Electronic Frontier Foundation

Malware Linked To Government of Kazakhstan Targets Journalists, Political Activists and Lawyers, Says Report (eff.org) 23

An anonymous reader quotes a report from EFF: Journalists and political activists critical of Kazakhstan's authoritarian government, along with their family members, lawyers, and associates, have been targets of an online phishing and malware campaign believed to be carried out on behalf of the government of Kazakhstan, according to a new report by the Electronic Frontier Foundation (EFF). Malware was sent to Irina Petrushova and Alexander Petrushov, publishers of the independent newspaper Respublika, which was forced by the government of Kazakhstan to stop printing after years of exposing corruption but has continued to operate online. Also targeted are family members and attorneys of Mukhtar Ablyazov, co-founder and leader of opposition party Democratic Choice of Kazakhstan, as well as other prominent dissidents. The campaign -- which EFF has called "Operation Manul," after endangered wild cats found in the grasslands of Kazakhstan -- involved sending victims spearphishing emails that tried to trick them into opening documents which would covertly install surveillance software capable of recording keystrokes, recording through the webcam, and more. Some of the software used in the campaign is commercially available to anyone and sells for as little as $40 online.
Security

Ask Slashdot: Should The DHS Designate Elections As Critical Infrastructure? (politico.com) 279

The Department of Homeland Security is reportedly looking at designating elections as critical infrastructure, on par with the electricity grid or banking system, to help protect against cybersecurity threats. DHS Secretary Jeh Johnson said during a breakfast with reporters on August 3rd, "We should carefully consider whether our election system, our election process, is critical infrastructure. There is a vital national interest in our election process, so I do think to consider whether it should be considered by my department and others as critical infrastructure." Demerara writes: I'm fascinated to hear the opinions of Slashdotters on the practical implications of any decision to designate "elections" as critical national infrastructure. For those of you who have worked on systems that are already under this regime: given that there are just over 90 days to the November elections, what can be achieved with respect to elections and in particular to electronic voting machines (whether direct-recording electronic (DRE), touch screen etc., or precinct ballot scanning machines)? What might the designation require of state and county boards (the buyers of these systems) and what would the vendors have to do?
Facebook

Police Asked Facebook To Deactivate Woman's Account During Deadly Standoff (abc7.com) 447

An anonymous reader quotes a report from KABC-TV: In the midst of a five-hour standoff that turned deadly, Facebook granted an emergency request from the Baltimore County Police Department to take offline the social media accounts belonging to a woman who wielded a shotgun at officers. Baltimore County Police officers shot and killed Korryn Gaines, 23, after she barricaded herself inside her Randallstown apartment with her 5-year-old son and pointed a shotgun at officers attempting to serve an arrest warrant. Police Chief Jim Johnson said Tuesday that the department made the emergency request to have Gaines' social media accounts suspended after she posted videos online showing the standoff. People who saw the postings, Johnson said, responded by encouraging her to not comply with police. Videos posted on Facebook and Instagram appeared to show Gaines, who was black, talking with police in the doorway to her apartment and to her son during the standoff. The standoff Monday began after three officers went to Gaines' apartment to serve arrest warrants on her and her boyfriend, Kareem K. Courtney, 39, according to police. Gaines' bench warrant stemmed from charges during a March 10 stop, including disorderly conduct and resisting arrest. Authorities said she was armed with a 12-gauge pistol grip shotgun that was legally purchased last year and toward the end of the negotiations pointed it directly at an officer and said, "If you don't leave, I'm going to kill you." An officer shot at her and Gaines fired two shots, but missed the officers, who returned fire and killed her, police said. Facebook's policy says that it may grant law enforcement permission to suspend accounts in cases where there is a substantial risk of harm. Facebook has received roughly 855 requests for emergency disclosures of information to government agencies due to the threat of harm or violence between July and December 2015, according to their Government Request Report. About 73 percent of those requests were granted.
Communications

Top DNC Staffers Leave Following WikiLeaks Email Scandal (usatoday.com) 424

An anonymous reader writes from a report via USA Today: Following the leak of nearly 20,000 Democratic National Committee emails and the resignation of DNC Chairwoman Debbie Wasserman Schultz, several more staffers are leaving their positions. USA Today reports Amy Dacey, the chief executive officer of the DNC, Luis Miranda, the party's communications director, and Brad Marshall, chief financial officer, are all leaving the DNC. The statement announcing the staff changes praises the outgoing aides and makes no mention of the email issue. "Thanks in part to the hard work of Amy, Luis, and Brad, the Democratic Party has adopted the most progressive platform in history, has put itself in financial position to win in November, and has begun the important work of investing in state party partnerships. I'm so grateful for their commitment to this cause, and I wish them continued success in the next chapter of their career," said Donna Brazile, the party's interim chairwoman. Some of the leaked emails from party staffers depicted officials favoring now-Democratic nominee Hillary Clinton over Vermont Sen. Bernie Sanders during their primary campaign.
IOS

Apple Replaces The Pistol Emoji With A Water Gun (cnn.com) 246

Apple has a announced a number of new emoji changes on Monday, but the most controversial new change is that the pistol emoji will be replaced with a green water gun emoji in the company's upcoming iOS 10 operating system: The water gun swap is not Apple's first foray into cartoon gun control. Earlier this year the governing body in charge of emojis nixed a proposed rifle emoji. It was one of a number of possible new additions, but Unicode Consortium members Apple and Microsoft argued against the Olympics-inspired gun, according to Buzzfeed. Last year, an organization called New Yorkers Against Gun Violence started a campaign to get Apple to replace its version of the pistol emoji. It launched a site, disarmtheiphone.com, and sent an open letter to remove the firearm emoji "as a symbolic gesture to limit gun accessibility." As it stands, Microsoft is the only major software company to use a toy gun emoji instead of a pistol emoji in Windows -- Google, Samsung, Facebook and Twitter all use realistic pistol emojis. Apple's iOS 10 will be released in fall, but you can download the iOS 10 public beta to be one of the first to wield the toy gun emoji.
United Kingdom

Britain's Scientists Are 'Freaking Out' Over Brexit (washingtonpost.com) 517

"To use a nonscientific term, the scientists in the country are freaking out," reports the Washington Post. An anonymous Slashdot reader quotes their report: The researchers worry that Britain will not replace funding it loses when it leaves the E.U., which has supplied about $1.2 billion a year to support British science, approximately 10 percent of the total spent by government-funded research councils. There is a whiff of panic in the labs.

Worse than a possible dip in funding is the research community's fear that collaborators abroad will slink away and the country's universities will find themselves isolated. British research today is networked, expensive, competitive and global. Being part of a pan-European consortium has helped put Britain in the top handful of countries, based on the frequency of citations of its scientific papers... Anecdotal evidence suggests that headhunters may already be circling.

Meanwhile, NPR reports that Britain's vote to leave the EU "has depressed the value of the British pound," prompting many Britons to vacation at home rather than abroad -- while "Americans will find their dollars go further in Britain these days." And an anonymous Slashdot reader quotes a report from CNBC that Ford "is considering closing plants in the UK and across Europe in response to Britain's vote to leave the EU, as it forecast a $1 billion hit to its business over the next two years."
The Military

Russian Government Gets 'Hacked Back', Attacks Possibly Launched By The NSA (bbc.com) 173

An anonymous reader write: Russian government bodies have been hit by a "professional" cyber attack, according to the country's intelligence service, which said the attack targeted state organizations and defense companies, as well as Russia's "critically important infrastructures". The agency told the BBC that the powerful malware "allowed those responsible to switch on cameras and microphones within the computer, take screenshots and track what was being typed by monitoring keyboard strokes."
ABC News reports that the NSA "is likely 'hacking back' Russia's government-linked cyber-espionage teams "to see once and for all if they're responsible for the massive breach at the Democratic National Committee, according to three former senior intelligence officials... Robert Joyce, chief of the NSA's shadowy Tailored Access Operations, declined to comment on the DNC hack specifically, but said in general that the NSA has technical capabilities and legal authorities that allow the agency to 'hack back' suspected hacking groups, infiltrating their systems to gather intelligence about their operations in the wake of a cyber attack... In some past unrelated cases...NSA hackers have been able to watch from the inside as malicious actors conduct their operations in real time."
The Military

Russia's Rise To Cyberwar Superpower (dailydot.com) 79

"The Russians are top notch," says Chris Finan, an ex-director at DARPA for cyberwar research, now a CEO at security firm Manifold Technology, and a former director of cybersecurity legislation in the Obama administration. "They are some of the best in the world... " Slashdot reader blottsie quotes an article which argues the DNC hack "may simply be the icing on the cyberwar cake": In a flurry of action over the last decade, Russia has established itself as one of the world's great and most active cyber powers. The focus this week is on the leak of nearly 20,000 emails from the Democratic National Committee... The evidence -- plainly not definitive but clearly substantial -- has found support among a wide range of security professionals. The Russian link is further supported by U.S. intelligence officials, who reportedly have "high confidence" that Russia is behind the attack...

Beyond the forensic evidence that points to Russia, however, is the specter of President Vladimir Putin. Feeling encircled by the West and its expanding NATO alliance, the Kremlin's expected modus operandi is to strike across borders with cyberwar and other means to send strong messages to other nations that are a real or perceived threat.

The article notes the massive denial of service attack against Estonia in 2007 and the "historic and precedent-setting" cyberattacks during the Russian-Georgian War. "Hackers took out Georgian news and government websites exactly in locales where the Russian military attacked, cutting out a key communication mode between the Georgian state and citizens directly in the path of the fight."
Security

Bruce Schneier: Our Election Systems Must Be Secured If We Want To Stop Foreign Hackers (schneier.com) 204

Okian Warrior writes: Bruce Schneier notes that state actors are hacking our political system computers, intending to influence the results. For example, U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails before the party convention, and WikiLeaks is promising more leaked dirt on Hillary Clinton. He points out, quite rightly, that the U.S. needs to secure its electronic voting machines, and we need to do it in a hurry lest outside interests hack the results. From the article: "Over the years, more and more states have moved to electronic voting machines and have flirted with internet voting. These systems are insecure and vulnerable to attack. But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified. We no longer have time for that. We must ignore the machine manufacturers' spurious claims of security, create tiger teams to test the machines' and systems' resistance to attack, drastically increase their cyber-defenses and take them offline if we can't guarantee their security online."
Democrats

Clinton Campaign Breached By Hackers 265

An anonymous reader writes: Hillary Clinton's campaign network was breached by hackers targeting several large Democratic organizations, Reuters reports. Clinton's campaign spokesperson Nick Merrill confirmed the hack in a statement. 'An analytics data program maintained by the DNC, and used by our campaign and a number of other entities, was accessed as part of the DNC hack. Our campaign computer system has been under review by outside security experts. To date, they have found no evidence that our internal systems have been compromised,' he said.

The hack follows on the heels of breaches at the Democratic National Committee and at the Democratic Congressional Campaign Committee earlier this year. More than 19,000 emails from DNC officials were published on WikiLeaks just prior to the Democratic National Convention, casting a shadow over the proceedings. Some security experts and U.S. officials have attributed the breaches to Russian operatives, although the origin of the email leak is less certain.
The Courts

Judge Rules Political Robocalls Are Protected By First Amendment (onthewire.io) 191

Trailrunner7 quotes a report from On the Wire: A federal judge has ruled that robocalls made on behalf of political candidates are protected by the First Amendment and cannot be outlawed. The decision came in a case in Arkansas, where political robocalls had been illegal for more than 30 years. On Wednesday, U.S. District Court Judge Leon Holmes ruled that banning political robocalls amounts to an infringement of free speech protections and also constitutes prior restraint of speech. Political campaigns have been using robocalls for decades, and some states have sought to ban them, arguing that they are intrusive and violate recipients' privacy. In the Arkansas case, the state attorney general put forward both of these arguments, and also argued that the calls can tie up phone lines, making them unusable in an emergency. Holmes said in his decision that there was no evidence that political robocalls prevent emergency communications, and also said that the Arkansas statute should have banned all robocalls, not just commercial and political ones. "The statute at issue here imposes a content-based restriction on speech; it is not one of the rare cases that survives strict scrutiny. The state has failed to prove that the statute at issue advances a compelling state interest and is narrowly tailored to serve that interest," Holmes wrote.
United States

FBI Probes Hacking of Democratic Congressional Group (reuters.com) 159

From a Reuters report: The FBI is investigating a cyber attack against another U.S. Democratic Party group, which may be related to an earlier hack against the Democratic National Committee , four people familiar with the matter told Reuters. The previously unreported incident at the Democratic Congressional Campaign Committee, or DCCC, and its potential ties to Russian hackers are likely to heighten accusations, so far unproven, that Moscow is trying to meddle in the U.S. presidential election campaign to help Republican nominee Donald Trump. The Kremlin denied involvement in the DCCC cyber-attack. Hacking of the party's emails caused discord among Democrats at the party's convention in Philadelphia to nominate Hillary Clinton as its presidential candidate. The newly disclosed breach at the DCCC may have been intended to gather information about donors, rather than to steal money, the sources said on Thursday.
Crime

Gary Johnson: I'd Consider Pardoning Snowden, Chelsea Manning (vocativ.com) 264

An anonymous reader writes from a report via Vocativ: [Vocativ reports:] "The U.S.'s most popular third-party presidential candidate says he would 'consider' pardoning the highest profile convicts of computer-related crimes in the country, including Chelsea Manning, Ross Ulbricht, and Jeremy Hammond. Libertarian candidate Gary Johnson, a former governor of New Mexico, also reiterated his possible willingness to pardon Edward Snowden, the former National Security Agency analyst who gave a cache of agency documents to journalists in 2013." "Having actually served as a governor and administered the power to grant pardons and clemency, Gary Johnson is very conscious and respectful of the need for processes for using that authority," Joe Hunter, Johnson's communications director, told Vocativ in a statement. "However, he has made it clear on numerous occasions that he would 'look seriously at' pardoning Edward Snowden, based on public information that Snowden's actions did not cause actual harm to any U.S. intelligence personnel. Likewise, he has said he would look favorably on pardoning Ross Ulbricht, consistent with his broader and long-standing commitment to pardon nonviolent drug offenders, whistleblowers, and others imprisoned under unjust and ill-advised laws," Hunter said. When Vocativ asked specifically about Chelsea Manning, Jeremy Hammond, Barrett Brown, and Matthew Keys, Hunter responded: "The same goes for the other individuals you have mentioned -- and hundreds, if not thousands, like them. Gov. Johnson finds it to be an outrage that the U.S. has the highest incarceration rate in the developed world, and announced in 2012 that, as President, he would promptly commence the process of pardoning nonviolent offenders who have done no real harm to others." The Green Party candidate Jill Stein has also shared her thoughts on pardoning Edward Snowden and Chelsea Manning. Not only would she pardon Snowden, but she said she would appoint him to her cabinet.
Democrats

WikiLeaks Releases Hacked Voicemails From DNC Officials (thenextweb.com) 177

An anonymous reader writes: Late Wednesday afternoon as the Democratic National Convention was in full swing, Julian Assange and WikiLeaks decided to follow through with an earlier statement by publishing hacked voicemails of top democratic officials. There are 29 leaked recordings, which are identified by phone number and total about 14 minutes combined. Many of the voicemails are messages of callers leaving their numbers in hopes of being called back. Others are from voters upset that the DNC was giving too much support to Sanders. The Hill reports that "One caller with an Arizona area code called to blast the DNC for putting Sanders surrogate Cornel West on the platform drafting committee. 'I'm furious for what you are doing for Bernie Sanders,' another caller says in a message. 'He's getting way too much influence. What I see is the Democratic Party bending over backwards for Bernie,' adds the caller, who threatens to leave the party if the DNC doesn't stop 'coddling' the Vermont senator."
Democrats

Tech Takes Its K-12 CS Education and Immigration Crisis To the DNC (cnet.com) 118

theodp writes: In early 2013, Code.org and FWD.us coincidentally emerged after Microsoft suggested tech's agenda could be furthered by creating a crisis linking U.S. kids' lack of computer science savvy to tech's need for tech worker visas. Three years later, CNET's Marguerite Reardon reports that tech took its K-12 computer science and immigration crisis to the Democratic National Convention on Wednesday, where representatives from Microsoft, Facebook, and Amazon called for the federal government to invest in more STEM education and reform immigration policies -- recurring themes the industry hopes to influence in the run-up to the 2016 presidential election. "We believe in the importance of high-skilled immigration coupled with investments in education," said Microsoft President Brad Smith, repeating the Microsoft National Talent Strategy. The mini-tech conference also received some coverage in the New Republic, where David Dayen argues that the DNC is one big corporate bride.
Privacy

Trump Calls For Russia To Cyber-Invade the United States To Find Clinton's 'Missing' Emails (gawker.com) 1017

Republican presidential nominee Donald Trump publicly called on the Russian hackers allegedly responsible for the recent leak of DNC emails to launch another cyber-attack on the United States, this time to hack emails from Hillary Clinton's tenure as secretary of State, according to reporters who attended the press conference Wednesday. (Alternate source: NYTimes, Quartz, and MotherJones) "Russia, if you're listening, I hope you're able to find the 30,000 emails that are missing," Trump said. "I think you will probably be rewarded mightily by our press."

Clinton came under investigation for her use of a personal email address while serving as secretary of state. After turning over to the FBI all correspondence about government business during her years in the State Department, Clinton revealed at a press conference last year that she had deleted about half of her emails that pertained to personal matters, like her daughter's wedding. Attorney General Loretta Lynch ultimately decided not to pursue criminal charges against Clinton. Update: Here's a video of Trump saying that.
Security

'DNC Hacker' Unmasked: He Really Works for Russia, Researchers Say (thedailybeast.com) 704

The hacker who claimed to compromise the DNC swore he was Romanian, but new investigation shows he worked directly for Russia President Vladimir Putin's government in Moscow. The Daily Beast reports: The hacker who claims to have stolen emails from the Democratic National Committee and provided them to WikiLeaks is actually an agent of the Russian government and part of an orchestrated attempt to influence U.S. media coverage surrounding the presidential election, a security research group concluded on Tuesday. The researchers, at Arlington, Va.-based ThreatConnect, traced the self-described Romanian hacker Guccifer 2.0 back to an Internet server in Russia and to a digital address that has been linked in the past to Russian online scams. Far from being a single, sophisticated hacker, Guccifer 2.0 is more likely a collection of people from the propaganda arm of the Russian government meant to deflect attention away from Moscow as the force behind the DNC hacks and leaks of emails, the researchers found. ThreatConnect is the first known group of experts to link the self-proclaimed hacker to a Russian operation, amidst an ongoing FBI investigation and a presidential campaign rocked by the release of DNC emails that have embarrassed senior party leaders and inflamed intraparty tensions turning the Democratic National Convention. The emails revealed that party insiders plotted ways to undermine Sen. Bernie Sanders' presidential bid. The researchers at the aforementioned security firm are basing their conclusion on three signals: the hacker used Russian computers to edit PDF files, he also used Russian VPN -- and other internet infrastructure from the country, and that he was unable to speak Romanian.
Censorship

Facebook Admits Blocking WikiLeaks' DNC Email Links, But Won't Say Why (thenextweb.com) 270

An anonymous reader writes: Facebook has admitted it blocked links to WikiLeaks' DNC email dump, but the company has yet to explain why. WikiLeaks has responded to the censorship via Twitter, writing: "For those facing censorship on Facebook etc when trying to post links directly to WikiLeaks #DNCLeak try using archive.is." When SwiftOnSecurity tweeted, "Facebook has an automated system for detecting spam/malicious links, that sometimes have false positives. /cc," Facebook's Chief Security Officer Alex Stamos replied with, "It's been fixed." As for why there was a problem in the first place, we don't know. Nate Swanner from The Next Web writes, "It's possible its algorithm incorrectly identified them as malicious, but it's another negative mark on the company's record nonetheless. WikiLeaks is a known entity, not some torrent dumping ground. The WikiLeaks link issue has reportedly been fixed, which is great -- but also not really the point. The fact links to the archive was blocked at all suggests there's a very tight reign on what's allowed on Facebook across the board, and that's a problem." A Facebook representative provided a statement to Gizmodo: "Like other services, our anti-spam systems briefly flagged links to these documents as unsafe. We quickly corrected this error on Saturday evening."
Democrats

Clinton Campaign: Russia Leaked Emails to Help Trump (washingtonpost.com) 769

An anonymous Slashdot reader quotes the Washington Post: A top official with Hillary Clinton's campaign on Sunday accused the Russian government of orchestrating the release of damaging Democratic Party records in order to help the campaign of Republican Donald Trump -- and some cyber security experts in the U.S. and overseas agree. The extraordinary charge came as some national security officials have been growing increasingly concerned about possible efforts by Russia to meddle in the election, according to several individuals familiar with the situation.

Late last week, hours before the records were released by the website Wikileaks, the White House convened a high-level security meeting to discuss reports that Russia had hacked into systems at the Democratic National Committee... Officials from various intelligence and defense agencies, including the National Security Council, the Department of Defense, the FBI and the Department of Homeland Security, attended the White House meeting Thursday, on the eve of the email release.

Clinton's campaign manager told ABC News "some experts are now telling us that this was done by the Russians for the purpose of helping Donald Trump." Donald Trump's son later responded, "They'll say anything to be able to win this."
Government

Homeland Security Border Agents Can Seize Your Phone (cnn.com) 319

Slashdot reader v3rgEz writes: A Wall Street Journal reporter has shared her experienced of having her phones forcefully taken at the border -- and how the Department of Homeland Security insists that your right to privacy does not exist when re-entering the United States. Indeed, she's not alone: Documents previously released under FOIA show that the DHS has a long-standing policy of warrantless (and even motiveless) seizures at the border, essentially removing any traveler's right to privacy.
"The female officer returned 30 minutes later and said I was free to go," according to the Journal's reporter, adding. "I have no idea why they wanted my phones..."

Slashdot Top Deals