Cyber Warfare – The Wrongologist

Trump Failed to Protect Government Networks

The Daily Escape:

Old cabin in winter – photo by Julie Williams

Various thoughts about US cyber security: First, along with the news about the cyber hack of the US government, comes news that Trump’s twitter account was hacked in October:

“Dutch prosecutors have confirmed that Donald Trump’s Twitter account was hacked in October despite denials from Washington…. The hacker…Victor Gevers, broke into Trump’s account @realDonaldTrump on 16 October by guessing the US president’s password…”

The password? MAGA2020. Gevers told the Dutch paper De Volkskrant that the president was not using basic security measures, like two-step verification:

“I expected to be blocked after four failed attempts. Or at least asked to provide additional information,”

The current US government-wide hack is a true disaster. The cyber security firm FireEye working with the FBI, has reported that the hack was caused by an infiltration of its network security via a software product made by the firm, Solar Winds. Reuters reported:

“On Monday, SolarWinds confirmed that Orion – its flagship network management software – had served as the…conduit for a sprawling international cyberespionage operation. The hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers.”

Reuters earlier had reported that a researcher informed SolarWinds last year that he had uncovered the password to SolarWinds’ update mechanism, the vehicle through which its 18,000 customers were compromised. The password was “solarwinds123.”

That isn’t even as strong as Trump’s password. Right now, the damage is uncertain, but it seems extensive. NYT reported:

“…the Treasury and Commerce Departments, the first agencies reported to be breached, were only part of a far larger operation…. About 18,000 private and government users downloaded a Russian tainted software update…that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised.”

FireEye’s analysis shows that once the virus had infected the targets, it started ‘phoning home’ within 14 days. Sounds like quite a few people in the Trump administration were asleep at the switch: (brackets by Wrongo)

“Two of the most embarrassing breaches came at the Pentagon and the Department of Homeland Security….[who] issued an obfuscating official statement that said only: ‘The Department of Homeland Security is aware of reports of a breach. We are currently investigating the matter.’”

Tom Bossert, Trump’s original Homeland Security advisor in 2017, has an op-ed in the NYT that claims the hack was the work of the Russians. Whether that’s true or not, he’s correct about what has happened since:

“The magnitude of this ongoing attack is hard to overstate. The Russians have had access to a considerable number of important and sensitive networks for six to nine months….For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call “persistent access,” meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.”

It will take years to know for certain which networks the hackers are monitoring. Politico reports that Trump has tried to gag the administration’s intelligence community leaders from reporting on the extent of the breach to Congress:

“During a National Security Council meeting on Tuesday night, national security leaders were instructed not to reach out to Capitol Hill for briefings on the massive hack without explicit approval from the White House or ODNI, according to people familiar with the episode.”

This is more dereliction of duty by the Trumpers.

We shovel money at the NSA, the CIA, and Homeland Security, but rarely ask what we get in return. How much compromise of our systems will it take to get accountability from these bureaucrats? It’s staggering that we continue to spend on a bloated military when the most crippling attacks we’ve faced in the past 20 years involve box cutters and computer hackers.

It’s hard to know which was worse: That the federal government was blindsided by a state controlled intelligence agency, or that when it became evident what was happening, White House officials said nothing.

This much is clear: While Trump was busy complaining loudly about the voter hack that didn’t happen in an election that he clearly lost, he’s been silent about the fact that someone was hacking our government. He can hide from this for another five weeks, and after that Biden will doubtless dig into it.

Republicans have spent six weeks crying fraud about the presidential election. But for this? Absolute silence. If this had happened during a Democratic administration, we’d have Republican hearings and talking points for the next 10 years. Where’s their outrage?

Our Election System Is Under Threat

The Daily Escape:

The Dark Hedges near Ballymoney, County Antrim, Northern Ireland. (Featured in the Game of Thrones as the King’s Road) – photo by Colin Park

America is also walking down a dark path. We need to work on the integrity of our election process. From the WSJ:

To understand the scale of the hacking attempts against election systems in the 2016 presidential election, consider South Carolina. On Election Day alone, there were nearly 150,000 attempts to penetrate the state’s voter-registration system, according to a postelection report by the South Carolina State Election Commission.

If hackers were that persistent against a state that President Donald Trump won with 54.9% of the vote, what did they try to do in the states that were in play? Quite a bit, it turns out. More from the WSJ: (emphasis by the Wrongologist)

In harder-fought Illinois, for instance, hackers were hitting the State Board of Elections “5 times per second, 24 hours per day” from late June until Aug. 12, 2016, when the attacks ceased for unknown reasons, according to an Aug. 26, 2016, report by the state’s computer staff. Hackers ultimately accessed approximately 90,000 voter records, the State Board of Elections said.

The next day, Illinois temporarily took its voter-registration database and public-facing website offline. No records were altered, according to the state, and the issue was resolved before Election Day. The hackers haven’t been identified.

Many hackers, including state-sponsored ones, use automated programs to target hundreds or even thousands of computers to check for vulnerabilities. All of this is done by bots. This happens to ALL websites, (including Wrongo’s) not just to election systems. Confirming intrusions can be difficult, even if intrusion detection technology is deployed. But many municipalities and counties have not deployed it, since it can be very expensive.

Time Magazine reported that the number of actual successful intrusions in the 2016 election cycle, where hackers gained sufficient access to attempt to alter, delete or download any information, was “fewer than a dozen”.

The tally of hacking (or attempted hacking) into state election databases was widespread in the 2016 election. Jeanette Manfra, acting deputy undersecretary for cyber-security and communications at the Department of Homeland Security, said at a Senate Intelligence Committee hearing last month:

There is evidence that 21 states were targeted by hackers

From the NYT:

By 2020, cyberattacks could try to alter or erase voter registration databases…or do something else to interfere with actual voting on Election Day…public confidence in the fairness of our electoral process could decrease further, even if the hacks are unsuccessful, as incendiary and unsupported claims about voter fraud, cheating and altered vote totals spread via social media.

America needs to start from the premise that one state’s (any state’s) insufficient protections against hacking in presidential elections affects us all. From mobile device management to company firewalls, companies like Fleetsmith can provide cybersecurity to numerous companies, protecting them from hackings and it’s time for the US government to follow in their footsteps and do the same, otherwise, there may be detrimental impacts. Protecting government databases is critical and needs to be done yesterday. From Wrongo’s experience as a former provider of outsourced services to both state and federal governments, it is clear that the IT staff at many government agencies lack the expertise or budgets to harden the electoral system against attacks.

We have been discussing the hacking of the voter databases, not vote results. These databases have little to do with the actual vote tallies in a given election. But if the US developed one giant database that recorded everyone’s votes along with names, addresses, and SSNs, people’s identities could be stolen.

Unfortunately, that’s exactly what Trump’s Presidential Advisory Commission on Election Integrity plans to build. Nearly all states have said that they will not comply with the commission’s request for voter data. When the winners of one election cycle try to pick the rules, referees and judges for the next cycle, it’s clearly a system at risk of shutting out true democratic input.

The story of possible Russian hacking in our 2016 election, and the possible Trump family involvement in the Russian efforts diverts our attention from the real story, which is that cyber security in the US is a gaping vulnerability.

It threatens our security, our economy and our democracy.

We need a musical break. Over the weekend, there was a two-day Rock concert at Dodger Stadium in Los Angeles called “Classic West”. Many old groups performed over two days. Here, we focus on the Eagles, who played with the son of the late Eagle, Glenn Frey. His 23 year-old son Deacon Frey stood in for his legend of a father, in front of 50k fans, who accepted him as part of the family. It was a fitting tribute. The Eagles also added Vince Gill, who sang “Take It to the Limit“, and “Lyin’ Eyes“. But here is Deacon Frey delivering an emotional moment on “Take It Easy“:

https://www.youtube.com/watch?v=ZQCFwL3uoPE

Those who read the Wrongologist in email can view the video here.

ISIS Gives Up Social Media

The Daily Escape:

Agoshima Island – Japan

An important part of ISIS’s rise to power was its use of social media tools to distribute propaganda and recruit new members. The group’s well-documented social media skills attracted tens of thousands of foreign fighters to join their fight.

What hasn’t been covered in the MSM is that in May, ISIS banned its fighters from using social media. It threatens those who disobey with punishment. The very useful Combatting Terrorism Center at the US Military Academy covers the story about why ISIS is going this route in its article “The Islamic State’s Internal Rifts and Social Media Ban”:

…the group has issued an official ban on social media for all of its soldiers. In a document (see below) produced by the Islamic State’s Delegated Committee a few weeks ago and disseminated via Islamic State distribution channels more recently, the group’s order to all of its soldiers stated: “effective from the date of this notification, using social networking sites is entirely and completely forbidden. Whoever violates this exposes himself to questioning and accountability.” The order was published by the group in both Arabic and English.

The ban emphasizes the security reasons for staying off social media. More from the CTC:

There are several documented cases in which Islamic State soldiers have jeopardized the operational security of the group. In one infamous case two years ago in June 2015, an Islamic State foot-soldier posted a selfie in front of his headquarters building. The social media post, complete with geolocation data, enabled U.S. intelligence officials to quickly target and destroy the facility in an airstrike.

Apparently, the problems with social media are not restricted to giving away locations. The CTC report says that there has been much dissension in the ranks among ISIS followers, some of which may have been sown by current al-Qaeda leader Ayman al-Zawahiri and other ISIS competitors. The idea was to create doubt about the group online on Twitter and Telegram. It entailed a two-phase approach, initially sparking an online debate about the authenticity and reliability of ISIS’s media ministry, and it’s very popular magazine, and then challenging the authority of the top leadership of the Islamic State.

With ISIS now gone from Twitter, it will be more difficult for our cyber warriors to wage messaging warfare against them. Who knows, we may even have been involved in al-Qaeda’s little game as well.

We are deeply involved in the region. As we wrote here, our “Special Operators” are everywhere, and we are having success in the wars of attrition in Mosul and in Raqqa. Al Jazeera reports that:

A US-backed Syrian coalition of Kurdish and Arab groups has captured a western district of Raqqa, the de-facto capital of the Islamic State of Iraq and Levant (ISIL) group.

The WaPo reports that Secretary of Defense Jim Mattis spoke about the US military’s future operations against ISIS in the Euphrates River Valley as Raqqa falls, saying that it will take “precision” to stave off incidents between the disparate forces operating there:

You have to play this thing very carefully…The closer we get, the more complex it gets.

So, ISIS is on radio silence with Twitter and Facebook, and they could lose Raqqa sometime this summer.

Trump will claim victory for defeating ISIS, but that will not be true. It will be because of the air-strikes started by Obama, along with arming of the Kurds (on Trump’s watch) that contribute most from our side, along with what Russia and Iran have contributed from the western part of Syria, that will be responsible for ISIS’s military defeat at Raqqa.

We should also understand that their defeat may well be temporary. ISIS will lick its wounds, and come back, most likely morphed into a guerilla force. And that will occur sooner rather than later.

Al-Qaeda will become an even bigger threat in Syria than it is today. While ISIS reorganizes and Al Qaeda rises, there will be more revenge attacks in Europe and probably in the US by the lone wolves they inspire.

Some music: Geri Allen, an influential jazz pianist and composer died earlier this week at age 60. Here she is at the height of her powers with the Geri Allen trio in 1998 in Leverkusen, Germany, playing “Dark Prince”:

Those who read the Wrongologist in email can view the video here.

Monday Wake Up Call – December 22, 2014

RE: Sony. The twist in this case is the trope that North Korea is suppressing our Freedom of Speech. And, the suppressed “Freedom of Speech” is a shitty Hollywood movie. So the public is getting spun about an invisible, but somehow tangible, “attack” on our freedoms. The Wrongologist has no skills to determine who hacked Sony, but when the mainstream media jumps on something with both feet, you know it supports SOME government theme.

Is the plan to convince the American people that there are “threats” everywhere and that only the State Security Apparatus can protect them from Evil? The usual pun-holes on the Sunday tube talked about how big the threat is, and how vulnerable we are.

America has become a Factory of Fear. Fear the Muslims, fear Putin, fear China, fear immigrants, fear criminals, fear the national debt, fear detente with Cuba. Trouble is, once again, the only thing we’re being urged to do is muster up the courage to go shopping. Authoritarians need their subjects to be afraid. Their bet is that people will submit to bullying if they believe that the bullies are the only thing standing between them and their terrors.

Things have to change. Killing brown people for peace is not working. Our empire is bankrupting us, and has not made us any safer. Unfortunately in the US, our domestic politics, plus our failures in military adventurism, have created ever greater violence and lunacy, further feeding the rolling disaster.

As an example, take New York City. Two police were killed in their patrol car. NY’s Patrolmen’s Benevolent Association, the police union, reacts by declaring that the NYPD has “become a ‘wartime’ police department, and we will act accordingly.”
Wartime, really? Are these the union’s marching orders to the 35,000 armed members of the biggest police department in the US? The NYPD seems to be asserting their superiority to the NYC executive branch. This has the earmarks of an attempted coup.

As a former military, the Wrongologist respects the absolute need for a chain of command with an elected civilian at the top. As a former military, he knows that many in the military only respect the authority of civilian leadership if the civilian happens to be a conservative.

The NYPD seems to be ready to strike out at their civilian leadership because they have deemed it to be unworthy of leading their “honorable” police force. Their attitude of superiority should scare the living daylights out of all of us. This attitude is not amenable to any evidence to the contrary, or to self-reflection and examination. It will brook no doubts about the moral purity of the NYC police.

This seems to be coming to a head, and seems that it will only get uglier.

Monday’s Wake Up Music: On a much lighter note, some seasonal music. Here are the Capitol Steps with a seasonal song about Guantanamo:

Next, a semi-seasonal tune by The Firemen. Sounds obscure? It is. The Firemen are a duo of Paul McCartney and Martin Glover, who performs as Youth. There are some doubts about whether or not “Dance ‘til We’re High” is a real Christmas song, even though it has lyrics about “winter coming”, “snow falling”, “bells ringing out” and a catchy tune. But, it’s way better than McCartney’s “Wonderful Christmastime”:

Your Monday Linkage:
Tanks that won’t go away. The CRomnibus funding bill includes $554 billion for defense spending. This lines up almost exactly with President Obama’s original request, but Congress made considerable changes to where this money is being spent. According to analysis by Defense News, 10% of the FY15 defense appropriations budget—and 30% of all line items—were changed in the logrolling process. The biggest ticket items include $120 million more for M-1 Abrams tanks, despite Army protestations (for the third straight year) that no additional tanks are needed.

Oops. On July 3, Homeland Security, which plays a key role in responding to cyber-attacks, replied to a Freedom of Information Act (FOIA) request about a malware attack on Google called “Operation Aurora.” Unfortunately, DHS officials made a grave error in their response. DHS released more than 800 pages of documents related not to Operation Aurora but rather to the Aurora Project, a 2007 research effort demonstrating how easy it was to hack into US power and water systems.

Ars Technica calls the Sony hack a “software pipe bomb.” Analysis by Cisco of a malware sample matching the signature of the malware that was used in the attack on Sony Pictures, reveals that the code was full of bugs and was anything but sophisticated.

Our frequent commenter, Terry McKenna, has a great post about Cuba and our Constitution. Go read it.

Bill O’Reilly said this on his show:

It’s easier to believe in a benevolent God — the baby Jesus — than it is in some kind of theory about global warming. It’s just easier, is it not?

O’Reilly was making the point that literal belief in the story of the virgin birth as it appears in the gospels is easy, while believing that burning fossil fuels causes climate change is hard. Another way of putting this is that O’Reilly thinks it is easier to believe that a woman can be impregnated without sperm than it is to believe the consensus of the scientific community on an issue he apparently doesn’t understand.

Sunday Cartoon Blogging – December 21, 2014

A week where Colbert moved on, and all but the anti-Castro diehards moved on.

And Sony? Think of it this way: A Japanese company with offices in California was hacked. Several terabytes of data were copied from its internal networks and some was put on file sharing sites. One of the items copied was The Interview, a film produced in Canada that is a comedy about killing a current (although illegitimate) head of state. Tons of other data were stolen, like social security numbers, payroll data, and internal emails, all of which might have been the real targets of the hackers.

Sony is a wonderful object lesson. A few rogue hackers, possibly affiliated with North Korea if you believe the FBI, have forced the company to cancel the movie. The larger issue is that America is no longer free to watch bad movies. The problem for the US is that cyber warfare is cheap and effective. Unlike our military, it isn’t capital intensive, and it can’t be defeated with aircraft carriers and nukes. Yet, the new Congress will probably vote for more jets and tanks.

The tools used to hack Sony are well known and in the public domain. Sony has lousy internal network security and has been hacked before. It’s time that dysfunctional corporations like Sony, invest in protecting themselves. It isn’t the government’s responsibility.

Hollywood, that bastion of free speech, heads for the exits:

It hurts to give up when you are so close to, what, exactly?

Mr. Obama’s unilateral action on Cuba shows his callous disregard for his lame-duckitude. It also shows his disrespect for the Constitution, Christianity, and everything Americans hold dear.

Cuban economy is about to change: