TBR News February 23, 2018
The Voice of the White House
Washington, D.C. February 23, 2018: Guest editorial by Christian Jürs-
“’ In January 2010, Dr Massoud Ali-Mohammadi was killed by a bomb attached to his car as he was driving to work in the morning. Despite rumors that he may have been targeted by MOIS (Iran’s Ministry of Intelligence and Security) because of his reported connections to opposition groups, the modus operendi of his attackers is far too similar to that of numerous other incidents to give those rumors too much credence.
The actual attacks on the Iranian nuclear infrastructure are being carried out by Kurds and Balochs trained by Mossad.
Neither group has any love for the mullahs in Tehran and indeed both have been regularly in open conflict with the Iranian regime. There are intercepted Israeli intelligence reports that the Baloch insurgency in eastern Iran has recently reignited.
It cannot be denied that it would be very difficult for any foreign agent to operate effectively or for any length of time in the paranoid, high-security and repressive environment of modern Iran.
Even the well-trained and well-prepared Mossad operatives have had only limited success, while the much vaunted but highly overrated US Central Intelligence Agency (CIA) has been largely bereft of serious HUMINT resources in Iran following a number of very incompetent intelligence blunders.
The CIA lost its entire agent network in Iran in 2004 when, according to US intelligence sources, “a CIA headquarters communications officer was about to send instructions to an agent via its Immarsat transmitter/receivers. The CIA officer attempted to download data intended for a single operative, but accidentally hit a button that sent it to the entire US spy network in Iran.” (source: CUX 305)
In what turned out to be an unmitigated intelligence disaster, the information was received by a double agent who forwarded it to MOIS, which was then quickly able to wrap up the entire US network, leaving Washington completely blind in HUMINT terms.
The CIA has still not recovered from this or several other setbacks at the hands of Iranian counter-Intelligence.
Most Western intelligence services have struggled to maintain any foothold within Iran, with the sole exception of the German BND (Bundesnachrichtendienst), which has managed to run several small but effective Iranian rings for a number of years. The Germans do not share information with either the Israelis or the Americans but do with the Russians.
MOIS and its foreign espionage department VEVAK are rated by many observers as one of the most effective intelligence organizations in the Middle East today.
It is widely accepted that the Iranian national security services run deadly anti-dissident and highly effective counter-intelligence operations around the world, while they have a justified reputation for their fearsome and wide-ranging powers to suppress dissent within Iran.
It is unlikely that MOIS would ever tolerate the lax levels of security found in Dubai in the United Arab Emirates, where Mossad was responsible for assassinating a senior Hamas leader, Mahmoud al-Mabhouh, in January 2010.
It would be both difficult and dangerous for foreign intelligence services to attempt to deploy their own officers inside Iran for the long periods needed to acquire the targeting and surveillance information necessary to carry out a successful attack, even with the help and local knowledge of an in-country support network.
So again it is known and obvious that the most effective intelligence assets along with the probable culprits for the recent killings are drawn mainly from dissident nationalities such as those in the Kurdish and Baloch regions.
Israel maintains surveillance facilities and SIGINT sites run by the highly secretive Unit-8200 in northern Iraq and therefore are able to fund and assist in arming the Iranian Kurds. Earlier, it became known that Kurdish rebels attacking Turkish targets had also been trained and armed by the Mossad.
The earlier attacks on the Iranian nuclear infrastructure by sabotage and the targeted use of a CIA- developed computer worm (Stuxnet)in a clandestine Canadian station has caused significant disruption, while the Israeli fomented assassinations of leading Iranian nuclear scientists is considered to have “significantly delayed the Iranian nuclear research and development program.” This quote from a highly classified report to the Israeli Embassy in Washington under date of 9. December, 2010. All such claims are routinely denied by the authorities in Tehran.
More attacks can now be expected as Israel is becoming ever more frustrated at being prevented by the current US administration from taking unilateral military action and by a Washington that many Israelis see as seemingly unwilling to countenance direct action themselves.’”
Table of Contents
- Two top White House advisers may leave over tensions with Trump: sources
- Trump mega-donor Sheldon Adelson may bankroll US embassy’s Jerusalem move
- U.S. expected to open embassy in Jerusalem in May, official says
- 23 state attorneys general refile net neutrality suit
- Let’s Acknowledge US Interference in Foreign Elections
- Human culture, not smarts, may have overwhelmed Neanderthals
- Italy’s Five Star Movement feeds on voters’ anger
- Syrian YPG militia: government has taken control of Aleppo district
- In a First, U.S. Senator Demands Government Oversight of Predatory “Loot Boxes” in Video Games
Two top White House advisers may leave over tensions with Trump: sources
February 22. 2018
by John Walcott
Reuters
WASHINGTON (Reuters) – Longstanding friction between U.S. President Donald Trump and two top aides, the National Security Adviser and the Chief of Staff, has grown to a point that either or both might quit soon, four senior administration officials said.
Both H.R. McMaster and John Kelly are military men considered by U.S. political observers as moderating influences on the president by imposing a routine on the White House. They have also convinced Trump of the importance of international alliances, particularly NATO, which he has criticized as not equally sharing its burdens with the United States.
However, all the officials were quick to add that the tensions could blow over, at least for now, as have previous episodes of discord between the president and other top officials who have fallen out of favor, including Secretary of State Rex Tillerson and Attorney General Jeff Sessions.
Asked about sources saying that either National Security Adviser McMaster or Chief of Staff Kelly, or both, might be leaving, White House spokesman Raj Shah on Thursday did not address the possibility. He said, “the president has full confidence in each member of the team.” Press secretary Sarah Sanders said on Tuesday that Trump “still has confidence in General McMaster.”
Neither Kelly nor McMaster responded to requests for comment on whether they would remain in the administration.
Trump swatted McMaster in a Twitter post after his comments at a European conference last weekend that he was certain Russia meddled in the 2016 U.S. election campaign, which Trump has been reluctant to acknowledge.
Kelly and McMaster have chafed at Trump’s treatment of them in public and in private, which both at times have considered insulting, said all four officials, speaking on condition of anonymity.
The current and most potent irritant, they said, is Kelly’s effort, supported by McMaster, to prevent administration officials who have been unable to obtain permanent high-level security clearances from having access to the government’s most closely held secrets.
Under pressure to act last week, Kelly strengthened the security clearance process in response to a scandal involving Rob Porter, a former official accused of domestic abuse by two ex-wives. Staffers whose interim clearances have been pending since June would have them revoked on Friday.
That would bar Trump’s son-in-law and adviser Jared Kushner from reading the president’s daily intelligence brief, which often contains information on covert operations and intelligence collected from spy satellites, spies, and close U.S. allies.
“There have been running battles between Trump and his generals,” said one of the officials, speaking on the condition of anonymity. Kelly is a retired Marine general and McMaster an Army lieutenant general.
“But the clearance business is personal, and if Trump sets special rules for family members, I‘m not sure if Kelly and McMaster would salute,” the official said.
White House officials were working to find a compromise that would allow Kushner to continue his work as a senior adviser to Trump, another source familiar with the situation said, also speaking on the condition of anonymity to discuss internal White House matters.
Under current law and regulation, the president has authority to grant any level of clearance to anyone he chooses, but officials wanted to avoid that option, this official said. There was no sense that Kushner would be leaving his job.
Kelly declined to comment on anybody’s specific security clearance. He said in a statement that he had told Kushner days ago that he had “full confidence in his ability to continue performing his duties in his foreign policy portfolio.”
Kelly said those duties include overseeing the Israeli-Palestinian peace effort and serving as an integral part of the U.S. relationship with Mexico.
McMaster’s support for Kelly on the security clearance issue is only his latest difference with Trump. Officials in the Defense Department said there have been discussions about him returning to the Army, possibly as head of the Forces Command at Fort Bragg, in North Carolina. McMaster, 55, previously served as deputy commander there.Although he has been supportive of Trump on many issues, including threatening North Korea with military action, McMaster has taken a harder stance on Russia than his boss.
After U.S. Special Counsel Robert Mueller charged 13 Russians, a Russian propaganda arm and two other firms on Feb. 16 with tampering in the election to boost Trump, McMaster said the evidence of Moscow’s meddling was “incontrovertible.”
Trump publicly chastised McMaster in a Twitter post, saying McMaster “forgot to say that the results of the 2016 election were not impacted by the Russians.”
Reporting by John Walcott; Additional reporting by Steve Holland and Mark Hosenball; Editing by Mary Milliken and Grant McCool
Trump mega-donor Sheldon Adelson may bankroll US embassy’s Jerusalem move
February 23, 2018
RT
Pro-Israel Republican mega-donor Sheldon Adelson has reportedly offered to foot some of the bill for the Trump administration’s embassy move to Jerusalem. The US president formally recognized the city as Israel’s capital in 2017.
The Trump administration’s plan to move its Israeli embassy to Jerusalem from its current location in Tel Aviv has been encouraged by billionaire casino magnate Adelson. He has reportedly offered to bankroll at least some of the operation, the Associated Press reports.
Haaretz reports the offer was made around the time Trump announced the embassy move in December. The total cost of the move would reportedly cost over $500 million dollars.
Trump is said to have originally promised Adelson that he would move the embassy in a private meeting 10 days before his inauguration, the New York Times reported in December. Adelson, a close friend of Israeli Prime Minister Benjamin Netanyahu, has since pressured Trump to make the move, particularly in light of the millions of dollars the billionaire has given to the Trump campaign.
Adelson gave the Trump campaign $25 million in 2016 and gave his inauguration committee $5 million. The staunch Israel supporter owns the free Israeli newspaper, Israel Haymon, and the Las Vegas Review Journal. In April 2017, Adelson reportedly complained about the Trump administration for failing to move the embassy promptly enough.
Four US officials reported the offer to the Associated Press, and State Department lawyers are reportedly looking into the legality of accepting private donations to cover embassy costs.
Secretary of State Rex Tillerson signed off on a security plan for moving the embassy to Jerusalem last week. Vice President Mike Pence said the move would happen by the end of 2019 when he was in Israel last week.
According to the anonymous officials, one of the ideas being floated is for Adelson’s donation to be accepted as part of a larger donation drive for Evangelical Christians and members of the Jewish community in the states.
The White House and Adelson refused to comment on the report. “We have no confirmation or details about this hypothetical proposal,” the State Department said.
According to the State Department’s Foreign Affairs manual, gifts from private citizens are to be evaluated on a case-by-case basis and the gifts must “not give the appearance of a conflict of interest.”
U.S. expected to open embassy in Jerusalem in May, official says
February 23, 2018
Reuters
WASHINGTON – The United States is expected to open its embassy to Israel in Jerusalem in May, a U.S. official told Reuters on Friday, a move from Tel Aviv that reverses decades of U.S. policy.
U.S. President Donald Trump announced last year that the United States recognized Jerusalem as Israel’s capital, infuriating even Washington’s Arab allies and dismaying Palestinians who want the eastern part of the city as their capital.
A May opening appears to represent an earlier time frame than what had been expected. While speaking in the Israeli parliament last month, U.S. Vice President Mike Pence said the move would take place by the end of 2019.
The opening will coincide with the 70th anniversary of Israel’s founding, said the U.S. official, speaking on condition of anonymity.
Reporting by Yara Bayoumy and Mary Milliken; editing by Grant McCool
The Myth of the Hacker-Proof Voting Machine
February 21, 2018
by Kim Zetter
New York Times
In 2011, the election board in Pennsylvania’s Venango County — a largely rural county in the northwest part of the state — asked David A. Eckhardt, a computer science professor at Carnegie Mellon University, to examine its voting systems. In municipal and state primaries that year, a few voters had reported problems with machines ‘‘flipping’’ votes; that is, when these voters touched the screen to choose a candidate, the screen showed a different candidate selected. Errors like this are especially troubling in counties like Venango, which uses touch-screen voting machines that have no backup paper trail; once a voter casts a digital ballot, if the machine misrecords the vote because of error or maliciousness, there’s little chance the mistake will be detected.Eckhardt and his colleagues concluded that the problem with the machines, made by Election Systems & Software (ES&S), was likely a simple calibration error. But the experts were alarmed by something else they discovered. Examining the election-management computer at the county’s office — the machine used to tally official election results and, in many counties, to program voting machines — they found that remote-access software had been installed on it.
Remote-access software is a type of program that system administrators use to access and control computers remotely over the internet or over an organization’s internal network. Election systems are supposed to be air-gapped — disconnected from the internet and from other machines that might be connected to the internet. The presence of the software suggested this wasn’t the case with the Venango machine, which made the system vulnerable to hackers. Anyone who gained remote access to the system could use the software to take control of the machine. Logs showed the software was installed two years earlier and used multiple times, most notably for 80 minutes on November 1, 2010, the night before a federal election.
The software, it turns out, was being used not by a hacker but by an authorized county contractor working from home. Still, the arrangement meant anyone who might gain control of the contractor’s home computer could use it to access and gain control of the county’s election system.
It was just another example of something that Eckhardt and other experts had suspected for many years: that many critical election systems in the United States are poorly secured and protected against malicious attacks.
In the 15 years since electronic voting machines were first adopted by many states, numerous reports by computer scientists have shown nearly every make and model to be vulnerable to hacking. The systems were not initially designed with robust security in mind, and even where security features were included, experts have found them to be poorly implemented with glaring holes.
But for as long as experts have warned about security problems, voting machine makers and election officials have denied that the machines can be remotely hacked. The reason, they say, is that the systems are not connected to the internet — an assurance the public has largely accepted. This defense was never more loudly expressed than in 2016, when the government disclosed that Russian hackers were probing American voter-registration systems and had breached at least one of them. Concerned that hacking fears could make the public less likely to vote, the United States Election Assistance Commission and state election officials rushed to assert that there was no need to worry about the votes because voting machines themselves were isolated from the internet.
The reality, as the incident in Venango County makes clear, is far more complicated.
Venango removed the remote-access software and isolated its system after Eckhardt and colleagues pointed out the security risk. But it’s likely that the software is still installed on other election systems around the country. ES&S has in the past sometimes sold its election-management system with remote-access software preinstalled, according to one official; and where it wasn’t preloaded, the company advised officials to install it so ES&S technicians could remotely access the systems via modem, as Venango County’s contractor did, to troubleshoot and provide maintenance. An ES&S contract with Michigan from 2006 describes how the company’s tech support workers used remote-access software called pcAnywhere to access customer election systems. And a report from Allegheny County, Pennsylvania, that same year describes pcAnywhere on that county’s election-management system on June 2 when ES&S representatives spent hours trying to reconcile vote discrepancies in a local district race that took place during a May 16th primary. An Allegheny County election official told me that remote-access software came pre-installed on their ES&S election-management system.
(In a statement, ES&S said, ‘‘None of the employees who reviewed this response, including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software.’’)
Installing remote-access software and modems on systems that program voting machines and tally final results is a serious security issue and one that election officials are beginning to understand, as evidenced by Venango’s response to Eckhardt’s warning. But there’s an even more fundamental way that many voting machines themselves are being connected to the internet and put at risk of hacking, and there’s no sign that election officials at the state or federal level are aware the risk exists.
On election nights, many polling places around the country transmit voting results to their county election offices via modems embedded in or connected to their voting machines. Election officials and vendors insist that the modem transmissions are safe because the connections go over phone lines and not the internet. But as security experts point out, many of the modems are cellular, which use radio signals to send calls and data to cell towers and routers belonging to mobile carriers — Verizon, Sprint, AT&T. These routers are technically part of the internet. Even when analog (landline) modems are used instead of cellular ones, the calls still likely pass through routers, because phone companies have replaced much of their analog switching equipment in recent years with digital systems.
Because of this, attackers could theoretically intercept unofficial results as they’re transmitted on election night — or, worse, use the modem connections to reach back into election machines at either end and install malware or alter election software and official results.
‘‘Almost any phone call, whether on a cellular network or a so-called landline, goes through a part of the internet,’’ says Andrew Appel, a computer-science professor at Princeton University and longtime voting-machine security expert. ‘‘It may be a part that’s supposedly behind the walls of some phone provider,’’ Appel added. But, he said, ‘‘if the security of the phone provider is not perfect — and nobody’s security is perfect — then that phone call can be interfered with like any other transmission on the internet.’’
How could someone pull this off? To subvert machines via their modem connection, an attacker could set up a device known as an IMSI-catcher (or stingray, as they’re also called) near precincts or county election offices to intercept and alter vote tallies as they’re transmitted. IMSI-catchers — which law enforcement, militaries and spies use — impersonate legitimate cell towers and trick phones and other devices in their vicinity into connecting to them instead of legitimate towers.
Alternatively, a hacker could subvert telecom routers to intercept and alter election results as they pass through telecom equipment. Like any other digital device, telecom routers have vulnerabilities, and they have become a prime target in recent years for nation-state hackers from Russia and other countries. In 2012, hackers from Britain’s GCHQ spy agency targeted routers belonging to the Belgian telecom Belgacom to intercept mobile traffic passing through them.
In either scenario, experts say, attackers could also potentially use an IMSI-catcher or subverted telecom router to hack back into election systems and alter software to affect election outcomes.
The Election Assistance Commission, which oversees testing and certification of voting machines and advises states to isolate election systems from the internet, has said modems aren’t a problem. ‘‘The caution about not permitting network access does not apply to the use of modems on election night to transmit unofficial polling place results to the central office,’’ the commission’s election guidelines state. ‘‘The technical expertise required to intercept and alter a telephone communication without detection is extremely complex. Therefore, it is unlikely that anyone will be able to intercept and alter these results without detection.’’
The document doesn’t address the risk of someone hacking into voting machines via the modem, but vendors insist that the machines have protections to prevent this. Election officials also assert that routine procedures they perform would detect if someone altered transmitted votes or machine software. Experts, however, say the procedures are inadequate to detect altered software, and that vendor claims about security can’t be trusted, because of their long history of implementing security poorly. Federal labs responsible for certifying voting equipment don’t test the vulnerability of the modems to hacking, so there’s no independent verification of vendor claims.
‘‘What I’ve seen in the past 10 years is that the vendors have absolutely fumbled every single attempt in security,’’ says Jacob D. Stauffer, vice president of operations for Coherent Cyber, who has conducted voting-machine security assessments for California’s secretary of state for a decade. In a report Stauffer and colleagues published last year about their recent assessment of ES&S machines, they found the voting machines and election-management systems to be rife with security problems.
With Russia expected to intensify efforts to influence American elections this year and beyond, American election security has never been in sharper relief. But experts say that blindness to the risks posed by modems puts the integrity of American elections in grave danger.
‘‘The incorrect assertion that voting machines or voting systems can’t be hacked by remote attackers because they are ‘not connected to the internet’ is not just wrong, it’s damaging,’’ says Susan Greenhalgh, a spokeswoman for the National Election Defense Coalition, an elections integrity group. ‘‘This oft-repeated myth instills a false sense of security that is inhibiting officials and lawmakers from urgently requiring that all voting systems use paper ballots and that all elections be robustly audited.’’
More than 350,000 voting machines are used in the United States today, according to an estimate by Verified Voting, a nonprofit that tracks voting equipment use and policy. The machines fall primarily into two categories — direct-recording electronic machines and optical-scan systems. With DREs, voters touch a screen or button or turn a dial to make their selections, and the ballots and votes are entirely digital; some DREs are outfitted with printers to produce a voter-verifiable paper trail. With optical-scan machines, which many states have purchased in recent years to replace their DREs, voters make their selections on a full-size paper ballot, which gets fed into an optical scanner and can be used after an election to verify the digital results. (Hybrid machines are also available which combine touch-screen voting with a scannable paper ballot.)
With both kinds of voting systems, digital votes are stored on memory cards or flash drives that are collected from machines after an election and are supposed to be used for official results. But many machines also have embedded or externally connected modems to transmit unofficial results rapidly on election night.
The top voting machine maker in the country, ES&S, distributes modems or modeming capability with many of its DRE and optical-scan machines. (Some states, including California and New York, require voting machine makers to not only remove communication devices from their systems but also eliminate communications capability from their software for security.) About 35,000 of ES&S’s newest precinct-based optical scanner, the DS200, are used in 31 states and the District of Columbia and can be outfitted with either analog or cellular modems to transmit results. Maryland, Maine, Rhode Island and the District of Columbia use only DS200 machines statewide (though they also use two other systems specifically for disabled voters and absentee ballots); Florida and Wisconsin use the DS200s in dozens of counties, and other states use them to lesser degrees. ES&S’s earlier model M100 optical scanners, which also can be equipped with modems, have long been used in Michigan — a critical swing state in the 2016 presidential election — though the state is upgrading to DS200 machines this year, as well as machines made by Dominion Voting Systems. Dominion’s machines use external serial-port modems that are connected to machines after an election ends.
Not every polling place with embedded modems uses them to transmit results. Richard Rydecki, Wisconsin’s state elections supervisor, says counties in his state decide individually whether to transmit election results. Fred Woodhams, spokesman from the Michigan Department of State, said the same is true in his state. But even if a precinct doesn’t use its modems, having them embedded in voting machines is still a risk, experts say.
“If it is available for use” by an attacker, says Stauffer, “it can be used.”
ES&S insists that its security measures would prevent hackers exploiting or interfering with modem transmissions. According to a one-page document the company provided, the voting machines digitally sign voting results before transmitting them via modem and encrypt them in transit using SFTP — secure file transfer protocol. The election-management systems that receive results then check the signature to authenticate the data transmission. This theoretically means results couldn’t be swapped out and replaced with different ones. That is, unless an attacker can obtain ES&S’s signing key.
These keys, explains noted cryptographer and computer-security expert Matt Blaze, ‘‘need to be stored in the machine, and if they’re stored in the machine and under control of the software, any compromise of that software could be used potentially to extract” them. Blaze, who teaches at the University of Pennsylvania, says that ES&S machines he examined for Ohio’s secretary of state a decade ago had a number of security problems, including with key security.
As for using the modems to hack into machines and compromise their software, ES&S says its modems are configured to only initiate calls, not receive them, and can make calls only after an election ends, preventing anyone from dialing in or having them dial out at other times. The company also says results are not sent directly to the election-management systems but to a data communications server that operates as a DMZ, or ‘‘demilitarized zone,’’ separated from the internet and the election-management system by firewalls. The election-management system accesses the DMZ to collect the results.
ES&S advises election officials to configure the external firewall that protects the DMZ to only accept connections from IP addresses assigned to the voting machines. And election officials in Rhode Island, which uses ES&S’s DS200 machines with modems, told me that the modems only transmit for about a minute, which wouldn’t be sufficient to hack into voting machines or results servers.
But Stauffer and others say none of this would prevent a skilled hacker from penetrating the machines via their modems. Although overwriting the machine’s firmware, or voting software, would be difficult to do in just a minute, Stauffer says installing malware on the underlying operating system would not. An attacker might be able to do this directly through the modem to the voting machine, or infect the election-management system on the other end and install malware that gets passed to voting machines when officials program future elections. In either case, the malware could disable modem controls on the voting machines and make the devices secretly dial out to whatever number an attacker wants whenever he wants, while also altering system logs to erase evidence of these calls. This would let an attacker connect to the machines before or during an election to install malicious voting software that subverts results.
In such a scenario, the demilitarized zone concept, which ES&S says protects the election-management system, could actually become a liability, since it’s trusted by the election-management systems that communicate with it, says J. Alex Halderman, professor of computer science and engineering at the University of Michigan. Halderman calls the DMZ a ‘‘very risky setup in an election context, given that an attacker who infiltrates the EMS can tamper with election results or spread malware to voting machines.’’
The firewalls surrounding the DMZ can have their own vulnerabilities, and Halderman points out that if an attacker can send corrupt data through the firewall to the DMZ, then he can exploit vulnerabilities in the election-management system when the two communicate. This isn’t speculation, Halderman insists: A study done in 2007 for Ohio found multiple vulnerabilities in ES&S’s Unity election management system that would let an attacker send it malformed election data in order to run malicious code on the system. ‘‘The fact that these election management systems are networked at all should be alarming to anyone who understands election cybersecurity,’’ Halderman says.
A secure voting machine should prevent untrusted or unsigned software from being installed on it. But last year when Stauffer and colleagues examined an optical-scan machine that ES&S submitted to California for testing and certification, they discovered the system wasn’t authenticating code during installation or wasn’t doing it properly. They were able to modify legitimate ES&S election software and reinstall it on the machine unsigned. Although they conducted their test with physical access to the machines, because California machines don’t have embedded modems, Stauffer says an adversary with remote access through the modem would theoretically be able to do the same. Their rogue modification was designed to erase all election data from the machine at the close of an election. A ‘‘capable-enough adversary,’’ says Stauffer, might potentially go much further, with an update that would ‘‘make a candidate more favorable than the other.’’
Douglas W. Jones, a computer-science professor at the University of Iowa, has examined multiple voting systems for state and local election officials over the years. ‘‘Nothing I know about the machines would defend against’’ an attack where a hacker altered voting software.. ‘‘So this is a vulnerability that should be taken quite seriously.’’
Even if ES&S were to prevent someone from loading unsigned voting software, an attacker could still install malware on a voting or election-management machine via the modem connection, according to experts, if the underlying operating system software had unpatched security vulnerabilities. In fact, many voting machines across the country run on years-old unpatched Windows and Linux operating systems, partly because counties don’t have the staff to maintain the systems and have long believed that the systems are secure, and partly because (due to long delays in getting new or altered versions of voting machines certified) voting machine vendors often sell systems without the latest patches installed.
The operating systems on the election-management systems ES&S submitted to California for testing and certification last year were missing dozens of critical security patches, including one for the vulnerability the WannaCry ransomware used to spread among Windows machines. Two optical-scan machines ES&S submitted for certification had nine unpatched security vulnerabilities between them — all classified by the security industry as critical.
Just last month, Cisco, which makes the model of firewall used with ES&S election-management systems, announced a critical vulnerability in its devices that would let a remote hacker take full control of the firewalls and get at the systems they protect. News reports last week indicated hackers are already attempting to exploit vulnerable Cisco firewalls in the wild.
ES&S says it’s working with customers to patch their firewalls, but if they use the firewalls ‘‘according to recommended procedures,’’ they can mitigate the vulnerability. Those procedures include configuring the firewalls to only accept connections from known and trusted IP addresses ‘‘and shutting off the system when not in use.’’
Jones says the better solution is for states to seriously reassess their use of modems if they want to protect upcoming elections, particularly because hackers wouldn’t need to successfully alter voting machine software to have a detrimental effect; they could just leave behind evidence that they got in.
‘‘This is an extraordinarily powerful tool if all you want to do is simply discredit democracy,’’ Jones says. ‘‘All you have to do is create the appearance of something having happened, even if it hasn’t happened.’’
23 state attorneys general refile net neutrality suit
February 23, 2018
CNET –
A coalition of 23 state attorneys general refiled a lawsuit Thursday challenging the Federal Communications Commission’s rollback of Obama-era net neutrality regulations as the commission published its final notice of the repeal in the Federal Register.
The coalition, lead by New York Attorney General Eric Schneiderman, filed a lawsuit in January to block the repeal of the rules but agreed to withdraw it Friday and wait for the FCC’s publication. Publishing the notice to the Federal Register begins a 60-day clock until the rules are removed and allows for the filing of legal challenges.
“Today, the FCC made official its illegal rollback of net neutrality — and, as promised, our coalition of attorneys general is filing suit,” Schneiderman said in a statement announcing the lawsuit (PDF).
“Consumers and businesses in New York and across the country have the right to a free and open internet, and our coalition of attorneys general won’t stop fighting to protect that right,” he said.
Let’s Acknowledge US Interference in Foreign Elections
February 23, 2018
by Brian Saady
AntiWar
Last week, the Mueller investigative team indicted 13 Russian nationals for charges related to interference in the 2016 election. One of the individuals is a Russian billionaire, Yevgeny Prigozhin, who is allegedly the financier of the “troll farm.” This company that is solely dedicated to sowing political discord via fake news and false online identities is known as Internet Research Agency.
Meduza, a Latvia-based news organization that is critical of the Russian government, reported last October that Internet Research Agency has roughly 250 employees, with 90 focused on U.S. politics. In fact, the company hired 100 American activists, who were unaware of the origin of the funding, to lead rallies throughout the US
Americans certainly have a right to be upset about the organized dissemination of disinformation from a foreign nation. However, we also need to acknowledge the actions of our own government to fully understand this subject.
The Guardian reported in 2011 about the Pentagon’s psychological warfare program involving “sock puppets.” In other words, our military also hires private contractors to use fake Internet identities to spin online debate toward pro-American talking-points on non-English language or U.S.-based websites.
This is all part of a much larger battle of information warfare conducted by both countries. For instance, the US government spent $748 million last year on foreign broadcasting with programs, such as Voice of America and Radio Free Europe/Radio Liberty. Conversely, Russia spent slightly less than $400 million last year to fund Russia Today and Sputnik News.
As for the much more nefarious issue of election meddling, the US Senate Committee on Foreign Relations released a report last month concluding that Russia interfered in the elections of at least 19 nations over the last two decades.
On the other hand, US officials are active in the same capacity. Last week during an interview on Fox News, former CIA Director, James Woolsey, acknowledged the historical fact that the US has interfered in other countries’ elections.
Albeit, Woolsey countered that US interference was for the benefit of those countries to prevent communists from taking over. However, the non-answer by Woolsey when he was questioned if the US still interferes in elections is priceless.
The US has been involved with fixing elections and overthrowing democratically elected leaders long before the CIA came into existence. The Platt Amendment offers arguably the most symbolic example of this global hegemony.
The Platt Amendment of 1901 served as a treaty of sorts between the US and Cuba after the Spanish-American War. But, for all intents and purposes, it legitimized US dominance over the country’s governance. In fact, there was a provision granting the US permission “to intervene for the preservation of Cuban independence.”
It didn’t take long for those words to come to fruition. Five years later, then Secretary of War, William H. Taft, was instituted as the Provisional Governor of Cuba during the Second Occupation of Cuba. However, former US Marine General Smedley Butler (author of War is a Racket) probably summed up best whose interests we were protecting. “I helped make Haiti and Cuba a decent place for the National City Bank boys to collect revenues in,” he said.
Nearly a century after the Monroe Doctrine was declared, Taft openly held the same ideals. In 1912, President Taft declared, “The whole hemisphere will be ours in fact as, by virtue of our superiority of race, it already is ours morally.”
Obviously, the US empire machine went into overdrive with the advancement of communism. To be specific, the antiwar author and historian, William Blum, once listed 55 instances after WWII in which the US government assisted an overthrow or attempted overthrow of a foreign country.
The blueprint for these coups came about with the 1953 coup that removed the democratically-elected leader of Iran, Mohammad Mossadegh. Unlike the generalization offered by former CIA Director Woolsey, this coup didn’t protect the Iranians from communism. However, that pretense helped launch the coup as Mossadegh wanted to nationalize the country’s oil supply that had been monopolized by the Anglo-Iranian Company, present-day British Petroleum (BP). This coup brought about the brutal regime of the Shah over the next 26 years.
Another coup took place one year later, 1954. The democratically-elected President of Guatemala, Jacobo Arbenz, was removed and another military dictatorship was installed. Once again, the motivations for the coup were clearly influenced by protecting US corporate interests, in particular, United Fruit Company.
The role of information warfare and propaganda reigned supreme in this coup. As noted in the book American Spy by E. Howard Hunt, former CIA officer and Watergate burglar, the CIA successfully pressured The New York Times to remove a reporter from his Guatemalan assignment because he was viewed as sympathetic to Arbenz.
However, it was the disinformation provided by “La Voz de la Liberacion,” a CIA radio station, which helped secure the coup. The recordings of this anti-government propaganda were presented as opinions from disgruntled Guatemalans, but, in reality, they were actually recorded by CIA agents in Miami.
Anyhow, in the current era, the US has certainly remained active in undermining the democratic process of other countries. One of the vehicles for anti-democratic actions has a rather Orwellian name, the National Endowment for Democracy (NED).
NED is a private, nonprofit organization that receives extensive funding from the US government and, in turn, the organization provides funding to various activist NGOs worldwide. However, the late Robert Parry discovered that NED was the brainchild of former CIA Director, William Casey.
In fact, the President of NED, Carl Gershman, has often coordinated with top US officials to decide which NGOs should receive funding. Not surprisingly, the grant list of NED is filled with many of the same organizations that the CIA had funded in secrecy.
“A lot of what we do today was done covertly 25 years ago by the CIA,” said Allen Weinstein, a co-founder of NED. Now, with NED in place, this private organization essentially functions as a cutout that negates criticisms of covert activity by the CIA. Hence, William Blum has analogized NED as a money laundering hub for the CIA.
The problem is that many of the organizations funded by NED are seemingly acting on behalf of US interests, rather than a non-partisan quest for promoting democracy. For instance, the George H.W. Bush administration openly called for interfering in the Nicaraguan Presidential election of 1990.
Congress ultimately blocked this proposal by the Bush White House to provide Daniel Ortega’s opponent, Violeta Chamorro, with $3 million of campaign financing through NED. However, NED used the same money to fund Chamorro indirectly through organizations linked with her campaign.
That’s one of several elections in which NED has sided with a particular candidate. In even worse scenarios, NED has funded groups that participated in military coups. In particular, this organization indirectly helped finance the Venezuelan and Ukrainian coups of 2002 and 2014, respectively. Consequently, for that reason, among others, NED was banned in Russia as an “undesirable” international NGO.
All in all, most Americans are unaware of these aggressions by the US government against foreign nations. Hence, there will be no introspective period by the American Congress. In turn, you can rest assured that our leaders will only consider ways to best protect the electorate from the psychological warfare of foreign governments, even though the techniques were crafted by our government.
To sum up, until our government ceases this aggression toward other nations, we don’t deserve to speak from the moral high ground on this issue.
Human culture, not smarts, may have overwhelmed Neanderthals
February 4th, 2016
by Dan Stober
Stanford Report
What happened to the Neanderthals? They left their African homes and migrated into Europe 350,000 to 600,000 years ago, well ahead of modern humans, who showed up only about 45,000 years ago. But within about 5,000 years of our arrival, the indigenous Neanderthals had disappeared.
Anthropologists have proposed that the Neanderthals may have been done in by terrible epidemics or an inability to adapt to climate changes of the era, but Stanford researchers now suggest culture wars of a sort might have spelled the end.
The team, led by biologist Marcus Feldman, came to their conclusion after creating mathematical models that demonstrated that it wasn’t necessary for the humans to outnumber the locals in order to prevail. A smaller band of humans with a more highly developed level of culture could eventually push out the Neanderthals, the models showed.
The edge wasn’t just raw intelligence. Archeological findings have shown that brain size was essentially the same for humans and Neanderthals, and recent paleo-anthropological studies suggest that Neanderthals were capable of a range of advanced intellectual behaviors typically associated with early modern humans.
But a more fully developed culture among humans could have led to being able to gather territory or hunt over a larger area, or a higher level of tool-making. And better tools probably meant better weapons.
“Presumably there was a lot of violence going on at that time,” said Feldman, who is the Burnet C. and Mildred Finley Wohlford Professor of in the School of Humanities and Sciences. “I assume it wasn’t only constructive things done with tools. A hand axe can be used for constructive purposes and destructive purposes.”
Looking at the results of the modeling, the researchers concluded that a small population of humans with a high level of sophistication could have overwhelmed a larger, established population of Neanderthals that had been getting by with a lower level of cultural sophistication.
And the rich probably got richer in some sense, because a growing population of humans could support a higher level of cultural sophistication. The modeling also suggests then that it was not necessarily a genetic mutation that changed the human brain and provided a leg up for humans over Neanderthals, as has been suggested, Feldman said.
“They are presumably the last close relatives to us, before humans dominated the world,” he said.
Feldman’s research team included William Gilpin, a graduate student in applied physics at Stanford, and Kenichi Aoki of the Organization for the Strategic Coordination of Research and Intellectual Properties at Meiji University in Japan. He said that drawing from an interdisciplinary group of experts makes this type of work possible.
“One of the great things about Stanford is how easy this is to do,” he said. “It’s always been the case, since I did my doctorate over in the math department, that interdisciplinary research has been encouraged and strongly supported by the university.”
The research is published in Proceedings of the National Academy of Sciences.
Italy’s Five Star Movement feeds on voters’ anger
The Five Star protest party is riding high in the polls ahead of next week’s election in Italy. Their anti-establishment, anti-immigrant message is resonating with frustrated Italians. Megan Williams reports from Rome.
February 23, 2018
by Megan Williams in Rome
DW
Gianluca Buratti arrives late. The gospel choir master has been embroiled in Rome’s chaotic rush-hour traffic and searching for a parking spot in a city whose crumbling infrastructure shows no signs of improving, despite promises from its populist Five Star movement mayor Virginia Raggi.
Yet, like many Rome residents who plan to vote for the Five Star movement in Italy’s March 4 national election, Buratti is forgiving when it comes to his party’s negligible progress in addressing Rome’s urban decay, garbage collection problems and skeletal transportation system.
“I was born and raised in Rome and know it well,” he says, sitting beside a grand piano in the frigid common room of a Catholic community center before choir practice. “For the past 50 years, it was governed by the same corrupt parties, so before the Rome election in 2016, I said, ‘No one can expect changes in three or four years. Not until she cuts links with the old system.'”
It’s “the old system” that has made him a convinced Five Star member: politicians from the traditional right and left who, like many in Italy, Buratti sees as overpaid, on the take, and more invested in keeping their privileges than improving Italy.
A vote for the lesser of many evils
“Most of the Five Star voters aren’t actually for the Five Stars, but vote for them as a slap in the face to the party they really belong to,” says Italian pollster Lorenzo Pregliasco, head of You Trend. “A third of the Five Star voters are from the left, a third from the right and a third people who never voted before. The party’s failure to fix Rome’s problems or this scandal over salary reimbursement have almost no impact on these voters.”
The distrust, and disdain Buratti and his fellow Five Stars supporters feel toward traditional politicians are what’s largely driving the party’s numbers. The most recent polls put its support at about 28 percent.
Vera Capperucci, an Italian political historian at Luiss University in Rome, says the face of the party has changed since its early “F-Off to Politicians” rallies in piazzas. But even with seats in parliament, it’s still the protest party with an anti-politician message that resonates.
Anti-politician protest parties
“The Italian political class on both the right and the left is now widely perceived as a failure,” says Capperucci. “To put it bluntly, they’re seen as has-beens, people who had their chance and blew it, and who are now almost ignored by the voters.”
Italy’s floundering economy has only enforced that perception. The official unemployment rate that hovers around 11 percent; a perception of high taxes in exchange for poor services; and no sign of the kind of economic turnaround Spain and Ireland have pulled off have led many Italians to look around for someone to blame, she says. After politicians and the EU, they’ve pointed their fingers at migrants.
“Italian voters are not traditionally drawn to extremes, but in this prolonged economic situation, they’re migrating there and that’s why we’re seeing the emergence of a noisy minority,” Capperucci says, referring to La Lega, formerly known as La Lega Nord (The Northern League). The far-right party’s brash leader Matteo Salvini has relentlessly hammered home an anti-immigrant, “Italy First” message on his frequent TV appearances.
La Lega wants to expel 600,000 migrants
Salvini has been adept at exploiting cases of violence to shore up support. After a Nigerian migrant was charged for the murder of an 18-year-old Italian woman last month, an Italian gunman went on a drive-by shooting rampage in the central city of Macerata, injuring six African migrants. Salvini immediately went on television blaming both crimes on what he called “Italy’s out-of-control immigration policy.”
Giovanni Zagni of the Italian political fact checking website, Pagella Politica, says that while Salvini often cites the number of crimes committed in Italy, he fails to mention that foreigners commit crimes at about the same rate as Italians do — and that violent crime has decreased by about 10 percent over the past decade. That’s during a similar period of time that the number of migrants and refugees arriving in Italy dramatically rose.
“So to create an impression of crime being a problem,” says Zagni, “right-wing politicians focus on single cases of criminality or specific types of crimes.”
Salvini promises to expel from Italy the 600,000 or so migrants that have arrived here in the past four years. It’s one of the many election vows from the right — from free veterinary services for pets to a 15 percent flat tax — that have many observers and opponents rolling their eyes.
Anti-immigrant message
Both La Lega and the Five Star Moment want to kick out some 600,000 refugees
“I’ve heard a lot of imaginative election promises in my life,” said Emma Bonino, the 70-year-old leader of the pro-EU More Europe party, “but I’ve never heard so many as I have in the last months of this election. And the most imaginative, in a delusional way, is the promise to kick out 600,000 migrants. You need bi-lateral agreements with the countries these people have fled from to do that. You can’t just put them on a plane with a parachute.”
Yet, the imaginative promises seem to be paying off. Five years ago, La Lega took four percent of the vote; today, polls place it almost neck-and-neck with the right-wing coalition Forza Italia, led by former Prime Minister Silvio Berlusconi, at 14 percent.
Even the Five Star movement is calling for the immediate repatriation of illegal immigrants, and like La Lega, they don’t explain how they’ll do this, apart from saying they’ll add 10,000 more workers to examine asylum requests.
Five Stars voters like Gianluca Buratti supports the dramatic promises, but insists racism has nothing to do with it.
He cites revelations in the last years that politicians in Rome and elsewhere have pocketed funds earmarked for migrant centers. “Immigrants aren’t the problem, but the class of politicians who has mishandled migration,” he says.
And he, like almost a third of Italians, says the only way forward for Italy is to cut with that class.
“The merit of the Five Star movement has been to collect the disappointment of many people and merge it in a democratic tract,” says Buratti. “Otherwise, the next move would have been civil war.”
Syrian YPG militia: government has taken control of Aleppo district
February 22, 2018
Reuters
BEIRUT – The Syrian Kurdish YPG militia commander in Aleppo said the group’s fighters had gone to nearby Afrin region to help repel a Turkish assault and as a result the Syrian government had regained control over Kurdish-held districts in Aleppo.
“We in Aleppo have gone to the Afrin canton. As a result the eastern districts of Aleppo city fell under the control of the Syrian regime,” said Furat Khalil, YPG commander in Aleppo, in a message to Reuters.
Reporting By Ellen Francis; Writing by Angus McDowall; Editing by Matthew Mpoke Bigg
In a First, U.S. Senator Demands Government Oversight of Predatory “Loot Boxes” in Video Games
February 23 2018
by Zaid Jilani
The Intercept
Last year, The Intercept talked to psychologists, gambling addiction experts, and state lawmakers about the proliferation of video game “loot boxes” — random assortments of prizes purchased by players, many of them children, who hope to score certain coveted powers, much the way slot machine users hope to hit the jackpot.
Many of these experts argued that loot boxes, typically purchased in small-dollar transactions, represent what is essentially a form of gambling aimed at minors, and called for government oversight.
In mid-February, Sen. Maggie Hassan, the New Hampshire Democrat, answered the call. First, she wrote a letter to Patricia Vance, president of the Entertainment Software Ratings Board, which designs the warning labels for parents on video game products, asking Vance to consider listing the presence of loot boxes as a warning on product packaging and to study the wider use of the practice. (The full letter to Vance is posted at the bottom of this article. ESRB did not respond to a request for comment.)
Hassan also pressed four nominees to the Federal Trade Commission on the issue during a hearing the same week at the Senate Commerce, Science, and Transportation Committee.
“In the past, the FTC has looked at video games,” specifically the impact of violence in games, Hassan said at the hearing. “Do you agree that children being addicted to gaming and activities like loot boxes that might make them more susceptible to addiction is a problem that merits our attention? And depending on how the ESRB responds to my inquiry, would the FTC be willing to look at loot boxes as an issue independently?”
All four FTC nominees agreed that they would be willing to examine federal oversight of loot boxes.
Christine S. Wilson of Virginia, who was nominated to join the FTC in January, was emphatic, citing her own children’s hobbies. “As the mother of two teenagers, I would agree that the extent to which teenagers play video games is certainly a concern and I would be willing to talk to staff and get more up to speed on this issue should I be concerned,” she said.
The gambling addiction community was heartened by Hassan’s step. “Loot boxes in video games are a dangerous and predatory form of gambling being marketed directly to kids,” Les Bernal, national director of Stop Predatory Gambling, told The Intercept. “Their sole purpose is to extract more money out of young people’s pockets. We urge Sen. Hassan and the FTC to follow through on stopping these video game operators from preying on kids.”
Consumer outrage against loot boxes reached a high point last holiday season, when sales of Electronic Arts-published shooter “Star Wars Battlefront II” came in below expectations after a backlash from players upset that people who spent money on loot boxes and other in-game purchases could gain a major edge over other gamers. The company responded by temporarily disabling these purchases.
Electronic Arts and the ESRB have both argued that loot boxes are not like gambling because the purchaser is never left empty handed, as gamblers often are, even if all they receive are prizes in which they are not interested.
At the state level, Hawaii lawmakers have started moving legislation on loot boxes; one set of measures would require special labeling on games that offer them, while another would outright ban the sale of such games to consumers under the age of 21.
“I grew up playing games my whole life,” Democratic state Rep. Chris Lee of Oahu, who authored the bills, wrote in a prepared statement. “I’ve watched firsthand the evolution of the industry from one that seeks to create new things to one that’s begun to exploit people, especially children, to maximize profit.”
Here’s Hassan’s full letter to Vance:
Patricia Vance
President
Entertainment Software Ratings Board
Dear Ms. Vance:
I write to today regarding an important gaming issue that was recently brought to my attention by a constituent.
The Entertainment Software Ratings Board (ESRB) has an important mission in both providing parents with the necessary information to make decisions about the suitability of games, and their content, for children, as well as ensuring that the industry is following responsible marketing practices.
The ESRB rating system is of great value to parents across the country, empowering parents to make informed decisions on behalf of their children. As technology advances, ESRB must work to keep pace with new gaming trends, including the in-game micro-transactions and predatory gaming tactics, particularly as they are deployed on minors.
The prevalence of in-game micro-transactions, often referred to as ‘loot boxes,’ raises several concerns surrounding the use of psychological principles and enticing mechanics that closely mirror those often found in casinos and games of chance. The potential for harm is real. Recently the World Health Organization classified “gaming disorder” as a unique condition in its recent draft revision of the 11th International Classification of Diseases. While there is robust debate over whether loot boxes should be considered gambling, the fact that they are both expensive habits and use similar psychological principles suggest loot boxes should be treated with extra scrutiny. At minimum, the rating system should denote when loot boxes are utilized in physical copies of electronic games.
To that end, I respectfully urge the ESRB to review the completeness of the board’s ratings process and policies as they relate to loot boxes, and to take into account the potential harm these types of micro-transactions may have on children. I also urge the board to examine whether the design and marketing approach to loot boxes in games geared toward children is being conducted in an ethical and transparent way that adequately protects the developing minds of young children from predatory practices.
Further, I urge the ESRB to consider working with the relevant stakeholders – including parents – to collect and publish data on how developers are using loot boxes, how widespread their use is, and how much money players spend on them.
Finally, I ask that you develop best practices for developers, such as ethical design, tools for parents to disable these mechanisms, or making them less essential to core gameplay.