To every Republican demanding post-election recounts and more transparency: You do know there was a bill on this right? It died on
@senatemajldr
’s desk.
I’m old enough to remember when Elon Musk ordered his private investigators to make a Tesla employee’s life a living hell—including having the employee SWATTED—for tipping off a reporter to waste at a Tesla factory.
The employee had to move his family to Hungary for safety.
Someone on Reddit figured out that all the "re-open the economy" websites were created on the same day by the same guy in Jacksonville, FL.
…
This is an astroturfing campaign. Google astroturfing. H/t
@TattonTreks
Enough is enough. Every reporter or human with any shred of human dignity needs to shut this one down at every opportunity. When
@foxandfriends
leaves it at "Are you sure that's true?" you're doing Putin's bidding. The end. PS: This thread is dedicated to Window Seat.
BREAKING: U.S. administration officials have been watching Russia's FSB penetrate state and local systems in recent weeks and believe they have pieced together Russia's plans for election interference. It is far worse than Iran. w/
@julianbarnes
@SangerNYT
Chris Krebs, former CISA official, reacts to Trump attorney saying he should be shot: “We are a nation of laws and I plan to take advantage of those laws. I’ve got an exceptional team of lawyers that win in court and I think they’re going to be busy.”
the president mocking asian people by mimicking their accents at a fundraiser in front of 500 people isn’t even the headline or lead of this story because apparently that is totally fine now.
I guess now is a good time to tell you about McCarthy’s meeting with 4 Star Generals. They wanted to know how he could defend his trip to Mar-A-Lago after Jan 6. They didn’t tell me his answer. Only this: “I’ve never needed to take a shower so badly in my life. He’s pathetic.”
The server isn't in Ukraine. It's here, in this photo, right next to the Watergate cabinet in the DNC's basement. Lest anyone take this as further proof of some conspiracy, know that one of Crowdstrike's other big clients is the Republican campaign arm, the NRCC.
My wish is to raise my children in a country where this photo would immediately disqualify anyone for the presidency.
Given the backdrop of Nashville, Louisville and the horrific news out of Texas overnight, you should be ashamed
@NikkiHaley
.
NEW: Americans Steal Kremlin’s Playbook, for Clicks and Profit.
Our investigation found a former Fox News executive has been hiring Macedonians to pump out politically inflammatory flame bait, petitions, and the occasional conspiracy theory to Americans.
Crowdstrike doesn't need me to defend it. It's a publicly traded American company with a $12B market cap. But just to give you a sense of how absurd Trump's theory is, Kurtz is American and his co-founder
@DAlperovitch
was born in Moscow. There is no "wealthy Ukrainian."
Asked about Trump’s disastrous Helsinki presser with Putin, Fiona Hill says she searched for a fire alarm to pull and considered faking a medical emergency to cut it off.
Some disturbing developments: In addition to the robocalls, voters in Flint, Michigan are getting threatening live calls telling them to stay home or face arrests at the polls. The calls, which have also been reported in Iowa, are (obviously) not true, says Michigan AG office.
If you read the article, you’ll see our cyber actions against Russia have been conducted without Trump’s approval, or even his knowledge.
#readthearticle
Fascinating NYTimes story. Cyber is another policy area where, despite his rhetoric, Trump has been tougher on Russian than Obama was
U.S. Escalates Online Attacks on Russia’s Power Grid
GoDaddy tells me it’s going to kick Texas Right to Life’s whistleblower/snitch site off it’s service in less than 24 hours. Meanwhile people have been flooding the site with fake tips about
@GregAbbott_TX
and the screenplay to the 2007 animated film “Bee.”
Dr. Jonathan Reiner on CNN just now: “I think Trump is the superspreader” and suggests the reason the White House won’t let CDC do contact tracing is because it may reveal “the president is Patient Zero.”
Barnes died in December 2016. I know he was proud of the work Crowdstrike was doing, rooting Russia out of the DNC's network. Every time this crazy conspiracy theory comes up, I think of him and his wife and kids and it makes me ill.
NEW: Three weeks ago, intelligence analysts started contacting several people with knowledge of the GRU hack of Burisma, after picking up intelligence “chatter” that stolen Burisma emails would be leaked in a forthcoming “October surprise.”
BIG NEWS: Do you own an Apple product? UPDATE IT NOW. New zero-click NSO Group
#Pegasus
spyware has been infecting iPhones, Macs, Watches. This is the Holy Grail of surveillance capabilities and you are vulnerable until you update.
I reported *LITERALLY* this in March 2020. Do your f*ng homework
@mtaibbi
@bariweiss
. Googling is not hard.
Yoel Roth acknowledged talking to them more than his husband.
@ShellenbergerMD
@bariweiss
20. This post about the Hunter Biden laptop situation shows that Roth not only met weekly with the FBI and DHS, but with the Office of the Director of National Intelligence (DNI):
BREAKING: As the November impeachment hearings got underway, Russia's GRU hacked Burisma in what appears to be a repeat of 2016, when GRU hackers breached the DNC and then selectively leaked emails to hurt Clinton's candidacy. with
@AllMattNYT
“To put it bluntly: The mob that stormed and desecrated the Capitol could not have existed in a country that hadn’t been radicalized by the likes of Sean Hannity, Tucker Carlson and Laura Ingraham.” -
@Sulliview
on
@FoxNews
#MustRead
Trump has been pressuring associates to downplay the Russian hack on television, calling it a “hoax” behind closed doors. Latest not so greatest with
@SangerNYT
@BonnorCarnes
Your dad was one of the most decent people I've ever met. A real patriot. And boy did he love you and your mom and your siblings. (Also, when I got married to a great guy four years later, he was the very first person to like every single photo in my Facebook wedding album).
One way of determining fraud in mail-in ballots would be to examine a random sample of a few thousand to find the rate of fraud. If fraud rate is low, voters may be convinced of the election’s legitimacy. If the fraud rate is high, then every mail-in ballot should be examined.
Думаю, должность судьи Верховного суда США, займет судья Апелляционного суда седьмого округа США Эми Кони Барретт - это будет хорошо для всех.
@realDonaldTrump
The two strangers I'd just spent an hour talking to were George Kurtz, Crowdstrike's co-founder, and his sales exec, Stephan Barnes. Barnes spent the rest of the flight telling me Crowdstrike's tech was going to kick China out of American networks for good, and save America's IP.
Gizmodo mapped 70,000 geo-located Parler posts and isolated hundreds from January 6 near the Capitol.
All this data is courtesy of Parler's lax security, which allowed researchers to scrape users' posts, metadata, and GPS coordinates.
Once again, Elon’s scribes are connecting dots to sell you a salacious tale with zero context.
The FBI and DHS role in flagging social media content and accounts has been well documented. Here are examples of the kinds of content they were flagging for companies like Twitter…
Former Twitter employees tell me off record that Twitter won’t adequately deal with its disinformation problem until it turns off Trending Topics. Asked, executives have said its not off the table, but to date there has been little outside pressure for this
@jack
Wanna singlehandedly stop a disinfo catastrophe in October?
Tell Twitter to eliminate Trending Topics for the whole month.
Gaming Trending Topics was Wikileaks’ strategy. It’s how Pizzagate emerged from the fringe.
And for what? Slightly more engagement?
Just turn it off.
Nearly a decade ago, I joined the NYTimes as a cybersecurity reporter. I was leaving my first RSA conference to visit some friends in LA and took the last remaining middle seat on a Southwest flight from SFO-LA. I was seated between two strangers.
I'd heard that before. But Barnes was genuine. He meant it. We exchanged contact info and said our goodbyes. Occasionally "Barnesy" would drop me a message out of the blue: "Hey there, middle seat!" He never once pitched me, just wanted to make sure I over my breakup
Good job submitting millions of faces to a St. Petersburg, Russia based app with a horrific privacy policy that will likely pass this on to state, facial recognition databases, everyone in my Twitter feed.
You 👏🏻 have 👏🏻 learned 👏🏻 nothing.
Bono plays tribute to NAVALNY with Neil Finn’s DON’T DREAM IT’S OVER tonight at the Sphere on their final show in Vegas.
NAVALNY lives on. Putin tried to kill him, but only made NAVALNY more powerful.
#U2UVSphere
Here we go. New unnamed state 🤔 hackers are infecting U.S. critical infrastructure—like grid operators—with custom tools capable of worst-case scenario attacks.
There’s no soft peddling it. This is very serious. Read
@CISAgov
’s advisory in full. And do everything they say. Now
With
@DOE_CESER
,
@FBI
, &
@NSACyber
, we published a joint advisory on APT cyber tools targeting
#ICS
&
#SCADA
devices. Critical infrastructure organizations – especially in the energy sector – should review our recommended proactive mitigations and actions:
The group, believed to be a unit of the FSB, known as "Energetic Bear" or "Dragonfly," is the same group that has been caught breaking into American nuclear, water, power plants and airports. See our previous reporting on this actor:
Wyden to me on McConnell's floor remarks: “I wrote, and the House passed, the toughest election security reform bill to date, which then died in the Senate at Mitch McConnell's hands. It takes a special kind of chutzpah to block every single bill to make our elections more secure
As we started to descend, I asked them what they were doing in SF. They said they'd just been at the RSA conference to launch their new start-up. They told me it was going to help save the country. I told them I'd also been at a conference and told them my name. They gasped.
Within 10 minutes, the three of us were buddies. For an hour, they coached me through a break-up, shared the story of their own marriages, talked about how much they loved their families and our country. We didn't even know each other's names.
Just spoke to an election judge in Dallas County who was forced to leave her precinct after her Republican counterpart/pollworkers refused to wear masks. "Poll workers were aggressively getting in people’s faces and not wearing masks. It was very much a staged event."
Facts you won't hear from House Impeachment Manager Jason Crow:
1. Ukraine received U.S. aid in conformity with the law;
2. The aid was received without any preconditions other than those required by law.
“Now Pfizer may not be able provide more of its vaccine to the United States until next June because of its commitments to other countries, after Trump admin passed on extra doses.”
Russian state media and propaganda sites are starting to pivot towards a Biden victory, while continuing to emphasize allegations of voter fraud, platform censorship, and potential election-related violence. But the bulk of disinfo is coming from POTUS, his kids, Ted Cruz, QAnon.
Exclusive: JetBrains, an obscure software company founded in Russia, based in the Czech Republic, is being investigated as playing a role in the Russian hack. Among its customers are SolarWinds, Google, Siemens, HP, VMWare with
@sangernyt
@julianbarnes
... and then question the legitimacy of this election. Joe Biden won a free and fair election and Senate Republicans who now complain about voting security are only spotlighting their own desperate hypocrisy.”
NEW! Russia's 2020 playbook: GRU is setting up servers stateside, replacing old servers/email for ProtonMail, evading Facebook ad controls and (!!!) DHS is investigating a possible GRU role in U.S. ransomware attacks. Our months-long investigation is live:
I spoke with Jennifer Ellice, an ER doctor in Los Angeles today who is calling for Silicon Valley's help for real-time virus intel sharing for physicians? Can you help?
The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of....
It took 7 years but I wrote a book about the underground government market for cyberweapons. I tracked the program’s 3-decade-long history. I met its Godfather, its hackers, suppliers, mercenaries, and its copycats as they sprung up all over the world. Now, the hardest part 1/3
NYTimes showing how it's done. A side-by-side of Pelosi's real remarks with Trump's edited disinformation hit job. Please let this be the new standard. cc: Every media outlet everywhere.
I spent the vast majority of my day confirming the dumped usernames and passwords from WHO, Gates Foundation and NIH are from old, dated breaches of other companies. Someone went through all this trouble to pull their credentials off dumps from other hacks (1/3)
You’re one of the nation’s 3 largest credit reporting agencies.
You maintain American’s most sensitive personal information.
You choose the password: “admin”
So courageous of
@elonmusk
to wait for a Friday night to announce he’s dismantling the most basic of security measures for anyone who doesn’t pay $8 a month.
Time to expand the
@ftc
Safeguards Rule to social media platforms.
What a joke. 🤦🏼♀️
Effective March 20, 2023, only Twitter Blue subscribers will be able to use text messages as their two-factor authentication method. Other accounts can use an authentication app or security key for 2FA. Learn more here:
Any infosec professional will tell you the greatest threat to security is speed. The fact Elon is pressuring Twitter engineers to roll out his new verification system in 10 days, to meet his day before the election deadline—under threat of firing— is about as bad as this gets.
Pointed statement on
@CISAKrebs
firing from Rep. Ruppersburger: "Our country finds itself without a smart and capable cyber chief in one of the most vulnerable times our nation has ever seen...Once again, Trump puts himself before our country. He does not care about our safety."
Close readers will note that I always put "water treatment plants" first in my line up of remotely hackable infrastructure. It's because this is the attack scenario that freaked me out the most. Someone tried it out Friday in Florida (unsuccessfully).
“The threats “started out fairly general in nature,” said Schmidt, Philly’s GOP elections commissioner. “But regrettably, after the president tweeted my name, there were more of them, and they were far more specific..referencing my children, and what they’re going to do to them.”
President Donald Trump has driven senators into retirement and tweeted wayward Republicans into primary defeat during four years leading the GOP. Now, as a lame duck, he’s launched a new campaign against GOP election officials who won’t bend to his will.
Well, here in Silicon Valley we just received this: "On order of the health officer, gatherings of 50+ individuals are prohibited in San Mateo County effective 12:01 a.m. Sunday, 3/15. Gatherings between 10 and 50 individuals are prohibited unless mitigation measures are taken."
This is very big.
@dotMudge
, who is incredibly well-respected in the cybersecurity community, alleges
@Twitter
lacks basic internal security controls, is lying to
@elonmusk
about the number of fake accounts and bots, and says
@paraga
fired him for raising red flags.
#BREAK
A former Twitter executive, its head of security, has turned whistleblower.
He alleges grave security problems at the company that he says are a risk to national security and democracy.
His first TV interview here:
Every single account promoting
#Trump2020LandslideVictory
that I’ve run through BotSentinel’s algorithms tonight suggest the account is a bot. Every single one.
Iranian hackers dispatched hundreds of attacks against one U.S. Presidential campaign, current and former U.S. officials and journalists, according 2 Microsoft. Other security firms confirmed they are witnessing cyberattacks on candidates on both aisles.
It's not hard. Russia hacked the DNC, Podesta, voter rolls in Arizona and Illinois and VR Systems, which provides voter registration and check in services. They stopped short of actually doing anything with it. Why is Grenell whitewashing Russia's 2016 interference?
The GOP has outsourced abortion policy to Lindsey Graham, a senator who has never had a partner, let alone one who has experienced a miscarriage, a stillbirth, IVF.
Watch this answer in full. This is a man who clearly has no clue what he’s talking about.
“90 PERCENT of us want background checks. WE ARE BEING HELD HOSTAGE BY 50 SENATORS who refuse to put it to a vote.” -Kerr speaking for so many of us who don’t want to spend another second in this sick society
@GOP
has enabled.
ICYMI: China just sanctioned Pompeo, Navarro, Azar, Bolton and other Trump officials. They are now barred from doing business in, or even entering, Hong Kong and Mainland China.
The time is now. Make sure any part of your organization that allows remote access requires multi-factor authentication. Patch and update. Disable any ports that are not mission critical and hunt for suspicious activity now. Have a breach response plan See
Brian E. Frydenborg SLAVA UKRAINI! No to Trump/GOP
I cannot emphasize enough. Everyone, all your companies, all your phones, everything, update your virus protection and download your security patches IMMEDIATELY
(Another) amateur move by Parler, among many we're learning today. To enumerate: Parler allowed for third-party scraping of all user data, didn't delete "deleted" posts, had moderation tools it didn't use, and oh, collected Social Security numbers.
A federal judge said Parler never served Amazon with its lawsuit!
At 4:29pm EST she gave Parler until 5pm PST today to serve Amazon. (Amazon told the court it intends to oppose the suit.) As we noted Parler is represented by a sole practitioner IP lawyer
Remember: The internet has collapsed distance. We are no longer an island protected by two oceans. While there are no specific threats to the US, any retaliation to sanctions will likely come in the form of cyberattacks. Get your house in order now.
Not only did DNI Ratcliffe speculate that Iran emails aimed at Democrats was designed to “harm Trump,” he went out of his way to avoid mention of the Proud Boys. Ace reporting by
@NatashaBertrand
Ratcliffe had decided on his own earlier on in the day to hold the press conference. FBI and CISA joined in so the warning would be seen as independent and apolitical. But he also omitted any references to the Proud Boys, even though the group was named in his prepared remarks.
“The right-wing political activist Ali Alexander says that Arizona Reps. Paul Gosar and Andy Biggs worked with him to plan pro-Trump rallies, including the one that ended with an attack on the Capitol.
New: A significant escalation in Russia’s cyber aggression against Ukraine. Russia’s GRU hacking unit, Sandworm, infected a Ukrainian energy company with destructive malware. The attack was scheduled for last Friday but was caught in time. Bravo
@ESET
and Ukraine CERT 💪
The app being used tonight was cobbled together in the past two months after a previous reporting scheme - which involved caucus goers calling their votes in over the phone- was scrapped for security reasons. The app was never vetted by DHS, never tested at scale, and NV is...
"I don't believe you need 40,000 or 30,000 ventilators. You know, you go to major hospitals, sometimes they have 2 ventilators." -- Trump suggests Cuomo is exaggerating about the medical gear he needs to keep people alive
“If ever there was a sign the United States was losing control of information warfare, of its own warriors, it was the moment one of its own, a young American contractor, saw first lady Michelle Obama’s emails pop up on his screen.”
Here is that story.
"W1 stated that WILLIAMS intended to send the computer device to a friend in Russia, who then planned to sell the device to SVR, Russia's foreign intelligence service" - would like to have some more follow up chats with those saying Russian interference was a hoax
So basically, DHS + FBI are on direct orders not to discuss Russia's intention of helping Trump get re-elected, and sowing doubt about the eventual results if he doesn't.
Two people familiar with the matter tell NBC News that FBI and DHS plan to continue in-person election security briefings to lawmakers about election-related cyber threats and disinformation—but not about the plans and intentions of nation-state adversaries.
There are unsung heroes in American national security today that need recognition:
@CYBERCOM_DIRNSA
@CISAKrebs
and everyone down the line. These people have worked tirelessly to stop this election from being meddled with. We won’t know the full story for awhile, but for now: 🙌🏻