Border vigilantes; the next Russian hack; CIA warning over Huawei, and more
A mystery agent is doxing Iran’s hackers and dumping their code (Andy Greenberg, Wired)
early three years after the mysterious group called the Shadow Brokers began disemboweling the NSA’s hackers and leaking their hacking tools onto the open web, Iran’s hackers are getting their own taste of that unnerving experience. For the last month, a mystery person or group has been targeting a top Iranian hacker team, dumping their secret data, tools, and even identities onto a public Telegram channel—and the leak shows no signs of stopping.
Since March 25, a Telegram channel called Read My Lips or Lab Dookhtegan—which translates from Farsi as “sewn lips”—has been systematically spilling the secrets of a hacker group known as APT34 or OilRig, which researchers have long believed to be working in service of the Iranian government. So far, the leaker or leakers have published a collection of the hackers’ tools, evidence of their intrusion points for 66 victim organizations across the world, the IP addresses of servers used by Iranian intelligence, and even the identities and photographs of alleged hackers working with the OilRig group.
Through email leaks and propaganda, Russians sought to elect Trump, Mueller finds (Shane Harris, Ellen Nakashima, and Craig Timberg, Washington Post)
In what will stand as among the most definitive public accounts of the Kremlin’s attack on the American political system, the report of special counsel Robert S. Mueller III’s investigation laid out in precise, chronological detail how “the Russian government interfered in the 2016 presidential election in sweeping and systematic fashion.”
The Russians’ goal, Mueller emphasized at several points, was to assist Donald Trump’s run for the White House and to damage Hillary Clinton’s candidacy. And the Republican candidate took notice, looking for ways to turn leaks of stolen emails to his advantage and even telling campaign associates to find people who might get their hands on Clinton’s personal emails.
“The Trump Campaign showed interest in WikiLeaks’ releases of hacked materials throughout the summer and fall of 2016,” Mueller’s investigators wrote. The anti-secrecy website became the major outlet for Russia’s pilfered material, and Trump campaign staffers were engaged in discussions about pending leaks and how to capitalize on them, Mueller found.
Investigators did not establish a conspiracy between the Trump campaign and the Russians. But both sides used similar tactics. Through social media and selective leaking, the Russians stoked deep societal divisions and aroused Americans’ suspicions of politicians and the integrity of the electoral process, Mueller found.
Trump, too, tried to divide voters, exacerbating political fault lines, and he insisted that something was rotten in the way the country elects its president, calling the process a “rigged” system.
Mueller report highlights scope of election security challenge (Ellen Nakashima, Washington Post)
Special counsel Robert S. Mueller III’s investigation of the “sweeping and systematic fashion” in which Russia interfered in the 2016 election highlights the breadth and complexity of the U.S. voting infrastructure that needs protecting.
From voter registration to the vote itself to election night tabulation, there are countless computers and databases that offer avenues for foreign adversaries to try to create havoc and undermine trust in the democratic process.
In addition to targeting the Democratic Party and Clinton campaign in 2016, Mueller noted in his report, Russian hackers also went after election technology firms and county officials who administer the vote — officials often without the resources to hire information technology staffs.
“The Mueller report makes clear that there’s a much larger infrastructure that we have to protect,” said Lawrence Norden, an election security expert at New York University Law School’s Brennan Center for Justice. “There’s clearly a lot to do before 2020.”
….
Experts have often commented on how the decentralized nature of election systems is a form of security making it less likely that one computer hack can result in a cascading series of disruptions across states. But that feature also makes for a big challenge, said Norden, the NYU election security expert. “You’re only as strong as your weakest link and you can’t expect systemic security without some central player pushing to do what needs to be done,” he said.
The next Russian hack (Washington Post)
Whether President Donald Trump obstructed justice is a crucial question, the answer to which special counsel Robert Mueller III implied but did not state clearly. What is crystal clear in his 448-page report is a conclusion that Trump, charged with making the highest-level national security decisions, has routinely denied: “The Russian government interfered in the 2016 presidential election in sweeping and systematic fashion.”
One reaction from Congress must be to weigh the evidence of obstruction. The other must be to ensure that Russia - and any other hostile actor - does not succeed in interfering again.
Mueller, confirming the long-standing conclusions of the U.S. intelligence community, found that the Kremlin ran a social media campaign that evolved from a program “to provoke and amplify political and social discord in the United States” and “to sow discord in the U.S. political system through what it termed ‘information warfare’” into one “that favored presidential candidate Donald J. Trump and disparaged presidential candidate Hillary Clinton.” Meanwhile, Russian military intelligence hacked the Democratic National Committee’s servers and the Clinton campaign, then released damaging material at strategic times.
It remains outrageous that Trump, having benefited from the Kremlin’s meddling, continually plays down Russia’s election-year activities - and, indeed, has pursued a closer relationship with Russian President Vladimir Putin - even while the leaders he picked to run the U.S. intelligence community repeat that Russia is culpable and likely to try again.
Anti-vaxxers have a new conspiracy theory and it’s one you should actually spread around (James Felton, IFL Science)
Anti-vaxxers have consistently spread rumors that are dangerous. They’ve repeatedly referenced a many-times debunked study that vaccines cause autism (they don’t). They’ve spread the conspiracy theory the poliovirus does not exist, that pesticides cause any clinical symptoms of polio, and that eating yoghurt causes HPV.
Inventing and propagating weird rumors is sort of their thing.
Now they have come up with a new conspiracy theory, and it’s actually pretty great and one we’re happy for them to spread around the Internet.
As spotted by several Twitter, Reddit and Facebook users, they now appear to believe that holding a potato to your kids’ arms will suck out the “toxins” from vaccines.
I’m just going to leave this here. pic.twitter.com/uuBpOkjLDw
You can vaccinate your kids, and then hold a raw potato to the wound where the needle entered, and it will suck the toxins from the vaccines out, leaving only the non-toxic parts! It’s a great way to stay healthy AND thwart big pharma!
— Doc Bastard (@DocBastard) April 12, 2019
The infectious disease physician well is running dry (Saskia v. Popescu, Contagion Live)
There is a growing shortage of infectious disease physicians in the United States, according to The New York Times. In a time of growing antimicrobial resistance, emerging infectious diseases, and continued outbreaks of vaccine-preventable diseases, infectious disease physicians are a critical asset to the medical and public health communities.
The conservative case for freeing “terrorist Judith Clark” (Ronald Radosh, Daily Beast)
She stands alone in reevaluating and repudiating her past actions and apologizing for them.
Russia has won the information war in Turkey (A. Akin Unver, Foreign Policy)
The Kremlin doesn’t even need fake news to push its agenda on Turkish social media. Because domestic disinformation is rampant, Moscow has managed to infect both sides of the debate.
These are the most commonly hacked passwords - is one of them yours? (Danny Palmer, ZDNet)
Your name, your favorite football team and your favourite band: The UK’s National Cyber Security Centre has released a list of the 100,000 most common passwords to appear in data breaches in an effort to encourage users to select strong passwords.
Why a Nazi nuclear bomb never happened (and the world was saved) (Warfare History Network / National Interest)
Lots of reasons.
