John Arquilla at ACM writes:
What a pity that senior leaders in the American government and intelligence community have decided to play political football with the alleged Russian hacks of John Podesta's and other Democrats' emails. By using these intrusions to gin up fears about the "integrity" of the electoral process—which is already befouled by the focus on finding and spreading dirt on the opposition—the real story is being neglected. And what is that real story? It is that, despite more than two decades of consistent public warnings that have reached the highest levels of government, cybersecurity throughout much of the world is in a shameful state of unpreparedness.
Take the United States, for example. Since the mid-1990s, there have been approximately 200 cybersecurity bills brought before Congress. Only one has passed, quite recently at that, and it only calls for voluntary information-sharing about cyber incidents. Legislation aside, there have also been several government-sponsored commissions and top-level exercises focused on understanding and illuminating the cyber threat. Each of these has signaled that "the red light is flashing;" that is, American cybersecurity is in very poor shape. Indeed, former cyber czar Richard Clarke and Robert Knake, in their book, Cyber War, list the U.S. as having the poorest cyber defenses among the leading developed countries.
TL;DR: The lesson(s) are: we must improve defenses, better use of strong encryption, and don't wait for government policy to protect you.
Obama Orders Sweeping Review of International Hacking Tied to U.S. Elections
How Hackers Broke into John Podesta and Colin Powell's Gmail Accounts
On March 19 of this year, Hillary Clinton's campaign chairman John Podesta received an alarming email that appeared to come from Google.
The email, however, didn't come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the US government, believe are spies working for the Russian government. At the time, however, Podesta didn't know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account.
Months later, on October 9, WikiLeaks began publishing thousands of Podesta's hacked emails. Almost everyone immediately pointed the finger at Russia, who is suspected of being behind a long and sophisticated hacking campaign that has the apparent goal of influencing the upcoming US elections. But there was no public evidence proving the same group that targeted the Democratic National Committee was behind the hack on Podesta—until now.
The data linking a group of Russian hackers—known as Fancy Bear, APT28, or Sofacy—to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell's emails; and the Podesta leak, which was publicized on WikiLeaks.
All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that's tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear.
From NPR:
President Obama has ordered the intelligence community to conduct a "full review" of "malicious cyber activity" timed to U.S. elections, the White House said Friday.
The review will go all the way back to the 2008 campaign when China was found to have hacked both the Obama and McCain campaigns, White House spokesman Eric Schultz said at a Friday press briefing.
In the 2016 election, U.S. intelligence officials charged that Russia had interfered. In early October, they released a strongly worded statement saying they were "confident that the Russian Government directed the recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations." The statement went on to say "these thefts and disclosures are intended to interfere with the U.S. election process."
Shortly after that, WikiLeaks began posting emails hacked from Clinton campaign Chairman John Podesta's Gmail account. The slow drip of those emails, including transcripts of Clinton's remarks to Goldman Sachs, hung over the campaign in its closing weeks and proved embarrassing at times. Podesta said he spoke to the FBI about the hacking, and intelligence experts blamed Russia for that as well.
Unapplicable Lesson
Politicians can't learn that lesson....it's takes away a newly discovered wedge issue between the "Democrats" and "Republicans".
The only gods that have ever been truly worshipped are wealth and power. Others are just cover.
content vs action
Its important to distract away from the content by endlessly discussing the action (or lack thereof)
Mixed curse
There is a dark flip side (and light silver lining) to everything. The summary waxes poetic about how wild west and unsafe the internet, but that also means it is open, free, and uncontrolled. That makes it a hotbed for lots of "good" things like innovation, empowerment of individuals, and free speech.
Think of the flipside. A secure internet could be something where everything is:
-traceable (e.g. mandatory registrations in places like Singapore and China(?))
-regularly reviewed and censored (e.g. the Great Firewall of China, what Facebook/Reddit/etc do)
-restricted to specific individuals (e.g. how hard it is for locals to make an ISP at the municipal level in the US when the big carriers don't serve their area)
-technologically inferior and harder to work with proprietary interfaces (e.g. back when Internet Explorer 5 and 6 dominated the market)
-very expensive (e.g. how airplanes and telephones were before deregulation, trying to get access to academic journals)
-Slow to progress (e.g. try adding your own new technologies to the secure terminals of the New York Stock Exchange)
Being Wild West has definite drawbacks... but it has some definite positives to this slapstick approach as well. Let's be careful to not throw out the baby with the bathwater.
