Police hijack a botnet and remotely kill 850,000 malware infections – gpgmail


In a rare feat, French police have hijacked and neutralized a massive cryptocurrency mining botnet controlling close to a million infected computers.

The notorious Retadup malware infects computers and starts mining cryptocurrency by sapping power from a computer’s processor. Although the malware was used to generate money, the malware operators easily could have run other malicious code, like spyware or ransomware. The malware also has wormable properties, allowing it to spread from computer to computer.

Since its first appearance, the cryptocurrency mining malware has spread across the world, including the U.S., Russia, and Central and South America.

According to a blog post announcing the bust, security firm Avast confirmed the operation was successful.

The security firm got involved after it discovered a design flaw in the malware’s command and control server. That flaw, if properly exploited, would have “allowed us to remove the malware from its victims’ computers” without pushing any code to victims’ computers, the researchers said.

The exploit would have dismantled the operation, but the researchers lacked the legal authority to push ahead. Because most of the malware’s infrastructure was located in France, Avast contacted French police. After receiving the go-ahead from prosecutors in July, the police went ahead with the operation to take control of the server and disinfect affected computers.

The French police called the botnet “one of the largest networks” of hijacked computers in the world.

The operation worked by secretly obtaining a snapshot of the malware’s command and control server with cooperation from its web host. The researchers said they had to work carefully as to not be noticed by the malware operators, fearing the malware operators could retaliate.

“The malware authors were mostly distributing cryptocurrency miners, making for a very good passive income,” the security company said. “But if they realized that we were about to take down Retadup in its entirety, they might’ve pushed ransomware to hundreds of thousands of computers while trying to milk their malware for some last profits.”

With a copy of the malicious command and control server in hand, the researchers built their own replica, which disinfected victim computers instead of causing infections.

“[The police] replaced the malicious [command and control] server with a prepared disinfection server that made connected instances of Retadup self-destruct,” said Avast in a blog post. “In the very first second of its activity, several thousand bots connected to it in order to fetch commands from the server. The disinfection server responded to them and disinfected them, abusing the protocol design flaw.”

In doing so, the company was able to stop the malware from operating and remove the malicious code to over 850,000 infected computers.

Jean-Dominique Nollet, head of the French police’s cyber unit, said the malware operators generated several million euros worth of cryptocurrency.

Remotely shutting down a malware botnet is a rare achievement — but difficult to carry out.

Several years ago the U.S. government revoked Rule 41, which now allows judges to issue search and seizure warrants outside of their jurisdiction. Many saw the move as an effort by the FBI to conduct remote hacking operations without being hindered by the locality of a judge’s jurisdiction. Critics argued it would set a dangerous precedent to hack into countless number of computers on a single warrant from a friendly judge.

Since then the amended rule has been used to dismantle at least one major malware operation, the so-called Joanap botnet, linked to hackers working for the North Korean regime.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Malicious websites were used to secretly hack into iPhones for years, says Google – gpgmail


Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws.

Google’s Project Zero said in a deep-dive blog post published late on Thursday that the websites were visited thousands of times per week by unsuspecting victims, in what was described as a “indiscriminate” attack.

“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a security researcher at Project Zero.

He said the websites had been hacking iPhones over a “period of at least two years.”

The researchers found five distinct exploit chains involving 12 separate security flaws, including seven involving Safari, the in-built web browser on iPhones. The five separate attack chains allowed an attacker to gain “root” access to the device — the highest level of access and privilege on an iPhone. In doing so, an attacker can gain access to the device’s full range of features normally off-limits to the user. That means an attacker can quietly install malicious apps can be installed to spy on an iPhone owner without their knowledge or consent.

Google said based off their analysis, the vulnerabilities were used to steal a user’s photos and messages, and track their location in near-realtime. The “implant” could also access the user’s on-device bank of saved passwords.

The vulnerabilities affect iOS 10 through to the current iOS 12 software version.

Google privately disclosed the vulnerabilities in February, giving Apple only a week to fix the flaws and roll out updates to its users. That’s a fraction of the 90 days typically given to software developers, giving an indication of the severity of the vulnerabilities.

Apple issued a fix six days later with iOS 12.1.4 for iPhone 5s and iPad Air and later.

Beer said it’s possible other hacking campaigns currently in action.

The iPhone and iPad maker has a good rap on security and privacy matters. Recently the company increased its maximum bug bounty payout to $1 million for security researchers who find flaws that can silently target an iPhone and gain root-level privileges without any user interaction. Under Apple’s new bounty rules — set to go into effect later this year — Google would’ve been eligible for several million dollars in bounties.

A spokesperson for Apple did not immediately comment.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Justice Department indicts 80 individuals in a massive business email scam bust – gpgmail


The Justice Department have indicted dozens of individuals accused of their involvement in a massive business email scam and money laundering scheme.

Thom Mrozek, a spokesperson for the U.S. Attorneys Office for the Central District of California, confirmed more than a dozen individuals had been arrested during raids on Thursday — mostly in the Los Angeles area. A total of 80 defendants are allegedly involved in the scheme.

News of the early-morning raids were first reported by ABC7 in Los Angeles.

The 145-page indictment, unsealed Thursday, said the 80 named individuals are charged with conspiracy to commit mail and bank fraud, as well as aggravated identity theft and money laundering.

Most of the individuals alleged to be involved in the scheme are based in Nigeria, said the spokesperson.

But it’s not immediately known if the Nigerian nationals will be extradited to the U.S., however a treaty exists between the two nations making extraditions possible.

U.S. Attorney Nicola Hanna said the case was part of an ongoing effort to protect citizens and businesses from email scams.

“Today, we have taken a major step to disrupt criminal networks that use [business email scam] schemes, romance scams and other frauds to fleece victims,” he said. “This indictment sends a message that we will identify perpetrators — no matter where they reside — and we will cut off the flow of ill-gotten gains.”

These business email compromise scams rely partly on deception and in some cases hacking. Scammers send specially crafted spearphishing emails to their targets in order to trick them into turning over sensitive information about the company, such as sending employee W-2 tax documents so scammers can generate fraudulent refunds, or tricking an employee into making wire transfers to bank accounts controlled by the scammers. More often than not, the scammers use spoofing techniques to impersonate a senior executive over email to trick the unsuspecting victim, or hack into the email account of the person they are impersonating.

The FBI says these impersonation attacks have cost consumers and businesses more than $3 billion since 2015.

Valentine Iro, 31, and Chukwudi Christogunus Igbokwe, 38, both Nigerian nationals and residents of California, are accused of running the operation, said prosecutors.

The alleged fraudsters are accused of carrying out several hundred “overt” acts of fraud against over a dozen victims, generating millions of dollars worth of fraud over several months. In some cases the fraudsters would hack into the email accounts of the person they were trying to impersonate to try to trick a victim into wiring money from a business into the fraudster’s bank account.

Iro and Igbokwe were “essentially brokers” of fraudulent bank accounts, prosecutors allege, by fielding requests for bank account information and laundering the money obtained from victims. The two lead defendants are accused of taking a cut of the stolen money. They then allegedly used illicit money exchanges to launder the money.

Several bank accounts run by the fraudsters contained over $40 million in stolen funds.

The FBI said the agency has seem a large increase in the number of business email scams in the past year targeting small and large businesses, as well as non-profits.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

This hacker’s iPhone charging cable can hijack your computer – gpgmail


Most people don’t think twice about picking up a phone charging cable and plugging it in. But one hacker’s project wants to change that and raise awareness of the dangers of potentially malicious charging cables.

A hacker who goes by the online handle MG took an innocent-looking Apple USB Lightning cable and rigged it with a small Wi-Fi-enabled implant, which, when plugged into a computer, lets a nearby hacker run commands as if they were sitting in front of the screen.

Dubbed the O.MG cable, it looks and works almost indistinguishably from an iPhone charging cable. But all an attacker has to do is swap out the legitimate cable for the malicious cable and wait until a target plugs it into their computer. From a nearby device and within Wi-Fi range (or attached to a nearby Wi-Fi network), an attacker can wirelessly transmit malicious payloads on the computer, either from pre-set commands or an attacker’s own code.

Once plugged in, an attacker can remotely control the affected computer to send realistic-looking phishing pages to a victim’s screen, or remotely lock a computer screen to collect the user’s password when they log back in.

MG focused his first attempt on an Apple Lightning cable, but the implant can be used in almost any cable and against most target computers.

“This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types,” MG said. “Apple just happens to be the most difficult to implant, so it was a good proof of capabilities.”

In his day job as a red teamer at Verizon Media (which owns gpgmail), he develops innovative hacking methods and techniques to identify and fix security vulnerabilities before malicious attackers find them. Although a personal project, MG said his malicious cable can help red teamers think about defending against different kinds of threats.

“Suddenly we now have victim-deployed hardware that may not be noticed for much longer periods of time,” he explained. “This changes how you think about defense tactics. We have seen that the NSA has had similar capabilities for over a decade, but it isn’t really in most people’s threat models because it isn’t seen as common enough.”

“Most people know not to plug in random flash drives these days, but they aren’t expecting a cable to be a threat,” he said. “So this helps drive home education that goes deeper.”

MG spent thousands of dollars of his own money and countless hours working on his project. Each cable took him about four hours to assemble. He also worked with several other hackers to write some of the code and develop exploits, and gave away his supply of hand-built cables to Def Con attendees with a plan to sell them online in the near future, he said.

But the O.MG cable isn’t done yet. MG said he’s working with others to improve the cable’s functionality and expand its feature set.

“It really just comes down to time and resources at this point. I have a huge list in my head that needs to become reality,” he said.

(via Motherboard)




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

With warshipping, hackers ship their exploits directly to their target’s mail room – gpgmail


Why break into a company’s network when you can just walk right in — literally?

Gone could be the days of having to find a zero-day vulnerability in a target’s website, or having to scramble for breached usernames and passwords to break through a company’s login pages. And certainly there will be no need to park outside a building and brute-force the Wi-Fi network password.

Just drop your exploit in the mail and let your friendly postal worker deliver it to your target’s door.

This newly named technique — dubbed “warshipping” — is not a new concept. Just think of the traditional Trojan horse rolling into the city of Troy, or when hackers drove up to TJX stores and stole customer data by breaking into the store’s Wi-Fi network. But security researchers at IBM’s X-Force Red say it’s a novel and effective way for an attacker to gain an initial foothold on a target’s network.

“It uses disposable, low cost and low power computers to remotely perform close-proximity attacks, regardless of the cyber criminal’s location,” wrote Charles Henderson, who heads up the IBM offensive operations unit.

A warshipping device. (Image: IBM/supplied)

The researchers developed a proof-of-concept device — the warship — which has a similar size to a small phone, into a package and dropped it off in the mail. The device, which cost about $100 to build, was equipped with a 3G-enabled modem, allowing it to be remote controlled so long as it had cell service. With its onboard wireless chip, the device would periodically scan for nearby networks — like most laptops do when they’re switched on — to track the location of the device in its parcel.

“Once we see that a warship has arrived at the target destination’s front door, mailroom or loading dock, we are able to remotely control the system and run tools to either passively, or actively, attack the target’s wireless access,” wrote Henderson.

Once the warship locates a Wi-Fi network from the mailroom or the recipient’s desk, it listens for wireless data packets it can use to break into the network. The warship listens for a handshake — the process of authorizing a user to log onto the Wi-Fi network — then sends that scrambled data back over the cellular network back to the attacker’s servers, which has far more processing power to crack the hash into a readable Wi-Fi password.

With access to the Wi-Fi network, the attacker can navigate through the company’s network, seeking out vulnerable systems and exposed data, and steal sensitive data or user passwords.

All of this done could be done covertly without anyone noticing — so long as nobody opens the parcel.

“Warshipping has all the characteristics to become a stealthy, effective insider threat — it’s cheap, disposable, and slides right under a targets’ nose –all while the attacker can be orchestrating their attack from the other side of the country,” said Henderson. “With the volume of packages that flow through a mailroom daily — whether it be supplies, gifts or employees’ personal purchases — and in certain seasons those numbers soar dramatically, no one ever thinks to second guess what a package is doing here.”

The team isn’t releasing proof-of-concept code as to not help attackers, but uses the technique as part of its customer penetration testing services — which help companies discover weak spots in their security posture.

“If we can educate a company about an attack vector like this, it dramatically reduces the likelihood of the success of it by criminals,” Henderson said.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

StockX was hacked, exposing millions of customers’ data – gpgmail


It wasn’t “system updates” as it claimed. StockX was mopping up after a data breach, gpgmail can confirm.

The fashion and sneaker trading platform pushed out a password reset email to its users on Thursday citing “system updates,” but left users confused and scrambling for answers. StockX told users that the email was legitimate and not a phishing email as some had suspected, but did not say what caused the alleged system update or why there was no prior warning.

A spokesperson eventually told gpgmail that the company was “alerted to suspicious activity” on its site but declined to comment further.

But that wasn’t the whole truth.

An unnamed data breached seller contacted gpgmail claiming more than 6.8 million records were stolen from the site in May by a hacker. The seller declined to say how they obtained the data.

In a dark web listing, the seller put the data for sale for $300. One person at the time of writing already bought the data.

The seller provided gpgmail a sample of 1,000 records. We contacted customers and provided them information only they would know from their stolen records, such as their real name and username combination and shoe size. Every person who responded confirmed their data as accurate.

The stolen data contained names, email addresses, scrambled password (believed to be hashed with the MD5 algorithm and salted), and other profile information — such as shoe size and trading currency. The data also included the user’s device type, such as Android or iPhone, and the software version. Several other internal flags were found in each record, such as whether or not the user was banned or if European users had accepted the company’s GDPR message.

Under those GDPR rules, a company can be fined up to four percent of its global annual revenue for violations.

When reached prior to publication, neither spokesperson Katy Cockrel nor StockX founder Josh Luber responded to a request for comment. A voicemail left on the spokesperson’s cell was not returned.

Jake Williams, founder of Rendition Infosec, said the company “robbed their users of the chance to evaluate their exposure” by not informing customers of the breach when it happened.

StockX was last month valued at over $1 billion after a $110 million fundraise.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Clothing marketplace Poshmark confirms data breach – gpgmail


Poshmark, an online marketplace for buying and selling clothes, has reported a data breach.

The company said in a brief blog post that user profile information, including names and usernames, gender and city data was taken by an “unauthorized third party.” Email addresses, size preferences, and scrambled passwords were also taken.

Poshmark did not say which hashing algorithm, used to scramble the passwords, was used. Some algorithms are stronger than others.

The company also said “internal” preferences, such as email and push notifications, were taken.

Poshmark said it retained an outside security firm but did not say which company. It also said it has rolled out “enhanced security measures” without elaborating. We’ve contacted Poshmark for answers, but did not immediately hear back.

Financial data and physical address information was not compromise, the company said

Poshmark has upwards of 50 million users.

Read more:


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Capital One’s breach was inevitable, because we did nothing after Equifax – gpgmail


Another day, another massive data breach.

This time it’s the financial giant and credit card issuer Capital One, which revealed on Monday a credit file breach affecting 100 million Americans and 6 million Canadians. Consumers and small businesses affected are those who obtained one of the company’s credit cards dating back to 2005.

That includes names, addresses, phone numbers, dates of birth, self-reported income and more credit card application data — including over 140,000 Social Security numbers in the U.S., and more than a million in Canada.

The FBI already has a suspect in custody. Seattle resident and software developer Paige A. Thompson, 33, was arrested and detained pending trial. She’s been accused of stealing data by breaching a web application firewall, which was supposed to protect it.

Sound familiar? It should. Just last week, credit rating giant Equifax settled for more than $575 million over a date breach it had — and hid from the public for several months — two years prior.

Why should we be surprised? Equifax faced zero fallout until its eventual fine. All talk, much bluster, but otherwise little action.

Equifax’s chief executive Richard Smith “retired” before he was fired, allowing him to keep his substantial pension packet. Lawmakers grilled the company but nothing happened. An investigation launched by the former head of the Consumer Financial Protection Bureau, the governmental body responsible for protecting consumers from fraud, declined to pursue the company. The FTC took its sweet time to issue its fine — which amounted to about 20% of the company’s annual revenue for 2018. For one of the most damaging breaches to the U.S. population since the breach of classified vetting files at the Office of Personnel Management in 2015, Equifax got off lightly.

Legislatively, nothing has changed. Equifax remains as much of a “victim” in the eyes of the law as it was before — technically, but much to the ire of the millions affected who were forced to freeze their credit as a result.

Mark Warner, a Democratic senator serving Virginia, along with his colleague since turned presidential candidate Elizabeth Warren, was tough on the company, calling for it to do more to protect consumer data. With his colleagues, he called on the credit agencies to face penalties to the top brass and extortionate fines to hold the companies accountable — and to send a message to others that they can’t play fast and loose with our data again.

But Congress didn’t bite. Warner told gpgmail at the time that there was “a failure of the company, but also of lawmakers” for not taking action.

Lo and behold, it happened again. Without a congressional intervention, Capital One is likely to face largely the same rigmarole as Equifax did.

Blame the lawmakers all you want. They had their part to play in this. But fool us twice, shame on the credit companies for not properly taking action in the first place.

The Equifax incident should have sparked a fire under the credit giants. The breach was the canary in the coal mine. We watched and waited to see what would happen as the canary’s lifeless body emerged — but, much to the American public’s chagrin, no action came of it. The companies continued on with the mentality that “it could happen to us, but probably won’t.” It was always going to happen again unless there was something to force the companies to act.

Companies continue to vacuum up our data — knowingly and otherwise — and don’t do enough to protect it. As much as we can have laws to protect consumers from this happening again, these breaches will continue so long as the companies continue to collect our data and not take their data security responsibilities seriously.

We had an opportunity to stop these kinds of breaches from happening again, yet in the two years passed we’ve barely grappled with the basic concepts of internet security. All we have to show for it is a meager fine.

Thompson faces five years in prison and a fine of up to $250,000.

Everyone else faces just another major intrusion into their personal lives. Not at the hands of the hacker per se, but the companies that collect our data — with our consent and often without — and take far too many liberties with it.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Bellingcat journalists targeted by failed phishing attempt – gpgmail


Investigative news site Bellingcat has confirmed several of its staff were targeted by an attempted phishing attack on their ProtonMail accounts, which the journalists and the email provider say failed.

“Yet again, Bellingcat finds itself targeted by cyber attacks, almost certainly linked to our work on Russia,” wrote Eliot Higgins, founder of the investigative news site in a tweet. “I guess one way to measure our impact is how frequently agents of the Russian Federation try to attack it, be it their hackers, trolls, or media.”

News emerged that a small number of ProtonMail email accounts were targeted this week — several of which belonged to Bellingcat’s researchers who work on projects related to activities by the Russian government. A phishing email purportedly from ProtonMail itself asked users to change their email account passwords or generate new encryption keys through a similarly-named domain set up by the attackers. Records show the fake site was registered anonymously, according to an analysis by security researchers.

In a statement, ProtonMail said the phishing attacks “did not succeed” and denied that its systems or user accounts had been hacked or compromised.

“The most practical way to obtain email data from a ProtonMail user’s inbox is by compromising the user, as opposed to trying to compromise the service itself,” said ProtonMail’s chief executive Andy Yen. “For this reason, the attackers opted for a phishing campaign that targeted the journalists directly.”

Yen said the attackers tried to exploit an unpatched flaw in third-party software used by ProtonMail, which has yet to be fixed or disclosed by the software maker.

“This vulnerability, however, is not widely known and indicates a higher level of sophistication on the part of the attackers,” said Yen.

It’s not known conclusively who was behind the attack. However, both Bellingcat and ProtonMail said they believe certain tactics and indicators of the attack may point to hackers associated with the Russian government. For instance, the attack’s targets were Bellingcat’s researchers working on the ongoing investigation into the downing of flight MH17 by Russian forces and the use of a nerve agent in a targeted killing in the U.K.

Higgins said in a tweet that this week’s attempted attack likely targeted “in the tens” of people unlike earlier attacks attributed to the Russian government-backed hacker group, known as APT 28 or Fancy Bear.

Bellingcat in the past year has gained critical acclaim for its investigations into the Russian government, uncovering the names of the alleged Russian operatives behind the suspected missile attack that blew up Malaysian airliner MH17 in 2014. The research team also discovered the names of the Russian operatives who were since accused of poisoning former Russian intelligence agent Sergei Skripal and his daughter Yulia in a nerve agent attack in Salisbury, U.K. in 2018.

The researchers use open-source intelligence and information gathering where police, law enforcement and intelligence agencies often fail.

It’s not the first time that hackers have targeted Bellingcat. Its researchers were targeted several times in 2016 and 2017 following the breach on the Democratic National Committee which saw thousands of internal emails stolen and published online.

A phone call to the Russian consulate in New York requesting comment was not returned.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Senate Intelligence Committee releases first volume of its investigation into Russian election hacking – TechCrunch


The Senate Select Committee on Intelligence today released the first volume of its bipartisan investigation into Russia’s attempts to interfere with the 2016 U.S. elections.

Helmed by Select Committee Chairman Richard Burr, the Republican from North Carolina, and Virginia Democratic Senator Mark Warner, who serves as vice chairman, the committee’s report, Russian Efforts Against Election Infrastructure,” details the unclassified summary findings on election security. 

Through two and a half years the committee has held 15 open hearings, interviewed more than 200 witnesses and reviewed nearly 400,000 documents, according to a statement, and will be publishing other volumes from its investigation over the next year. 

“In 2016, the U.S. was unprepared at all levels of government for a concerted attack from a determined foreign adversary on our election infrastructure. Since then, we have learned much more about the nature of Russia’s cyber activities and better understand the real and urgent threat they pose,” Committee Chairman Burr said in a statement. “The Department of Homeland Security and state and local elections officials have dramatically changed how they approach election security, working together to bridge gaps in information sharing and shore up vulnerabilities.”

Both Sen. Burr and Sen. Warner said that additional steps still needed to be taken.

“[There’s] still much more we can and must do to protect our elections. I hope the bipartisan findings and recommendations outlined in this report will underscore to the White House and all of our colleagues, regardless of political party, that this threat remains urgent, and we have a responsibility to defend our democracy against it.”

Among the Committee’s findings were that Russian hackers exploited the seams between federal and state authorities. State election officials, the report found, were not sufficiently warned or prepared to handle an attack from a state actor.

The warnings that were provided by the Federal Bureau of Investigation and the Department of Homeland Security weren’t detailed enough nor did they contain enough relevant information that would have encouraged the states to take threats more seriously, the report indicated.

More work still needs to be done, according to the Committee. DHS needs to coordinate its efforts with state officials much more closely. But states need to do more as well to ensure that new voting machines have a voter-verified paper trail. 

So does Congress. The committee report underscores that Congress needs to evaluate the results of the $380 million in state security grants which were issued under the Help America Vote Act and ensure that additional funding is available to address any security gaps in voting systems and technologies around the U.S.

Finally, the U.S. needs to create more appropriate deterrence mechanisms to enable the country to respond effectively to cyberattacks on elections.

The Committee’s support for greater spending on election security and refining electoral policy to ensure safe and secure access to the ballot comes as Senate majority leader Mitch McConnell of Kentucky has blocked two election security measures that were attempting to come before the Senate floor for a vote.

New York Democratic Senator Chuck Schumer tried to get consent to pass a House bill that requires the use of paper ballots and included new funding for the Election Assistance Commission.

In a statement explaining his rejection of the bill, McConnell told The Hill, “Clearly this request is not a serious effort to make a law. Clearly something so partisan that it only received one single solitary Republican vote in the House is not going to travel through the Senate by unanimous consent.”

McConnell also rejected a consent motion to pass legislation that would require candidates, campaign officials and family members reach out to the FBI if they received offers of assistance from foreign governments.



10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something