Pages

Tuesday, January 12, 2021

As Understanding of Russian Hacking Grows, So Does Alarm

 

The New York Times /As Understanding of Russian Hacking Grows, So Does Alarm – Those behind the widespread intrusion into government and corporate networks exploited seams in U.S. defenses and gave away nothing to American monitoring of their systems.  “On Election Day, General Paul M. Nakasone, the nation’s top cyberwarrior, reported that the battle against Russian interference in the presidential campaign had posted major successes and exposed the other side’s online weapons, tools and tradecraft. “We’ve broadened our operations and feel very good where we’re at right now,” he told journalists. Eight weeks later, General Nakasone and other American officials responsible for cybersecurity are now consumed by what they missed for at least nine months: a hacking, now believed to have affected upward of 250 federal agencies and businesses, that Russia aimed not at the election system but at the rest of the United States government and many large American corporations. Three weeks after the intrusion came to light, American officials are still trying to understand whether what the Russians pulled off was simply an espionage operation inside the systems of the American bureaucracy or something more sinister, inserting “backdoor” access into government agencies, major corporations, the electric grid and laboratories developing and transporting new generations of nuclear weapons. At a minimum it has set off alarms about the vulnerability of government and private sector networks in the United States to attack and raised questions about how and why the nation’s cyberdefenses failed so spectacularly. Those questions have taken on particular urgency given that the breach was not detected by any of the government agencies that share responsibility for cyberdefense — the military’s Cyber Command and the National Security Agency, both of which are run by General Nakasone, and the Department of Homeland Security — but by a private cybersecurity company, FireEye.

This is looking much, much worse than I first feared,” said Senator Mark Warner, Democrat of Virginia and the ranking member of the Senate Intelligence Committee. “The size of it keeps expanding. It’s clear the United States government missed it.” “And if FireEye had not come forward,” he added, “I’m not sure we would be fully aware of it to this day.” Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R. intelligence service revealed these points: The breach is far broader than first believed. Initial estimates were that Russia sent its probes only into a few dozen of the 18,000 government and private networks they gained access to when they inserted code into network management software made by a Texas company named SolarWinds. But as businesses like Amazon and Microsoft that provide cloud services dig deeper for evidence, it now appears Russia exploited multiple layers of the supply chain to gain access to as many as 250 networks…”



BECOMES? BECOMES????  WHAT ARE YOU? RIP VAN WINKLE? Social Media Becomes 21st Century Pravda.

Look, I got banned for a week for talking about Eric Ciaramella! Even though the left had read his name as that of the “whistleblower.”  They will stomp on you if you post less than credulous mouth-breathing acquiescence with the ever changing Covid-19 dictatorship.  They will force you to remove anything that implies election fraud. AND you’re just now noticing?



CISA: Hackers access to federal networks without SolarWinds

FCW.com: “The Cybersecurity and Infrastructure Security Agency says it has evidence that hackers are breaching the federal government’s networks by other paths than the recently discovered vulnerabilities in SolarWinds Orion. “Specifically, we are investigating incidents in which activity indicating abuse of Security Assertion Markup Language (SAML) tokens consistent with this adversary’s behavior is present, yet where impacted SolarWinds instances have not been identified,” according to updated guidance published Wednesday. “CISA is continuing to work to confirm initial access vectors and identify any changes to the tactics, techniques, and procedures (TTPs).” Characteristics such as a SAML tokens having a 24-hour validity periods or not containing multi-factor authentication details where expected are red flags. As details of the SolarWinds Orion breach have surfaced, analysts and lawmakers have repeatedly commented on how difficult it will be to remove hackers from the government’s networks because their access is probably no longer predicated on flaws in SolarWinds Orion, an IT management software…”


“Questions over what data banks could potentially access as well as what data an individual can or would like to share under such a National ID framework in banking remain....

“However, as we’ve seen with the phased implementation of an Open Banking regime in Australia, the right mix of bipartisan encouragement, regulatory support and policy controls can help provide us with a favourable environment for making sure we get this initiative absolutely right for end consumers.”

~ Dirk Steller.

 

Digital identity the next frontier for FinTech innovation

Special Report: The growing prevalence of digital identities will have far-reaching consequences for the way we interact with our traditional banking and financial services institutions in shaping the contours of customer engagement.

The renewed investment by the federal government in digital identification presents a telling blueprint for the future of public-facing interactions – one which could completely transform legacy systems and infrastructure, particularly when applied to Australia’s financial services sector.

That is the view of Seed Space Venture Capital founder and managing partner Dirk Steller.

Steller said the federal government’s move to expand its Digital Identity Program in this year’s Federal Budget with a $257 million cash injection was consistent with the government’s series of “digital-first” measures that included continuing the rollout of open banking and a $19.2 million expansion of an advisory program that helped small businesses make the transition to digital.

According to Steller, Australia could take a leaf out of the implementation of digital identities in overseas jurisdictions such as France and India.

He said La Poste’s L’Identité Numérique presented an excellent example of how this could apply on a national scale and is successfully being rolled out across France and it’s overseas territories.

“National identification systems are emerging rapidly, and the next logical frontier for this is around digital identity systems. La Poste’s L’Identité Numérique is an initiative that allows French citizens to access everything from their social security payments and retirement documentation, with future enhancements allowing you to open a bank account or sign up for private or mutual insurance on the go,” Steller said.  And with the EU’s interoperability regulations in place, French citizens can use their digital identity anywhere within the EU.

 

Harvard University Privacy Tools Project – “…Differential privacy is a rigorous mathematical definition of privacy. In the simplest setting, consider an algorithm that analyzes a dataset and computes statistics about it (such as the data’s mean, variance, median, mode, etc.). Such an algorithm is said to be differentially private if by looking at the output, one cannot tell whether any individual’s data was included in the original dataset or not. In other words, the guarantee of a differentially private algorithm is that its behavior hardly changes when a single individual joins or leaves the dataset — anything the algorithm might output on a database containing some individual’s information is almost as likely to have come from a database without that individual’s information. Most notably, this guarantee holds for any individual and any dataset. Therefore, regardless of how eccentric any single individual’s details are, and regardless of the details of anyone else in the database, the guarantee of differential privacy still holds. This gives a formal guarantee that individual-level information about participants in the database is not leaked. The definition of differential privacy emerged from a long line of work applying algorithmic ideas to the study of privacy (Dinur and Nissim `03Dwork and Nissim `04Blum, Dwork, McSherry, and Nissim `05), culminating with work of Dwork, McSherry, Nissim, and Smith `06. See our educational materials for more detail about the formal definition of differential privacy and its semantic guarantees…”

 

The fact-checking community collaborated again

We’re coming to you a little later this Thursday because, like many of you, we spent yesterday focused on the unprecedented attack on the United States Capitol. 

Cristina and I worked as fast as we could to put out a story connecting yesterday’s events to the enormous amount of mis- and disinformation that has proliferated throughout the United States and across the world. Something fact-checkers know very well.

During yesterday's coverage, the IFCN received contributions from Jeanfreddy Gutiérrez Torres, a fact-checker with Venezuelan fact-checking organization Efecto Cocuyo, Christopher Guess, a researcher who has been studying fact-checking for years, and from many fact-checkers across the globe. 

With Gutiérrez Torres' support, Cris and I managed to recap how Venezuelan and Turkish diplomats repurposed warnings about American democracy traditionally leveled against their own governments. Collaborative pieces like that are precious and will be seen more often on IFCN's website. 

With all that said…

We are glad to reconnect today. This is our first newsletter of 2021. And we also wanted to make sure we wished you a Happy New Year! 

Factually is being restructured to become fresher, newsier, and more connected to your needs (wherever you are). We are redesigning our format so we can be closer to you. 

Our goal is to make sure Factually highlights the successes and the challenges of the fact-checking community, also keeping you informed about media literacy events and training. 

So, until February, we’ll be taking a brief break. But we promise to be back, with a revamped and beautiful newsletter.

For now, please take a look at the articles we published in December. In two of them, we recapped the results of the projects selected for the first and second rounds of the Coronavirus Fact-Checking Grants. 

Also, remember to revisit the CoronavirusFacts Alliance database. This week, it surpassed 10,000 fact-checks, and is now one of the projects supported by the Paris Peace Forum!

Last but not least, we are honored to tell you that the IFCN hired an International Training Manager. Alanna Dvorak will be in charge of a series of workshops around the world. We'll share her schedule with you as soon as possible.  

We'll meet again in February. Thanks for being around!
 

Cristina and Harrison 

  


PLANET OF COPS: An 18-Year-Old Saw Her Mom, Aunt, And Uncle In DC In A Video — So She Named Them.

As Brooklyn College’s Freddie deBoer wrote in his classic “Planet of Cops”essay in 2017, “The woke world is a world of snitches, informants, rats. Go to any space concerned with social justice and what will you find? Endless surveillance. Everybody is to be judged. Everyone is under suspicion. Everything you say is to be scoured, picked over, analyzed for any possible offense. Everyone’s a detective in the Division of Problematics, and they walk the beat 24/7. You search and search for someone Bad doing Bad Things, finding ways to indict writers and artists and ordinary people for something, anything. That movie that got popular? Give me a few hours and 800 words. I’ll get you your indictments. That’s what liberalism is, now — the search for baddies doing bad things, like little offense archaeologists, digging deeper and deeper to find out who’s Good and who’s Bad. I wonder why people run away from establishment progressivism in droves.”


 

at