Tuesday, January 12, 2021

As Understanding of Russian Hacking Grows, So Does Alarm

 

The New York Times /As Understanding of Russian Hacking Grows, So Does Alarm – Those behind the widespread intrusion into government and corporate networks exploited seams in U.S. defenses and gave away nothing to American monitoring of their systems.  “On Election Day, General Paul M. Nakasone, the nation’s top cyberwarrior, reported that the battle against Russian interference in the presidential campaign had posted major successes and exposed the other side’s online weapons, tools and tradecraft. “We’ve broadened our operations and feel very good where we’re at right now,” he told journalists. Eight weeks later, General Nakasone and other American officials responsible for cybersecurity are now consumed by what they missed for at least nine months: a hacking, now believed to have affected upward of 250 federal agencies and businesses, that Russia aimed not at the election system but at the rest of the United States government and many large American corporations. Three weeks after the intrusion came to light, American officials are still trying to understand whether what the Russians pulled off was simply an espionage operation inside the systems of the American bureaucracy or something more sinister, inserting “backdoor” access into government agencies, major corporations, the electric grid and laboratories developing and transporting new generations of nuclear weapons. At a minimum it has set off alarms about the vulnerability of government and private sector networks in the United States to attack and raised questions about how and why the nation’s cyberdefenses failed so spectacularly. Those questions have taken on particular urgency given that the breach was not detected by any of the government agencies that share responsibility for cyberdefense — the military’s Cyber Command and the National Security Agency, both of which are run by General Nakasone, and the Department of Homeland Security — but by a private cybersecurity company, FireEye.

This is looking much, much worse than I first feared,” said Senator Mark Warner, Democrat of Virginia and the ranking member of the Senate Intelligence Committee. “The size of it keeps expanding. It’s clear the United States government missed it.” “And if FireEye had not come forward,” he added, “I’m not sure we would be fully aware of it to this day.” Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R. intelligence service revealed these points: The breach is far broader than first believed. Initial estimates were that Russia sent its probes only into a few dozen of the 18,000 government and private networks they gained access to when they inserted code into network management software made by a Texas company named SolarWinds. But as businesses like Amazon and Microsoft that provide cloud services dig deeper for evidence, it now appears Russia exploited multiple layers of the supply chain to gain access to as many as 250 networks…”



BECOMES? BECOMES????  WHAT ARE YOU? RIP VAN WINKLE? Social Media Becomes 21st Century Pravda.

Look, I got banned for a week for talking about Eric Ciaramella! Even though the left had read his name as that of the “whistleblower.”  They will stomp on you if you post less than credulous mouth-breathing acquiescence with the ever changing Covid-19 dictatorship.  They will force you to remove anything that implies election fraud. AND you’re just now noticing?



CISA: Hackers access to federal networks without SolarWinds

FCW.com: “The Cybersecurity and Infrastructure Security Agency says it has evidence that hackers are breaching the federal government’s networks by other paths than the recently discovered vulnerabilities in SolarWinds Orion. “Specifically, we are investigating incidents in which activity indicating abuse of Security Assertion Markup Language (SAML) tokens consistent with this adversary’s behavior is present, yet where impacted SolarWinds instances have not been identified,” according to updated guidance published Wednesday. “CISA is continuing to work to confirm initial access vectors and identify any changes to the tactics, techniques, and procedures (TTPs).” Characteristics such as a SAML tokens having a 24-hour validity periods or not containing multi-factor authentication details where expected are red flags. As details of the SolarWinds Orion breach have surfaced, analysts and lawmakers have repeatedly commented on how difficult it will be to remove hackers from the government’s networks because their access is probably no longer predicated on flaws in SolarWinds Orion, an IT management software…”


Harvard University Privacy Tools Project – “…Differential privacy is a rigorous mathematical definition of privacy. In the simplest setting, consider an algorithm that analyzes a dataset and computes statistics about it (such as the data’s mean, variance, median, mode, etc.). Such an algorithm is said to be differentially private if by looking at the output, one cannot tell whether any individual’s data was included in the original dataset or not. In other words, the guarantee of a differentially private algorithm is that its behavior hardly changes when a single individual joins or leaves the dataset — anything the algorithm might output on a database containing some individual’s information is almost as likely to have come from a database without that individual’s information. Most notably, this guarantee holds for any individual and any dataset. Therefore, regardless of how eccentric any single individual’s details are, and regardless of the details of anyone else in the database, the guarantee of differential privacy still holds. This gives a formal guarantee that individual-level information about participants in the database is not leaked. The definition of differential privacy emerged from a long line of work applying algorithmic ideas to the study of privacy (Dinur and Nissim `03Dwork and Nissim `04Blum, Dwork, McSherry, and Nissim `05), culminating with work of Dwork, McSherry, Nissim, and Smith `06. See our educational materials for more detail about the formal definition of differential privacy and its semantic guarantees…”

 

The fact-checking community collaborated again

We’re coming to you a little later this Thursday because, like many of you, we spent yesterday focused on the unprecedented attack on the United States Capitol. 

Cristina and I worked as fast as we could to put out a story connecting yesterday’s events to the enormous amount of mis- and disinformation that has proliferated throughout the United States and across the world. Something fact-checkers know very well.

During yesterday's coverage, the IFCN received contributions from Jeanfreddy Gutiérrez Torres, a fact-checker with Venezuelan fact-checking organization Efecto Cocuyo, Christopher Guess, a researcher who has been studying fact-checking for years, and from many fact-checkers across the globe. 

With Gutiérrez Torres' support, Cris and I managed to recap how Venezuelan and Turkish diplomats repurposed warnings about American democracy traditionally leveled against their own governments. Collaborative pieces like that are precious and will be seen more often on IFCN's website. 

With all that said…

We are glad to reconnect today. This is our first newsletter of 2021. And we also wanted to make sure we wished you a Happy New Year! 

Factually is being restructured to become fresher, newsier, and more connected to your needs (wherever you are). We are redesigning our format so we can be closer to you. 

Our goal is to make sure Factually highlights the successes and the challenges of the fact-checking community, also keeping you informed about media literacy events and training. 

So, until February, we’ll be taking a brief break. But we promise to be back, with a revamped and beautiful newsletter.

For now, please take a look at the articles we published in December. In two of them, we recapped the results of the projects selected for the first and second rounds of the Coronavirus Fact-Checking Grants. 

Also, remember to revisit the CoronavirusFacts Alliance database. This week, it surpassed 10,000 fact-checks, and is now one of the projects supported by the Paris Peace Forum!

Last but not least, we are honored to tell you that the IFCN hired an International Training Manager. Alanna Dvorak will be in charge of a series of workshops around the world. We'll share her schedule with you as soon as possible.  

We'll meet again in February. Thanks for being around!
 

Cristina and Harrison 

  


PLANET OF COPS: An 18-Year-Old Saw Her Mom, Aunt, And Uncle In DC In A Video — So She Named Them.

As Brooklyn College’s Freddie deBoer wrote in his classic “Planet of Cops”essay in 2017, “The woke world is a world of snitches, informants, rats. Go to any space concerned with social justice and what will you find? Endless surveillance. Everybody is to be judged. Everyone is under suspicion. Everything you say is to be scoured, picked over, analyzed for any possible offense. Everyone’s a detective in the Division of Problematics, and they walk the beat 24/7. You search and search for someone Bad doing Bad Things, finding ways to indict writers and artists and ordinary people for something, anything. That movie that got popular? Give me a few hours and 800 words. I’ll get you your indictments. That’s what liberalism is, now — the search for baddies doing bad things, like little offense archaeologists, digging deeper and deeper to find out who’s Good and who’s Bad. I wonder why people run away from establishment progressivism in droves.”