Security

US Media is Losing Its Mind Over Trump-Putin Summit

The media’s mania over Trump’s Helsinki performance and the so-called Russia-gate scandal reached new depths on Monday, says Joe Lauria

By Joe Lauria
Originally published by Consortium News – reprinted here with permission

The reaction of the U.S. establishment media and several political leaders to President Donald Trump’s press conference after his summit meeting with Russian President Vladimir Putin on Monday has been stunning.

Writing in The Atlantic, James Fallows said:

“There are exactly two possible explanations for the shameful performance the world witnessed on Monday, from a serving American president.

Either Donald Trump is flat-out an agent of Russian interests—maybe witting, maybe unwitting, from fear of blackmail, in hope of future deals, out of manly respect for Vladimir Putin, out of gratitude for Russia’s help during the election, out of pathetic inability to see beyond his 306 electoral votes. Whatever the exact mixture of motives might be, it doesn’t really matter.

Or he is so profoundly ignorant, insecure, and narcissistic that he did not  realize that, at every step, he was advancing the line that Putin hoped he would advance, and the line that the American intelligence, defense, and law-enforcement agencies most dreaded.

Conscious tool. Useful idiot. Those are the choices, though both are possibly true, so that the main question is the proportions … never before have I seen an American president consistently, repeatedly, publicly, and shockingly advance the interests of another country over those of his own government and people.”

As soon as the press conference ended CNN cut to its panel with these words from TV personality Anderson Cooper: “You have been watching perhaps one of the most disgraceful performances by an American president at a summit in front of a Russian leader, surely, that I’ve ever seen.”

David Gergen, who for years has gotten away with portraying himself on TV as an impartial political sage, then told CNN viewers:

“I’ve never heard an American President talk that way but I think it is especially true that when he’s with someone like Putin, who is a thug, a world-class thug, that he sides with him again and again against his own country’s interests of his own institutions that he runs, that he’s in charge of the federal government, he’s in charge of these intelligence agencies, and he basically dismisses them and retreats into this, we’ve heard it before, but on the international stage to talk about Hillary Clinton’s computer server …”

“It’s embarrassing,” interjected Cooper.
“It’s embarrassing,” agreed Gergen.

White House correspondent Jim Acosta, ostensibly an objective reporter, then gave his opinion: “I think that sums it up nicely. This is the president of the United States essentially taking the word of the Russian president…over his own intelligence community. It was astonishing, just astonishing to be in the room with the U.S. president and the Russian president on this critical question of election interference, and to retreat back to these talking points about DNC servers and Hillary Clinton’s emails when he had a chance right there in front of the world to tell Vladimir Putin to stay the HELL out of American democracy, and he didn’t do it.”

In other words Trump should just shut up and not question a questionable indictment, which Acosta, like nearly all the media, treat as a conviction.

The Media’s Handlers

The media’s handlers were even worse than their assets. Former CIA director John Brennan tweeted: “Donald Trump’s press conference performance in Helsinki rises to & exceeds the threshold of ‘high crimes & misdemeanors,.’ It was nothing short of treasonous. Not only were Trump’s comments imbecilic, he is wholly in the pocket of Putin. Republican Patriots: Where are you???”

Here’s where the Republican Patriots are, Brennan: “That’s how a press conference sounds when an Asset stands next to his Handler,” former RNC Chairman Michael Steele tweeted.

Representative Liz Cheney, the daughter of the former vice president, said on Twitter: “As a member of the House Armed Services Committee, I am deeply troubled by President Trump’s defense of Putin against the intelligence agencies of the U.S. & his suggestion of moral equivalence between the U.S. and Russia. Russia poses a grave threat to our national security.”

All these were reactions to Trump expressing skepticism about the U.S. indictment on Friday of 12 Russian intelligence agents for allegedly interfering in the 2016 U.S. presidential election while he was standing next to Russian President Vladimir Putin at the press conference following their summit meeting in Helsinki.

“I will say this: I don’t see any reason why it would be” Russia, Trump said. “I have great confidence in my intelligence people, but I will tell you that President Putin was extremely strong and powerful in his denial today.”

The indictments, which are only unproven accusations, formally accused 12 members of the GRU, Russian military intelligence, of stealing Democratic Party emails in a hacking operation and giving the materials to WikiLeaks to publish in order to damage the candidacy of Trump’s opponent, Hillary Clinton. The indictments were announced on Friday, three days before the summit, with the clear intention of getting Trump to cancel it. He ignored cries from the media and Congress to do so.

Over the weekend Michael Smerconish on CNN actually said the indictments proved that Russia had committed a “terrorist attack” against the United States. This is in line with many pundits who are comparing this indictment, that will most likely never produce any evidence, to 9/11 and Pearl Harbor. The danger inherent in that thinking is clear.

Putin said the allegations are “utter nonsense, just like [Trump] recently mentioned.” He added: “The final conclusion in this kind of dispute can only be delivered by a trial, by the court. Not by the executive, by the law enforcement.” He could have added not by the media.

Trump reasonably questioned why the FBI never examined the computer servers of the Democratic National Committee to see whether there was a hack and who may have done it. Instead a private company, CrowdStrike, hired by the Democratic Party studied the server and within a day blamed Russia on very dubious grounds.

“Why haven’t they taken the server?” Trump asked. “Why was the FBI told to leave the office of the Democratic National Committee? I’ve been wondering that. I’ve been asking that for months and months and I’ve been tweeting it out and calling it out on social media. Where is the server? I want to know, where is the server and what is the server saying?”

But being a poor communicator, Trump then mentioned Clinton’s missing emails, allowing the media to conflate the two different servers, and be easily dismissed as Gergen did.

At the press conference, Putin offered to allow American investigators from the team of special counsel Robert Mueller, who put the indictment together, to travel to Russia and take part in interviews with the 12 accused Russian agents. He also offered to set up a joint cyber-security group to examine the evidence and asked that in return Russia be allowed to question persons of interest to Moscow in the United States.

“Let’s discuss the specific issues and not use the Russia and U.S. relationship as a loose change for this internal political struggle,” Putin said.

On CNN, Christiane Amanpour called Putin’s clear offer “obfuscation.”

Even if Trump agreed to this reasonable proposal it seems highly unlikely that his Justice Department will go along with it. Examination of whatever evidence they have to back up the indictment is not what the DOJ is after. As I wrote about the indictments in detail on Friday:

“The extremely remote possibility of convictions were not what Mueller was apparently after, but rather the public perception of Russia’s guilt resulting from fevered media coverage of what are after all only accusations, presented as though it is established fact. Once that impression is settled into the public consciousness, Mueller’s mission would appear to be accomplished.”

Still No ‘Collusion’

The indictments did not include any members of Trump’s campaign team for “colluding” with the alleged Russian hacking effort, which has been a core allegation throughout the two years of the so-called Russia-gate scandal. Those allegations are routinely reported in U.S. media as established fact, though there is still no evidence of collusion.

Trump emphasised that point in the press conference. “There was no collusion at all,” he said forcefully. “Everybody knows it.”

On this point corporate media has been more deluded than normal as they clutch for straws to prove the collusion theory. As one example of many across the media with the same theme, a New York Times story on Friday, headlined, “Trump Invited the Russians to Hack Clinton. Were They Listening?,” said Russia may have absurdly responded to Trump’s call at 10:30 a.m. on July 27, 2016 to hack Clinton’s private email server because it was “on or about” that day that Russia allegedly first made an attempt to hack Clinton’s personal emails, according to the indictment, which makes no connection between the two events.

If Russia is indeed guilty of remotely hacking the emails it would have had no evident need of assistance from anyone on the Trump team, let alone a public call from Trump on national TV to commence the operation.

More importantly, as Twitter handle “Representative Press” pointed out: “Trump’s July 27, 2016 call to find the missing 30,000 emails could not be a ‘call to hack Clinton’s server’ because at that point it was no longer online. Long before Trump’s statement, Clinton had already turned over her email server to the U.S. Department of Justice.” Either the indictment was talking about different servers or it is being intentionally misleading when it says “on or about July 27, 2016, the Conspirators attempted after hours to spearphish for the first time email accounts at a domain hosted by a third party provider and used by Clinton’s personal office.”

This crucial fact alone, that Clinton had turned over the server in 2015 so that no hack was possible, makes it impossible that Trump’s TV call could be seen as collusion. Only a desperate person would see it otherwise.

But there is a simple explanation why establishment journalists are in unison in their dominant Russian narrative: it is career suicide to question it.

As Samuel Johnson said as far back as 1745: “The greatest part of mankind have no other reason for their opinions than that they are in fashion …since vanity and credulity cooperate in its favour.”

Importance of US-Russia Relations

Trump said the unproven allegation of collusion “has had a negative impact upon the relationship of the two largest nuclear powers in the world. We have 90 percent of nuclear power between the two countries. It’s ridiculous. It’s ridiculous what’s going on with the probe.”

The American president said the U.S. has been “foolish” not to attempt dialogue with Russia before, to cooperate on a range of issues.

“As president, I cannot make decisions on foreign policy in a futile effort to appease partisan critics or the media or Democrats who want to do nothing but resist and obstruct,” Trump said. “Constructive dialogue between the United States and Russia forwards the opportunity to open new pathways toward peace and stability in our world. I would rather take a political risk in pursuit of peace than to risk peace in pursuit of politics.”

This main reason for summits between Russian and American leaders was also ignored: to use diplomacy to reduce dangerous tensions. “I really think the world wants to see us get along,” Trump said. “We are the two great nuclear powers. We have 90 percent of the nuclear. And that’s not a good thing, it’s a bad thing.”

Preventing good relations between the two countries appears to be the heart of the matter for U.S. intelligence and their media assets. So Trump was vilified for even trying.

Ignoring the Rest of the Story

Obsessed as they are with the “interference” story, the media virtually ignored the other crucial issues that came up at the summit, such as the Middle East.

Trump sort of thanked Russia for its efforts to defeat ISIS. “When you look at all of the progress that’s been made in certain sections with the eradication of ISIS, about 98 percent, 99 percent there, and other things that have taken place that we have done and that, frankly, Russia has helped us with in certain respects,” he said.

Trump here is falsely taking credit, as he has before, for defeating ISIS with only some “help” from Russia. In Iraq the U.S. led the way against ISIS coordinating the Iraqi and Kurdish security forces. But in the separate war against ISIS in Syria, Russia, the Syrian Arab Army, Kurdish forces, Iranian troops and Hizbullah militias were almost entirely responsible for ISIS’ defeat.

Also on Syria, Trump appeared to endorse what is being reported as a deal between Russia and Israel in which Israel would accept Bashar al-Assad remaining as Syrian president, while Russia would work on Iran to get it to remove its forces away from the northern Golan Heights, which Israel illegally considers its border with Syria.

After a meeting in Moscow last week with Putin, Israel Prime Minister Benjamin Netanyahu said he accepted Assad remaining in power.

“President Putin also is helping Israel,” Trump said at the press conference. “We both spoke with Bibi Netanyahu. They would like to do certain things with respect to Syria, having to do with the safety of Israel. In that respect, we absolutely would like to work in order to help Israel. Israel will be working with us. So both countries would work jointly.”

Trump also said that the U.S. and Russian militaries were coordinating in Syria, but he did not go as far as saying that they had agreed to fight together there, which has been a longstanding proposal of Putin’s dating back to September 2015, just before Moscow intervened militarily in the country.

“Our militaries have gotten along probably better than our political leaders for years,” Trump said. “Our militaries do get along very well. They do coordinate in Syria and other places.”

Trump said Russia and the U.S. should cooperate in humanitarian assistance in Syria.

“If we can do something to help the people of Syria get back into some form of shelter and on a humanitarian basis…that’s what the word was, a humanitarian basis,” he said. “I think both of us would be very interested in doing that.”

Putin said he had agreed on Sunday with French President Emmanuel Macron on a joint effort with Europe to deliver humanitarian aid. “On our behalf, we will provide military cargo aircraft to deliver humanitarian cargo. Today, I brought up this issue with President Trump. I think there’s plenty of things to look into,” Putin said.

Joe Lauria is editor-in-chief of Consortium News and a former correspondent for The Wall Street Journal, Boston GlobeSunday Times of London and numerous other newspapers. He can be reached at joelauria@consortiumnews.com and followed on Twitter @unjoe .

What Has Been Leaked? Impacts of the Big Data Breaches

Filed in: News & Current Affairs  –  Author: JF Dowsett

It now seems that major breaches of what is supposed to be secure, privately held information are rarely out of the major media news cycles, however – as we shall see – there have been massive amounts of data lost and leaked for the better part of the last decade.

Today, information security is a priority issue not just for the IT or business sectors, but for everyone in all walks of life. The daily lives of millions or rather billions of people (around 40% of the global population, in fact) have today become enmeshed with the internet and with myriad technological devices that not only create a growing personal digital profile but also present further challenges to individual privacy and security. Intelligence agencies such as the United States’ NSA, the German BND or French DGSE – in addition to the scores of other agencies active around the globe today – keep constant tabs on everyone’s finances, movements, actions and even thoughts and feelings (as expressed in untold internet missives and social media posts). In contrast, it is mostly shadowy and anonymous networks of hackers, whistleblowers, and other tech-savvy causes that occasionally “leak” troves of information, thereby making public what was supposed to be hidden away from prying eyes.

On Sunday, 3 April 2016, news of the so-called Panama Papers took the world by surprise as a giant leak of more than 11.5 million financial and legal records records held by the Panamanian law firm Mossack Fonseca and pertaining to numerous high-flying figures in politics and commerce around the globe. More than a year ago an “anonymous source” (appropriately enough employing the pseudonym John Doe) contacted reputable German paper the Süddeutsche Zeitung and in view of the magnitude of the information the Germans decided to analyze the data in conjunction with the International Consortium of Investigative Journalists (ICIJ). The latter had the requisite experience, having previously also worked on Swiss Leaks (February 2015), Lux Leaks (November 2014), and before that on Offshore Leaks (April 2013).

The Panama Papers, however, are but the tip of the iceberg when it comes to data breaches. As reported by USA TODAY, an FBI official recently reported more than 500 million records have been stolen from financial institutions over the past 12 months as a result of cyberattacks. According to other reports, the world’s financial sectors are the most targeted, resulting in hefty costs and liabilities for organizations and customers exposed to identity theft and fraud.

Costs of Data Breaches

Data breaches by sector, 2014 [research and image ©2015 gcn.com]

Data breaches by sector, 2014 [research and image ©2015 gcn.com]

The impacts to a business or agency’s reputation suffers greatly after a loss of data. Nearly two-thirds (64%) of consumers surveyed worldwide say they are unlikely to do business again with a company that had experienced a breach where financial information was stolen, and almost half (49%) had the same opinion when it came to data breaches where personal information was stolen. This is according to a recent global survey by Gemalto, a world leader in digital security, titled Broken Trust: ‘Tis the Season to Be Wary, which surveyed 5,750 consumers in Australia, Brazil, France, Germany, Japan, United Kingdom and United States. 

According to the 2015 Cost of Data Breach Study: Global Analysis, the average total cost of a data breach for the participating companies increased 23 percent over the past two years to $3.79 million. The average cost paid for each lost or stolen record containing sensitive and confidential information increased 6 percent, jumping from $145 in 2014 to $154 in 2015. The lowest cost per lost or stolen record is in the transportation industry, at $121, and the public sector, at $68. On the other hand, the retail industry’s average cost increased dramatically, from $105 last year to $165.

List of Some of the Biggest Data Breaches

A staggering volume of personal information has been lost or stolen even just looking at the period from 2000 until the present. Compiling a short list of some of the more recent, large-scale breaches may be helpful in gaining a quick overview of the size of this global issue. This is a brief list of companies, government agencies, and other entities that have had their sensitive data lost, stolen, hacked or otherwise compromised:

  • AOL, 2004 – 92 million records: A former America Online software engineer stole 92 million screen names and e-mail addresses and sold them to spammers who sent out up to 7 billion unsolicited e-mails.
  • Cardsystems Solutions, 2005 – 40 million records: CardSystems was fingered by MasterCard after it spotted fraud on credit card accounts and found a common thread, tracing it back to CardSystems.  An unauthorized entity put a specific code into CardSystems’ network, enabling the person or group to gain access to the data.
  • T-Mobile/Deutsche Telecom – 17 million records: Thieves got their hands on a storage device with the data, which included the names, addresses, cell phone numbers, and some birth dates and e-mail addresses for high-profile German citizens.
  • US Department of Veterans Affairs, 2006 – 26.5 million records: The Veterans Affairs Department agreed to pay $20 million to settle a class action lawsuit over the loss of a laptop. The department originally took three weeks to report the theft. The laptop was recovered with the data apparently intact a month after it was reported stolen.
  • TK/TJ Maxx, 2007 – 94 million records: Hackers hacked a Minnesota store wifi network and stole data from credit and debit cards of shoppers at off-price retailers TJX, owners of nearly 2,500 stores, including T.J. Maxx and Marshalls. This case is believed to be the largest breach of consumer information.
  • UK Revenue & Customs, 2007 – 25 million records: A set of discs containing confidential details of 25 million child benefit recipients was lost.
  • US Military, 2009 – 76 million records: Without first destroying or wiping its data the agency sent back a defective, unencrypted hard drive for repair and recycling which held detailed records on 76 million veterans, including millions of Social Security numbers dating to 1972.
  • Virgina Department of Health, 2009 – 8 million records: An extortion demand posted on WikiLeaks in 2009 sought $10 million to return over 8 million patient records and 35 million prescriptions allegedly stolen from Virginia Department of Health Professions.  All 36 servers were shut down  to protect records.
  • Heartland, 2009 – 130 million records: The biggest credit card scam in history, Heartland eventually paid more than $110 million to Visa, MasterCard, American Express and other card associations to settle claims related to the breach.
  • Sony Online Entertainment, 2011 – 24.5 million records: Hacked by LulzSec. In addition to the Sony Playstation Network breach, compromised 77 million records. More than 23,000 lost financial data, according to Sony.
  • Sony PSN, 2011 – 77 million records: Rounding off a thoroughly unhappy year for Sony, their third breach saw the loss of 76,000,000 Sony PSN and Qriocity user accounts to hacking collective Lulzsec.
  • Court Ventures, 2012 – 200 million records: A Vietnamese identity theft service was sold personal records, including Social Security numbers, credit card data and bank account information held by Court Ventures, a company subsequently sold to data brokerage firm Experian.
  • Apple, 2012 – 12.5 million records: Hacking group AntiSec claimed they hacked an FBI laptop in March 2012 accessing a file of more than 12 million Apple Unique Device Identifiers (UDIDs). Subsequently, it was discovered that app developer BlueToad was the source of the breach. The list contained personal information such as full names, phone numbers and addresses. AntiSec published a million of these UDIDs online.
  • Blizzard Entertainment, 2012 – 14 million records: Scrambled passwords, e-mail addresses, and personal security answers were knowingly stolen from Blizzard’s internal network. Blizzard itself would not elaborate on the size of the hack (“millions”).
  • Greek Government, 2012 – 9 million records: A computer programmer was arrested in Greece for allegedly stealing the identity information of what could amount to 83% of the country’s population. The 35-year-old was found in possession of 9 million data files containing identification card data, addresses, tax ID numbers and licence plate numbers, which he was also suspected of trying to sell.
  • LinkedIn/eHarmony/Last.fm, 2012 – 8 million records: A hacker known as ‘dwdm’ uploaded a file containing 6.5 million passwords on a Russian hacker forum. Soon after another 1.5 million passwords were discovered.  On analysis, 93% of the passwords could be found in the Top 10,000 password list.
  • South Carolina State Government, 2012 – 6.5 million records: A man was charged with five counts of violating medical confidentiality laws and one count of disclosure of confidential information after he gained access to personal information for more than 228,000 Medicaid beneficiaries.
  • Adobe, 2013 – 36 million records: Hackers obtained access to a large swathe of Adobe customer IDs and encrypted passwords & removed sensitive information (i.e. names, encrypted credit or debit card numbers, expiration dates, etc.). Approximately 36 million Adobe customers were involved: 3.1 million whose credit or debit card information was taken and nearly 33 million active users whose current, encrypted passwords were in the database taken.
  • Living Social, 2013 – 50 million records: Online criminals gained access to user names, e-mail addresses, dates of birth & encrypted passwords for 50 million people. Databases storing financial information were not compromised in the attack, the company said.
  • Target, 2014 – 70 million records: Investigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores.
  • JP Morgan Chase, 2014 – 76 million records: The US’s largest bank was compromised by hackers, stealing names, addresses, phone numbers and emails of account holders. The hack began in June but was not discovered until July, when the hackers had already obtained the highest level of administrative privilege to dozens of the bank’s computer servers.
  • Experian/T-Mobile, 2015 – 15 million records: The world’s biggest data monitoring firm disclosed a massive breach of customers who applied for service with T-Mobile. Names, addresses, birth dates, Social Security numbers, drivers license numbers and passport numbers.
  • AshleyMadison.com, 2015 – 37 million records: Online hookup site for extra-marital affairs was been severely breached and the personal details of over 37 million users, as well as company financial records released. Notorious hacking outfit The Impact Team claimed responsibility, demanding the shutdown of AM.com and other associated sites.
  • Securus Technologies, 2015 – 70 million records: Anonymous hacker leaked records of over 70 million prison phone calls, plus links to recordings. Recording/storing attorney-client calls potentially violates constitutional protections.
  • Anthem, 2015 – 80 million records: Second-largest US health insurer Anthem failed to encrypt the stock of personal info it held. It took them 6 weeks to realise they’d been hacked.
  • Philippine Government’s Electoral Commission, 2015 – 55 million records: After a message was posted on the COMELEC website allegedly by hackers from Anonymous, warning the government not to mess with the elections, the entire database was stolen and posted online.
  • Turkish Government Citizenship Database, 2015 – 49 million records: The Turkish national citizenship database has allegedly been hacked and leaked online.
  • Mossack Fonseca, 2016 – 11.5 million records: The ‘Panama Papers’ consist of 2.6TB of data on politicians, criminals, professional athletes etc leaked from Panamanian law firm Mossack Fonseca, including emails, contracts, scanned documents and transcripts.

Implications for National Security

On June 4th 2015 the US Office of Personnel Management admitted that there was a breach in April and that the personal records of 4.2 million current and former government employees may have been compromised. This breach was linked by officials in the government to Chinese hackers though the Chinese government has vehemently denied this. The hackers it is believed entered OPM records after gaining access to the systems of KeyPoint Government Solutions sometime in 2014.

Former head of both the Central Intelligence Agency and National Security Agency, retired General Michael Hayden has said that the data breach is a “tremendously big deal” and “The potential loss here is truly staggering and, by the way, these records are a legitimate foreign intelligence target.” Believing the breach to have originated abroad, he fears that the stolen information will be used to help recruit spies in the U.S. and abroad while outing intelligence agents around the world.

One national security consideration of data breaches is that hackers could use information from government personnel files for financial gain. In a recent case disclosed by the US Internal Revenue Service, hackers appear to have obtained tax return information by posing as taxpayers using personal information gleaned from previous commercial breaches, according to information security analysis at Forrester Research. US Senate Intelligence Committee Chairman Richard Burr said the government must overhaul its cybersecurity defenses. “Our response to these attacks can no longer simply be notifying people after their personal information has been stolen,” he said. “We must start to prevent these breaches in the first place.”

The Need for Information Security

Data breaches have become a regular feature of modern life, and one that will have affected most of us by now. This will continue as long as efficiency and ease of data access trump security, a state of affairs which makes economic sense for many organisations, at least until they suffer their own data breach. Once a breach happens, the value of security becomes clearer. Data breaches are inevitable, and resources invested in advance can pay dividends when a crisis occurs. It takes maturity for organizations to recognise they cannot control the narrative after a breach becomes public, and that leadership involves being honest and transparent with stakeholders to maintain credibility in difficult circumstances.

There are a wide range of motivations for malicious hackers and data thieves, and without investment in measures such as threat intelligence, any government or organization could easily spend too much or too little time and money on prevention. Some organised criminal groups have capabilities equal to nation state intelligence agencies and will be capable of overcoming nearly any private sector attempts at information security. Their ability to operate globally, to reach an ever-increasing range of targets, also continues to improve.

Encryption is one vital aspect of information security

Encryption is one vital aspect of information security

Encryption is a well-known technology that can restrict access, and its use has readily demonstrated its ability to render data useless to those who do not possess the key. This is exemplified by the uselessness of encrypted PINs and hashed passwords to cybercriminals. This is not new science or new technology; the power of cryptography to protect data is well-known and standardized.

Everyone, from individuals to organizations need to take stock of the protection of their sensitive information in order to ensure that they are fully prepared and engaged to deal with these ever-emerging data security challenges, before it’s too late.