There’s another key point here though that nobody in the media is talking about and yet it’s the key point when it comes to this particular aspect of cybersecurity:

I have also said repeatedly that nobody in their right mind runs “packaged” software, say much less “cloud based” software, for critical system purposes from places like Microsoft or any of the other big vendors.  Why?  Because there are too many damned cooks in the kitchen, too many of them are incompetent and will drop a rat in the stew pot whether on accident or otherwise and too many shortcuts will be taken.

To continue reading: The Cost of Arrogance

WikiLeaks Reveals “Marble”: Proof CIA Disguises Their Hacks As Russian, Chinese, Arabic… by Tyler Durden

The latest from Wikileaks documents CIA hacking practices, particularly its ability to disguise its hacks. From  Tyler Durden at zerohedge.com:

WikiLeaks’ latest Vault 7 release contains a batch of documents, named ‘Marble’, which detail CIA hacking tactics and how they can misdirect forensic investigators from attributing viruses, trojans and hacking attacks to their agency by inserted code fragments in foreign languages. The tool was in use as recently as 2016. Per the WikiLeaks release:

“The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.”

 

Follow
WikiLeaks ✔@wikileaks
RELEASE: CIA Vault 7 part 3 “Marble” https://wikileaks.org/vault7/?marble#Marble%20Framework … #Vault7
2:58 AM – 31 Mar 2017
3,110 3,110 Retweets 2,862 2,862 likes

The latest release is said to potentially allow for ‘thousands’ of cyber attacks to be attributed to the CIA which were originally blamed on foreign governments.

WikiLeaks said Marble hides fragments of texts that would allow for the author of the malware to be identified. WikiLeaks stated the technique is the digital equivalent of a specialized CIA tool which disguises English language text on US produced weapons systems before they are provided to insurgents.

It’s “designed to allow for flexible and easy-to-use obfuscation” as “string obfuscation algorithms” often link malware to a specific developer, according to the whistleblowing site.

The source code released reveals Marble contains test examples in Chinese, Russian, Korean, Arabic and Farsi.

To continue reading: WikiLeaks Reveals “Marble”: Proof CIA Disguises Their Hacks As Russian, Chinese, Arabic…

US Intel Vets Dispute Russia Hacking Claims, by Veteran Intelligence Agents for Sanity

According to this group of intelligence professionals, if the DNC was actually hacked, the NSA would know about it and who did it. Because the NSA has not come forward, it points to the probability of a leak, rather than a hack, that led to the WikiLeaks leaks. The leaks could have come from a DNC insider, or from an intelligence agency or the FBI, but it couldn’t have come from Russia. From VIPS at consortiumnews.com:

As the hysteria about Russia’s alleged interference in the U.S. election grows, a key mystery is why U.S. intelligence would rely on “circumstantial evidence” when it has the capability for hard evidence, say U.S. intelligence veterans.

Veteran Intelligence Professionals for Sanity

MEMORANDUM

Allegations of Hacking Election Are Baseless

A New York Times report on Monday alluding to “overwhelming circumstantial evidence” leading the CIA to believe that Russian President Vladimir Putin “deployed computer hackers with the goal of tipping the election to Donald J. Trump” is, sadly, evidence-free. This is no surprise, because harder evidence of a technical nature points to an inside leak, not hacking – by Russians or anyone else.

Monday’s Washington Post reports that Sen. James Lankford, R-Oklahoma, a member of the Senate Intelligence Committee, has joined other senators in calling for a bipartisan investigation of suspected cyber-intrusion by Russia. Reading our short memo could save the Senate from endemic partisanship, expense and unnecessary delay.

In what follows, we draw on decades of senior-level experience – with emphasis on cyber-intelligence and security – to cut through uninformed, largely partisan fog. Far from hiding behind anonymity, we are proud to speak out with the hope of gaining an audience appropriate to what we merit – given our long labors in government and other areas of technology. And corny though it may sound these days, our ethos as intelligence professionals remains, simply, to tell it like it is – without fear or favor.

We have gone through the various claims about hacking. For us, it is child’s play to dismiss them. The email disclosures in question are the result of a leak, not a hack. Here’s the difference between leaking and hacking:

Leak: When someone physically takes data out of an organization and gives it to some other person or organization, as Edward Snowden and Chelsea Manning did.

Hack: When someone in a remote location electronically penetrates operating systems, firewalls or any other cyber-protection system and then extracts data.

All signs point to leaking, not hacking. If hacking were involved, the National Security Agency would know it – and know both sender and recipient.

In short, since leaking requires physically removing data – on a thumb drive, for example – the only way such data can be copied and removed, with no electronic trace of what has left the server, is via a physical storage device.

To continue reading: US Intel Vets Dispute Russia Hacking Claims

Did the Russians Hack Hillary? by Andrew P. Napolitano

The infamous Democratic emails weren’t hacked, by Wikileaks, the Russians, or anyone else, they were leaked. From Andrew P. Napolitano at antiwar.com:

Earlier this week, leaders of the Democratic National Committee and former officials of Hillary Clinton’s presidential campaign made the startling allegation that the Russian government hacked into Clinton’s colleagues’ email accounts to tilt the presidential election toward Donald Trump. They even pointed to statements made by CIA officials backing their allegations.

President-elect Trump has characterized these claims as “ridiculous” and just an “excuse” to justify the Clinton defeat, saying they’re also intended to undermine the legitimacy of his election. He pointed to FBI conclusions that the CIA is wrong. Who’s right?

Here is the back story.

The American intelligence community rarely speaks with one voice. The members of its 17 publicly known intelligence agencies – God only knows the number of secret agencies – have the same biases, prejudices, jealousies, intellectual shortcomings and ideological underpinnings as the public at large.

The raw data these agencies examine is the same. Today America’s spies rarely do their own spying; rather, they rely on the work done by the National Security Agency. We know that from the Edward Snowden revelations. We also know from Snowden that the NSA can monitor and identify all digital communications within the United States, coming into the United States and leaving the United States. Hence, it would be foolhardy and wasteful to duplicate that work. There is quite simply no fiber-optic cable anywhere in the country transmitting digital data to which the NSA does not have full-time and unfettered access.

To continue reading: Did the Russians Hack Hillary?

About Those So-Called ‘Russian’ Hackers…, by Karl Denninger

Here’s a gust of fresh air: a guy talking about hacking and computers who actually knows something about hacking and computers. From Karl Denninger on a guest post on theburningplatform.com:

Let’s focus just for a minute on the oft-repeated claim that the US Government’s “agencies” have “declared” that Russia is behind the Podesta (and other) Wikileaks releases — that is, they stole the data.

There’s no evidence to support that which passes even the most-rudimentary sniff test.

You have one guy who’s made that claim in the US — Clapper. The same Clapper who knowingly lied before Congress in the past. Yes, that Clapper.

Now it is certainly true that Russia is likely capable of such a hack. Then again the hack itself, as I’ve pointed out, isn’t especially surprising given that it appears many of these “email accounts” have been sitting on public cloud-provided email services.

By definition such ‘services’ are not secure and cannot be made secure. That people like Podesta are using them for sensitive private matters (which the government is NOT entitled to copies of) such as campaign work is proof of their stupidity — and little more.

Folks, I can set anyone up with a system that is virtually hack-proof for email, yet for those emails where you don’t care about security you can still exchange them with anyone else. I use such a system myself, built by myself. Key to this sort of design is that unencrypted emails that you wish to be secure against tampering, interception or both are never stored on the server.

This is obviously unsuitable for the government and its official business (which is why they don’t do that) because the government relies on being able to see what is going on both for routine business purposes and to comply with FOIA requests. Obviously a classified network is an entirely different thing but an unclassified network used for government business stores and distributes unencrypted email because if it was otherwise nobody, including legitimate government oversight organs, could access it!

Let’s assume you want to send me a secure email. All you need to do is email me first, and ask me to reply to you. Doing so will give you my public key for S/MIME. You now use that key to encrypt your message (which modern email clients can do automatically) and send me the message you wish to send “securely.” Commonly-available client software which can do this includes Outlook (Microsoft’s), Thunderbird, BlackBerry’s Android phones (the Priv and DTEK50) and reasonably-recent Apple iPhone software, among others. You can obtain a key pair for such a purpose from a number of places on the Internet, some of them free, and the better ones do not require that anything other than your public key ever touch their infrastructure, so the risk of them leaking your private key to others is zero (since they are never in possession of it.)

To continue reading: About Those So-Called ‘Russian’ Hackers…

The Campaign to Blame Putin for Everything, by Justin Raimondo

Don’t hesitate to blame Vladimir Putin for anything that may be going wrong in your life. The diabolical Russian leader is responsible for everything. From Justin Raimondo at antiwar.com:

Hardly a day goes by without some “news” about the Russian “threat,” and in the past twenty-four hours the hate-on-Russia campaign seems to have picked up speed. After learning from Hillary Clinton that Vladimir Putin is not only responsible for the Trump campaign, but also for the “global nationalist movement” that yanked the British out of the European Union, mainstream media are telling us that Russian interlopers are supposedly invading our electoral process by hacking into voter databases. The Washington Post “reports”:

“Hackers targeted voter registration systems in Illinois and Arizona, and the FBI alerted Arizona officials in June that Russian hackers were behind the assault on the election system in that state.

“The bureau told Arizona officials that the threat was ‘credible’ and severe, ranking as ‘an 8 on a scale of 1 to 10,’ said Matt Roberts, a spokesman for the secretary of state’s office.

“As a result, Secretary of State Michele Reagan shut down the state voter registration system for almost a week.”

So the Russkies are invading the American polity, launching a cybernetic assault on the very basis of our democracy? Really? Well, no, as becomes apparent when the reader gets down in the weeds and exercises his critical faculties, if such exist. Because by the time we arrive at paragraph five of this “news” story, we learn that:

“It turned out that the hackers did not succeed in compromising the state system or even any county system, but rather had managed to steal the user name and password for one Gila County elections official.”

Oh, but never mind that nothing much happened and no data was altered, because:

“Nonetheless, the revelation comes amid news that the FBI is investigating suspected foreign hacks of state election computer systems, and earlier this month warned states to be on the alert for intrusions.”

“Russian” hackers have now been magically transformed into “suspected foreign hacks”: we aren’t supposed to notice this shift in attribution because, after all, the FBI is supposedly putting its imprimatur on this conspiracy theory. Except they aren’t: nowhere in the story does the FBI confirm that the Russians or any foreign actors are behind this.

In Illinois, election officials – who just happen to be Democrats – report a similarly minor intrusion, which one Kyle Thomas, director of voting and registration systems for the State Board of Elections, describes as “a highly sophisticated attack most likely from a foreign (international) entity.” How does he know that? Well, he doesn’t. As we read on, we are told that “The bureau has told Illinois officials that they’re looking at possible foreign government agencies as well as criminal hackers.”

In other words, it could’ve been a couple of teenagers sitting in a cyber-café in Shanghai.

Is there a shred of evidence the Russians were behind any of this, as reporter Ellen Nakashima states in her opening paragraph? The answer to that question is an unequivocal no.

To continue reading: The Campaign to Blame Putin for Everything