December 12, 2018
Category archive

department of justice

Department of Justice indicts 12 Russian intelligence officers for Clinton email hacks

in Delhi/democratic national committee/department of justice/email hacking/Guccifer 2.0/Hillary Clinton/India/Jeff Sessions/Politics/Russia/Russian election interference/TC/Trump/United States by

Just days before President Trump is set to meet with Russian President Vladimir Putin, the Department of Justice has leveled new charges against 12 Russian intelligence officers who allegedly hacked the Democratic National Committee and the presidential campaign of Hillary Clinton .

The charges, released by Rod J. Rosenstein, the deputy attorney general who’s leading the investigation into Russian election tampering because of the recusal of Attorney General Jeff Sessions from the investigation.

In January of last year, the intelligence community issued a joint statement affirming that Russia had indeed tampered with the U.S. presidential elections in 2016.

Now the investigation is beginning to release indictments. Three former campaign aides for the president’s campaign have already plead guilty, and the president himself is under investigation by Special Investigator Robert Mueller for potential obstruction of justice.

According to the indictment the Russians used spearphishing attacks to gain access to the network of the Democratic National Committee and the Democratic Congressional Campaign Committee.

Rosenstein also said that Russia’s military intelligence service was also behind the leaks that distributed the information online under the aliases Guccifer 2.0 and DCLeaks.

Read the full indictment below.


News Source = techcrunch.com

The United States needs a Department of Cybersecurity

in China/Column/computer security/Congress/cyberattack/cybercrime/Cyberwarfare/Delhi/department of defense/Department of Homeland Security/department of justice/executive/Federal Bureau of Investigation/Government/hacking/India/national security/Politics/Russia/San Francisco/Security/spy/United States/Washington by

This week over 40,000 security professionals will attend RSA in San Francisco to see the latest cyber technologies on display and discuss key issues. No topic will be higher on the agenda than the Russian sponsored hack of the American 2016 election with debate about why the country has done so little to respond and what measures should be taken to deter future attempts at subverting our democracy.

For good reason. There is now clear evidence of Russian interference in the election with Special Counsel Mueller’s 37-page indictment of 13 Russians yet the attack on US sovereignty and stability has gone largely unanswered.  The $120 million set aside by Congress to address the Russian attacks remains unspent. We expelled Russian diplomats but only under international pressure after the poisoning of a former Russian spy and his daughter.

Recent sanctions are unlikely to change the behavior of the Putin administration. To put it bluntly, we have done nothing of substance to address our vulnerability to foreign cyberattacks. Meanwhile, our enemies gain in technological capability, sophistication and impact.

Along with the Russians, the Chinese, North Koreans, Iranians and newly derived nation states use cyber techniques on a daily basis to further their efforts to gain advantage on the geopolitical stage. It is a conscious decision by these governments that a proactive cyber program advances their goals while limiting the United States.

Krisztian Bocsi/Bloomberg via Getty Images

We were once dominant in this realm both technically and with our knowledge and skillsets. That playing field has been leveled and we sit idly by without the will or focus to try and regain the advantage. This is unacceptable, untenable and will ultimately lead to potentially dire consequences.

In March of this year, the US CyberCommand released  a vision paper called “Achieve and Maintain Cyberspace Superiority.” It is a call to action to unleash the country’s cyber warriors to fight  for our national security in concert with all other diplomatic and economic powers available to the United States.

It’s a start but a vision statement is not enough.  Without a proper organizational structure, the United States will never achieve operational excellence in its cyber endeavors.  Today we are organized to fail.  Our capabilities are distributed across so many different parts of the government that they are overwhelmed with bureaucracy, inefficiency and dilution of talent.

The Department of Homeland Security is responsible for national protection including prevention, mitigation and recovery from cyber attacks. The FBI, under the umbrella of the Department of Justice,  has lead responsibility for investigation and enforcement. The Department of Defense, including US CyberCommand, is in charge of national defense.  In addition, each of the various military branches  have their own cyber units. No one who wanted to win would organize a critical  capability in such a distributed and disbursed manner.

How could our law makers know what policy to pass? How do we recruit and train the best of the best in an organization, when it might just be a rotation through a military branch? How can we instantly share knowledge that benefits all when these groups don’t even talk to one another? Our current approach does not and cannot work.

Image courtesy of Colin Anderson

What is needed is a sixteenth branch of the Executive — a Department of Cybersecurity — that  would assemble the country’s best talent and resources to operate under a single umbrella and a single coherent policy.  By uniting our cyber efforts we would make the best use of limited resources and ensure seamless communications across all elements dealing in cyberspace. The department would  act on behalf of the government and the private sector to protect against cyberthreats and, when needed, go on offense.

As with physical defense, sometimes that means diplomacy or sanctions, and sometimes it means executing missions to cripple an enemy’s cyber-operations. We  have the technological capabilities, we have the talent, we know what to do but unless all of this firepower is unified and aimed at the enemy we might as well have nothing.

When a Department of Cybersecurity is discussed in Washington, it is usually rejected because of the number of agencies and departments affected. This is code for loss of budget and personnel. We must rise above turf battles if we are to have a shot at waging an effective cyber war. There are some who have raised concerns about coordination on offensive actions but they can be addressed by a clear chain of command with the Defense Department to avoid the potential of a larger conflict.

We must also not be thrown by comparisons to the Department of Homeland Security and conclude a Cybersecurity department would face the same challenges. DHS was 22 different agencies thrust into one. A Department of Cybersecurity would be built around a common set of skills, people and know-how all working on a common issue and goal. Very different.

Strengthening our cyberdefense is as vital as having a powerful standing army to defend ourselves and our allies. Russia, China and others have invested in their cyberwar capabilities to exploit our systems almost at will.

Counterpunching those efforts requires our own national mandate executed with Cabinet level authority. If we don’t bestow this level of importance to the fight and set ourselves up to win, interference in US elections will not only be repeated …  such acts will seem trivial in comparison to what could and is likely to happen.

News Source = techcrunch.com

Microsoft drops lawsuit after DOJ limits use of gag orders when accessing customer data

in Delhi/department of justice/India/legal/Microsoft/Politics/privacy/TC by

Microsoft said it will drop its lawsuit against the Department of Justice over gag orders placed on companies that prevent them from telling customers when their personal data has been accessed by investigators. Its decision comes after the DOJ issued a new binding policy that requires prosecutors to give more detailed reasons when applying for a gag order and makes it much harder to seek one that lasts indefinitely.

In a blog post about the company’s decision to withdraw the lawsuit, which was filed against the U.S. government in April 2016, Microsoft president and chief legal officer Brad Smith wrote that the DOJ’s new policy “is an important step for both privacy and free expression. It is an unequivocal win for our customers and we’re pleased the DOJ has taken these steps to protect the constitutional rights of all Americans.”

The DOJ now requires prosecutors to “conduct an individualized and meaningful assessment regarding the need for protection from disclosure” and give specific reasons if they decide to apply for a gag order.

Smith said that while secrecy orders may be necessary in some cases, Microsoft’s lawsuit was “based  on a growing and disturbing trend. We highlighted the fact that the government appeared to be overusing secrecy orders in a routine fashion–even where the specific facts didn’t support them–and were seeking indefinite secrecy orders in a large number of cases.”

When Microsoft filed its lawsuit last year, it explained that over an 18-month-period, 2,576 of the legal demands it got from the U.S. government “included an obligation of secrecy,” while 68% appeared to contain “indefinite demands for secrecy.”

“Until today, vague legal standards have allowed the government to get indefinite secrecy orders routinely, regardless of whether they were even based on the specifics of the investigation at hand. That will no longer be true,” Smith wrote.

Microsoft is calling for Senate to advance the EPCA Modernization Act of 2017, which was introduced in July by Senators Mike Lee and Patrick Leahy to update privacy laws for electronic communication information served in third-party service providers, as well as geolocation information.

Featured Image: Bloomberg/Getty Images

News Source = techcrunch.com

DreamHost ordered to provide data on anti-Trump website with considerable court oversight

in Delhi/department of justice/dreamhost/India/Policy/Politics/privacy/TC by

On Thursday, a D.C. court ordered DreamHost to comply with the Department of Justice’s request for data related to the anti-Trump protest website disruptj20.org — with some meaningful stipulations.

Following the hearing DreamHost published a blog post hailing the court proceedings as a win, though acknowledging that it still viewed the DOJ’s modified request as “overly broad.” Still, the DOJ won’t be able to obtain all of the information it originally sought, including the IP addresses of more than one million web visitors, and now that process will be heavily overseen by the court.

“Today’s ruling was a step in the right direction,” DreamHost General Counsel Chris Ghazarian told TechCrunch. “We are happy that they decided to retract a lot of the problematic requests but there still are quite a few issues.”

Ghazarian notes that the DOJ’s request for email content and the discussion list named in the warrant are still objectionable, but this week’s events on the whole were a win for not just DreamHost but internet users at large.

“We’re happy that Judge Morin recognized the First Amendment concerns… and will essentially have the court overseeing the process,” Ghazarian said. “To my knowledge I haven’t seen this [kind of oversight] being used.”

That court oversight, designed to protect the privacy of the website’s visitors, is a “minimization plan” that includes detailing which specific individuals in the government will have access to the data and providing information about all methods that the DOJ will employ to probe the data for evidence.

The company hopes that the precedent set by DreamHost’s resistance will inspire other companies who might “blindly comply” with similarly broad government requests to take a stand in the future.

“The de-scoping of the original warrant, combined with the court’s additional restrictions on the use of, and access to, that data, is a clear victory for user privacy,” DreamHost wrote in its blog. On Wednesday, DreamHost filed a sur reply to the DOJ’s decision to limit the scope of the request.

If the web host chooses not to appeal Thursday’s decision, it will proceed in complying with the order over the next few days. “At this point we’re reviewing our options and deciding what we’re going to be doing going forward,” Ghazarian said.

Featured Image: DAMIEN MEYER/AFP Creative/Getty Images

News Source = techcrunch.com

DOJ backs down from request for IP addresses that visited Trump protest website

in Delhi/department of justice/dreamhost/Government/India/Politics/privacy/TC/Trump administration by

The Department of Justice has dropped its request for the IP addresses of visitors to an anti-Trump inauguration protest website. The news is a win for DreamHost, which went public with the situation last week, riling privacy advocates who decried the DOJ request for IP addresses that had visited disruptj20.org as dangerously broad.

In its reply to the court, the Justice Department modified its request to leave out information that it claims it didn’t know DreamHost had to begin with, namely the 1.3 million IP addresses in question. The DOJ asked the court to exclude any text and photographs from unpublished blog posts it hosted:

“What the government did not know… was the extent of visitor data maintained by DreamHost that extends beyond the government’s singular focus in this case of investigating the planning, organization, and participation in the January 20, 2017 riot. The government has no interest in records relating to the 1.3 million IP addresses that are mentioned in DreamHosts’s numerous press releases and Opposition brief. The government’s investigation is focused on the violence discussed in the Affidavit.”

The letter states that the government intended to exclude and seal evidence beyond the scope of its warrant and that DreamHost refused to engage in a dialogue around the issue after claiming that the warrant was “improper.” The Justice Department maintains that the warrant is lawful. “Contrary to DreamHost’s claims, the Warrant was not intended to be used, and will not be used, to “identify the political dissidents of the current administration,” the letter to the court asserts.

For its part, DreamHost will continue on as planned. In a blog post titled “Narrowing the Scope,” DreamHost cheered its privacy win while preparing to argue “the remaining First and Fourth Amendment issues raised by this warrant” in its court date set for this week.

Featured Image: Chip Somodevilla/Getty Images

News Source = techcrunch.com

Go to Top