Ever Wonder Why We Keep Seeing Reports Of Foreign Signal Intelligence Equipment In DC? Unsecured Presidential Personal Phone Edition

Washington DC has a fake cell phone tower problem. It is an open secret that Foreign Intelligence Services are using a variety of means to capture signals intelligence (SIGINT) in DC. From Wired:

LAST WEEK, THE Department of Homeland Security confirmed for the first time that it is aware of unauthorized cell-site simulators, the surveillance tools often called stingrays or IMSI Catchers, in various parts of Washington DC.

While it’s not surprising that foreign intelligence groups or criminal actors would be cell-snooping in the nation’s capital, the DHS statement is the first US government acknowledgement that sensitive political communications, not to mention those of anyone in DC, are at risk of interception by devices that are currently unaccounted for. In spite of this step, though, observers find it unlikely that any group will move to defuse the threat in the foreseeable future.

Ruh Roh!!!!!!

From Politico (emphasis mine):

President Donald Trump uses a White House cellphone that isn’t equipped with sophisticated security features designed to shield his communications, according to two senior administration officials – a departure from the practice of his predecessors that potentially exposes him to hacking or surveillance.

The president, who relies on cellphones to reach his friends and millions of Twitter followers, has rebuffed staff efforts to strengthen security around his phone use, according to the administration officials.

The president uses at least two iPhones, according to one of the officials. The phones – one capable only of making calls, the other equipped only with the Twitter app and pre-loaded with a handful of news sites – are issued by White House Information Technology and the White House Communications Agency, an office staffed by military personnel that oversees White House telecommunications.

While aides have urged the president to swap out the Twitter phone on a monthly basis, Trump has resisted their entreaties, telling them it was “too inconvenient,” the same administration official said.

The president has gone as long as five months without having the phone checked by security experts. It is unclear how often Trump’s call-capable phones, which are essentially used as burner phones, are swapped out.

Trump’s call-capable cell phone has a camera and microphone, unlike the White House-issued cell phones used by Obama. Keeping those components creates a risk that hackers could use them to access the phone and monitor the president’s movements. The GPS location tracker, however – which can be used to track the president’s whereabouts – is disabled on Trump’s devices.

“It’s baffling that Trump isn’t taking baseline cybersecurity measures at a time when he is trying to negotiate his way out of a trade war with China, a country that is known for using cyber tactics to gain the upper hand in business negotiations,” said Samm Sacks, a China and technology expert at the Center for Strategic and International Studies.

Former government officials from both Republican and Democratic administrations expressed astonishment that any White House would issue the president a cell phone that posed a security threat.

I’m sure there’s no operations security issues involved here at all. It isn’t like the President is up at odd hours with a bunch of media personalities who give him advice and wind him up about what decisions to make after he tells them what’s going on. Err, um… Never mind.

Stay spreadable!

Open thread.



Further Russiagate / General GOP Ratfvckery Open Thread: Cambridge Analytica, Once Again

Think this news kinda got overlooked in the torrent yesterday. I know that CA’s much-vaunted “secret sauce” turned out to be “leave a few bank doors unlocked, tell our Russian clients about it, and pretend we don’t know how the vault, the registers, and the spare change out of the cashiers’ desks got looted”, but this still seems significant. Especially since the NYTimes is careful to point out that the company’s “principal owner” is Robert Mercer:

Appearing before the Senate Judiciary committee [yesterday] as part of the ongoing investigation of Cambridge Analytica and various forms of meddling in the 2016 elections, former employee and whistleblower Christopher Wylie said that the company and its then-VP Steve Bannon were pursuing voter suppression tactics aimed at black Americans.

Although Wylie insisted that he himself did not take part in these programs, he testified to their existence.

“One of the things that provoked me to leave was discussions about ‘voter disengagement’ and the idea of targeting African Americans,” he said. “I didn’t participate on any voter suppression programs, so I can’t comment on the specifics of those programs.”…

“I can comment on their existence, and I can comment more generally on my understanding of what they were doing,” he explained under questioning from Sen. Kamala Harris (D-CA).

“If it suited the client’s objective, the firm [SCL, Cambridge Analytica’s parent company] was eager to capitalize on discontent and to stoke ethnic tensions,” read Wylie’s written testimony.

“Steve Bannon believes that politics is downstream from culture. They were seeking out companies to build an arsenal of weapons to fight a culture war,” he explained at another point in the session. He suggested questions on the nature of those weapons, and the specifics of any potential race-based voter suppression tactics, to be directed to Bannon…

“How specifically, then, did they target African American voters,” Sen. Harris had asked, “understanding as you do that the African American population is not a monolith? How did they then decipher and determine who was African American so they would target them in their intent to suppress the vote?”

“Racial characteristics can be modeled and I’m not sure about the studies that my colleague here was referencing but we were able to get an AUC score, which is a way of measuring accuracy for race that was .89 I believe,” Wylie answered.

AUC, he then explained, stands for “Area under the receiving operations characteristic. It’s a way of measuring precision, which [the .89 figure] means it’s very high.”

In other words, black voters could be identified based on their social media presence and other factors, despite the fact that the black community is, obviously, far from homogeneous…

 

After the hearing, Wylie said he was happy both Republican and Democratic lawmakers had attended.

“Although Cambridge Analytica may have supported particular candidates in US elections, I am not here to point fingers. The firm’s political leanings are far less relevant than the broader vulnerabilities this scandal has exposed,” his written testimony read.

Among lawmakers on the Senate Judiciary Committee questioning Wylie were Republican Sens. Thom Tillis of North Carolina and Ted Cruz of Texas. Both have operated campaigns that were Cambridge Analytica clients.

Controversy around Cambridge Analytica’s alleged misuse of Facebook data raised a host of new questions about the social media giant’s role in the public discourse and elections, and helped prompt renewed scrutiny in Washington, where last month Facebook CEO Mark Zuckerberg testified before committees in both houses of Congress.

On Tuesday, The New York Times reported that Cambridge Analytica was under investigation by the Department of Justice and the FBI.



Russiagate Sidebar Open Thread: Oh Please… Please

Have said it before, will no doubt say it again: There are few arrests that would make me happier than that of Roger Stone, foundational Repub ratfvcker going back to Nixon’s maladministration. And for the unsubtle scripting of Murphy the Trickster God, few incidents that would make a better story arc…

Stone appeared before the U.S. House of Representatives Intelligence Committee last September and denied allegations of collusion between the president’s associates and Russia during the election. “I am aware of no evidence whatsoever of collusion by the Russian state or anyone in the Trump campaign,” Stone told reporters at the time.

According to sources familiar with the ongoing investigation, Mueller also has been probing whether anyone associated with the Trump campaign may have helped Assange or the Russians time or target the release of hacked emails and other social media promoting Trump or critical of Democratic candidate Hillary Clinton…

Sullivan told Reuters that he heads Cyphoon.com, a social media firm, and “worked on the Trump campaign serving as Chief Strategist directly to Roger J. Stone Jr.”

“Welcome To The Age of Weaponized Social Media,” said a strategy document Sullivan prepared for Stone and seen by Reuters. He described a “system” he devised for creating Twitter “swarms” as “an army of sophisticated, hyper-targeted direct tweet automation systems driven by outcomes-based strategies derived from REAL-TIME actionable insights.”

For example, at 6:43 a.m. local time on Election Day in 2016, Trump tweeted, “TODAY WE MAKE AMERICAN GREAT AGAIN”. Trump’s message soon was retweeted more than 343,000 times, and in an interview last year, Sullivan told Reuters that the swarm helped overcome a surge in pro-Clinton social media postings and boost voter turnout for Trump…

And, yes, Stone has always denied being anything more than “an old friend of Donald’s”…

Politico helpfully adds:

Mueller’s office, which declined to comment about the grand jury subpoenas to Sullivan, has signaled interest in Stone through its questioning of several of his longtime associates. Two former Trump campaign aides, Michael Caputo and Sam Nunberg, have said they were asked about Stone during their interviews with the special counsel’s team. The president’s personal lawyers also included Stone among a long list of potential topics that Trump should prepare to be asked about if he sits with Mueller’s team for an interview, according to a New York Times report last month.

In an email to POLITICO, Stone called Sullivan “a great salesman who worked for me for a couple of months as a social media consultant. As far as I know all of his social media activities work was perfectly legal.” He added that Sullivan had access to his Twitter feed while working for his super PAC…

Stone, one of the youngest members of President Richard Nixon’s infamous 1972 reelection bid, formed his super PAC in fall 2015 just a few months after he left Trump’s presidential campaign. (Trump at the time said he fired his longtime political adviser, though Stone insisted he quit.) The group faced immediate controversy when Corey Lewandowski, Trump’s campaign manager at the time, told The Hill newspaper that he’d sent a cease-and-desist letter and slammed the super PAC’s work as a “big-league scam.”

But Stone persisted, spending nearly all of the $587,000 the super PAC raised during the 2016 election cycle, according to FEC campaign data compiled by OpenSecrets.org…

Some people say that Roger has managed to stay out of jail all these years due to a preternatural talent for being the first in every criminal conspiracy to turn state’s evidence. Be a certain poetic justice if he ends up in a cell because his most recent totally-not-a-fellow-conspirator Assange sells Stone done the river, deliberately or not.



World’s Most Obnoxious Couch-Surfer Faces Eviction

Like a too-trusting soul who allowed the town wastrel to spend the night in the spare room, only to wake up to an empty fridge, raided liquor cabinet, mysteriously stained sofa, cigarette holes in the carpet, pile of dirty dishes in the sink and hacked bank account, Ecuador has been had.

The Guardian reports that Ecuador spent millions on round-the-clock security for Julian Assange, fretted over how to burnish his image (less rapey? fewer fascists?) and concocted plans to spirit him to safety if the Brits showed up at the door to haul him off to the hoosegow for jumping bail.

And how did the pallid creeper repay Ecuador? By hacking into the embassy’s communication system and accessing official and personal communications, plus pirating Ecuador’s internet on the sly.

Well, Ecuador isn’t the only one who was taken in by Assange. The impulse to stand up for the underdog is admirable, but potential saviors should ensure they’re not caping for rapey sleazebags who pal around with white nationalists and authoritarian kleptocrats while conspiring to overthrow democracies on the side.

Lesson now thoroughly learned, the new president of Ecuador is said to be keen to evict the squatter — ironically, to curry favor with the US. Assange’s erstwhile protector, former Ecuador President Rafael Correa, says Assange’s days of mooching off Ecuador are “numbered.” May he get exactly what he deserves.



We Are At Cyberwar Part II

In my initial post on the US being in a cyberwar with Russia, on 26 July 2016, I wrote (emphasis mine):

One of the real concerns going forward, apart from embarrassing email chains with personally identifying information (PII) being posted on Wikileaks, is not just that Russian Intelligence can get in and look around and take information out of these systems in the US, but what happens if they decide to mess with what’s there? Voter registration information, voter donation information, electoral results, and more are all stored electronically. The next attack may not be interested in embarrassing staffers and causing a few days of reporting about what they wrote. Rather it might seek to remove voters from the rolls or change the reported results of an election in specific locations before they can be reported. And since our system is decentralized, securing all of it is going to be difficult and expensive.

Well what do you know?

From The Hill (emphasis also mine):

The Senate Intelligence Committee on Tuesday released the unclassified version of its investigation into Russian cyberattacks on digital U.S. voting systems ahead of the 2016 presidential election.

The report finds that Moscow conducted an “unprecedented, coordinated cyber campaign” against the nation’s voting infrastructure. Through its investigation, the committee found that Russia-linked hackers were in a position to “alter or delete voter registration data” in a small number of states before the 2016 vote.

“In a small number of states, Russian-affiliated cyber actors were able to gain access to restricted elements of election infrastructure,” the report states. “In a small number of states, these cyber actors were in a position to, at a minimum, alter or delete voter registration data; however, they did not appear to be in a position to manipulate individual votes or aggregate vote totals.”

“The Committee saw no evidence that votes were changed and found that, on balance, the diversity of our voting infrastructure is a strength,” the report says. “However, the Committee notes that a small number of districts in key states can have a significant impact in a national election.”

Going forward all US election systems – voter registrations, voter rolls, recording of the actual vote, etc – must all be air gapped. They have to be either set up or backed up in such a way that the master information is only accessible via a secured or classified network – not the every day unclassified Internet. Additionally, every vote cast should be pen and paper. And non-partisan observers should be present during all voting and tallying and reporting of the vote totals. And all three of these activities should also be filmed so there is a record of voting, tallying, and reporting. Finally, there should be secured paper backups of everything. If we do these simple things we can safeguard and protect the integrity of our election systems and have faith in the outcome of our elections. Or we can have more 2016s.

Update at 11:30 PM EDT

Here’s the link to the Senate Select Committee on Intelligence unclassified report.

Stay frosty!

Open thread.



Breaking, Literally: Cambridge Analytica Skitters Away


 
TIME FOR A STRATEGIC REBRANDING, BOYZ!

Cambridge Analytica, a political consultancy that worked for the Trump campaign and had come under attack for its use of personal Facebook data in other elections, announced on Wednesday it would cease operations and declare bankruptcy in the United States and United Kingdom.

The firm said it had lost clients because of revelations in March that it had improperly obtained the personal information of millions of Facebook users. “It is no longer viable to continue operating the business,” Cambridge Analytica said in a statement.

Cambridge Analytica defended its use of Facebook, saying it was “vilified for activities that are not only legal, but also widely accepted as a standard component of online advertising in both the political and commercial arenas.”

The decision by the firm comes as it continues to face potential investigations and sanctions from regulators around the world for charges…

Cambridge Analytica was born of as an American offshoot of London-based SCL Group, whose affiliates had worked in campaigns around the world, including Kenya, Nigeria and India. Initial funding for Cambridge Analytica came from Republican financier Robert Mercer, who invested at least $10 million in the company as it sought to help exclusively GOP candidates across a range of U.S. congressional and state legislative elections beginning in 2014. His daughter Rebekah Mercer was the company’s president for a time. Neither Mercer responded to requests for comment on Wednesday…

Even as it maintained its innocence, Cambridge Analytica acknowledged that the “siege of media coverage has driven away virtually all of the Company’s customers and suppliers.” SCL Elections, its parent, as well as Cambridge Analytica began insolvency proceedings in the UK, and said they would soon start bankruptcy proceedings in the United States.



IOKIYAR Open Thread: Insecure Man Communicates Insecurely

Don’t worry, it’ll be a VERY SERIOUS IMPEACHABLE OFFENSE again once there’s a Democrat in the Oval Office! (Assuming we all live through the current occupancy, that is… )