The Hill has a report stating General James “Maddog” Mattis, the Secretary of Defense, has told colleagues he is unsure if he can work with John Bolton, the most recent selection for the US national security adviser:
Defense Secretary Jim Mattis, the retired general who has argued for keeping the Iran deal intact and warned that military confrontation with North Korea would result in “the worst kind of fighting in most people’s lifetimes,” told colleagues on Friday that he did not know if he could work with Mr. Bolton. The White House chief of staff, John F. Kelly, another retired four-star general, was also unenthusiastic about Mr. Bolton’s hiring.
Mr. Bolton’s harshest critics — mostly Democrats, but their ranks include some members of the Bush administration — argue that the odds of taking military action will rise dramatically when he becomes the last person a volatile American president consults.
“John Bolton is not some gray bureaucrat whose views are unknown to us,” said Michael McFaul, the American ambassador to Moscow under President Barack Obama, and now a Stanford professor and the director of the Freeman Spogli Institute for International Studies.
What a horrible selection for aguably one of the important positions within an administration.
CNET reports on the CLOUD Act being signed into law by President Trump, and how this legislation increases the US governments access to online data stored by US companies regardless of where the servers are located:
Lawmakers added the CLOUD Act (PDF), which stands for Clarifying Lawful Overseas Use of Data Act, to the spending bill before the final House and Senate votes Thursday. It updates the rules for criminal investigators who want to see emails, documents and other communications stored on the internet. Now law enforcement won’t be blocked from accessing someone’s Outlook account, for example, just because Microsoft happens to store the user’s email on servers in Ireland.
The law also lets the US enter into agreements to send information from US servers to criminal investigators in other countries with limited case-by-case review of requests.
The CLOUD Act offers an alternative to the current process for sharing internet user information between countries, called MLAT, or a mutual legal assistance treaty. Both law enforcement agencies and tech companies say using such a treaty to request data is cumbersome and slow. The fix has the technology sector divided though. Tech companies, such as Microsoft, favor the change. But privacy advocates say it could help foreign governments that abuse human rights by aiding their access to online data about their citizens.
This sounds all fine and dandy, but how effective will it really be? How will this law not be abused to collect data on individuals not necessarily accused of a crime?
Sen. Ron Wyden, a privacy-oriented Democrat from Oregon, said in a letter last week (PDF) that while the MLAT process needs to be updated, the CLOUD Act has a big problem in the way it lets the executive branch hash out individual agreements with foreign companies on data sharing. That “places far too much power in the President’s hands and denies Congress its critical oversight role,” Wyden wrote.
Neema Singh Guliani, legislative counsel at the ACLU, said the bill doesn’t account for the fact that a foreign country’s government might have a good human rights record one day, but start eroding those rights after coming to a data sharing agreement with the US. “Human rights are not static,” she said.
These are valid concerns that are more worrisome than not. How, and who, will prevent the global governments from abusing this capability?
Foreign Policy has an opinion piece about John Bolton being a US national security threat I am finding hard to disagree with:
Fifteen years ago, Bolton championed the Iraq War, and, to this day, he continues to believe the most disastrous foreign-policy decision in a generation was a good idea. Bolton’s position on Iraq was no anomaly. Shortly before the 2003 invasion, he reportedly told Israeli officials that once Saddam Hussein was deposed, it would be necessary to deal with Syria, Iran, and North Korea. He has essentially maintained this position ever since. Put plainly: For Bolton, there are few international problems where war is not the answer.
As the nuclear crisis with North Korea enters a critical period, Trump’s choice of Bolton as national security advisor dims the prospect of reaching a peaceful solution. Bolton, like McMaster, sees Kim Jong Un as fundamentally irrational and undeterrable — a view that seems to justify launching a preventive war if North Korea refuses to denuclearize. But McMaster supported diplomacy and, as a military man with extensive combat experience, understood the costs of war. Bolton, on the other hand, has spent his entire career sabotaging diplomacy with Pyongyang and seems downright giddy about a possible military confrontation.
Basically, for John Bolton, there is no answer other than some form of military action. Diplomacy may not even be a word he is capable of uttering, much less actively pursuing with American interests at heart.
A little history is helpful here. Bolton was undersecretary of state for arms control and international security when President George W. Bush’s administration made the fateful decision in 2002 to kill the 1994 Agreed Framework with North Korea. The Bill Clinton-era accord froze North Korea’s plutonium program under effective verification. But when it was discovered that Pyongyang was pursuing a separate uranium enrichment program with the help of Pakistan, a key decision had to be made: re-engage in diplomacy to expand the agreement to prohibit uranium enrichment or tear it up, isolate a member of the “Axis of Evil,” and push for regime change. Bush, guided in part by Bolton, chose the latter approach. And once the Agreed Framework collapsed, North Korea took the secured plutonium under its control and built about half a dozen additional nuclear weapons, testing its first in 2006. For many arms control and nonproliferation experts, this case represents a cautionary tale about the risks of foreclosing diplomatic engagement. In Bolton’s mind, however, North Korea’s actions simply prove that diplomacy doesn’t work with rogue states and that the only solution is to end these regimes all together, through U.S. military might if necessary.
Is this really the guy America needs as its National Security Advisor?
I cannot help but suspect there is going to be an attempt to misdirect Americans from the scandal-plagued Trump administration. The Special Council probe into potential Russian activity in the 2016 US presidential election appears not to be heading in the direction Trump desires. He is running out of options, and being a reality TV star and showman more than businessman, it just feels as if the Bolton hire has everything to do with Mueller and nothing to do with actual national security.
The next week or two are going to set the tone in America for the foreseeable future. Something unprecedented, huge is about to drop.
The Washington Post reports the Trump administration announced sanctions and criminal indictments against an Iranian hacker network allegedly involved in “one of the largest state-sponsored hacking campaigns”:
Nine of 10 named individuals were connected to the Mabna Institute, a Shiraz-based tech firm that the Justice Department alleged hacks on behalf of Iranian universities and the IRGC. The institute conducted “massive, coordinated intrusions” into the computer systems of at least 144 U.S. universities and 176 foreign universities in 21 countries, including Britain and Canada, officials said.
The hackers stole more than 31 terabytes of data and intellectual property — the rough equivalent of three Libraries of Congress — from their victims, prosecutors alleged. Much of it ended up in the hands of the IRGC, which has frequently been accused of stealing information to further its own research and development of weaponry. The Guard Corps is the division of Iran’s security forces charged with overseeing Iranian proxy forces abroad and is under the direct control of the country’s religious leaders.
“Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code,” said Geoffrey S. Berman, U.S. attorney for the Southern District of New York.
“Iran is engaged in an ongoing campaign of malicious cyberactivity against the United States and our allies,” said Sigal Mandelker, the Treasury Department’s undersecretary for terrorism and financial intelligence. “We will not tolerate the theft of U.S. intellectual property or intrusion into our research institutions and universities.”
Although lately there is a lot of news about Russian state sponsored cyber attacks, make no mistake, Russia is not the only country engaged in malicious cyberspace activity. Alongside Russia are China, North Korea, and Iran. These countries are responsible for the majority of the hacking activity around the globe. There are various reasons why these nations engage in cyber-based operations, not the least of which is surveillance against their enemies.
Here is an extremely simplified view of the landscape as it stands today.
China is primarily interested in stealing intellectual property. The Chinese would prefer to forego research and development costs, and would rather take the hard work already completed by others to use as the basis for their own technologies. China is mostly looking to increase their economic and military capabilities through these operations, with a strong emphasis on the former more than anything.
North Korea is completely cut off from the world banking system, so they have had to look to creative means of getting finances into the country. What North Korea has opted to do is conduct financially motived cyber attacks. They leverage ransomware to be paid in bitcoin by the victims, thus allowing the country to bypass global banking and siphon money back into Pyongyang.
So again, although Russia has been the primary culprit in the news these days, there are other sophisticated nation state actors engaging in cyber operations for various reasons. It should come as no surprise to see Iran accused of a vast global cyber conspiracy.
One thing to consider, especially in light of Bolton being named Trump’s new National Security Advisor, is the administrations desire for war. This announcement may very well be a precurser to additional comments about Iran from the Trump administration. While I do not claim to have any specific knowledge of what is to come, the timing seems all too convenient.
POLITICO discusses the diametric views the soon-to-be former and incoming National Security Advisors have on Russian hacking, propaganda, and influence on the 2016 presidential election:
In their public comments, McMaster and Bolton have presented a stark contrast in their views on Moscow’s involvement in the hacks and online trolling that roiled the 2016 presidential election. While McMaster has taken a hard-line stance in blaming Moscow for orchestrating the digital disruption campaign, Bolton has made headlines by casting doubt on Russia’s role.
In fact, it was McMaster’s remarks on the subject that caused his strained relationship with the president to spill into public view.
Speaking at a February conference in Munich, McMaster proclaimed that evidence of Russian meddling in the 2016 elections was “incontrovertible.”
Trump lashed out on Twitter in response: “General McMaster forgot to say that the results of the 2016 election were not impacted or changed by the Russians and that the only Collusion was between Russia and Crooked H, the DNC and the Dems. Remember the Dirty Dossier, Uranium, Speeches, Emails and the Podesta Company!”
Conversely, Bolton — a former U.S. ambassador to the United Nations during the George W. Bush administration — has cast doubt on the evidence linking Russia to the Democratic National Committee hack, suggesting that the Obama administration was blaming the Kremlin for political purposes.
In December 2016, when Bolton was being floated as the possible deputy secretary of state, the former diplomat suggested that the digital footprints left behind at the DNC may have been a “false flag.”
“If you think the Russians did this, why did they leave fingerprints?” he asked during a Fox News interview.
Bolton is either being completely intellectually dishonest or he is obtuse and incapable of understanding how cyber attacks are executed. Seeing as he will be the next National Security Advisor, this should be a warning to the type of illogical thought processes that will go into future US national security decisions.
Every cyber attack leaves some form of a so-called fingerprint. Whether it is an IP address accidentally exposed and attributed to a specific organization, a set of attack tools used and left behind in haste because the actors had to get out before being caught, or a complete series of tactics, techniques, and procedures specific actors use on a reoccurring basis – there are always going to be some form of a fingerprint. These are just some of the many data points used when attributing attacks to specific groups performing operations across the globe.
What Bolton should already know seeing as he is a former US Ambassador, but is so obviously playing politics with, is the US intelligence community is embedded in networks all over the globe. The National Security Agency regularly watches Russian, North Korean, Chinese, and Iranian actors while in the act of breaching networks. This has allowed the NSA to fingerprint the techniques the different actors leverage, which is often how attacks are attributed to groups like Fancy Bear, Lazarus, and the countless others.
The US is on a dangerous path. If Bolton opts to ignore strong evidence of Russian meddling in US election and sovereign affairs, the US should be prepared for what is likely the outcome or goal of his being hired as the National Security Advisor: to legitimize and sell a war against either North Korea or Iran to the American people.
The Brookings Institute discusses how the US has not yet seen the worst of Russian cyber attacks, thus far only having dealt with bots, trolls, and propaganda rather than crippling critical infrastructure:
In the West, Russia’s cyberattacks so far have been at the service of its disinformation operations: stolen data used to embarrass individuals, spin a narrative, discredit democratic institutions and values, and sow social discord. This was the pattern Russian operators followed in the United States, France, and Germany during the countries’ 2016–17 elections. Hacking email accounts of individuals or campaigns, leaking that stolen information using a proxy (primarily WikiLeaks), and then deploying an army of disinformation agents (bots, trolls, state controlled media) to disseminate and amplify a politically damaging narrative. Such cyber-enabled interference falls below the threshold of critical infrastructure attacks of significant consequence that could result in “loss of life, significant destruction of property, or significant impact on [national security interests].”
The nightmare of cyberattacks crippling critical infrastructure systems still has the sound of science fiction to most Americans. But in Ukraine, this nightmare is real. As the laboratory for Russian activities, Ukraine has seen a significant uptick in attacks on its critical infrastructure systems since the 2013–14 Maidan revolution. A barrage of malware, denial of service attacks, and phishing campaigns bombard Ukraine’s critical infrastructure environments on a daily basis. In December 2015, a well-planned and sophisticated attack on Ukraine’s electrical grid targeted power distribution centers and left 230,000 residents without power the day before Christmas. The attackers were able to override operators’ password access to the system and also disable backup generators.
Ukraine is all too familiar with Russian attacks against critical infrastructure. For a while it almost appeared as if Ukraine was some kind of testbed or cyber range of sorts for Russia to try and perfect its attack capabilities against electric power plants and substations.
Imagine the chaos a debilitating critical infrastructure attack would have on the US population. There has been a lot of news lately about Russia being embedded in the US power networks. This is no longer an “if it is possible” scenario, but rather “when will it occur”.
Time has an in-depth article discussing how a Russian KGB Chief once asked the US for peace in cyberspace:
“From the very beginning it was clear,” he tells TIME by phone from Moscow, where he now works mostly in the private sector. “We told our people, ‘Look, the public may not realize yet what’s going on. But we need to raise the alarm on a political level, because this stuff is a danger to our vital infrastructure.’”
The tables appear to have turned since then. The vital infrastructure now at risk is in the U.S., according to a March 15 report from the FBI and the Department of Homeland Security, which found that Russian hackers had penetrated deep into the control rooms of U.S. power stations, putting a finger on the light switch of American homes. “Since at least March 2016,” the report states, “Russian government cyber actors…targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”
These were precisely the sorts of attacks that Rubanov had feared from the Americans. He wouldn’t comment on whether Russia was in fact responsible this time; his old habits of discretion die hard, and he still serves as an occasional adviser to the Russian government. But he did note, with a tone of regret rather than self-satisfaction, that the Americans should have listened to his warnings two decades ago.
After the KGB was dissolved in 1991 along with the rest of the Soviet Union, Rubanov went to serve on the Kremlin’s Security Council, where he was also in charge of information security. He soon got to work, along with some colleagues at the Foreign Ministry and other agencies, on drafting rules of engagement for cyber space—a “code of conduct” of the type that governs the use of nuclear and chemical weapons.
“The point was to have a kind of non-aggression pact in the cyber sphere, one that would prohibit such attacks against sovereign nations,” he says. Their hope was that these rules would eventually be adopted by the United Nations and become international law. But the effort stalled, says Rubanov, in large part because the world’s last remaining superpower wasn’t interested. “Each country wants to have guarantees of security, but it does not want to extend those guarantees to others. So this is where we ended up. In a place where no one is safe.”
Global governments still continue to disagree on cyber norms. Until there are firm agreements in place, governments like Russia will continue to exploit the legal vulnerabilities and engage is malicious activities across the planet.
You do have to give Rubanov credit for his poignant observation about the importance of some type of cyber-based non-aggression pact. Imagine where the world would be today had something been agreed upon when Rubanov first brought it up.
A reputed technophobe, Putin had always been mistrustful of the Internet, which he has called a “CIA project.” And like many of Russia’s spy chiefs, he feared that microchips and operating systems imported from the U.S. were designed to function as secret tools of American sabotage, surveillance or both. But there was little he could do about it. In the field of cyber weaponry, “Russian generals felt they were losing the global arms race,” Andrei Soldatov and Irina Borogan wrote in their recent book, The Red Web, a history of Russian cyber policy. So instead of trying to match American technology, Russia tried using diplomacy “to put some limits on the United States’ offensive capabilities.”
These limits would have amounted to cyber disarmament. As outlined in 2009 by one of Rubanov’s successor at the Security Council, Vladislav Sherstyuk, Russia wanted a ban on cyber implants, which can act as remote-controlled bombs inside an enemy’s computer networks; a ban on the use of deception to hide the source of an attack; and, a rule that would extend humanitarian law into cyber space, effectively banning attacks on civilian targets like banks, hospitals or power stations.
One has to wonder just how genuine Putin was being when he and Sherstyuk discussed a form of cyber disarmament. It sounds more like a ploy to try and outmaneuver the United States rather than an actual desire to disarm cyberspace.
The entire article is well worth reading. It paints a very interesting picture of where the US-Russia relationship was, and where it has come since that time.
The Japan Times has an interesting article discussing the recent comments made by Donald Trump about Japan taking advantage of trade with the United States:
The prime minister is planning a hastily arranged trip to Washington next month after two surprise announcements by the U.S. president: That he’d meet their mutual adversary Kim Jong Un, and levy tariffs on Japanese steel and aluminum. The moves could shake the pillars of trade and security that underpin a 70-year-old alliance Abe was counting on to buttress against a rising China.
“The effect of a personal relationship is very uncertain,” said Akihisa Nagashima, a former vice defense minister who is a lawmaker with Japan’s opposition Kibo no To (Party of Hope). “This may even have been unrequited love.”
Abe’s U.S. trip bears parallels with his swift Trump Tower visit days after the 2016 U.S. election, presenting Trump with a $3,800 golf club and hailing him as a “very successful businessman with extraordinary talents.” The efforts appeared successful, as Trump reaffirmed the security alliance and shelved campaign threats to curb Japanese car imports, even as he later withdrew from a Pacific trade pact championed by Abe.
Fumio Kishida, Abe’s former foreign minister, said in a Wednesday interview in Hong Kong that the two leaders established a mutual trust. Other foreign leaders, including France’s President Emmanuel Macron and China’s President Xi Jinping, attempted similar charm offensives, with varied results.
As Trump has fired advisor after advisor, cabinet secretary after cabinet secretary, he has been increasingly surrounding himself with people who think like he does or worse. Trump is creating an echo chamber in the White House rather than a culture where his thoughts and ideas are challenged in an attempt to enact well thought out plans.
Considering all these circumstances, Abe-san is going to have a tough time charming Trump this time around.
The Daily Beast has an exclusive report discussing how Guccifer 2.0, the ostensible self-purported lone DNC hacker, appears to have slipped up in tradecraft and inadvertently revealed being a Russian intelligence officer:
Guccifer famously pretended to be a “lone hacker” who perpetrated the digital DNC break-in. From the outset, few believed it. Motherboard conducted a devastating interview with Guccifer that exploded the account’s claims of being a native Romanian speaker. Based on forensic clues in some of Guccifer’s leaks, and other evidence, a consensus quickly formed among security experts that Guccifer was completely notional.
Proving that link definitively was harder. Ehmke led an investigation at ThreatConnect that tried to track down Guccifer from the metadata in his emails. But the trail always ended at the same data center in France. Ehmke eventually uncovered that Guccifer was connecting through an anonymizing service called Elite VPN, a virtual private networking service that had an exit point in France but was headquartered in Russia.
But on one occasion, The Daily Beast has learned, Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation. Twitter and WordPress were Guccifer 2.0’s favored outlets. Neither company would comment for this story, and Guccifer did not respond to a direct message on Twitter.
Working off the IP address, U.S. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow.
There are a few angles to look at this. Primarily, if this is true, it is an major slip-up in GRU cyber tradecraft. Failure to activate a VPN is a huge issue, and not something seasoned actors would normally do.
However, Putin seem unconcerned about being accused of taking part in the DNC hacks, and any potential connections to the Trump campaign. He just won a new term in a sham election, and likely looks at this find as not a big deal.
So what? What will the United States do that could potentially harm Russia? It is not like the Trump Administration has taken a strong stance on Russia.
Finally, the security world had all but decided Guccifer 2.0 was Russian intelligence. This merely adds one additional data point to a lot of data pointing towards the GRU. So really it is not a major find in the grand scheme.
CNN reports on the FBI opening up an investigation into a ransomware attack targeting Atlanta:
Cox confirmed that the city had received a written demand related to the attack. When asked in the news conference if the city was going to pay a ransom, Bottoms said, “We can’t speak to that right now.”
“We will be looking for guidance from, specifically, our federal partners on how to best navigate the best course of action,” she said.
The city engaged Microsoft and a team from Cisco’s Incident Response Services in the investigation, Deputy Chief Information Officer Daphne Rackley said.
When asked if the city was aware of vulnerabilities and failed to take action, Rackley said the city had implemented measures in the past that might have lessened the scope of the breach. She cited a “cloud strategy” to migrate critical systems to secure infrastructure.
“This is not a new issue to the state of Georgia, it’s not a new issue to our country. We have been taking active measures to mitigate any risk in the past.”
It sounds like Atlanta is taking appropriate actions and have modified their strategy to account for these possibilities. I am curious what vector was used in this attack, and await the findings once a forensic audit is completed.
Bloomberg reports on Deloitte hiring EUROPOL Executive Director Rob Wainwright to run their cyber security business:
The 50-year-old MI5 veteran will join the Amsterdam-based unit in June, according to Deloitte, which shared an advanced copy of its announcement. Deloitte is planning to add 500 people to its European cyber practice to meet growing demand from corporate clients anxious to prevent hacks.
“I spent a lot of the last few years encouraging private-sector leaders to take cybersecurity more seriously, to invest more,” Wainwright said in an interview at Europol’s headquarters in The Hague on Tuesday. “So now I will go directly in there and try to help them do it myself.”
Wainwright has spent 28 years working for the U.K. government, including more than a decade at the MI5 domestic intelligence service, where he specialized in counter-terrorism and organized crime. After stints as head of the U.K. liaison bureau for Europol and running the international department of what is now called the National Crime Agency, he returned to Europol as director in 2009.
During his time at Europol, which acts as an intermediary for 1,000 global law enforcement bodies and coordinates major investigations involving terrorism and money laundering, Wainwright helped oversee a number of high-profile stings. He played a key role in last year’s takedown of AlphaBay and Hansa, dark-web markets that sold everything from drugs to hacking tools. AlphaBay was more than 10 times the size of Silk Road, which the U.S. closed in 2013.
Sounds like a major win for Deloitte and a huge hire. It will be interesting to see if Wainwright is capable of developing additional business, and strengthening existing projects, based on his expertise and experience.
WIRED discusses the EU General Data Protection Regulation – GDPR – and how the new privacy law will likely change the way web sites collect data on its users:
Instead, companies must be clear and concise about their collection and use of personal data like full name, home address, location data, IP address, or the identifier that tracks web and app use on smartphones. Companies have to spell out why the data is being collected and whether it will be used to create profiles of people’s actions and habits. Moreover, consumers will gain the right to access data companies store about them, the right to correct inaccurate information, and the right to limit the use of decisions made by algorithms, among others.
The law protects individuals in the 28 member countries of the European Union, even if the data is processed elsewhere. That means GDPR will apply to publishers like WIRED; banks; universities; much of the Fortune 500; the alphabet soup of ad-tech companies that track you across the web, devices, and apps; and Silicon Valley tech giants.
As an example of the law’s reach, the European Commission, the EU’s legislative arm, says on its website that a social network will have to comply with a user request to delete photos the user posted as a minor — and inform search engines and other websites that used the photos that the images should be removed. The commission also says a car-sharing service may request a user’s name, address, credit card number, and potentially whether the person has a disability, but can’t require a user to share their race. (Under GDPR, stricter conditions apply to collecting “sensitive data,” such as race, religion, political affiliation, and sexual orientation.)
If you do anything on the web, which in 2018 is tantamount to asking someone if they have electricity, then this is a must read. Europe really is at the forefront of privacy law, and we can only hope other nations will follow suit. But since the web knows no borders, GDPR will apply to every company and organization operating on the web. So as a netizen, become familiar with this regulation and know what is, and is not, allowed.
Just as Cambridge Analytica was able to exploit loopholes in Facebook’s system, I wonder what company will be the first to find and leverage loopholes in GDPR, and what will happen to them for doing so.
The Washington Post is reporting the Trump Administration finally implemented sanctions previously passed by Congress, focusing on the spying, propaganda, and cyber attacks during the 2016 US Presidential election:
The Trump administration on Thursday imposed fresh sanctions on Russian government hackers and spy agencies to punish Moscow for interfering in the 2016 presidential election and for a cyberattack against Ukraine and other countries last year that officials have characterized as “the most destructive and costly” in history.
Sanctions also were imposed on individuals known as “trolls” and the Russian organizations — including the Internet Research Agency — that supported their efforts to undermine the election. Additionally, the administration alerted the public that Russia is targeting the U.S. energy grid with computer malware that could sabotage its systems.
Taken together, the moves represent the administration’s most aggressive actions to date against Russia for its incursions against the United States, though analysts say their impact is mostly symbolic and noted that a number of the individuals and groups had already been subject to sanctions. Nonetheless, officials hope the actions will help deter tampering with this year’s midterm elections while signaling to Russia that Washington will not allow its attacks to go unchallenged.
Although the administration imposed sanctions, I have yet to hear Trump categorically state his belief the Russians were involved in election tampering. I consider that quite peculiar.
CNBC reports on Australia’s Department of Defense prohibiting the popular Chinese chat app WeChat from being used on its network assets:
Messaging and e-payment app WeChat has become the latest Chinese technology to be banned by an overseas military on security grounds, with Australia instructing its armed forces not to use it.
The country’s defence department said the service did not meet its standards, although it did not directly link the ban to security concerns.
“Software and applications that do not meet Defence standards will not be authorised for use on Defence networks and mobile devices,” the country’s defence department said in an email statement. “Defence has a strict policy concerning the use of social media on its networks and mobile devices. Defence allows very few applications on Defence mobile devices. WeChat has not been authorised for use.”
Australia is part of the Five Eyes, so it should come as no surprise to see them banning Chinese internet technology. It simply boils down to a matter of trust, and it is hard to have any when China is wreaking havoc all over the world, even if they have been a bit quiet lately.
The Register reports on a recent and pretty embarrassing Department of Homeland Security IT security audit:
The report also scolds DHS for continuing to use unsupported operating systems. DHS, the Coast Guard, and the Secret Service were all found to be using Windows Server 2003 after Microsoft’s July 2015 discontinuation of support.
The OIG also noted that Windows workstations at DHS, the Federal Emergency Management Agency (FEMA), and the Coast Guard were missing a variety of patches.
“Windows 2008 and 2012 operating systems were missing security patches for Oracle Java, an unsupported version of Internet Explorer, and a vulnerable version of Microsoft’s Sidebar and Gadgets applications,” the report says. “Some of the missing security patches dated back to July 2013.”
A number of Windows 8.1 and Windows 7 workstations were missing key security patches, including the WannaCry fix, various browser updates, and patches for Adobe Flash, Shockwave, and Acrobat flaws.
The report concludes that the observed deficiencies run contrary to the President’s Cybersecurity Executive Order and demonstrate the need for stronger security oversight.
Unfortunate yet likely these agencies rely on some legacy code requiring these extremely dated operating systems. Welcome to the wonderful world of government contracting, where there are a lot of custom built applications running in extremely insecure environments. The question: are these vulnerabilities an acceptable risk required to complete the mission?