Thursday, January 18, 2018
Home Tags Panama

Tag: Panama

10 year agreement to provide best of breed cyber defence solutionsPanama City, Panama & London, England, 10 January 2018 – Sequrest (, the cyber security specialist has announced that it has been selected for a strategic partners...
Cue incredibly wealthy people calling their PRs A major offshore law firm admitted it had been hacked on Tuesday, prompting fears of a Panama Papers-style exposé into the tax affairs of the super rich.…
Enlarge / Light reading for a Friday afternoon.reader comments 149 Share this story Shortly after intelligence officials delivered a highly-classified briefing on the Russian government’s alleged interference in US politics to President-elect Donald Trump, the Office of the Director of National Intelligence (ODNI) published an unclassified version of the report. This version outlines the majority of the joint conclusions of the Central Intelligence Agency, National Security Agency, and Federal Bureau of Investigation. While it contains no major new hacking revelations, what is new is its focus on the role of Russia’s state-funded media organization, known as RT, and its international satellite media operations. Ars is still preparing a more thorough analysis of the report and its findings. But the gist of the CIA, NSA, and FBI analysts’ findings is that the Russian Federation’s president, Vladimir Putin, directly ordered intelligence agencies to collect data from the Democratic National Committee, the Hillary Clinton presidential campaign, and other organizations, and he orchestrated an effort to discredit Clinton, the Democratic party, and the US democratic political process through “information operations.” We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump. We have high confidence in these judgements. In an appendix to the report, the agencies laid out a detailed, publicly-sourced analysis of RT’s alleged propaganda operations, including television programming that promoted the Occupy Wall Street movement and focused on information countering US government domestic and foreign policy. RT, in the agency’s assessment, used coverage of the Occupy Movement to promote the notion that change wasn’t possible within the US democratic system and that only “revolutionary action” could affect real change. The ODNI report mentions Russian TV network RT multiple times, including this anti-fracking segment. The report alleges that this clip was part of a state-sponsored response to “the impact of fracking and US natural gas production on the global energy market.” Russian TV network RT was mentioned many times in terms of being part of an official anti-America propaganda machine. Many of the ideas promoted by RT, such as coverage critical of “fracking” for natural gas in the United States, aligned both with domestic opposition to the US government and with Russia’s own interest in curtailing US development of natural gas and reducing the price of the oil and gas upon which Russia’s economy is highly dependent. The three US agencies found that the Russian government’s effort to affect the US election was “multifaceted;” it included fake hacktivists (Guccifer 2.0 and DCLeaks) pushing stolen data through online dumps and exclusive reveals to journalists; Internet “trolls” reinforcing tailored messages and “fake news” links denigrating Clinton and the Democrats while promoting Trump; and propaganda operations that included collaboration with WikiLeaks—including a “partnership” between WikiLeaks and RT. Putin’s motivations, according to the analysis, included the leak of the Panama Papers—a breach of documents from a Panama-based law firm that set up structures allowing many wealthy people, including members of the Russian government and supporters of Putin, to hide money overseas in secret accounts. “Putin publicly pointed to the Panama Papers disclosure and the Olympic doping scandal as US-directed efforts to defame Russia,” the report notes, which suggests “he sought to use disclosures to discredit the image of the United States and cast it as hypocritical.”
Enlarge / The USS Zumwalt (DDG-1000) will be spending a lot of time pier-side in San Diego.Mark Wilson/Getty Images reader comments 32 Share this story After two unscheduled stops for repairs, the USS Zumwalt (DDG-1000), the US Navy's new stealthy all-electric-powered destroyer, arrived at its new home port in San Diego on December 8.

The ship also brought along new details about the source of its engineering woes. Zumwalt's propulsion issues, which caused the ship to have engineering failures off Norfolk, Virginia, and while transiting the Panama Canal, were caused by seawater getting into the ship's lubrication system for its huge electric motors. US Naval Institute News' Sam LeGrone reports that the root cause of the engine failures was seawater contamination in the lube oil for the bearings of Zumwalt's Advanced Induction Motors. Rather than being driven by dedicated gas turbine engines, the Zumwalt's motors are powered by electricity from the gas turbine generators that also power the rest of the ship.

The power plant is the first of its kind in a Navy ship, and it could generate enough power to allow Zumwalt to be later refitted with directed energy weapons or electromagnetic railguns. The seawater apparently got into the motor bearings via a faulty lubrication oil chiller.

The chiller uses water drawn in from outside the ship to prevent the oil around the motor's bearings from breaking down and to cool the bearings themselves while they're under load.

The cause of the leaks has yet to be determined. Now that the ship is in San Diego, the installation, activation, and certification of Zumwalt's weapons systems will be completed over the next few months.

The ship is not expected to enter full service in the fleet until 2018.

There's still some question about just how the Navy will certify the Zumwalt's gun, as the special shells the Advanced Gun System was supposed to fire have been deemed too expensive by the Navy, at $800,000 per round.
The USS Freedom (LCS-1), designed by Lockheed Martin... or perhaps by a jilted British designer who is pressing IP theft claims against the Navy.US Navy reader comments 98 Share this story This has not been a good year for the US Navy's newest ships.

Four ships from the Navy's two classes of Littoral Combat Ship (LCS)—the high-tech, modular warships that were supposed to be the future of naval warfare in areas close to shore—have suffered major engineering problems, including breaking down at sea.

Three of the LCS ships that suffered engineering failures were from the Freedom class, ships built by Lockheed Martin for the LCS program: USS Freedom, USS Fort Worth, and USS Milwaukee. The program has also seen other setbacks, including the USS Montgomery (an Independence-class LCS built by Austal USA) suffering a cracked hull after bumping the wall of a Panama Canal lock. But the LCS' engineering woes may not be the end of the trouble its shipbuilding programs are facing.

As defense writer David Axe reports, David Giles, a British aerospace engineer-turned-marine architect, has filed a lawsuit accusing the Navy of stealing elements of the Freedom's design from work he did to commercialize a wave-piercing, "semi-planing" hull—work Giles patented in the early 1990s. Giles' design, called the Prelude, was derived from work his firm first pitched to the British Royal Navy.

The patents were filed for a design for high-speed container ships, called Fastships.

Giles formed a company by the same name to build them.

The design patents expired in 2010, but Giles' company—which is now bankrupt—filed suit against the Navy in 2012 after years of seeking compensation. Lockheed Martin had formed a "strategic partnership" with Giles' Fastships in 2002 as the Navy began looking at LCS designs, Giles told Axe.

And he claimed that design information from his Fastships designs—for container ships capable of speeds between 40 and 50 knots (46 to 57 miles per hour)—had been shared in confidence with the US Navy prior to that. The Navy initially passed on Giles' Prelude hull design because it wanted something smaller and faster.

The Navy then changed its mind in 2003, shifting the design requirements into the size and speed category covered by Giles' patents. Lockheed kicked Fastships off the project but went ahead and incorporated much of Fastships' design elements into the Freedom class hull, Giles has asserted. Lockheed was not named in the suit. This isn't the only suit the Navy faces over accusations of stealing intellectual property.

Bitmanagement Software filed a federal lawsuit earlier this year accusing the Navy of pirating the company's software, installing more than 558,000 unlicensed copies of its BS Contract Geo geospatial visualization software when the service only had licenses for 38 computers.
In that incident, the Navy has responded that it received authorization from the company to run the additional copies across its network. Too hot to handle Meanwhile, the Navy's newest destroyer is having its own engineering woes.

After being commissioned in Baltimore in October, the USS Zumwalt (DDG-1000) began a journey to San Diego, its assigned home port, for final equipment fitting. But the ship suffered an engineering failure on November 21 while passing through the Panama Canal, just a few weeks after the Montgomery's mishap.

The stealth destroyer, which has cost the Navy more than $7 billion, needed to be towed through the Miraflores Locks to the facility formerly known as US Naval Station Rodman to undergo repairs.
It remains there today. The Zumwalt has an all-electric drive system with power provided by gas turbines.

The issue with the ship was apparently in the heat exchanger that cools the gas turbines.

A Naval Sea Systems Command (NAVSEA) spokesperson told Ars in an e-mail today that information on the cause of the failure was not yet available. However, several of the British Royal Navy's newest destroyers, the Type 45, suffered breakdowns operating in the Persian Gulf this summer because the intercoolers for their gas turbine engines failed in the Gulf's warm waters.

All of the Type 45s are receiving engineering overhauls to correct the issue.

The system had late design changes and was never fully tested before deployment.
It's possible that the Zumwalt's heat exchanger also failed because of the high temperature of the water in the Panama Canal.
Researchers are calling into question the safety of some of the top WordPress e-commerce plugins used on over 100,000 commercial websites prepping for Black Friday and Cyber Monday online sales. In reviewing the top 12 WordPress e-commerce plugins, application security testing firm Checkmarx found four with severe vulnerabilities tied to reflected XSS (cross-site scripting), SQL injection and file manipulation flaws. “If these vulnerabilities are exploited, users of over 135,000 websites could find their personal data, including credit card information, threatened,” according to Checkmarx’s analysis of the plugins, published Tuesday. One of the four plugins contained three vulnerabilities, the other three contained one each. The study did not call out specific e-commerce plugins used by WordPress sites, nor did it identify which sites used the plugins. Researchers at the firm did not reveal whether the vulnerabilities had been patched by the plugin vendors or websites using them, either. Developers behind WordPress e-commerce plugins have stayed busy patching issues over the past year. WooCommerce, a plugin that allows site owners to run an online store on top of the WordPress blogging platform, patched a persistent XSS vulnerability in July found by security researchers. In April, an out-of-date version of a WordPress image slider plugin called RevSlider was to blame for the massive 2.5 terabyte data leak known as the “Panama Papers.” In June, an outdated version of the WordPress plugin WP Mobile Detector was impacted by a file update vulnerability that opened “porn spam doorways” on impacted sites. In September, WordPress theme publisher DynamicPress fixed a flaw that let anyone upload malicious files to sites running its business-themed Neosense WordPress templates.

The compromise impacted the site and possibly the server hosting it. In its Website Hacked Report (PDF), released earlier this year, security firm Sucuri asserted 78 percent (8,900) of the total number of infected websites it investigated were WordPress sites. Of those infected WordPress sites, 50 percent of those websites were out of date, according Sucuri.
It concluded it wasn’t the core WordPress platform itself that was vulnerable; but rather the plugins and themes used by site administrators. “Vulnerabilities contained within plugins can easily, and quickly, infect millions of websites as was the case with the 2011 TimThumb LFI vulnerability which affected 1.2 million websites and caused the redirection of 200,000 WordPress based pages to rogue sites,” according to Checkmarx.

TimThumb is a PHP script that resizes images for websites. While a fix for the TimThumb plugin was pushed five years ago, there are still thousands of websites using the outdated and flawed version of the script to this day. Plugins RevSlider, GravityForms and TimThumb were responsible for the bulk of WordPress website infections in the first quarter of 2016, according to Sucuri. Checkmarx is encouraging WordPress site operators to take steps to assure that themes and plugins are updated with the latest security patches.
It also suggest downloading plugins from trusted sources and that site administrators frequent the WordPress Vulnerability Database for the latest warnings and updates. For shoppers, the firm recommends double checking the validity of the SSL certificates used on sites and avoiding reusing the same password.
95 per cent of the 650,000 messages not relevant Analysis Since igniting a political firestorm and triggering major changes in US presidential voting intentions by revealing some emails passing through Hillary Clinton's private email server had been found in an unrelated criminal investigation, the FBI has gone to ground. The US criminal investigation bureau has repeatedly refused to answer basic media questions about simple and long-established computer forensic procedures. But the math, based on detailed information previously released by the FBI, points to the conclusion that the agency will have known by Monday morning exactly how many emails found in a laptop computer seized a month ago from disgraced former New York Congressman Anthony Weiner had come from, gone to, or been copied on from the Clinton server, and how many, if any, could contain possibly classified information not already checked. The agency appears to have pushed a completely misleading number out to US media outlets, suggesting that 650,000 emails had to be checked. Comey told Congress: "The FBI cannot yet assess whether or not this material may be significant.
I cannot predict how long it will take to complete this additional work." But the FBI did not point out that of the 650,000 emails mentioned to the US media, 95 per cent could not possibly be relevant. Comey's letter to Congressional leaders, which started the whole debacle, explained that the agency could not officially look at or report on the emails without obtaining a specific new warrant.

The letter implicitly acknowledged that the agency already had copies of all the mails on its computer systems (which would normally automatically have been indexed by forensic software), bringing the Clinton connection to light. To find out how many emails on the laptop were relevant would have taken "seconds", according to e-discovery software industry experts.

To then find out how many of those – if any – the FBI had not seen in its previous investigation would, at most, have taken "minutes." Standard methods are to take and match cryptographic hashes of email files (which proves the email files identical, if the hashes match), or to match metadata and then textual content. The FBI's previous, year-long investigation into the private Clinton server finished in July, when director James B Comey reported that: "We cannot find a case that would support bringing criminal charges." As only 110 of 30,490 official emails previously examined by the FBI were found to contain classified government information, the number of previously unseen mails that had strayed onto Weiner's laptop is likely to range from zero to a few tens. How the mess began The laptop at the heart of the election controversy was seized on October 3 from former Congressman Weiner after a then-15-year-old girl from North Carolina had complained of sexting.

The alleged victim, now 16, has now complained vociferously that Comey had irresponsibly forced her identity into the open, exposed her to continual and continuing media harassment, and caused the abuse to continue. "You have assisted him in further victimizing me on every news outlet.
I can only assume that you saw an opportunity for political propaganda," she said. Standard forensic procedures for e-discovery in civil and criminal investigations is to make a certifiable digital copy of all media immediately after getting access, and immediately to analyse and index the contents, including buried metadata and email attachments. The software utilised in these investigations is used to handling and sifting big data, scaling up to tens of millions of files.

The global e-discovery market in software systems and services is now worth an estimated $1bn, with many companies offering sophisticated email analysis add-on systems to spot, map, network and visualise chaining, duplicates, and to provide searchable indexes. The FBI have long been leaders in this business.

As revealed by Edward Snowden, the FBI has been operating the PRISM and other systems for over ten years from its Digital Intercept Technology Unit (DITU) at its sprawling Quantico, Virginia base.

The unit annually "ingests" and analyses billions of emails intercepted from US optical fibre cables or passed on by telecommunications operators.

The critical part of the system's front end, obviously, is to spot email addresses associated with intelligence targets. But when it came to the debate, the agency's computer teams had apparently regressed to the digital stone age. The New York Times reported: "The FBI needed custom software to allow them to read Mr Weiner's emails without viewing hers.

But building that program took two weeks." Industry experts used to massive email searches in large civil cases have been scathing about the idea that the FBI's job is difficult with modern tools. Linda Sharp of ZL Technologies said: "In the scheme of e-discovery, 60,000 documents is nothing. We're used to seeing documents in the tens of millions of documents, terabytes of data." Even if you read every email, "we're not talking about a lot. 60,000 is nothing." Journalists have also become users of high-end e-discovery software to handle document dumps in recent high profile reports, such as the Panama Papers and Offshoreleaks investigations (Duncan worked as the data manager for the Offshoreleaks project of the International Consortium of Investigative Journalists).
In the Offshoreleaks investigation in 2013, two million emails were analysed and catalogued, and made available to international journalism teams on a secure server.

To find all emails from a domain takes seconds, once the gruntwork of indexing is complete – which had previously been done for Weiner's computer, to look for sexing evidence. Standard WHOIS registry records show that the domain was registered on 13 January 2009.
She turned down the opportunity to use a standard address, and corresponded throughout her term of office as In 2009, Clinton appointed Huma Abedin as deputy chief of staff at the State Department.
In 2010, Abedin married Weiner.

They separated this past August.

Abedin then became vice chairwoman of Hillary Clinton's 2016 Presidential campaign.

Apart from communicating with Clinton on her email, Abedin and another aide also had personal accounts on the Clinton server. The implication of the FBI's October findings is that Abedin communicated with her husband from the clintonemail domain, or copied him some of her boss's email, or even that he lifted and copied them in a domestic setting. Whichever happened, or all of them, finding those emails on Weiner's laptop will have been forensically trivial, as all will contain the unique string "clintonemail." Google it and you get it, in seconds. Republicans have form for previously exploiting making fundamental forensic errors in reporting on email data in the Clinton investigation.
In 2015, it was claimed that she had a second "secret" address on the server.
In fact, it was a new address she used after being Secretary of State. Phoney numbers Asked by The Reg if they agreed that as their own investigation into Clinton reported that there were 62,320 emails handled on the domain during her term in office as Secretary of State, and that they had already checked 30,490 of those handed over by her lawyers as being official, 90 per cent must be irrelevant – an FBI spokesman refused comment. The Reg asked how long it had taken them to filter the emails to select only Clinton mails, and how many had actually been found. "No comment." Do the math.

The FBI have already seen nearly half of the emails handled by the server.

The balance of emails deemed private by Clinton's lawyers is 32,740.

Even if, implausibly, the entire contents of the Clinton server had been copied to Abedin, and then on to Weiner, it is obvious that 95 per cent of the Weiner emails could not be relevant.

Commonly, two such troves contain many sets of multiple copies of the same emails, made automatically by backup and other processes. Oregon Senator Ron Wyden, a longstanding critic of FBI and NSA electronic mass surveillance, told The Reg that the FBI's "continuing leadership failures" underscore the "need for independent oversight" on surveillance, and reflected a "pattern of poor judgment" by the FBI's director. The US media have been full of hyperbole about how no effort has been spared by the FBI in its efforts to break the butterfly on their wheel.

They would "spare no resources," are working "round the clock" on "16-hour shifts," developing "new software" for the taxing task. In an internal FBI message reported by NBC, Comey is said to have told agents that it would "be misleading to the American people were we not to supplement the record.

At the same time, however, given that we don't know the significance of this newly discovered collection of emails, I don't want to create a misleading impression", he added.
Indeed. ® Sponsored: Customer Identity and Access Management
EnlargeGeorge Hodan reader comments 166 Share this story Since June, some entity has been releasing e-mails and electronic documents obtained via network intrusions and credential thefts of politicians and political party employees. Some of the releases have appeared on sites believed to be associated with Russian intelligence operations; others have appeared on Wikileaks. On occasion, the leaker has also engaged journalists directly, trying to have them publish information drawn from these documents—sometimes successfully, other times not. The US government has pinned at least some of the blame for these leaks on Russia. This has led some observers to argue that WikiLeaks and Russian intelligence agencies are "weaponizing" the media. This is what national security circles refer to as an "influence operation," using reporters as tools to give credibility and cover to a narrative driven by another nation-state. The argument is that by willingly accepting leaked data, journalists have (wittingly or not) aided the leaker's cause. As such, they have become an "agent of influence." The Grugq, a veteran information security researcher who has specialized in counterintelligence research and a former employee of the computer security consulting company @stake, penned an article about the topic yesterday. "The primary role for an agent of influence," he wrote, "is to add credibility to the narrative/data that the agency is attempting to get out and help influence the public." Such agents might friendly with or controlled by the agency trying to spread the information, but they can also be unwitting accomplices "sometimes called a 'useful idiot,' unaware of their role as conduits of data for an agency." The actual impact of the leaked information on the US presidential election may not matter to an influence operation. The intended target of the campaign being waged through the WikiLeaks dumps, Guccifer 2.0, and DCLeaks is likely a larger public—perhaps including citizens in Russia itself and the people and decision-makers of the bordering nations. As Ars previously reported, the attacks on the Democratic National Committee (DNC) and on the US political process may be tied to a Russian effort to "contain" US foreign policy efforts and undermine confidence among the citizens of eastern European NATO members. The continued dumping of documents—and the chaos it creates for the US political process—shows the world that Russia can act upon the US at a distance. Therefore, Russia can also project power much closer to home. Assuming this attribution and analysis is in some broad sense accurate, the raises a question: what's a journalist to do with these sorts of hacks and leaks? Has everyone who draws on them become an unwitting "agent of influence?" And if so, is that actually a bad thing if the leaks are newsworthy? Ethics in information warfare journalism Dealing with a source's motivations is not a new problem for the press. Journalists get used all the time (just as they sometimes "use" their sources; it's part of the circle of life for investigative reporting). "The decision about whether or not to publish has always been about whether or not it's in the public interest, and also, I think, about what's the motivation or intention [of the source]," Jeremy Rue, acting dean of academics for the University of California at Berkeley's Graduate School of Journalism, told Ars. "Often journalists are so eager to get information, they don't take the time to ask what the motivation is behind this source," Rue said. "I think those motivations are important to factor in. Whether or not it changes the choice to publish, I don't really want to take a specific stand on that. It's a very complex issue and it keeps coming up in newsrooms. But I do definitely feel strongly that you should absolutely weigh all the different factors, like what are the motivations of your source." Glenn Greenwald of The Intercept has vocally disagreed with the idea that the source's intentions are material to a reporters' job, particularly in the case of publishing WikiLeaks' recent dumps. To him, if it's news, it's should be reported—regardless of source and motivation. In a recent article, Greenwald wrote as much: Some have been arguing that because these hacks were engineered by the Russian government with the goal of electing Trump or at least interfering in US elections, journalists should not aid this malevolent scheme by reporting on the material. Leaving aside the fact that there is no evidence (just unproven US government assertions) that the Russian government is behind these hacks, the motive of a source is utterly irrelevant in the decision-making process about whether to publish. While nothing in the public domain explicitly links the Russian government to the overall operation, there's at least some suggestive public evidence of Russia's involvement with Guccifer 2.0—who gave Greenwald exclusive access to some of the breach content—and with the DCLeaks "American hacktivist" site. That evidence includes both analysis by security experts of the initial Guccifer 2.0 document dump and an investigation by The Smoking Gun in August, which was triggered by Guccifer 2.0 reaching out directly to the site. For The Grugq, the way Greenwald has interacted with Guccifer 2.0 looks like a perfect example of how an influence operation works. "The Intercept was given 'exclusive' access to e-mails obtained by the entity known as Guccifer 2.0," he wrote. "The Intercept was both aware that the e-mails were from Guccifer 2.0, that Guccifer 2.0 has been attributed to Russian intelligence services, and that there is significant public evidence supporting this attribution." For a site like Wikileaks, the questions extend further. Assuming that it's right to publish material regardless of the source's motivations, how much of that material is fair game? The Investigative Reporter's Handbook frames the decision this way: When exposing private behaviors of public figures a reporter must make sure there is a need for the public to know this information. If there is not than a reporter should not report on it. If the behavior does not affect the figures public performance than there is no need to report on it. Naomi Klein, speaking on Glenn Greenwald's podcast this week, said something similar when talking about WikiLeaks: They’re very clearly looking for maximum media attention and you can tell that just by looking at the WikiLeaks Twitter feed and at how they are timing it right before the debates... These leaks are not, in my opinion, in the same category as the Pentagon Papers or previous WikiLeaks releases like the trade documents they continue to leak, which I am tremendously grateful for, because those are government documents that we have a right to, that are central to democracy. There are many things in that category. But personal e-mails—and there’s all kinds of personal stuff in these e-mails—this sort of indiscriminate dump is precisely what Snowden was trying to protect us from. For Wikileaks, of course, it's all fair game in the name of radical transparency. Snapperjack Between Scylla and Charybdis While there were certainly influence operations in the pre-Internet era, data breaches and digital media (including social media) have made them more accessible even to non-state actors. The "Climategate" incident, in which a collection of e-mails from the Climate Research Unit at the University of East Anglia was leaked in an attempt to sow doubt about scientists' consensus on climate change, is an example of selective publication of information to create controversy and political ammunition. So is the recent "Panama Papers" leak (which the Russian government has suggested was a US information operation). But if the DNC leaks and the wave of other breaches of political figures' e-mails have been an influence operation, they have operated at a much larger scale with much broader ambitions. There's enough to be concerned about ethically when it comes to accurate leaked data being provided by someone running an intentional influence campaign. But things get more complicated when false information is introduced into leaks. While WikiLeaks claims "a 100 percent accuracy rate" for its leaked documents, materials provided by Guccifer 2.0 showed signs of alteration. The entity behind Guccifer 2.0 claimed that one document was a file classified Secret and taken from the computer Hillary Clinton used at the State Department. But the document, which was actually an Obama transition team memorandum from before Clinton was even a nominee for Secretary of State, had been modified to include "Secret" in the document's header. This is the sort of thing that Jack Goldsmith, a former Department of Justice official, warned about at a recent seminar at Yale University. "Theft and publication of truthful information is small beans—what about theft and publication of faked information, which is hard to verify, or tampering with the vote itself?" Goldsmith said. "That could have huge consequences, the number of actors who could do this are many, and our ability to defend against it is uncertain." That places journalists trying to use the documents from these dumps in a very tight spot, trying to both determine the veracity of content they've obtained and decide its newsworthiness. Yes, journalists have been used for propaganda purposes before. Journalists are used by politicians and government agencies every day to put out information to shape perception. Wikileaks' dumps of the Podesta e-mails and other Democratic Party documents show among other things how journalists both use and are used by their sources, ingratiating themselves to get access. But this is the first time a foreign government's agent has used the combination of network infiltration, data theft, and public leaking of that data to the press and the world to affect another country's election—and the perception of that other country's election in areas of the world. Scott E. DePasquale, Senior Fellow at the Atlantic Council's Brent Scowcroft Center for International Security and Chairman & CEO of Utilidata, suggests that Wikileaks' decisions have made it a classic agent of influence. "We can divorce ourselves from whether Russia has actually paid the bills [for WikiLeaks] with no questions and no doubts that Assange knows he is doing benefit to Russia," he said. "Whether we get down to if they're on the Russian payroll, is it a deeply covert intelligence operation or something like that—all of that aside, because I think those are impossible questions to answer and even shed light on in an unclassified domain—it is without a doubt that Assange knows what he is doing is benefiting Russia. Whether he's doing it out of spite for the US as a political activist, or he is using the Russians... whatever the modality is, he knows very well that his interest and Putin's interest are deeply aligned. And that's deeply troubling for us at the end of the day." The worries don't even end with the first reporters to hit publish. Questions linger even for more traditional journalists who use only small bits of the most newsworthy leaked material. "There's the complicitness of serving this role of disseminating news for a state actor like Russia," said Rue. "I think that is a factor that should be part of the equation of whether or not to decide to publish something." A reporter or news organization may still decide that it's worth it to run with the material even if they believe that it's been provided by Russia "trying to embarrass the Clinton campaign," Rue acknowledged. But "you have to consider that as part of the equation to publish." The ethical decisions journalists now make about how they interact with that data are much more complicated as a result. And because of the impact of this particular influence operation, this approach may well become the norm—with more countries seeking to expose each others' secrets using journalists as their proxies.
Enlarge / This is how we used to mess with the results of elections.

The Internet has made it a lot easier.US Air Force photo reader comments 3 Share this story Even if the Russian government was behind the hack of the Democratic National Committee (DNC) and various other political organizations and figures, the US government's options under international law are extremely limited, according to Jack Goldsmith, a Harvard law professor and former US assistant attorney general. Goldsmith, who served at the Justice Department during the administration of George W.

Bush and resigned after a dispute over the legal justifications for "enhanced interrogation" techniques, spoke on Tuesday about the DNC hack yesterday on a Yale University panel. "Assuming that the attribution is accurate," Goldsmith said, "the US has very little basis for a principled objection." In regard to the theft of data from the DNC and others, Goldsmith said that "it's hard to say that it violates international law, and the US acknowledges that it engages in the theft of foreign political data all the time." Goldsmith pointed out that when Director of the Office of National Intelligence James Clapper testified before Congress about a data breach at the Office of Personnel Management, which collected sensitive information on millions of individuals who had worked for or done business with the government, "He said, 'I'm really impressed with what they did, and I would have done the same thing if I could have.'" As far as the publication of the stolen data in a way intended to interfere with the US presidential election, Goldsmith noted that the US has a long history of interference in other countries' politics. "Misinformation campaigns are a core element of what the [Central Intelligence Agency] has done" since it was created, he said. Goldsmith cited a study published in August by Dov H. Levin of the Institute for Politics and Strategy at Carnegie Mellon University.

The dataset for the study details all 117 known times the US and the USSR (later Russia) attempted to manipulate the outcome of elections in other countries. "This was either supporting one side, or taking actions to denigrate or harm the other side," explained Goldsmith. "And 69 percent of this was the US." Bad precedents In 1989, as a young Navy officer, I got a front-row seat to one of the more overt efforts by the US government to influence the results of a foreign election.
I was in Panama, and the outskirts of Panama City were plastered with campaign signs for Guillermo Endara, the presidential candidate of the Democratic Alliance of Civic Opposition (ADOC), the opposition party challenging General Manuel Noriega's Democratic Revolutionary Party. The CIA funded Endara's campaign, giving him $10 million—a huge sum for a country of 2.4 million people.

As an independent commission led by former Attorney General Ramsay Clark found in a report, "It is the per-capita equivalent of a foreign government spending over $1 billion to influence a US national election (five times the amount spent by George Bush and Michael Dukakis combined in the 1988 presidential election)." I left the country just before the election, which Endara apparently won based on exit polls—though that result wouldn't stand because of vote fraud by Noriega's supporters.

A "dignity battalion" attacked Endara and his running mate with clubs. I returned in December to do a security inspection at Rodman Naval Station, only to find myself being ushered into a van to the nearby Air Force base in the early morning hours of December 20 to evacuate as the US "corrected" the election results with Operation Just Cause. There are many other examples, some of them less direct—such as US support for a 1973 coup in Chile that overthrew the elected government of socialist President Salvador Allende. Other US efforts to affect politics—even those within the Soviet Union—were more subtle.

Goldsmith cited an example in the early 1950s, when "[Nikita] Khrushchev trashed Stalin in a party meeting.

The CIA got a recording of it and leaked it to newspapers in an attempt to harm Khrushchev." "No piece of [the DNC hack] is different functionally" from what both the US and Russia have done in the past, Goldsmith said. What's different is that it's happening to the United States—and that doesn't feel good. Thanks to the Internet and the powerful asymmetric capabilities it provides, events like these are likely to continue.

Cyber-disinformation campaigns can happen "with an ease and scale that dwarfs everything that happened before," Goldsmith noted.

The threat of interference in politics through hacking and data manipulation might render all past precedents set by intelligence organizations moot. "Theft and publication of truthful information is small beans—what about theft and publication of faked information, which is hard to verify, or tampering with the vote itself?" Goldsmith said. "That could have huge consequences, the number of actors who could do this are many, and our ability to defend against it is uncertain." The Russian government has been preparing for this game for some time.
Individuals aligned with the Russian government have used social media disinformation, denial of service attacks, and hacking campaigns to shape the political landscape in former Soviet states and elsewhere in Europe frequently over the last decade.

China also has shown a willingness to use information operations to influence US politics—apparently hacking the networks of both Barack Obama and John McCain during the 2008 presidential election campaign, using information obtained about McCain's interactions with Taiwan to further its own political objectives. Echoing comments made by Edward Snowden last year, Goldsmith concluded, "The US has the most powerful cyber capabilities in the world... but we are very much also the most vulnerable, and we're going to be more and more on the losing end of the stick.
I think this is just the beginning."
EnlargeTim Bartel reader comments 19 Share this story Tax officials in Denmark are reportedly paying an unknown source around £1 million (~$1.3M) for secret financial information on hundreds of Danish nationals. Their names appear in the Panama Papers, leaked earlier this year, which consist of 11.5 million files from the database of Mossack Fonseca—the world's fourth biggest offshore law firm. This is the first time, according to Danish newspaper Politiken, that Denmark has agreed to buy information on possible tax evaders in this way. Denmark also seems to be the first country to admit that it's acquiring data from a source with access to the leaked Mossack Fonseca documents. [Update: apparently Iceland made an earlier deal—see comment below.] Politiken reported that the unusual deal was the result of secret negotiations conducted with an unknown seller. What seems to have clinched it was a "free sample" that was sent to prove the value of the data. An official with Denmark's tax office explained: This [sample] convinced us of the quality of the documents. They are real and they contain information that is very relevant to us. Both of specific individuals, and especially super interesting knowledge about the methods used by advisers and the middlemen they use. This can give us a breakthrough in the investigation of tax havens. In return for the payment, the Danish government will apparently receive data from the Panama Papers relating to about 320 cases involving 500 to 600 Danes. The tax authorities expect to have the relevant files at the end of September. Although Politiken reported that the country's tax minister "discreetly secured the backing of a majority in parliament" to conclude the negotiations, the deal is not without its critics. Another article in the newspaper, written by the national secretary of Denmark's Young Conservatives, asked: "If I bought a set of documents which I knew was stolen, then I would be convicted of receiving stolen goods. Why is it different because the taxman is involved?" Despite that controversy, Denmark's move might clear the way for other countries to make similar deals. As noted by the Guardian, government officials in Germany paid under €1 million (~$1.1M) for a significantly smaller Mossack Fonseca leak in 2014. Customers of Germany's second largest bank, Commerzbank, were later raided on suspicion of tax evasion. The lucrative nature of the deal might also encourage others to leak information that could be considered in the public interest. The Greens/EFA group in the European Parliament wants to encourage responsible leaking by bringing in legal protection for whistleblowers, and the organization has published a draft version of its proposed EU whistleblowers Directive. A German website reported that more than 100 MEPs have signed an open letter supporting the idea of better legal safeguards. This post originated on Ars Technica UK
Updating software is important, but it's the third-party add-ons that get servers pwned. No component -- theme, plugin, or module -- is too small. Canonical, the commercial vendor behind Ubuntu Linux, has disclosed a security breach where an unknown ad...