Reps from DHS, the FBI and the ODNI met with tech companies at Facebook to talk election security – gpgmail


Representatives from the Federal Bureau of Investigation, the Office of the Director of National Intelligence and the Department of Homeland Security met with counterparts at tech companies including Facebook, Google, Microsoft and Twitter to discuss election security, Facebook confirmed.

The purpose was to build on previous discussions and further strengthen strategic collaboration regarding the security of the 2020 U.S. state, federal, and presidential elections,” according to a statement from Facebook head of cybersecurity policy, Nathaniel Gleicher.

First reported by Bloomberg, the meeting between America’s largest technology companies and the trio of government security agencies responsible for election security is a sign of how seriously the government and the country’s largest technology companies are treating the threat of foreign intervention into elections.

Earlier this year the Office of the Inspector General issued a report saying that the Department of Homeland Security has not done enough to safeguard elections in the United States.

Throughout the year, reports of persistent media manipulation and the dissemination of propaganda on social media platforms have cropped up not just in the United States but around the world.

In April, Facebook removed a number of accounts ahead of the Spanish election for their role in spreading misinformation about the campaign.

Companies have responded to the threat by updating different mechanisms for users to call out fake accounts and improving in-house technologies used to combat the spread of misinformation.

Twitter, for instance, launched a reporting tool whereby users can flag misleading tweets.

“Improving election security and countering information operations are complex challenges that no organization can solve alone,” said Gleicher in a statement. “Today’s meeting builds on our continuing commitment to work with industry and government partners, as well as with civil society and security experts, to better understand emerging threats and prepare for future elections.”


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Democratic Presidential nominees are ignoring the issue of our cybersecurity infrastructure – gpgmail


With the long battle for the Democratic nominee for president in 2020 firmly underway, more than 20 political hopefuls are talking about spreading the fruits of a solid economy to millions of middle-class Americans who may have missed the good times, implementing Medicare for all to solve financial healthcare pitfalls, and free college education.

One would-be candidate – Jay Inslee, the governor of the state of Washington – is talking almost exclusively about the need to address climate change far more quickly and far more seriously.

But what has not been discussed by any of them, even briefly, is the stunning existential threat to our critical national security and the entire well-being of the U.S. posed by mounting and painful cyber breaches of infrastructure and other targets. If no would-be candidates can acknowledge the significance and magnitude of the cyber threat – let alone put forward a strategy and plan to defend against the threat – it’s hard to take them seriously as prospective national leaders.

I’m hardly the only one with this view. “When we think about existential threats, government has to understand that electricity doesn’t reside in its own silo and that if something happens to (companies like) us, it would have a potentially cataclysmic impact on finance as well,” utility Southern Company CEO Tom Fanning recently told Fox Business.

Specifically, consider just a few examples of what is going on every day:

 

Election malfeasance. We hear daily outrage about threats to our increasingly digital electoral infrastructure, and yet there is no policy discussion.

 

Rampant theft of intellectual property. The strength of our economy is based on our ability to innovate, as encapsulated in IP. And yet our economic and military rivals are brazenly stealing this IP with impunity. They take our innovation and weaponize it to challenge U.S. industry leadership and compromise our defense military technologies.

 

Targeting of critical infrastructure. When most of our infrastructure was built, it was not with security in mind. Our society is dependent upon our infrastructure. What if our phones didn’t work, we couldn’t bank, electrical and gas service was cut off, our planes couldn’t fly and our ports could not function? Massive financing is required to boost security.

 

Manipulation of privacy by select technology giants. What is, in effect, another sort of breach, is the collection, aggregation and manipulation of our privacy by digital aggregators such as Google and Facebook, which is then further manipulated and stolen by criminals. (Note here: A positive response has been the Federal Trade Commission’s endorsement this month of a $5 billion settlement with Facebook over a long-running probe into its privacy missteps.)

How do we solve these problems? Blatantly dictating solutions would inevitably fail. What we can do successfully is set standards of performance and responsibility, coupled with timelines and severe penalties for failure to perform. There must be accountability –something that sometimes exists in industry (albeit at inadequate levels), but that is wholly missing in government at all levels.

While I care deeply about cybersecurity, I am not naïve about the extreme pressure confronting politicians to score well in polls – a requirement to have a shot at winning their party’s presidential nomination. Arguably, cybersecurity awareness may not fit this bill.

If enhanced cybersecurity is to be injected into the Democratic election agenda, the public must actively promulgate such a step. Supporting an outcry is the irrefutable fact that the signs of risk are flagrant. Earlier this year, Global Risks Report 2019 – published by the World Economic Form – said that the rapid evolution of cyber and technological threats poses one of the most significant dangers to societies around the world.

In the U.S., meanwhile, cybersecurity is now at the forefront of policy discussions and planning for future conflicts. The cyber threat has leveled the playing field in many ways, presenting unique concerns to the U.S. and its allies. Two years ago, the final report of the Department of Defense Science Board Task Force on Cyber Deterrence concluded that cyber capabilities of other nations exceeded U.S. ability to defend systems and said this would remain the case for at least another five to 10 years.

These and other threats manifest themselves through attacks on our digital infrastructure. And as the largest and most digitized economy in the world, we have the most to lose when our infrastructure is comprised. There is no higher priority threat to the U.S. If those who would be our leaders, including Donald Trump, cannot acknowledge such a huge external threat to our security, economy and lifestyle and take steps to resolve it, they have no business vying to become the leader of our nation in 2020.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Cybereason raises $200 million for its enterprise security platform – gpgmail


Cybereason, which uses machine learning to increase the number of endpoints a single analyst can manage across a network of distributed resources, has raised $200 million in new financing from SoftBank Group and its affiliates. 

It’s a sign of the belief that SoftBank has in the technology, since the Japanese investment firm is basically doubling down on commitments it made to the Boston-based company four years ago.

The company first came to our attention five years ago when it raised a $25 million financing from investors including CRV, Spark Capital and Lockheed Martin.

Cybereason’s technology processes and analyzes data in real-time across an organization’s daily operations and relationships. It looks for anomalies in behavior across nodes on networks and uses those anomalies to flag suspicious activity.

The company also provides reporting tools to inform customers of the root cause, the timeline, the person involved in the breach or breaches, what tools they use and what information was being disseminated within and outside of the organization.

For founder Lior Div, Cybereason’s work is the continuation of the six years of training and service he spent working with the Israeli army’s 8200 Unit, the military incubator for half of the security startups pitching their wares today. After his time in the military, Div worked for the Israei government as a private contractor reverse engineering hacking operations.

Over the last two years, Cybereason has expanded the scope of its service to a network that spans 6 million endpoints tracked by 500 employees with offices in Boston, Tel Aviv, Tokyo and London.

“Cybereason’s big data analytics approach to mitigating cyber risk has fueled explosive expansion at the leading edge of the EDR domain, disrupting the EPP market. We are leading the wave, becoming the world’s most reliable and effective endpoint prevention and detection solution because of our technology, our people and our partners,” said Div, in a statement. “We help all security teams prevent more attacks, sooner, in ways that enable understanding and taking decisive action faster.”

The company said it will use the new funding to accelerate its sales and marketing efforts across all geographies and push further ahead with research and development to make more of its security operations autonomous.

“Today, there is a shortage of more than three million level 1-3 analysts,” said Yonatan Striem-Amit, chief technology officer and Co-founder, Cybereason, in a statement. “The new autonomous SOC enables SOC teams of the future to harness technology where manual work is being relied on today and it will elevate  L1 analysts to spend time on higher value tasks and accelerate the advanced analysis L3 analysts do.”

Most recently the company was behind the discovery of Operation SoftCell, the largest nation-state cyber espionage attack on telecommunications companies. 

That attack, which was either conducted by Chinese-backed actors or made to look like it was conducted by Chinese-backed actors, according to Cybereason targeted a select group of users in an effort to acquire cell phone records.

As we wrote at the time:

… hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records — including times and dates of calls, and their cell-based locations — on at least 20 individuals.

Researchers at Boston-based Cybereason, who discovered the operationand shared their findings with gpgmail, said the hackers could track the physical location of any customer of the hacked telcos — including spies and politicians — using the call records.

Lior Div, Cybereason’s co-founder and chief executive, told gpgmail it’s “massive-scale” espionage.

Call detail records — or CDRs — are the crown jewels of any intelligence agency’s collection efforts. These call records are highly detailed metadata logs generated by a phone provider to connect calls and messages from one person to another. Although they don’t include the recordings of calls or the contents of messages, they can offer detailed insight into a person’s life. The National Security Agency  has for years controversially collected the call records of Americans from cell providers like AT&T and Verizon (which owns gpgmail), despite the questionable legality.

It’s not the first time that Cybereason has uncovered major security threats.

Back when it had just raised capital from CRV and Spark, Cybereason’s chief executive was touting its work with a defense contractor who’d been hacked. Again, the suspected culprit was the Chinese government.

As we reported, during one of the early product demos for a private defense contractor, Cybereason identified a full-blown attack by the Chinese — ten thousand usernames and passwords were leaked, and the attackers had access to nearly half of the organization on a daily basis.

The security breach was too sensitive to be shared with the press, but Div says that the FBI was involved and that the company had no indication that they were being hacked until Cybereason detected it.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

UK High Court rejects human rights challenge to bulk snooping powers – gpgmail


Civil liberties campaign group Liberty has lost its latest challenge to controversial U.K. surveillance powers that allow state agencies to intercept and retain data in bulk.

The challenge fixed on the presence of so-called “bulk” powers in the 2016 Investigatory Powers Act (IPA): A controversial capability that allows intelligence agencies to legally collect and retain large amounts of data, instead of having to operate via targeted intercepts.

The law even allows for state agents to hack into devices en masse, without per-device grounds for individual suspicion.

Liberty, which was supported in the legal action by the National Union of Journalists, argued that bulk powers are incompatible with European human rights law on the grounds that the IPA contains insufficient safeguards against abuse of these powers.

Two months ago it published examples of what it described as shocking failures by U.K. state agencies — such as not observing the timely destruction of material; and data being discovered to have been copied and stored in “ungoverned spaces” without the necessary controls — which it said showed MI5 had failed to comply with safeguards requirements since the IPA came into effect.

However the judges disagreed that the examples of serious flaws in spy agency MI5’s “handling procedures” — which the documents also show triggering intervention by the Investigatory Powers Commissioner — sum to a conclusion that the Act itself is incompatible with human rights law.

Rejecting the argument in their July 29 ruling, they found that oversight mechanisms the government baked into the legislation (such as the creation of the office of the Investigatory Powers Commissioner to conduct independent oversight of spy agencies’ use of the powers) provide sufficient checks on the risk of abuse, dubbing the regime as “a suite of inter-locking safeguards.”

Liberty expressed disappointment with the ruling — and has said it will appeal.

In a statement the group told the BBC: “This disappointing judgment allows the government to continue to spy on every one of us, violating our rights to privacy and free expression.

“We will challenge this judgment in the courts, and keep fighting for a targeted surveillance regime that respects our rights. These bulk surveillance powers allow the state to Hoover up the messages, calls and web history of hordes of ordinary people who are not suspected of any wrongdoing.”

This is just one of several challenges brought against the IPA.

A separate challenge to bulk collection was lodged by Liberty, Big Brother Watch and others with the European Court of Human Rights (ECHR).

A hearing took place two years ago and the court subsequently found that the U.K.’s historical regime of bulk interception had violated human rights law. However, it did not rule against bulk surveillance powers in principle — which the U.K. judges note in their judgement, writing that consequently: “There is no requirement for there to be reasonable grounds for suspicion in the case of any individual.”

Earlier this year Liberty et al were granted leave to appeal their case to the ECHR’s highest court. That case is still pending before the Grand Chamber.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Senate Intelligence Committee releases first volume of its investigation into Russian election hacking – TechCrunch


The Senate Select Committee on Intelligence today released the first volume of its bipartisan investigation into Russia’s attempts to interfere with the 2016 U.S. elections.

Helmed by Select Committee Chairman Richard Burr, the Republican from North Carolina, and Virginia Democratic Senator Mark Warner, who serves as vice chairman, the committee’s report, Russian Efforts Against Election Infrastructure,” details the unclassified summary findings on election security. 

Through two and a half years the committee has held 15 open hearings, interviewed more than 200 witnesses and reviewed nearly 400,000 documents, according to a statement, and will be publishing other volumes from its investigation over the next year. 

“In 2016, the U.S. was unprepared at all levels of government for a concerted attack from a determined foreign adversary on our election infrastructure. Since then, we have learned much more about the nature of Russia’s cyber activities and better understand the real and urgent threat they pose,” Committee Chairman Burr said in a statement. “The Department of Homeland Security and state and local elections officials have dramatically changed how they approach election security, working together to bridge gaps in information sharing and shore up vulnerabilities.”

Both Sen. Burr and Sen. Warner said that additional steps still needed to be taken.

“[There’s] still much more we can and must do to protect our elections. I hope the bipartisan findings and recommendations outlined in this report will underscore to the White House and all of our colleagues, regardless of political party, that this threat remains urgent, and we have a responsibility to defend our democracy against it.”

Among the Committee’s findings were that Russian hackers exploited the seams between federal and state authorities. State election officials, the report found, were not sufficiently warned or prepared to handle an attack from a state actor.

The warnings that were provided by the Federal Bureau of Investigation and the Department of Homeland Security weren’t detailed enough nor did they contain enough relevant information that would have encouraged the states to take threats more seriously, the report indicated.

More work still needs to be done, according to the Committee. DHS needs to coordinate its efforts with state officials much more closely. But states need to do more as well to ensure that new voting machines have a voter-verified paper trail. 

So does Congress. The committee report underscores that Congress needs to evaluate the results of the $380 million in state security grants which were issued under the Help America Vote Act and ensure that additional funding is available to address any security gaps in voting systems and technologies around the U.S.

Finally, the U.S. needs to create more appropriate deterrence mechanisms to enable the country to respond effectively to cyberattacks on elections.

The Committee’s support for greater spending on election security and refining electoral policy to ensure safe and secure access to the ballot comes as Senate majority leader Mitch McConnell of Kentucky has blocked two election security measures that were attempting to come before the Senate floor for a vote.

New York Democratic Senator Chuck Schumer tried to get consent to pass a House bill that requires the use of paper ballots and included new funding for the Election Assistance Commission.

In a statement explaining his rejection of the bill, McConnell told The Hill, “Clearly this request is not a serious effort to make a law. Clearly something so partisan that it only received one single solitary Republican vote in the House is not going to travel through the Senate by unanimous consent.”

McConnell also rejected a consent motion to pass legislation that would require candidates, campaign officials and family members reach out to the FBI if they received offers of assistance from foreign governments.



10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something