I'm at the NFT NYC conference again in Times Square, and Snoop walked by, flanked by security. I grabbed his handler, said I'm a reporter, would love a few minutes. The guy said actually that's an impersonator, legally can't say it's him, they hired him to drum up excitement.
This case, where Facebook turned over chats of a Nebraska woman charged with giving her then-underaged daughter abortion pills, is exactly the kind that experts have warned we'd see in a post-Roe world.
Seeing more calls today to delete your period-tracking apps. But experts say that if you look at how states have already brought evidence in abortion-related cases, the *much* bigger concern is unsecured, unencrypted communications & stored search history.
Six writer bylines and the strong implication the IDF assassinated a journalist: I guarantee you this story has been vetted to hell and back by CNN's legal team.
Don't yet know exactly what's behind the DNS issue that's knocked Facebook/Instagram/WhatsApp offline, but it's really bad. Pretty much everything that runs through those three companies are inaccessible. Employees can't even enter conference rooms because they're IoT!
I deeply, deeply regret to inform you that this is the rap video of the woman who was just arrested as part of an alleged husband-wife scheme that laundered some $3.6 billion in crypto.
I don't like tweeting about my personal life or about shit like this. But feel this is necessary. Of the eight kids who grew up on my street as a kid, a third has died of an overdose. Plus plenty more I went to school with. The opioid epidemic in WV is very real, and ongoing.
A fun fact about Republicans embracing the idiotic Crowdstrike conspiracy theory is that the RNSC and RNCC both use Crowdstrike. Have paid more than $175,000 since 2017, per FEC filings.
Journalism protip: File your FOIAs with a personal email address. I don't care how much you love your employer or how stable your job is. It'll be months or years before you get a response, who knows where you'll be then?
Good reminder that corporate Slack accounts can let bosses read *everything* on any given employee slack account. Private messages, locked rooms β it's all visible to them, and in some cases they can and will use it against employees.
My twitter account was protected at the time, so I can only assume this was for not showing 100% loyalty in slack. Iβve heard the same thing has happened to many others now.
You've probably heard this a million times, but it's still true. Twitter does not drive substantial traffic, and it never has, for any news publication I'm aware of.
Countries abstain from using their nukes because everyone knows that an escalation quickly means we all lose. We've never seen cyber superpowers taking turns destructively hacking each other's infrastructure. Wholly uncharted waters.
No pardons for Assange, Snowden, Ross Ulbricht, or uh...Kim Dotcom. Plenty for longtime GOP figures and white collar criminals. There's a particular type of extremely online person who only now has learned that Trump isn't their guy.
Joint statement tonight from multiple federal agencies and representatives of all 50 states indirectly refutes Trump's multiple false fraud claims.
"There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised."
New and developing: An enormous supply-chain ransomware attack, potentially the single largest criminal ransomware spree in history, is happening now at the start of the 4th of July weekend
This is a really clever idea by the AP. Essentially writing up all the interesting revelations from all of the SCO's filings into a single cohesive narrative.
NEW: Somebody hacked the school messaging service Seesaw this morning, forcing accounts to post goatse in parent-teacher group chats across the country:
I don't see anything categorically new in the content, but here's four agency heads doing a nine-minute PSA on what the government's doing for election security. They don't normally address the public like this. Nine minutes!
The right to vote in a free and fair election is one of the foundations of American democracy. The leaders of the
#FBI
,
@CISAgov
,
@NCSCgov
, and
@NSAgov
want you to know how their organizations work together to protect your voiceβno matter how you cast your vote.
#Protect2020
In DOJ press conference right now, AG Barr and FBI director Wray each blamed "antifa" for some of the violence at protests. Neither named any right-wing extremists, like the three "boogaloo"-tied men that DOJ charged with conspiracy last night.
Scoop: The criminal investigation into to stolen identities used to file anti-net neutrality comments with the FCC is far bigger than previously thought. The FBI is delivering subpoenas and at least three state attorneys general offices also investigating.
There are a lot of holes to poke in the Post's But His Emails story, but this is the most fundamental one to me. We literally cannot verify any of this. At least in 2016 Russia was releasing actual Dem files.
I've seen multiple reports of Russian websites being offline when they're actually just geoblocked and still accessible if you visit with a VPN to bounce through Russia. Fellow reporters: check that before you make an incorrect claim!
Sign of the times: CISA sees no major foreign cyber threats to the election, but has released a training video for election workers on how they can deescalate potentially violent people and situations on election day.
If this makes you uncomfortable, remember that Slack doesn't encrypt your messages, can store them indefinitely even if you don't have access to them, and that in many cases your employer can read and search for everything you've posted, even DMs.
This, from yesterday is the president making a claim of seeing something that obviously never happened. I just got a response back from ICE on whether they had shown him their liberation of an MS-13 controlled town. They declined to comment, saying it was a White House issue.
The Democrats are making a strong push to abolish ICE, one of the smartest, toughest and most spirited law enforcement groups of men and women that I have ever seen. I have watched ICE liberate towns from the grasp of MS-13 & clean out the toughest of situations. They are great!
The document's metadata provides no solid hints as to its provenance. The copy that's currently linked in the story appears to have been created seven minutes before the Politico story hit the website.
President Trump is indicating he just a few minutes ago learned about NSA self-reporting data deletion, which the agency publicly announced five days ago. He would have had access to a private and far more comprehensive briefing far earlier.
Almost two weeks ago, I experienced mild flu-like symptoms (aches, chills). On Thursday, after they passed, I called
@kingscountyhosp
, which said I could come down for a COVID-19 test. Yesterday it came back positive.
Georgia Secretary of State Brad Raffensperger just sent out a press release titled "BREAKING: Stacey Abrams Funded Group that Pushed Voting Machine Disinformation in Georgia."
It links to a "report" that's actually a misleading story from the Ben Shapiro's site the Daily Wire.
DOJ's complaint against the two men accused of attacking four Washington substations says law enforcement identified them because β wait for it βΒ their phones were the only phones that were pinging towers near each site at the time of each attack.
I don't think I've ever seen anything like this: an intelligence agency just doxing hundreds of counterparts at a foreign rival, by name, on its website for anybody to see.
Laid off Twitter engineers all over this app saying how much they loved their teams and what they'd built, new Twitter is in a best case scenario in an ugly rebuild, and lots of users are clamoring for an alternative that does not exist. Seems like an opportunity
I feel completely fine, and would be isolating regardless. Many even my age aren't so lucky. Two notes: my sense of smell disappeared completely and is only now slowly coming back. And this illustrates how easy it is to be a carrier with only mild symptoms. Please stay home.
In that vein, the most effective opsec steps that the average person can adopt in response to Roe being overturned: normalize using encrypted and secure chat apps with friends and family. Normalize using DuckDuckGo or incognito mode when searching anything remotely sensitive.
New and big: The feds, spooked by the GOP, have completely stopped their election information outreach to tech companies. CISA doesn't talk to them. The FBI quit briefing them about foreign propagandaΒ ops.
I don't think any serious person bought the story of where Hunter's emails came from in the first place, but tabloids are running the gotcha that his password was Hunter02. Anybody in infosec would recognize that as an old meme about how easy it is to hack the gullible.
Setting up a fake news website with mostly harmless innocuous articles, then once in a while throwing in stories ideologically aligned with your client, is exactly how a lot of state-sponsored influence operations work. We've seen Iran, China, and Russia all do this.
Twitter has suspended Wired reporter Dell Cameron for tweeting this story, saying it violated the company's rules against distributing hacked materials. In other news, it's really dang easy to search for some of the Pentagon Leaks docs on this site.
I've been invited to cyber reporter briefings at both NSA and FBI in the past six weeks and both agencies asked me to plaintext email them my SSN first.
For the last time, I'm going to commemorate the journalists who had been tasked with following Trump's every tweet and had notifications turned on for him. One of the most mentally taxing beats in American journalism, and it's finally complete. Pour one out on a Friday night.
Raffensperger has received a lot of well-deserved praise for standing up to Trump's insistence he throw the election to him, but this is a partisan, deliberately misleading, blatant abuse of his office.
Good time to recall that the US still has no CISA director, and hasn't for the past 8 months. Biden has at least nominated one, but the Senate's on break.
@SenRickScott
has twice blocked a vote on her nomination bc he wanted
@VP
to visit the border first.
Lincoln College, chartered in 1865 and one of only a handful of Predominantly Black Institutions in rural America, will on Friday become the first US college to shut down largely due to a ransomware attack
Most remarkable thing in the GRU indictment isn't the accusations, but the simple fact of the indictment itself. Naming six officers (allegedly) responsible for election meddling and destruction two weeks before the election seems a pretty clear sign.
NEW: Ransomware hackers believed tied to a sanctioned Russian criminal organization claim to have hacked the NRA, and published several recent files from the org as proof:
I think coverage of political action against tech "censorship" of conservative views rarely adequately addresses the big picture: it just doesn't meaningfully exist. It's propped up only by misunderstanding the platforms, bad faith arguments, and shoddy reporting. That's it.
Cloudflare went to admirable lengths to simplify what happened at Facebook/WhatsApp/Insta today, though it's still a fairly technical read. But I think you should be required to at least try this before sharing conspiracy theories about today.
We in the tech press found metadata showing how the DNC files were laundered by native Russian speakers about five minutes after we first received them. So maybe there's a strategy from ol Rudy that isn't centered purely on getting the truth out.
Reminder for your uncle: the press canβt cover βHunterβs hard driveβ because... we donβt have access to it.
This isnβt a Wikileaks thing. One guy has access to it, he wouldnβt give it to us, now heβs in quasi-hiding because he got caught in a hotel room with Boratβs daughter.
New: A British think tank that analyzes Russian info ops has been hacked, had its files leaked in multiple batches by "Anonymous," and while RT and Sputnik have gone wild with it, nobody else has noticed. A real π€π€π€ for 2019:
I have never seen such an amazing example of how absolutely insane cryptocurrency media is than the fact that MULTIPLE outlets have written articles based solely on misunderstanding
@WilliamTurton
referencing NSA cryptography in a single tweet.
Remember when Mic News was a thing? Then three years ago they pivoted to video, laid off a ton of staff, and you never saw a Mic story again? This is the same person.
And remember that in general, no one should hand their phone or other devices to law enforcement, or unlock them for them, unless legally compelled to:
Reporting the FSB's announcement that it had arrested REvil members is an unnerving experience. It's huge cyber news we cannot ignore. But it also appears so blatantly calculated to engineer goodwill for Russia at a time when it's acting so badly.
New: A hospital in rural Illinois will close Friday, becoming the first to shut down in part because of a devastating ransomware attack it never financially recovered from:
Gonna be That Guy and point out that the right-wing militia that allegedly planned to kidnap Michigan's governor switched between multiple encrypted apps. That didn't hinder the investigation, because the FBI had confidential sources & undercover agents:
Lawsuits against small news outlets by people tied to immense wealth remains one of the biggest threats to the US free press. This country desperately needs a federal anti-SLAPP law.
Peter Thiel associate and Arizona Senate candidate Blake Masters is threatening to sue the
@ArizonaMirror
over critical coverage, invoking the Thiel-funded Hulk Hogan-Gawker lawsuit.
Fox News really doesn't have many gotta-hand-it-to-em moments but they got an indicted former president to sit for an interview and seemingly double down on an indignant confession.
Embargo has lifted on WH cyber meeting announcements.
* Microsoft: offering $150m worth of security help to govt agencies
* Google: donating $100m to help orgs that secure open-source software
* Amazon: free security tokens for AWS users
* IBM: cyber training for 150k people
Remember how the pre-pandemic discussion on voting in 2020 was getting everybody to use paper ballots, because you can audit those? A nice feature of mailed ballots is they're paper. You can audit them, check the signature, compare them w voter rolls.
Amazing, unbelievable incompetence by Russia's official internet censor. They intended to block Twitter's link shortener. Instead, they accidentally blocked every single .com site that ends with a "T."
Today's outages in Russia appears to have been caused by a bad substring match by
@roscomnadzor
.
Intending to block Twitter's link shortener t[.]co, Russia blocked all domains containing t[.]co, for example
Microsoft[.]com and Reddit[.]com.
(H/T
@GregoryKhodyrev
)
I think it's probably not a coincidence that Georgia is the state that has organized the most robustly against historic suppression of Black voters, that it was the big surprise Dem victory in 2020, and that it produced Freeman and Moss.
Mudge β one of the most accomplished and likely the most beloved person in cybersecurity β started his Senate testimony with his mic off. So don't you ever feel self-conscious about doing that on a work call ever again.
A lot of cyber folks have been predicting that state-sponsored hackers would exploit log4j, and last night attributions started dropping. Mandiant seeing China and Iran using it; Microsoft seeing those plus North Korea and Turkey.
Think of the threat model. Data from a period-tracking app at best can show that a person likely became pregnant and then no longer was. But miscarriages aren't illegal. Prosecutors would want evidence that someone wanted to and did willingly terminate a pregnancy.
It also occurs to me how similar NSO's and Facebook's recent defenses are. Both say they can't be responsible for abuse of their product, point to a couple safeguards, refuse to give a complete picture of how it's used, and yell at those who ask for followups or accountability.
On April 1st, we will begin winding down our legacy verified program and removing legacy verified checkmarks. To keep your blue checkmark on Twitter, individuals can sign up for Twitter Blue here:
Organizations can sign up for β¦
Def Con is over and nobody hacked the giant Las Vegas sphere. Four days of the biggest hacker conference set next to a giant LED globe and it didn't do anything against its programming except maybe turn off briefly. Somebody's getting old.
Here's an OCR'd version of the unsealed charges that allege two Chinese intelligence officers tried to bribe a US official into impeding the investigation into a company that sounds an awful lot like Huawei.
I'm gonna take this comment to remind media Twitter that I'm a reporter with extensive experience covering cyber- and election security, and that I'm looking for a job.
Police didn't start their investigation with a sweeping subpoena for pregnancy metadata. They got a tip, then proceeded to get a warrant for six smartphones and seven computers. Knowing the two chatted on Facebook, cops got a warrant for that too.