Russian cyberhacking, and our election. What's the most important lesson?

Russia Today: Not your grandfather's Russia. At least, not in every way. Some things haven't changed much, others have changed a lot. Check out Moscow's new business district:


Financially things are changing rapidly. With the end of the cold war they now have access to much more technology, science and information resources than before. So, could the Russians have hacked our election, to influence the outcome? This NYT hit piece tries to establish that. Much of it is quite irritating:

[...] Yared Tamene, the tech-support contractor at the D.N.C. who fielded the call, was no expert in cyberattacks. His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion. By his own account, he did not look too hard even after Special Agent Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real F.B.I. agent and not an impostor.

“I had no way of differentiating the call I just received from a prank call,” Mr. Tamene wrote in an internal memo, obtained by The New York Times, that detailed his contact with the F.B.I. [...]

No way of differentiating the call? What complete and utter Bullshit. You ask the caller for their phone number, and tell them you will call back. Then you check the number on-line to see if it is a number from the place they claim they are calling from. You can even call the FBI and ask them if it's one of their numbers, and if the caller works for them. Even idiots and morons know this.

The article is full of shit like this. The truth is, they couldn't be bothered to take it seriously. Not until AFTER they lost the election. Rather than blame the unpopularity of their candidate and numerous other factors, they are looking for any excuse they can find to put the blame elsewhere, AND try to invalidate the election because they didn't get the result they wanted. And look at this BS:

[...] By last summer, Democrats watched in helpless fury as their private emails and confidential documents appeared online day after day — procured by Russian intelligence agents, posted on WikiLeaks and other websites, then eagerly reported on by the American media, including The Times. Mr. Trump gleefully cited many of the purloined emails on the campaign trail.

The fallout included the resignations of Representative Debbie Wasserman Schultz of Florida, the chairwoman of the D.N.C., and most of her top party aides. Leading Democrats were sidelined at the height of the campaign, silenced by revelations of embarrassing emails or consumed by the scramble to deal with the hacking. Though little-noticed by the public, confidential documents taken by the Russian hackers from the D.N.C.’s sister organization, the Democratic Congressional Campaign Committee, turned up in congressional races in a dozen states, tainting some of them with accusations of scandal. [...]

So the problem was not that the DNC was involved in activities that led to scandals, it was that Russian hacking exposed the scandalous activities to the American public?

Before the election, the Democrats in power assured us that Russian hacking was not a problem, that our election was secure and fair. Now that they have lost the election, they are saying the exact opposite. So were they lying to us then, or are they lying to us now? Either way, they are lying.

No matter what the Russians did or did not do, the fact is the Democrats are weak on national security issues, and people are sick of their lies, including people in their own party. The more these articles go on about how bad the hacking was, the more incompetent those in charge would appear to be.

Is the most important lesson from all this, that the Russians influenced our election, or that the people in charge of our government are incompetent liars that will say anything to stay in power, and need to be replaced? You decide.

     

The Next Level of Cyber Terrorism?

Are we there yet? See what you think:

Science fiction-style sabotage a fear in new hacks

[...] For years, ill-intentioned hackers have dreamed of plaguing the world's infrastructure with a brand of sabotage reserved for Hollywood. They've mused about wreaking havoc in industrial settings by burning out power plants, bursting oil and gas pipelines, or stalling manufacturing plants.

But a key roadblock has prevented them from causing widespread destruction: they've lacked a way to take remote control of the electronic "controller" boxes that serve as the nerve centers for heavy machinery.

The attack on Iran changed all that. Now, security experts — and presumably, malicious hackers — are racing to find weaknesses. They've found a slew of vulnerabilities.

Think of the new findings as the hacking equivalent of Moore's Law, the famous rule about computing power that it roughly doubles every couple of years. Just as better computer chips have accelerated the spread of PCs and consumer electronics over the past 40 years, new hacking techniques are making all kinds of critical infrastructure — even prisons — more vulnerable to attacks.

One thing all of the findings have in common is that mitigating the threat requires organizations to bridge a cultural divide that exists in many facilities. Among other things, separate teams responsible for computer and physical security need to start talking to each other and coordinate efforts.

Many of the threats at these facilities involve electronic equipment known as controllers. These devices take computer commands and send instructions to physical machinery, such as regulating how fast a conveyor belt moves.

They function as bridges between the computer and physical worlds. Computer hackers can exploit them to take over physical infrastructure. Stuxnet, for example, was designed to damage centrifuges in the nuclear plant being built in Iran by affecting how fast the controllers instructed the centrifuges to spin. Iran has blamed the U.S. and Israel for trying to sabotage what it says is a peaceful program.

Security researcher Dillon Beresford said it took him just two months and $20,000 in equipment to find more than a dozen vulnerabilities in the same type of electronic controllers used in Iran. The vulnerabilities, which included weak password protections, allowed him to take remote control of the devices and reprogram them.

"What all this is saying is you don't have to be a nation-state to do this stuff. That's very scary," said Joe Weiss, an industrial control system expert. "There's a perception barrier, and I think Dillon crashed that barrier."

One of the biggest makers of industrial controllers is Siemens AG, which made the controllers in question. The company said it has alerted customers, fixed some of the problems and is working closely with CERT, the cybersecurity arm of the U.S. Department of Homeland Security.

Siemens said the issue largely affects older models of controllers. Even with those, the company said, a hacker would have to bypass passwords and other security measures that operators should have in place. Siemens said it knows of no actual break-ins using the techniques identified by Beresford, who works in Austin, Texas, for NSS Labs Inc.,

Yet because the devices are designed to last for decades, replacing or updating them isn't always easy. And the more research that comes out, the more likely attacks become.

One of the foremost Stuxnet experts, Ralph Langner, a security consultant in Hamburg, Germany, has come up with what he calls a "time bomb" of just four lines of programming code. He called it the most basic copycat attack that a Stuxnet-inspired prankster, criminal or terrorist could come up with.

"As low-level as these results may be, they will spread through the hacker community and will attract others who continue digging," Langer said in an email.

The threat isn't limited to power plants. Even prisons and jails are vulnerable. [...]

The complications of the modern age. Our Brave New World.
     

Is internet security approaching a crisis?

According to this, yes:

Intel Chief: U.S. at Risk of Crippling Cyber Attack

The United States is at risk of a crippling cyber attack that could "wreak havoc" on the country because the "technological balance" makes it much easier to launch a cyber strike than defend against it, Director of National Intelligence Dennis Blair said Tuesday.

Blair, speaking to the House Intelligence Committee, said U.S. tools are not yet up to the task to fully protect against such an attack.

"What we don't quite understand as seriously as we should is the extent of malicious cyberactivity that grows, that is growing now at unprecedented rates, extraordinary sophistication," Blair said. "And the dynamic of cyberspace, when you look at the technological balance, right now it favors those who want to use the Internet for malicious purposes over those who want to use it for legal and lawful purposes."

Blair said the United States must "deal with that reality," and warned of the catastrophic consequences of a major attack.

"Attacks against networks that control the critical infrastructure in this country ... could wreak havoc," Blair said. "Cyber defenders right now, it's simply the facts of the matter, have to spend more and work harder than the attackers do, and our efforts frankly are not strong enough to recognize, deal with that reality."

He said one critical "factor" is that more and more foreign companies are supplying software and hardware for government and private sector networks.

"This increases the potential for subversion of the information in ... those systems," Blair said.

Blair also told Congress Tuesday that the Internet is providing the fuel for the growing problem of "homegrown radicalization." [...]

It goes on to talk about how the internet is also being used organize attacks and communicate instructions and arrange financing, by the very people who would destroy it. It also reports that senior intelligence officials told Congress Tuesday that Al Qaeda could try to carry out an attack in the United States in the next three to six months. Read the rest for details of what that could mean.

Our business, government and utilities have become increasingly dependent on the internet, for day to day functioning. I doubt people are going to realize how much so, until a major attack occurs, and things we all take for granted no longer work, and we see how many functions of things and systems are affected, directly and indirectly.

I've posted about this before. I would much rather post about solutions to these problems, but I've not seen any. I'm really hoping that some great minds are working on solutions for this situation, and that we see some real defenses created, to halt this growing imbalance. Right now it's looking bleak.

This is one of the reasons I'm learning about Ham Radio. It's not dependent on 3rd party networks or infrastructure, and may be one of the few things that works when nothing else does.