Slashdot Mirror
Spy Chief: Foreign Hackers May Be Targeting Presidential Candidates (nbcnews.com)
An anonymous reader writes from a report via NBC News: Director of National Intelligence James Clapper warned Wednesday that foreign hackers may be targeting the campaigns of U.S. presidential candidates. The FBI and Homeland Security are working with the campaigns to tighten security and prevent cyber intruders from penetrating their defenses, said Clapper. "We have already had some indications of that, and a combination of DHS, FBI are doing what they can to educate both candidates of potential cyber threats," Clapper said, without specifying which candidates they were advising. "I anticipate as the campaigns intensify we will probably have more of it." A senior U.S. intelligence official told NBC News that they are "most worried about Trump, who has no experience with government computer systems or protocols." Foreign hacking against American political candidates is nothing new, Clapper said. Prior to the 2008 presidential election, Chinese cyber spies had targeted the presidential campaigns of then Sen. Obama and Sen. John McCain in order to read emails and policy papers. The hackers successfully compromised some emails, including private correspondence from McCain, NBC News reported. Also, both Obama's and GOP candidate Mitt Romney's campaigns were hit by Chinese cyber-attacks during the 2012 election. The Office of the DNI clarified Clapper's remarks tweeting: "We're aware that campaigns and related organizations and individuals are targeted by actors with a variety of motivations -- from philosophical differences to espionage -- and capabilities -- from defacements to intrusions. We defer to FBI for specific incidents."
for some success for these hackers...
This reminds me of how Sarah Palin's email was hacked by a US citizen back in 2008: https://en.wikipedia.org/wiki/...
It's utterly inconceivable that the US presidential candidates could be tempting targets for hackers!
Foreign hackers are targeting everything, everywhere. Of course they're targeting political figures.
...water has been found to be wet...
...the Pope is Catholic...
...Bears really do shit in the woods, so long as the forest is their habitat.
Do not look into laser with remaining eye.
I won't say that you're wrong, because you're not. However, I must admit that it's hard for me to imagine anybody specifically targeting me; not grabbing my email because my provider's servers have been hacked, but going after me personally. I'm retired, and the only time I had access to classified material ended over forty years ago, when all of the records were on paper.
Good, inexpensive web hosting
The solution, obviously, is to roll your own email server. Don't put it anywhere secure, someone's closet is OK. Read all your work-related emails on it, even the classified ones. It's a secret so it won't be hacked. If anyone finds out about it, try to laugh it off and claim partisanship is making other people persecute you. Heartily enjoy the warm feeling that comes from knowing you're above the law.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
So senior officials are talking about how worrying Trump's lack of experience is. Isn't this the administration favoring some candidates? Is this legal in the US?
Another thing I find disturbing/intriguing is that political parties are private entities. Are the FBI and DHS available to help other private entities worried about their security?
who has no experience with government computer systems or protocols
I seem to remember another candidate that seemingly has no experience with proper security protocol.
Quid quo pro, no?
Nobody thinks they are a target for anything until they are.
True. And, I'm well aware that my box might attacked at random, and no matter how careful I am it's always possible that somebody might get in. However, there's a vast difference between that and a professional data thief tracking down my public IP and making a concerted attempt to break in because they think there's something valuable for them to take. People who do that sort of thing don't go after random people like me, they go for high profile targets who can be expected to have something on their computer that's worth stealing. After all, isn't that where the money is?
Good, inexpensive web hosting
Non-biased legal experts say the related laws are convoluted and murky. After all, how many law makers do you know who can write non-ambiguous and meaningful laws on technology? Bigfoot is probably more common.
Table-ized A.I.
'The FBI and Homeland Security are working with the campaigns to tighten security and prevent cyber intruders from penetrating their defenses'
"The Department of Homeland Security today appointed a senior Microsoft Corp. executive to head a section charged with protecting the federal government's computer networks from cyber attacks." ref
"Overall, we identified 1,085 instances of high-risk vulnerabilities on the MOE [Mission Operating Environment]" ref
However, I must admit that it's hard for me to imagine anybody specifically targeting me;
You in particular, as opposed to any other member of the human specie ?
Probably nobody is wasting the ressources, indeed.
(Though it's hard to be 100% sure).
On the other hand:
You, as in a member of a targeted group ?
(Say as:
- "an American who might be rich, so let's try to get as much personal data as possible, in order to try some identity theft/impersonation and see if we can empty their bank accounts"
- "a citizen, but there the 'one-in-a-million' chance that he might be an evil terrist, so let's siphon all on-line communication, to protect the interests of the gov^H^H^H democracy and freedom"
- "someone with a computer. maybe there's something of value stored on the computer, so let's encrypt everything and asks for bitcoin in exchange of the decryption key"
- "hey, there's a smartphone, syncing its photo database to the cloud! Let's try to break this and maybe we'll land on some pictures resellable to pornsites"
- "sniff, sniff,... do I smell badly protected credit card numbers in that database ?"
- "Hello dear Mr. Techno Vampire, I'm the son of the late King of Nigeria...."
- etc.)
You bet.
Happens probably way more time per day that you imagine.
Even if you don't have any classified information, you as an individual have several caracteristics which cause you to be lumped into the group targetted by various people in for the money.
Luckily for you not all of those semi-automated large-scale operation manage to succeed.
Unlucky for your those actually successful are most likely to go unnoticed - quickly swept under the rug - unless the target was a high profile (say: Sony's database got hacked yet again and millions of credicards numbers are up to grab on the darknet).
But yeah, you ARE definitely targetted, constantly. Just noboy sees you as a clear individual, more as a number on a long list of targets.
(Except maybe for the Nigerian Prince. This kind of scam tends to be a little bit more personal and targeted).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
So is Mr. Clapper now going to admit that SECURING WEBSITES and SECURING DATA is a good thing... and to do that we need encryption, or is he going to try to weasel out by somehow pretending you can secure these things but still give law enforcement and hackers access?
Sooner or later these Washington mouths need to realize that what comes out of one side of their mouth undermines what comes out the other.
Long live encryption.
Ehud Gavron
Tucson AZ
You do like missing the point, don't you? First, random attacks come from skr1pT Kidd13s who only know how to get into unsecured Windows boxes; my computers all run Linux and are about as secure as you can reasonably expect unless you have Very Sensitive Data (which I don't). Second, professional data thieves don't go after random home computers; they're only interested in commercial boxes with financial or other valuable data, or high-profile users with files they can use for blackmail or other forms of extortion. That's why their attacks are called "targeted:" they know exactly who's computer they're breaking into and what they expect to find.
Good, inexpensive web hosting
" A senior U.S. intelligence official told NBC News that they are "most worried about Trump, who has no experience with government computer systems or protocols."
As opposed to Hillary's extensive experience of maintaining a secure platform to conduct official business ?
Technically, she had the experience and knowledge to conduct State Deparment business, she just chose to ignore it.
Of the two, I would be more concerned about Hillary who KNEW better, but elected to follow her own rules vs the established ones. ( There is a very good reason we handle classified info the way we do. )
For all of the alarm bells and billions spent I'll leave the totally feckless public outreach to do anything about it speak for itself.
They don't really care about helping U.S. based organizations not get owned they just care about scaring politicians into writing them bigger checks and passing more laws to retroactively make legal rummaging thru even more of everyone's shit.
my box is kept secure enough that it's probably not worth the bother of breaking into on the slight off-chance that there might be something valuable here.
It's not worth dedicating time of a pro hacker, to specifically find a way into your box, yes.
But it's worth every script kiddie's time to try generic attacks (like bugs of openssl that you haven't had the time to patch yet) against the target groups you appear in.
Again, you only are going to be a number on their list, not a concrete person, but they'll constantly deploy every trick in their sleeve to try to get at you (and at any other number on their target list against whom the trick-of-the-day happened to work).
Luckily, as you try as hard as possible to secure your box, you're getting hacked less frequently than your neighbours, and as you're more savvy than random users, you're more likely to notice when a hack succeeded.
Think of it a little bit as the locked door to your house. It's certainly not proof against government. If they want, they can take down the whole house.
But it's protected against random vandals that might degrade your property.
So it basically looks secure.
Until the day some burglar decides to pay a visit on the chance he might manage to steel something of value. His not targetting you personally, your house happened to be the one he targeted. You my get a guard dog, an alarm, etc. it is going to lower the chance of your stuff getting stolen, but there's always someone motivated enough with access to enough tricks and techniques.
The big difference between your house and the internet is the accessibility. A real-world burglar can only be in front of one house of a time. He can break into only one house simultaneously.
Whereas, on the internet, everything is simultaneously accessible to anyone. It's as if all the houses of the world were all in the same small street and every single wannabe theif could quickly move from one to the other.
The only real secure machine is turned of. And unplugged. And stored into a safe.....
But your practices are as close as possible to safe, while staying convenient.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
. . . I expect generic deploys of commodity platforms and low-bidder content.
So OF COURSE it's going to be hacked. And similarly, their people tend to be persuaded by the latest plastic fantastic gear, so they'll buy a "next-gen" firewall, fail to properly configure it, and then blame the firewall when they get hacked,
As for "foreign" hackers, with the plethora of botted boxes worldwide, J. Random Hacker could be sitting in Dubuque, Iowa, and the attack would look like it's coming from all over. . .
She has lots of experience being hacked by foreign nationals.
Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
my computers all run Linux and are about as secure as you can reasonably expect
Some what serious question but are they really? Likely there are additional measures that can be taken as I found out a long time ago. The base level of security expected in the industry I work in is that specified in the Center for Internet Security benchmarks for what ever OS and large applications benchmarks are applicable. Anyone can go and view/download the benchmarks. These go well beyond patching, AV, firewall, and other simple standard protections that most are aware of. Even the windows protections will do a lot to stop standard attacks by at least forcing the user to jump through some hoops to really F up their system.
Time to offend someone
While I agree with you the fact is that they will never believe that us the plebs deserve that level of protection and that by simply having it available means that you are a terrorist, pedo, commie, etc.
It is double plus good to have our information vulnerable and theirs secure. Their biggest take away from the Snowden mess isn't that they shouldn't have been doing illegal shit but that they need to better secure their illegal shit.
Time to offend someone
Addendum: here's a link to H's side of the "headers removed" saga:
http://hotair.com/archives/201...
Table-ized A.I.
I mean, really, the U.S. government is constantly manipulating foreign politics. If they can't take it, they shouldn't be dishing it out.
I'm really not worried about Chinese or Russian or Enemy-of-the-month-i-stani 1337 h4x0rs tracking what the US presidential campaigns are doing. I'm much more concerned about US government hackers monitoring who's involved with what political campaigns, and slightly concerned about campaigns and their totally-not-coordinated-with-the-campaign supporters' committees hacking each others' resources.
The biggest risk with foreign hackers isn't foreign governments tracking our political movements - it's foreign criminals compromising web pages, figuring that they'd be good targets, and if you're giving that $20 donation to some candidate who's not good at web security, they can redirect it to themselves.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Yeah, this story reminded me of this other story:
https://politics.slashdot.org/...
and the fact that Hillary had the server wiped, which means that no one knows if the server was compromised and all that classified information that was on it was gathered by foreign actors.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Inheriting $40-$200 million, and turning it into $4-$8.7 billion is being successful, I don't care if it matches the growth of the S&P, anyone who lives comfortably and still increases their net worth like that is successful.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?