Group items tagged

A once-robust alliance of federal agencies, tech companies, election officials and researchers that worked together to thwart foreign propaganda and disinformation has fragmented after years of sustained Republican attacks.The GOP offensive started during the 2020 election as public critiques and has since escalated into lawsuits, governmental inquiries and public relations campaigns that have succeeded in stopping almost all coordination between the government and social media platforms.The most recent setback came when the FBI put an indefinite hold on most briefings to social media companies about Russian, Iranian and Chinese influence campaigns. Employees at two U.S. tech companies who used to receive regular briefings from the FBI’s Foreign Influence Task Force told NBC News that it has been months since the bureau reached out. In a testimony last week to the Senate Homeland Security Committee, FBI Director Christopher Wray signaled a significant pullback in communications with tech companies and tied the move to rulings by a conservative federal judge and appeals court that said some government agencies and officials should be restricted from communicating and meeting with social media companies to moderate content. The case is now on hold pending Supreme Court review.“We’re having some interaction with social media companies,” Wray said. “But all of those interactions have changed fundamentally in the wake of the court rulings.”

The most powerful company on the Internet just got a whole lot creepier: a new service from Google merges offline consumer info with online intelligence, allowing advertisers to target users based on what they do at the keyboard and at the mall. Without much fanfare, Google announced news this week of a new advertising project, Conversions API, that will let businesses build all-encompassing user profiles based off of not just what users search for on the Web, but what they purchase outside of the home. In a blog post this week on Google’s DoubleClick Search site, the Silicon Valley giant says that targeting consumers based off online information only allows advertisers to learn so much. “Conversions,” tech-speak for the digital metric made by every action a user makes online, are incomplete until coupled with real life data, Google says.

Of course, there is always the possibility that all of this information can be unencrypted and, in some cases, obtained by third-parties that you might not want prying into your personal business. Edwards notes in his report that Google does not explicitly note that intelligence used in Conversions API will be anonymized, but the blowback from not doing as much would sure be enough to start a colossal uproar. Meanwhile, however, all of the information being collected by Google — estimated to be on millions of servers around the globe — is being handed over to more than just advertising companies. Last month Google reported that the US government requested personal information from roughly 8,000 individual users during just the first few months of 2012.“This is the sixth time we’ve released this data, and one trend has become clear: Government surveillance is on the rise,” Google admitted with their report.

I was perusing the seminar briefing website from this year’s Black Hat EU, fishing for potential article topics, when I came across a briefing note titled “DropSmack: How cloud synchronization services render your corporate firewall worthless.” Feeling a nibble, I read the briefing. Right away, I knew I hooked a keeper: “The contributions of this presentation are threefold. First, we show how cloud-based synchronization solutions in general, and Dropbox in particular, can be used as a vector for delivering malware to an internal network.” The other two contributions were as eye-opening: Show how the Dropbox synchronization service can be used as a Command and Control (C2) channel. Demonstrate how functioning malware is able to use Dropbox to smuggle out data from exploited remote computers.

Amid a growing call for new cybersecurity protections in the United States, the US government has issued a report that reconfirms Washington’s interest in shutting down WikiLeaks and other underground information-sharing organizations. In Washington, DC on Wednesday, Attorney General Eric Holder unveiled a new White House report that is meant to address further the growing threats malicious hackers are posing on America’s computer networks and the information stored therein.

By James Bamford Last summer, cyber investigators plowing through the thousands of leaked emails from the Democratic National Committee uncovered a clue.A user named “Феликс Эдмундович” modified one of the documents using settings in the Russian language. Translated, his name was Felix Edmundovich, a pseudonym referring to Felix Edmundovich Dzerzhinsky, the chief of the Soviet Union’s first secret-police organization, the Cheka.It was one more link in the chain of evidence pointing to Russian President Vladimir Putin as the man ultimately behind the operation.During the Cold War, when Soviet intelligence was headquartered in Dzerzhinsky Square in Moscow, Putin was a KGB officer assigned to the First Chief Directorate. Its responsibilities included “active measures,” a form of political warfare that included media manipulation, propaganda and disinformation. Soviet active measures, retired KGB Major General Oleg Kalugin told Army historian Thomas Boghart, aimed to discredit the United States and “conquer world public opinion.”As the Cold War has turned into the code war, Putin recently unveiled his new, greatly enlarged spy organization: the Ministry of State Security, taking the name from Joseph Stalin’s secret service. Putin also resurrected, according to James Clapper, the U.S. director of national intelligence, some of the KGB’s old active- measures tactics. On October 7, Clapper issued a statement: “The U.S. Intelligence community is confident that the Russian government directed the recent compromises of emails from U.S. persons and institutions, including from U.S. political organizations.” Notably, however, the FBI declined to join the chorus, according to reports by the New York Times and CNBC.A week later, Vice President Joe Biden said on NBC’s Meet the Press that "we're sending a message" to Putin and "it will be at the time of our choosing, and under the circumstances that will have the greatest impact." When asked if the American public would know a message was sent, Biden replied, "Hope not." Meanwhile, the CIA was asked, according to an NBC report on October 14, “to deliver options to the White House for a wide-ranging ‘clandestine’ cyber operation designed to harass and ‘embarrass’ the Kremlin leadership.”But as both sides begin arming their cyberweapons, it is critical for the public to be confident that the evidence is really there, and to understand the potential consequences of a tit-for-tat cyberwar escalating into a real war. 

This is a prospect that has long worried Richard Clarke, the former White House cyber czar under President George W. Bush. “It’s highly likely that any war that began as a cyberwar,” Clarke told me last year, “would ultimately end up being a conventional war, where the United States was engaged with bombers and missiles.”The problem with attempting to draw a straight line from the Kremlin to the Clinton campaign is the number of variables that get in the way. For one, there is little doubt about Russian cyber fingerprints in various U.S. campaign activities. Moscow, like Washington, has long spied on such matters. The United States, for example, inserted malware in the recent Mexican election campaign. The question isn’t whether Russia spied on the U.S. presidential election, it’s whether it released the election emails.Then there’s the role of Guccifer 2.0, the person or persons supplying WikiLeaks and other organizations with many of the pilfered emails. Is this a Russian agent? A free agent? A cybercriminal? A combination, or some other entity? No one knows.There is also the problem of groupthink that led to the war in Iraq. For example, just as the National Security Agency, the Central Intelligence Agency and the rest of the intelligence establishment are convinced Putin is behind the attacks, they also believed it was a slam-dunk that Saddam Hussein had a trove of weapons of mass destruction. Consider as well the speed of the political-hacking investigation, followed by a lack of skepticism, culminating in a rush to judgment. After the Democratic committee discovered the potential hack last spring, it called in the cybersecurity firm CrowdStrike in May to analyze the problem.

CrowdStrike took just a month or so before it conclusively determined that Russia’s FSB, the successor to the KGB, and the Russian military intelligence organization, GRU, were behind it. Most of the other major cybersecurity firms quickly fell in line and agreed. By October, the intelligence community made it unanimous. That speed and certainty contrasts sharply with a previous suspected Russian hack in 2010, when the target was the Nasdaq stock market. According to an extensive investigation by Bloomberg Businessweek in 2014, the NSA and FBI made numerous mistakes over many months that stretched to nearly a year. “After months of work,” the article said, “there were still basic disagreements in different parts of government over who was behind the incident and why.”  There was no consensus­, with just a 70 percent certainty that the hack was a cybercrime. Months later, this determination was revised again: It was just a Russian attempt to spy on the exchange in order to design its own. The federal agents also considered the possibility that the Nasdaq snooping was not connected to the Kremlin. Instead, “someone in the FSB could have been running a for-profit operation on the side, or perhaps sold the malware to a criminal hacking group.” Again, that’s why it’s necessary to better understand the role of Guccifer 2.0 in releasing the Democratic National Committee and Clinton campaign emails before launching any cyberweapons.

Privacy Shield is the proposed new deal between the EU and the US that is supposed to safeguard all personal data on EU citizens held on computer systems in the US from being subject to mass surveillance by the US National Security Agency. The data can refer to any transaction — web purchases, cars or clothing — involving an EU citizen whose data is held on US servers. Privacy groups say Privacy Shield — which replaces the Safe Harbor agreement ruled unlawful in October 2015 — does not meet strict EU standard on the use of personal data. Monique Goyens, Director General of the European Consumer Organization (BEUC) told Sputnik: “We consider that the shield is cracked beyond repair and is unlikely to stand scrutiny by the European Court of Justice. A fundamental problem remains that the US side of the shield is made of clay, not iron.”

The agreement has been under negotiation for months ever since the because the European Court of Justice ruled in October 2015 that the previous EU-US data agreement — Safe Harbor — was invalid. The issue arises from the strict EU laws — enshrined in the Charter of Fundamental Rights of the European Union — to the privacy of their personal data.

The Safe Harbor agreement was a quasi-judicial understanding that the US undertook to agree that it would ensure that EU citizens’ data on US servers would be held and protected under the same restrictions as it would be under EU law and directives. The data covers a huge array of information — from Internet and communications usage, to sales transactions, import and exports.

Amid reports that Moscow is considering handing over NSA whistleblower Edward Snowden as a “gift” to U.S. President Donald Trump, a Russian government spokesperson said Monday that the Kremlin and the White House have not discussed the matter, Russia’s state TASS agency reported. “No, this issue (Snowden’s fate) was not raised,” presidential spokesperson Dmitry Peskov told reporters Monday, adding that Russian officials have not taken a position on whether Snowden should be extradited to the U.S. or granted Russian citizenship. “The issue was not raised (during the Russian-US contacts),” Peskov said. “At the moment it is not among bilateral issues.” The statement comes after Snowden — who has lived in Russia since 2013, first with one-year temporary asylum then a residence permit — revealed in recent days that he is “not afraid” of being handed over to the United States, where he faces espionage charges for his explosive 2013 leak of documents on secret U.S. mass surveillance programs.

However, Snowden also said in an interview with Yahoo News that talk of a possible trade between Moscow and Washington makes him feel “encouraged” because it vindicates him in the face of accusations that he has been a spy for Russia by laying bare the fact that he has always been independent and “worked on behalf of the United States.” “Finally: irrefutable evidence that I never cooperated with Russian intel,” he tweeted on Friday. “No country trades away spies, as the rest would fear they’re next.” In the U.S., Snowden faces charges of theft of government property and violation of the Espionage Act on two counts, which each carry a maximum sentence of 10 years.

“What I am proud of,” Snowden told Yahoo News, “is the fact that every decision that I have made I can defend.” Snowden is set to be eligible to apply for Russian citizenship next year, according to his lawyer. Last month, Moscow extended his residence permit, which is now valid until 2020.

The United States on Friday criticized proposals to build a European communication network to avoid emails and other data passing through the United States, warning that such rules could breach international trade laws. In its annual review of telecommunications trade barriers, the office of the U.S. Trade Representative said impediments to cross-border data flows were a serious and growing concern.It was closely watching new laws in Turkey that led to the blocking of websites and restrictions on personal data, as well as calls in Europe for a local communications network following revelations last year about U.S. digital eavesdropping and surveillance."Recent proposals from countries within the European Union to create a Europe-only electronic network (dubbed a 'Schengen cloud' by advocates) or to create national-only electronic networks could potentially lead to effective exclusion or discrimination against foreign service suppliers that are directly offering network services, or dependent on them," the USTR said in the report.

Germany and France have been discussing ways to build a European network to keep data secure after the U.S. spying scandal. Even German Chancellor Angela Merkel's cell phone was reportedly monitored by American spies.The USTR said proposals by Germany's state-backed Deutsche Telekom to bypass the United States were "draconian" and likely aimed at giving European companies an advantage over their U.S. counterparts.Deutsche Telekom has suggested laws to stop data traveling within continental Europe being routed via Asia or the United States and scrapping the Safe Harbor agreement that allows U.S. companies with European-level privacy standards access to European data. (www.telekom.com/dataprotection)"Any mandatory intra-EU routing may raise questions with respect to compliance with the EU's trade obligations with respect to Internet-enabled services," the USTR said. "Accordingly, USTR will be carefully monitoring the development of any such proposals."

U.S. tech companies, the leaders in an e-commerce marketplace estimated to be worth up to $8 trillion a year, have urged the White House to undertake reforms to calm privacy concerns and fend off digital protectionism.

Google has acquired Titan Aerospace, the drone startup that makes high-flying robots which was previously scoped by Facebook as a potential acquisition target (as first reported by TechCrunch), the WSJ reports. The details of the purchase weren’t disclosed, but the deal comes after Facebook disclosed its own purchase of a Titan Aerospace competitor in U.K.-based Ascenta for its globe-spanning Internet plans. Both Ascenta and Titan Aerospace are in the business of high altitude drones, which cruise nearer the edge of the earth’s atmosphere and provide tech that could be integral to blanketing the globe in cheap, omnipresent Internet connectivity to help bring remote areas online. According to the WSJ, Google will be using Titan Aerospace’s expertise and tech to contribute to Project Loon, the balloon-based remote Internet delivery project it’s currently working on along these lines. That’s not all the Titan drones can help Google with, however. The company’s robots also take high-quality images in real-time that could help with Maps initiatives, as well as contribute to things like “disaster relief” and addressing “deforestation,” a Google spokesperson tells WSJ. The main goal, however, is likely spreading the potential reach of Google and its network, which is Facebook’s aim, too. When you saturate your market and you’re among the world’s most wealthy companies, you don’t go into maintenance mode; you build new ones.

As for why an exit to Google looked appealing to a company like Titan, Sarah Perez outlines how Titan had sparked early interest from VCs thanks to its massive drones, which were capable of flying at a reported altitude of 65,000 feet for up to three years, but how there was also a lot of risk involved that would’ve made it difficult to find sustained investment while remaining independent. Google had just recently demonstrated how its Loon prototype balloons could traverse the globe in a remarkably short period of time, but the use of drones could conceivably make a network of Internet-providing automotons even better at globe-trotting, with a higher degree of control and ability to react to changing conditions. Some kind of hybrid system might also be in the pipeline that marries both technologies.

Online hacktivist collective Anonymous has announced that it is working on a new tool called Airchat which could allow people to communicate without the need for a phone or an internet connection - using radio waves instead. Anonymous, the amorphous group best known for attacking high profile targets like Sony and the CIA in recent years, said on the Lulz Labs project's Github page: "Airchat is a free communication tool [that] doesn't need internet infrastructure [or] a cell phone network. Instead it relies on any available radio link or device capable of transmitting audio." The idea is that people all over the world, including those in rural areas and developing countries, will one day be able to communicate for free without the need for a mobile phone network, phone line or internet access.