Electoral Cyber Security Is So Weak A Child Can Hack It

(Image is from pixabay.com.)

It is now beyond doubt that Russia attacked our electoral system in 2016. It wasn't just that they posted fake stories on social media. They actually hacked the official election websites of at least 25 states, and in many they actually were able to access voter rolls.

Donald Trump has called it a hoax, because he doesn't want to admit he was helped to win in 2016 by the Russians -- and he has refused to take any action to improve electoral cyber security in this country. In fact, he has even eliminated the White House Office of Cyber Security (which was the office to coordinate an improvement of cyber security).

The Republican Congress is no better. While they admit the Russians did do a cyber attack on our electoral systems in 2016, they claim that no votes were changed. And they have killed a bill that would have provided many millions to states for cyber security improvements. They don't seem to think this is a serious problem.

They are wrong. Our cyber security system in many (if not all) states is so weak that it can be hacked by a child. And actual voting results don't have to be changed to affect the outcome of an election. Simply deleting a few hundred voters from voter rolls in a competitive district WLL affect the outcome of a race.

Consider this article from Michael D. Regan at PBS.org:

An 11-year-old boy on Friday was able to hack into a replica of the Florida state election website and change voting results found there in under 10 minutes during the world’s largest yearly hacking convention, DEFCON 26, organizers of the event said. 

Thousands of adult hackers attend the convention annually, while this year a group of children attempted to hack 13 imitation websites linked to voting in presidential battleground states.

The boy, who was identified by DEFCON officials as Emmett Brewer, accessed a replica of the Florida secretary of state’s website. He was one of about 50 children between the ages of 8 and 16 who were taking part in the so-called “DEFCON Voting Machine Hacking Village,” a portion of which allowed kids the chance to manipulate party names, candidate names and vote count totals.

Nico Sell, the co-founder of the the non-profit r00tz Asylum, which teaches children how to become hackers and helped organize the event, said an 11-year-old girl also managed to make changes to the same Florida replica website in about 15 minutes, tripling the number of votes found there. 

Sell said more than 30 children hacked a variety of other similar state replica websites in under a half hour. 

“These are very accurate replicas of all of the sites,” Sell told the PBS NewsHour on Sunday. “These things should not be easy enough for an 8-year-old kid to hack within 30 minutes, it’s negligent for us as a society.” 

Sell said the idea for the event began last year, after adult hackers were able to access similar voting sites in less than five minutes. 

“So this year we decided to bring the voting village to the kids as well,” she said. . . .

“I think the general public does not understand how large a threat this is, and how serious a situation that we’re in right now with our democracy,” she said.

Matt Blaze, a professor of computer and information science at the University of Pennsylvania who helped organize the “hacking village,” said that thousands of adults including voting security experts also tried to access voting machines and other voting software currently being used in U.S. elections today to become “more knowledgeable about voter technology.” 

He also noted that the children who participated in their own challenge last week were dealing with replicas that were in many cases created to be even more formidable to access than the actual websites used by secretaries of states across the nation. 

“It’s not surprising that these precocious, bright kids would be able to do it because the websites that are on the internet are vulnerable, we know they are vulnerable,” he said. “What was interesting is just how utterly quickly they were able to do it.”

Voting Machines MUST Generate A Paper Ballot

The voting machine pictured here is the Ivotronic. It is a touch screen voting machine that's very easy to use (even for a first-time voter), and it allows poll workers to report voting results very quickly after the polls close.

I am very familiar with the machine -- both as a voter and a poll worker. However, I was disappointed when I recently moved to a new county in Texas, and found my new county was also using this same machine (as are thousands of counties across this nation).

Why was I disappointed? Because the machine has a fatal flaw in my opinion. It does not generate a paper readout that shows the voter how their vote was counted. The voter just has to hope their vote was counted and reported correctly.

This is bad for several reasons. 1) It wouldn't be known if a crooked election judge or worker tampered with the machine to miscount votes. 2) Machines do make mistakes. 3) It is impossible to do a recount in a close election, because no matter how many times you ask it, the machine will spit out the same numbers.

Now, there is another reason to mistrust the machine's results -- the interference by another nation in our electoral system (Russia). We now know that Russians hacked into the electoral systems of at least 21 states in the 2016 election. It is believed that they only got into voter rolls and were not able to change any vote totals. But will they be better at their hacking in 2018 or 2020? Will they then have the ability to alter vote totals to suit themselves?

Some are calling for a return to paper ballots that are hand-counted. I wouldn't like to see that. I worked at the polls when paper ballots were used, and counting them took forever. It was a rural precinct that had only a few hundred ballots, and it still took until about 3 am before the ballots were counted and ready to be reported. I can imagine it would be a nightmare for a urban or suburban precinct with a few thousand voters.

There is another solution. Make sure all machines print a paper ballot that can be saved and recounted if there is a question of the validity of the originally reported results. This can be done in two ways.

1) Voters could vote on a paper ballot that is then fed into an electronic counter. Those paper ballots could always be recounted by hand if there is any question.

2) Make sure all electronic voting machines print out a record of how the voter cast his/her vote. The voter could check the printout, make sure it's correct, and then put it in a locked ballot box. Those paper printouts could be hand-counted if there is any question.

It doesn't matter which way is chosen by county governments. Both would work. But it is now imperative that all electronic voting machines print out the results. It is the only way to insure our electoral system is correct, and the only way to restore voters faith in our electoral system -- especially in light of Russian electoral hacking, and a president that refuses to acknowledge the hacking even took place.

The Public Believes Russia Will Interfere With 2018 Elections

These charts are from a new NBC News / SurveyMonkey Poll -- done between January 30th and February 1st of a random national sample of 4,424 adults, with a margin of error of 2 points.

It shows that 79% of the general public believes our election system is vulnerable to hackers. And 68% are not confident that tech companies are doing enough to stop that hacking. That's not good, but worse is that 57% believe that an enemy of this country (Russia) will once again try to influence our coming election.

Those fears are not unwarranted. We have known for a few months now that Russian hackers tried to hack into the voting systems of at least 21 states. Now we learn they were successful in doing that in a few states. We are told that no results were altered and no voter rolls were altered, but can we trust that?

Some think that Russian interference helped to elect Trump in 2016. Others think that the Russians were just trying to sow the seeds of doubt in our electoral system. Neither is something we want, or something that is helpful to the maintenance of our democracy. Interference in our election by the Russians (or any other foreign country) is something that must be stopped!

What has our government done to stop it? Not much. Congress did pass some sanctions to punish the Russians for their interference, but Trump has refused to impose those sanctions. And neither Trump nor Congress has done anything to insure the sanctity of our voter rolls or voting systems.

Who do we want choosing our leaders -- American citizens or Russian hackers. If we don't take action to prevent it, it could well be the latter.

Trump Reverses On Cyber-Security Collusion W/Russia

(Caricature of Donald Trump is by DonkeyHotey.)

Desperate to show that he did not give in to Putin in their meeting, but actually cemented better relations between the two countries, Donald Trump tweeted:

Putin & I discussed forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded and safe.

It is amazing that Trump actually seemed to think this was a good idea -- an idea that Americans would appreciate. He never realized that, in such a proposal, he was being played by Putin -- even though that was obvious to everyone else.

Co-operating with the Russians to develop a Cyber Security unit would just make it easier for them to hack our elections in the future (because they would know what kind of safeguards were in place). It would be like allowing the fox to help develop a security system for the hen house.

The whole idea was ludicrous, and that was instantly obvious to even Trump's Republican allies. It's simply dumb beyond belief to allow the country guilty of hacking an election to help design security to protect future elections -- and it just illustrates that although Trump considers himself a genius, he's really not very smart.

Fortunately, he came to his senses once he realized that everyone (friend and enemy) thought his suggestion (Putin's suggestion?) was crazy -- and he tweeted a reversal of course just 13 hours after his first tweet.

The fact that President Putin and I discussed a Cyber Security unit doesn't mean I think it can happen. It can't.

It still amazes me that Americans elected someone this dumb to be their president.

Trump Knuckles Under To Putin In Their First Meeting

(Photo of Putin and Trump is by Evan Vucci (AP) at NBC News.)

Here's what Russian Foreign Minister Sergey Lavrov said after the Putin/Trump meeting:

“President Trump has said that he has heard earlier declarations from Mr. Putin that Russian leadership and Russian government has not interfered in the elections. And he accepts the things that Mr. Putin has said.” 

And here's what U.S. Secretary of State Rex Tillerson said:

"There was not a lot of re-litigating of the past. I think both of the leaders feel like there's a lot of things in the past that both of us are unhappy about. We're unhappy, they're unhappy. What the two Presidents, I think rightly, focused on is how do we move forward. How do we move forward from here, because it’s not clear to me that we will ever come to some agreed-upon resolution of that question between the two nations."

Frankly, I don't trust what either Lavrov or Tillerson ever says, because the Putin administration and the Trump administration have both demonstrated a total disregard for the truth. But when both sides agree on what happened in the meeting, then we are probably getting something at least close to the truth. And that's how I read the two statements above.

Tillerson said Trump opened the meeting by "pressing" Putin on the issue of Russia hacking our election. He had to do that, even though he said just the day before that he still isn't sure it happened (or that it was the Russians who did it). If he hadn't, he would have been roundly criticized by members of both political parties. While Trump doesn't want to admit it happened, the Republicans and Democrats in Congress (and the American public) believes our intelligence agencies (who say it is a fact, and that it was directed by Putin himself).

If we are to believe Lavrov and Tillerson, then Trump did bring the subject up and Putin denied it. Then (whether Trump accepted it or not) they agreed to move on to other subjects and work toward developing a better relationship. That's is NOT adequate!

The hacking of our 2016 election by Russian hackers at the direction of Putin was nothing less than an attack on our country -- on the very basis of our democratic form of government. NOTHING is more important than that -- not Syria, not Ukraine, not North Korea, and not improving relations between Russia and the United States.

The hacking should have been the most important subject of that meeting, and until satisfaction was received on that subject (an apology and assurances that it would never happen again) no other subject should have even been discussed. How can anyone improve relations or have agreements with a government that has attacked the very foundations of our democracy?

Trump knuckled under to Putin on the most important issue there was to discuss. By refusing to stand up to Putin, he failed his country -- and he made the world a much more dangerous place (with a stronger Putin and a weaker American presidency).

More Americans Believe Comey Than Believe Trump

Rumor has it that this poll is driving Donald Trump to fits of rage. I believe it. His narcissistic personality demands that he be loved and trusted -- and the American public doesn't do either.

The fact is that more Americans believe James Comey than believe Donald Trump (45% to 22%). They think Trump is lying about trying to influence Comey to stop the Russian hacking investigation (or demanding loyalty from him).

They also don't believe Trump when he says the Russians didn't interfere in the 2016 election. A 53% majority believes they did interfere.

These charts are from a new NBC News / Wall Street Journal Poll -- done between June 17th and 20th of a random national sample of 900 adults, with a margin of error of 3.3 points.

Russian Hacking Was Widespread - Why Does Trump Deny It

(The cartoon image above is by Lalo Alcaraz.)

The truth is that the Russians attacked the United States electoral system in 2016. And it was not just a few hackers on their own -- but a concerted effort by the Russian government under the direction of Putin himself. This is fact, and our government knows it (both our intelligence agencies and our Congress). That's why the Senate voted nearly unanimously (only 2 senators voted "no") to put new economic sanctions on Russia.

The bill for the new sanctions in now in the House. But guess who opposes it, and is working hard to defeat it. DONALD TRUMP! The Trump administration opposes a part of the sanctions bill that says the president could not alter the sanctions without first notifying Congress. In short, he wants the ability to remove those sanctions without telling Congress (or anyone else). We already know that he tried to remove the current sanctions against Russia immediately after taking office, but was stopped by Congress.

Why is Trump doing this? Does he not care about the security of our democracy? Or does he owe the Russian government for their efforts to get him elected? There's no "smoking gun" evidence that Trump colluded with the Russian government to subvert our electoral process -- YET. But Trump's actions (calling the hacking a "fake story", trying to unilaterally remove sanctions, etc.) certainly makes it look like there may be a quid pro quo involved (an agreement between Trump and Putin).

The hacking was actually more widespread than most people know. This is part of an article in Time magazine by Massimo Calabresi on how serious the Russian hacking was:

The hacking of state and local election databases in 2016 was more extensive than previously reported, including at least one successful attempt to alter voter information, and the theft of thousands of voter records that contain private information like partial Social Security numbers, current and former officials tell TIME.

In one case, investigators found there had been a manipulation of voter data in a county database but the alterations were discovered and rectified, two sources familiar with the matter tell TIME. Investigators have not identified whether the hackers in that case were Russian agents.

The fact that private data was stolen from states is separately providing investigators a previously unreported line of inquiry in the probes into Russian attempts to influence the election. In Illinois, more than 90% of the nearly 90,000 records stolen by Russian state actors contained drivers license numbers, and a quarter contained the last four digits of voters’ Social Security numbers, according to Ken Menzel, the General Counsel of the State Board of Elections.

Congressional investigators are probing whether any of this stolen private information made its way to the Trump campaign, two sources familiar with the investigations tell TIME. . . .

The House and Senate Intelligence committees held hearings on June 22 to highlight the ongoing vulnerability of the U.S. election systems. “I’m deeply concerned,” said North Carolina Republican Senator Richard Burr who chairs the Senate Intelligence Committee, that “we could be here in two or four years talking about a much worse crisis.”

Cyber-security officials testifying at the Senate hearing acknowledged for the first time the extent of the Russian effort to interfere with the election. Twenty-one states saw such intrusions last year, a senior official from the Department of Homeland Security, Jeanette Manfra, said. None of the intrusions affected the vote count itself, all the officials testified.

That has not reassured some Hill leaders. “There’s no evidence they were able to affect the counting within the machines,” says the top Democrat on the House Intelligence committee, Congressman Adam Schiff of California. But, he added, “the effect on the election is quite a different matter.”

The Russian efforts against state and local databases were so widespread that top Obama administration cyber-security officials assumed that by Election Day Moscow’s agents had probed all 50 states. “At first it was one state, then three, then five, then a dozen,” says Anthony Ferrante, a former FBI cybersecurity official and member of the White House team charged with preparedness and response to the cyber intrusion. At that point, says Michael Daniel, who led the White House effort to secure the vote against the Russian intrusions, “We had to assume that they actually tried to at least rattle the doorknobs on all 50, and we just happened to find them in a few of them."

Many hackers, including state-sponsored ones, use automated programs to target hundreds or even thousands of computers to check for vulnerabilities. But confirming intrusions is hard. As far as officials have been able to determine, the number of actual successful intrusions, where Russian agents gained sufficient access to attempt to alter, delete or download any information, was “less than a dozen,” current and former officials say. But that wasn’t the only worry.

“In addition to the threat to the vote we were also very concerned about the public confidence in the integrity of the electoral system,” says Ferrante.

Special Counsel Robert Mueller is investigating whether any laws were broken in relation to the Russian attack. The Congressional intelligence probes also seek to determine the nature and scope of the Russian espionage operation in order to protect future elections.

“The integrity of the entire system is in question,” says Bahar, “So you need the system to push back and find out what happened and why, so it never happens again.”

Russian Hacking Of Our Election Was Worse Than Thought

(Cartoon image is by Steve Sack in the Minneapolis Star-Tribune.)

Posted below is part of a very troubling article by Matthew Cole, Richard Esposito, Sam Biddle, and Ryan Grim for The Intercept:

RUSSIAN MILITARY INTELLIGENCE executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light. . . .

The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document:

Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.

This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU.

The NSA analysis does not draw conclusions about whether the interference had any effect on the election’s outcome and concedes that much remains unknown about the extent of the hackers’ accomplishments. However, the report raises the possibility that Russian hacking may have breached at least some elements of the voting system, with disconcertingly uncertain results.

The NSA and the Office of the Director of National Intelligence were both contacted for this article. Officials requested that we not publish or report on the top secret document and declined to comment on it. When informed that we intended to go ahead with this story, the NSA requested a number of redactions. The Intercept agreed to some of the redaction requests after determining that the disclosure of that material was not clearly in the public interest.

The report adds significant new detail to the picture that emerged from the unclassified intelligence assessment about Russian election meddling released by the Obama administration in January. The January assessment presented the U.S. intelligence community’s conclusions but omitted many specifics, citing concerns about disclosing sensitive sources and methods. The assessment concluded with high confidence that the Kremlin ordered an extensive, multi-pronged propaganda effort “to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.”

That review did not attempt to assess what effect the Russian efforts had on the election, despite the fact that “Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards.” According to the Department of Homeland Security, the assessment reported reassuringly, “the types of systems we observed Russian actors targeting or compromising are not involved in vote tallying.”

The NSA has now learned, however, that Russian government hackers, part of a team with a “cyber espionage mandate specifically directed at U.S. and foreign elections,” focused on parts of the system directly connected to the voter registration process, including a private sector manufacturer of devices that maintain and verify the voter rolls. Some of the company’s devices are advertised as having wireless internet and Bluetooth connectivity, which could have provided an ideal staging point for further malicious actions.

As described by the classified NSA report, the Russian plan was simple: pose as an e-voting vendor and trick local government employees into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.

But in order to dupe the local officials, the hackers needed access to an election software vendor’s internal systems to put together a convincing disguise. So on August 24, 2016, the Russian hackers sent spoofed emails purporting to be from Google to employees of an unnamed U.S. election software company, according to the NSA report. Although the document does not directly identify the company in question, it contains references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states.

The spear-phishing email contained a link directing the employees to a malicious, faux-Google website that would request their login credentials and then hand them over to the hackers. The NSA identified seven “potential victims” at the company. While malicious emails targeting three of the potential victims were rejected by an email server, at least one of the employee accounts was likely compromised, the agency concluded. The NSA notes in its report that it is “unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data from the victim could have been exfiltrated.”. . .

Although the NSA report indicates that VR Systems was targeted only with login-stealing trickery, rather than computer-controlling malware, this isn’t necessarily a reassuring sign. Jake Williams, founder of computer security firm Rendition Infosec and formerly of the NSA’s Tailored Access Operations hacking team, said stolen logins can be even more dangerous than an infected computer. “I’ll take credentials most days over malware,” he said, since an employee’s login information can be used to penetrate “corporate VPNs, email, or cloud services,” allowing access to internal corporate data. The risk is particularly heightened given how common it is to use the same password for multiple services. 

Evidence Is Emerging That Trump Colluded With Russia

“There’s a smell of treason in the air.” -- Presidential historian Douglas Brinkley.

The Trump administration has based their defense against allegations of collusion with Russian officials to subvert the 2016 election on the excuse that there is no evidence of such collusion. That is now changing. The FBI now has circumstantial evidence that collusion did indeed take place. The only word for such collusion is TREASON!

Consider the following story from CNN News:

The FBI has information that indicates associates of President Donald Trump communicated with suspected Russian operatives to possibly coordinate the release of information damaging to Hillary Clinton's campaign, US officials told CNN.

This is partly what FBI Director James Comey was referring to when he made a bombshell announcement Monday before Congress that the FBI is investigating the Trump campaign's ties to Russia, according to one source.

The FBI is now reviewing that information, which includes human intelligence, travel, business and phone records and accounts of in-person meetings, according to those U.S. officials. The information is raising the suspicions of FBI counterintelligence investigators that the coordination may have taken place, though officials cautioned that the information was not conclusive and that the investigation is ongoing.

In his statement on Monday Comey said the FBI began looking into possible coordination between Trump campaign associates and suspected Russian operatives because the bureau had gathered "a credible allegation of wrongdoing or reasonable basis to believe an American may be acting as an agent of a foreign power." . . .

One law enforcement official said the information in hand suggests "people connected to the campaign were in contact and it appeared they were giving the thumbs up to release information when it was ready." But other U.S. officials who spoke to CNN say it's premature to draw that inference from the information gathered so far since it's largely circumstantial.

The FBI cannot yet prove that collusion took place, but the information suggesting collusion is now a large focus of the investigation, the officials said.

The FBI has already been investigating four former Trump campaign associates -- Michael Flynn, Paul Manafort, Roger Stone and Carter Page -- for contacts with Russians known to US intelligence. All four have denied improper contacts and CNN has not confirmed any of them are the subjects of the information the FBI is reviewing.

One of the obstacles the sources say the FBI now faces in finding conclusive intelligence is that communications between Trump's associates and Russians have ceased in recent months given the public focus on Russia's alleged ties to the Trump campaign. Some Russian officials have also changed their methods of communications, making monitoring more difficult, the officials said.

Last July, Russian intelligence agencies began orchestrating the release of hacked emails stolen in a breach of the Democratic National Committee and associated organizations, as well as email accounts belonging to Clinton campaign officials, according to U.S. intelligence agencies. 

The Russian operation was also in part focused on the publication of so-called "fake news" stories aimed at undermining Hillary Clinton's campaign. But FBI investigators say they are less focused on the coordination and publication of those "fake news" stories, in part because those publications are generally protected free speech.

The release of the stolen emails, meanwhile, transformed an ordinary cyber-intrusion investigation into a much bigger case handled by the FBI's counterintelligence division.

FBI counterintelligence investigations are notoriously lengthy and often involve some of the U.S. government's most highly classified programs, such as those focused on intelligence-gathering, which can make it difficult for investigators to bring criminal charges without exposing those programs.

Investigators continue to analyze the material and information from multiple sources for any possible indications of coordination, according to US officials. Director Comey in Monday's hearing refused to reveal what specifically the FBI was looking for or who they're focusing on.

US officials said the information was not drawn from the leaked dossier of unverified information compiled by a former British intelligence official compiled for Trump's political opponents, though the dossier also suggested coordination between Trump campaign associates and Russian operatives.

Russian Hackers Attacking U.S. Progressives (For Trump?)

(Cartoon image is by Walt Handelsman for the Tribune Content Agency.)

Russian hackers are still trying to interfere in our political system. Their latest hacks are directed at progressive organizations in the United States. While they are asking for money from these groups (under threat of releasing sensitive information), I have to wonder why it is only progressive groups they are attacking (and not conservative groups). Is it a continuing effort to help Donald Trump?

The following article is by Michael Riley at Bloomberg News. Here are some excerpts:

Russian hackers are targeting U.S. progressive groups in a new wave of attacks, scouring the organizations’ emails for embarrassing details and attempting to extract hush money, according to two people familiar with probes being conducted by the FBI and private security firms.

At least a dozen groups have faced extortion attempts since the U.S. presidential election, said the people, who provided broad outlines of the campaign. The ransom demands are accompanied by samples of sensitive data in the hackers’ possession.

In one case, a non-profit group and a prominent liberal donor discussed how to use grant money to cover some costs for anti-Trump protesters. The identities were not disclosed, and it’s unclear if the protesters were paid.

At least some groups have paid the ransoms even though there is little guarantee the documents won’t be made public anyway. Demands have ranged from about $30,000 to $150,000, payable in untraceable bitcoins, according to one of the people familiar with the probe.

Attribution is notoriously difficult in a computer attack. The hackers have used some of the techniques that security experts consider hallmarks of Cozy Bear, one of the Russian government groups identified as behind last year’s attack on the Democratic National Committee during the presidential election and which is under continuing investigation. Cozy Bear has not been accused of using extortion in the past, though separating government and criminal actors in Russia can be murky as security experts say some people have a foot in both worlds. . . .

During the election Russian hackers heavily targeted the personal email accounts of staffers associated with the Clinton campaign. One of the people who described the current campaign said that in some cases, web-based email accounts are also being targeted because of their heavy use among non-profits.

Along with emails, the hackers are stealing documents from popular web-based applications like SharePoint, which lets people in different locations work on Microsoft Office files, one of the people said. . . .

The hackers’ targeting of left-leaning groups -- and the sifting of emails for sensitive or discrediting information -- has set off alarms that the attacks could constitute a fresh wave of Russian government meddling in the U.S. political system. The attacks could be designed to look like a criminal caper or they could have the tacit support of Russian intelligence agencies, the people said.

Russia’s intelligence agencies maintain close relationships with criminal hackers in the country, according to several U.S. government investigations.

None of the possible explanations for the attacks are particularly comforting to the victimized groups, few of which are household names but are part of the foundation of liberal politics in the U.S.

Some of the groups are associated with causes now under attack by the Trump administration.

Bernie Supporters (& Others) Were Duped By The Russians

(Photo of Vladimir Putin is by Hannah Peters at Getty Images.)

It is now known that the Russian government hacked the e-mail accounts of the Democratic National Committee (DNC), and then turned those hacked accounts over to Wikileaks's -- and Wikileaks then did Russia's bidding by releasing them to the public. It was done to hurt the candidacy of Hillary Clinton (who Putin did not like) and help the candidacy of Donald Trump (who Putin does like).

The inference was that the DNC was somehow rigging the primary election to favor Hillary Clinton over Bernie Sanders. While some silly things were said by some not-too-bright people working for the DNC in those e-mails, there was (and still is) no proof that the DNC did anything to aid Clinton or hurt Sanders.

Sadly, many of the Bernie supporters decided they didn't need any actual proof. They needed an excuse as to why their candidate was losing in the primaries, so they jumped on the Russian hacking as though it proved more than it actually did. They accused the DNC of rigging the primaries, and Clinton of doing all sorts of crooked things. And too many of them are still telling those same lies today -- lies based on inferences drawn from the Russian hacking.

To be blunt, they were duped by Vladimir Putin and his horde of hackers into vilifying the only candidate with a chance to defeat Donald Trump (Putin's choice for president). I doubt they'll admit it, but they were played like a fiddle and happily danced to Putin's tune. They should be ashamed of themselves.

Russia Intentionally Tried To Throw U.S. Election To Trump

(Cartoon image is by Darrin Bell at darrinbell.com.)

We have known that Russia was responsible for hacking into American political party files for a while now. That has been substantiated by the CIA, and even worse, they did it to help Donald Trump win the presidency (which is not surprising considering Trump's stands on NATO, the Ukraine, and Syria). Putin sees an ally in Trump.

From The Washington Post:

The CIA has concluded in a secret assessment that Russia intervened in the 2016 election to help Donald Trump win the presidency, rather than just to undermine confidence in the U.S. electoral system, according to officials briefed on the matter.

Intelligence agencies have identified individuals with connections to the Russian government who provided WikiLeaks with thousands of hacked emails from the Democratic National Committee and others, including Hillary Clinton’s campaign chairman, according to U.S. officials. Those officials described the individuals as actors known to the intelligence community and part of a wider Russian operation to boost Trump and hurt Clinton’s chances.

“It is the assessment of the intelligence community that Russia’s goal here was to favor one candidate over the other, to help Trump get elected,” said a senior U.S. official briefed on an intelligence presentation made to U.S. senators. “That’s the consensus view.”. . . 

Though Russia has long conducted cyberspying on U.S. agencies, companies and organizations, this presidential campaign marks the first time Moscow has attempted through cyber-means to interfere in, if not actively influence, the outcome of an election, the officials said.

What makes this whole situation even worse is that U.S. government officials knew this well before the election -- and kept it a secret from the American people. The President, at least 12 congressional leaders from both political parties, and FBI director James Comey all were notified of the Russian hacking on behalf of Donald Trump, and none of them did anything.

The President, and other Democrats that knew, were afraid of being accused of political tricks if they notified citizens. Frankly that disgusts me. I am tired of the timidity of elected Democratic officials. You can bet if Putin had been trying to help Clinton instead of Trump, the Republicans wouldn't have hesitated to broadcast it far and wide. When are the Democrats going to learn to play the same kind of political hardball that the Republicans play?

For their part, the Republicans that knew denied that it was true. Facts don't mean much to them anymore, and they choose to believe what they want. For them, the CIA is right only when they give facts corresponding to the GOP agenda. They should be ashamed, but they have no shame.

Perhaps the worst of the lot is FBI director James Comey. He was quick to release a statement that inferred that Hillary Clinton had done something wrong with her e-mails (even though it wasn't true, and wasn't even her e-mails or sent on her server). But when faced with facts regarding Trump getting help from the Russians (a far more serious thing), he chose to keep that a secret (because it might hurt his favorite candidate). Comey used the FBI to influence the U.S. presidential election -- and for that, he should resign. The American people can no longer trust him.

A foreign power intentionally trying to effect the presidential election for a particular candidate is an extremely serious thing, and the people should have been told about it. The U.S. government let its citizens down.

Why Russia's Putin Has Acted To Support Donald Trump

(Cartoon image is by Dave Granlund at davegranlund.com.)

On the eve of the Democratic National Convention, a series of e-mails from the Democratic National Committee was publicly released. They showed no wrong-doing by the committee, but did contain some stupidly embarrassing e-mails from some committee members (especially one from the chief financial officer). The release was obviously designed to hurt the candidacy of the Democratic nominee, Hillary Clinton.

We now know those e-mails were discovered when Russians hacked into the DNC computer. The question that brings up is -- why would the Russians want to hurt Clinton? Why would they want to interfere in the United States election? The obvious answer is they were trying to boost the candidacy of Donald Trump.

Some people posed that they wanted to help Trump because Trump has significant holdings in Russia, or that Russian investors have significant money invested with Trump in this country. The Trump campaign was quick to deny that. Personally, I think that was a straw man argument (probably designed by Trump supporters). If Trump does have holdings in Russia or Russian investors, I doubt making him president would help that (because he would need to divorce himself from his business interests if elected).

But that doesn't mean Russia doesn't have an interest in seeing Trump elected president. For one thing, Trump has expressed his admiration for Putin. It would not be wrong for Putin to think he could get along with Trump (and use him) better than he could with Hillary Clinton (who would continue the foreign policy of Barack Obama).

But perhaps the most important reason is Trump's attacks on NATO. Trump has said NATO is outdated, and even suggested that he would not act to defend some NATO countries (who he claims are not paying their share of the burden). That had to be music to Putin's ears.

NATO is the primary defense of Europe against Russian aggression, and Europe depends on the United States keeping its word and honoring the treaty. Hillary Clinton would do that. Donald Trump has said he might not. Donald Trump would make NATO weaker, and maybe useless.

That's the real reason Russia would act to help Trump -- because Trump admires Putin and does not believe in NATO. Trump would put Europe at the mercy of Russia.

Sony Bows To Public Pressure - Reconsiders Movie Release

I'm sure you have heard by now of the hacking of the e-mail accounts of Sony. Supposedly it was done to prevent the release of their new comedy about the assassination of North Korea's leader Kim Jong-un. The hackers, believed to be North Korean, threatened to expose the Sony e-mails and to attack theaters who showed the picture. Sony backed down and said they would not release the movie in any way (theaters, television, DVD, etc.).

I expect Sony officials thought most people would think they were taking a responsible position by refusing to release the picture. They were wrong -- at least in the United States. Only about 30% agree with Sony's decision, while a majority of Americans (54%) disagreed. These people considered it an act of cowardice to give in to the hackers -- and an act that would just encourage more hacking and threats in the future.

Stung by the public reaction, and probably finally realizing that the movie is going to come out anyway somewhere, somehow, Sony now says they are reconsidering their decision and are "surveying alternatives" to a theater release. They are trying to cover their cowardice by saying it was never their decision, but the decision of theaters not to screen the movie. That's a crock though, since their original statement was not to release it in any form.

They may also have realized that the hullabaloo over the movie has now insured it will probably be a hit -- no matter how it is released. The best way to insure that people will want to see a movie (or read a book) is to ban that movie (or book). Then people will flock to it to see what all the ruckus over it was all about. And that seems to be happening now. About 26% of the population now says they will be more likely now to go see the movie (see chart below).

These charts were made from information in a new Rasmussen Poll -- done on December 18th and 19th of a random national sample of 1,000 adults, with a margin of error of 3 points.

---------------------------------------------------------------------------

It now seems that North Korea is the victim of retaliation. The internet in that country has been attacked by someone. President of CloudFlare, Matthew Prince said:

"It's as if North Korea got erased from the global map of the Internet." 

And he went on to say:

"If it is an attack, it's highly unlikely it's the United States. More likely it's a 15-year-old in a Guy Fawkes mask." 

I'm not sure I believe that. I think it could well have been a retaliation by our government (although I'm sure they would never admit it even if it was). What do you think?

Are You Really Surprised About This ?

(The cartoon above is by Stuart Carlson at Carlsontoons.com.)

For the last few weeks there has been a story that some in the press have considered important -- and which has outraged some in Congress (or at least they are acting that way). It is that China has been hacking computers in the United States, trying to learn some secrets our government would rather they didn't know. Of course, the Chinese deny that they have done any hacking.

Now Edward Snowden, the person who made public the NSA's spying on American citizens through telecommunications companies, says that the United States government has been hacking into computers of other countries -- and one of the primary targets of that hacking is China. I'm sure it won't be long before the U.S. government also denies that computer hacking.

Which brings me to my headline question -- is anyone really surprised by either of these stories? Of course the United States has been hacking into the computers of other countries (and it's probably with our friends as well as enemies) -- and China is doing the same thing. And they are not alone. You can be sure that the Russians, Israelis, English, French, Germans, and any other country with sophisticated enough technology is doing the same thing.

Countries have been spying on each other for thousands of years now. Computer hacking is just a new tool to use to do that spying, and it would take a very dim-witted person to think that any country with the technology wouldn't use that technology to help in their intelligence (spying) efforts. Countries have always used the best available technology to aid in spying on other countries -- and they will continue to do so in the future.

Is it proper or ethical? No, it is not. But spying has never been proper or ethical, and it will not stop because people are surprised or outraged. It's just the way things are -- and all we can do is try to develop and use effective counter-measures (while knowing they will never be 100% effective, just like past counter-intelligence efforts were not always successful).