Russia

Subterms

    More stories

    • 100 Shares149 Views

      in Elections

      Trump Contradicts Pompeo Over Russia’s Role in Hack

      by

      AdvertisementContinue reading the main storySupported byContinue reading the main storyTrump Contradicts Pompeo Over Russia’s Role in HackHours after the secretary of state said that Moscow was behind the vast cybersecurity breach, the president suggested it might have been China and downplayed the severity of the attack.Secretary of State Mike Pompeo at the White House last week. In an interview on “The Mark Levin Show,” Mr. Pompeo called the attack a “very significant effort.”Credit…Oliver Contreras for The New York TimesDavid E. Sanger and Dec. 19, 2020Updated 3:54 p.m. ETHours after Secretary of State Mike Pompeo told a conservative radio show host that “we can say pretty clearly that it was the Russians” behind the vast hack of the federal government and American industry, he was contradicted on Saturday by President Trump, who sought to muddy the intelligence findings by raising the possibility that China was responsible.Defying the conclusions of experts inside and outside the government who say the attack was a cybersecurity breach on a scale Washington has never experienced, Mr. Trump also played down the severity of the hack, saying “everything is well under control,” insisting that the news media has exaggerated the damage and suggesting, with no evidence, that the real issue was whether the election results had been compromised.“There could also have been a hit on our ridiculous voting machines during the election,” he wrote on Twitter in his latest iteration of that unfounded conspiracy theory. He tagged Mr. Pompeo, the latest cabinet member to anger him, in his Twitter post. With 30 days left in office, Mr. Trump’s dismissive statements made clear there would be no serious effort by his administration to punish Russia for the hack, and national security officials say they are all but certain to hand off the fallout and response to President-elect Joseph R. Biden Jr.So in the midst of a global pandemic, Mr. Biden will inherit a government so laced with electronic tunnels bored by Russian intelligence that it may be months, years even, before he can trust the systems that run much of Washington. And in his first days in office, even as he has to deal with Russia on arms control and other issues, he will have to confront a quandary that has confounded his predecessors for a quarter of a century: Retaliation for cyber intrusions often results in escalation.As Michael Sulmeyer, now a senior adviser to United States Cyber Command, put it before he entered government, America “lives in the glassiest of glass houses.” The United States is more reliant than almost any other nation on fragile computer networks that make the government and economy hum, making it an especially ripe target for short-of-war attacks like the one executed by the Kremlin.In contrast to Mr. Trump, who has always been reluctant to confront Moscow and President Vladimir V. Putin, Mr. Biden has signaled that he will not let the intrusion, whose full extent is not yet known, go unanswered.“A good defense isn’t enough,’’ Mr. Biden said Thursday, vowing to impose “substantial costs on those responsible for such malicious attacks.”He will not find that easy.Mr. Trump’s tweet was his first comment on the hack, which came to light a week ago. Privately, the president has called the hack a “hoax” and pressured associates to downplay its significance and push alternate theories for who is responsible, two people familiar with the exchanges said. Larry Kudlow, his economic adviser, told reporters on Friday, “People are saying Russia. I don’t know that. It could be other countries.”The president’s unexplained reluctance to blame Russia — which through its embassy in Washington has denied complicity in the attack — has only complicated the response, investigators say. The government only learned of the hack from FireEye, a cybersecurity company, after the firm was itself breached. And Microsoft’s president, Brad Smith, said Thursday that government agencies are approaching Microsoft — not the national security establishment — to understand the extent of the Russian breach.“This is the most consequential cyberespionage campaign in history and the fact that the government is absent is a huge problem for the nation,” said Dmitri Alperovitch, a co-founder of CrowdStrike, a security firm, who is now chairman of Silverado Policy Accelerator, a think tank.“The response has been a total disaster, not just because of the president, but because whoever is left is just polishing up their resumes,” he said. “There’s no coordination and every agency is just doing whatever they can to help themselves.”Mr. Trump’s comments on Saturday had echoes of his stance toward the hacks during 2016 presidential campaign, when he contradicted intelligence findings to claim it was China, or a “400 pound” person “sitting on his bed,” not Russia, who interfered in that election. Two years later, Mr. Trump’s own Justice Department indicted 12 Russian intelligence officers.“Never has there been a President work so hard to provide cover for Russia,” said Clint Watts, a former F.B.I. special agent and Russian information warfare expert at the Foreign Policy Research Institute. All countries spy on each other, of course, and — for now — that appears to have been the first objective of the Russian campaign, one that researchers said on Friday appears to date back to October 2019, six months earlier than initially believed.That was when hackers, presumed to be working for the SVR, one of the most elite and talented of the Russian spy agencies, first broke into the SolarWinds network management software, which is used across the federal government and by three-quarters of the nation’s Fortune 500 companies.The theory is that the Russians were trying to figure out whether they could get into the “supply chain” of software that would give them broad access to the array of systems that make America tick.What no one in the Trump administration wants to address, at least publicly, is how the Russians managed to evade billions of dollars in American-built defenses designed to alert agencies to foreign intrusions. That question, too, now seems certain to be left to Mr. Biden to answer.From their new cyber command center in Fort Meade, Md., the NSA and Cyber Command monitor incoming attacks, the way generations of American military officials jammed underground command centers to look for incoming missile attacks. In this case, the sensors never went off, and the commander of those cyber forces, Gen. Paul M. Nakasone, one of the nation’s most experienced cyber warriors, has said not one word in public about what went wrong.The private sector will face hard questions as well. The majority of infections, Microsoft said, were of private firms, many of them cybersecurity companies. FireEye only detected the attack after Russians cleaned it out too, taking the “Red Team” tools the firm uses to probe corporate and government systems for vulnerabilities.The Russian attack was carefully calibrated to avoid cybersecurity defenses. It gained access to the updates of the SolarWinds software — akin to the updates Apple and other phone makers push onto cellphones as they charge overnight — betting that small changes in code would not be noticed.By compromising the updates, they gained access to 18,000 government agencies and companies. From there they planted “back doors” into the networks of some 40 companies, government agencies and think tanks, according to Microsoft, that allowed them to come and go, steal data and — though it apparently has not happened yet — alter data or conduct destructive attacks.“This was a cybersecurity superspreading event,’’ Mr. Smith said in an interview on Thursday evening, calling it “a moment of reckoning.” While Mr. Trump began his time in office with a strong cybersecurity team in the White House, his third national security adviser, John R. Bolton, ousted them and eliminated the post of a cyber czar with direct access to the president.The new National Defense Authorization Act, which Mr. Trump is threatening to veto for other reasons, would recreate such a post. Yet until Mr. Pompeo, who ran the C.I.A. for the first two years of the Trump administration, made his assessment in an interview on “The Mark Levin Show,” the administration had all but ignored the attack in public — perhaps realizing that an administration that came into office on the heels of Russian interference in the 2016 election was leaving as the victim of one of Russia’s most well-executed cyberattacks.“This was a very significant effort,” Mr. Pompeo said, adding that “we’re still unpacking precisely what it is.” He said he expected most of the details would remain classified.“Given the gravity of this breach, it’s concerning that President Trump is paying so little attention to it,” said Senator Martin Heinrich, the Democrat from New Mexico, home to the Los Alamos nuclear lab that Russians breached in the attack.He and other Democrats have pushed for an aggressive response. “We have failed to deter the Russians,” Senator Chris Coons of Delaware, a Democrat who is close to Mr. Biden, said on Thursday. “We are only going to see Putin stop this action when we stop him.” But if history is any guide, finding the right way to retaliate will be difficult. The United States conducts its own spying missions. America has carried out supply chain attacks, too, including against Iran’s nuclear centrifuges and its missile program. It has been running them against North Korea for years.“The U.S. government has no principled basis to complain about the Russia hack, much less retaliate for it with military means, since the U.S. government hacks foreign government networks on a huge scale every day,” Jack Goldsmith, a Harvard Law School professor who worked in the Bush administration.“Indeed, a military response to the Russian hack would violate international law.” he added. “The United States does have options, but none are terribly attractive.”That is the core of Mr. Biden’s problem. In the first 16 days of his presidency he will have to deal with Mr. Putin to address the renewal of New START, the nuclear arms control treaty that expires on Feb. 5. Mr. Biden has said he favors a clean renewal of the agreement, which can be extended five years without having to return to the Senate for approval.But he will be conducting that negotiation while also dealing with the question of how to retaliate to an ongoing attack whose full extent is still unknown.“They had unfettered access for nine months,” said Stephen Boyer, an executive at BitSight, a cybersecurity firm. “We may never know what we lost.” Reporting was contributed by Steve Kenny, Eric Schmitt and Julian Barnes.AdvertisementContinue reading the main story More

    • 100 Shares159 Views

      in Elections

      Pompeo Says Russia Was Behind Cyberattack on U.S.

      by

      AdvertisementContinue reading the main storySupported byContinue reading the main storyPompeo Says Russia Was Behind Cyberattack on U.S.Secretary of State Mike Pompeo is the first member of the Trump administration to publicly link the Kremlin to the hacking of dozens of government and private systems.Secretary of State Mike Pompeo at the White House last week. In an interview on the Mark Levin Show, Mr. Pompeo called the attack a “very significant effort.”Credit…Oliver Contreras for The New York TimesDec. 19, 2020Updated 8:12 a.m. ETSecretary of State Mike Pompeo said Friday it was clear that Russia was behind the widespread hacking of government systems that officials this week called “a grave risk” to the United States.Mr. Pompeo is the first member of the Trump administration to publicly link the Kremlin to the cyberattack, which used a variety of sophisticated tools to infiltrate dozens of government and private systems, including nuclear laboratories, the Pentagon, and the Treasury and Commerce Departments.“I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” Mr. Pompeo said in an interview on “The Mark Levin Show.”“This was a very significant effort,” he said, adding that “we’re still unpacking precisely what it is.”President Trump has yet to address the attack, which has been underway since spring and was detected by the private sector only a few weeks ago. Until Friday, Mr. Pompeo had played down the episode as one of the many daily attacks on the federal government.But intelligence agencies have told Congress that they believe it was carried out by the S.V.R., an elite Russian intelligence agency. As evidence of the attack’s scope piled up this week, the Cybersecurity and Infrastructure Security Agency sent out an urgent warning on Thursday that the hackers had “demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks.”The agency added that it was likely that some of the attackers’ tactics, techniques and procedures had “not yet been discovered.” Investigators say it could take months to unravel the extent to which American networks and the technology supply chain have been compromised.Microsoft said it had identified 40 companies, government agencies and think tanks that the hackers had infiltrated. Nearly half are private technology firms, Microsoft said, many of them cybersecurity firms, like FireEye, that are charged with securing vast sections of the public and private sector.“There are more nongovernmental victims than there are governmental victims, with a big focus on I.T. companies, especially in the security industry,” Brad Smith, Microsoft’s president, said in an interview on Thursday.FireEye was the first to inform the government that the hackers had infected the periodic software updates issued by a company called SolarWinds since at least March. SolarWinds makes critical network monitoring software used by the government, hundreds of Fortune 500 companies and firms that oversee critical infrastructure, including the power grid.The national security adviser, Robert C. O’Brien, cut short a trip to the Middle East and Europe on Tuesday and returned to Washington to run crisis meetings to assess the situation. The F.B.I., the Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence formed an urgent response group, the Cyber Unified Coordination Group, to coordinate the government’s responses to what the agencies called a “significant and ongoing cybersecurity campaign.”The Russians have denied any involvement. The Russian ambassador to the United States, Anatoly I. Antonov, said Wednesday that there were “unfounded attempts by the U.S. media to blame Russia” for the recent cyberattacks.According to a person briefed on the attack, the S.V.R. hackers sought to hide their tracks by using American internet addresses that allowed them to conduct attacks from computers in the very city — or appearing so — in which their victims were based. They created special bits of code intended to avoid detection by American warning systems and timed their intrusions not to raise suspicions.The attacks, said the person briefed on the matter, shows that the weak point for the American government computer networks remains administrative systems, particularly ones that have a number of private companies working under contract.President-elect Joseph R. Biden Jr. said Thursday that his administration would impose “substantial costs” on those responsible.“A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Mr. Biden said, adding, “I will not stand idly by in the face of cyberassaults on our nation.”Investigators and other officials say they believe the goal of the Russian attack was traditional espionage, the sort the National Security Agency and other agencies regularly conduct on foreign networks. But the extent and depth of the hacking raise concerns that hackers could ultimately use their access to shutter American systems, corrupt or destroy data, or take command of computer systems that run industrial processes. So far, though, there has been no evidence of that happening.Across federal agencies, the private sector and the utility companies that oversee the power grid, forensic investigators were still trying to unravel the extent of the compromise. But security teams say the relief some felt that they did not use the compromised systems turned to panic on Thursday, as they learned other third-party applications may have been compromised.Inside federal agencies and the private sector, investigators say they have been stymied by classifications and a siloed approach to information sharing.“We have forgotten the lessons of 9/11,” Mr. Smith said. “It has not been a great week for information sharing and it turns companies like Microsoft into a sheep dog trying to get these federal agencies to come together into a single place and share what they know.”Reporting was contributed by David E. Sanger, Nicole Perlroth, Eric Schmitt and Julian Barnes.AdvertisementContinue reading the main story More

    • 188 Shares159 Views

      in US Politics

      What we know – and still don’t – about the worst-ever US government cyber attack

      by

      Nearly a week after the US government announced that multiple federal agencies had been targeted by a sweeping cyber attack, the full scope and consequences of the suspected Russian hack remain unknown.Key federal agencies, from the Department of Homeland Security to the agency that oversees America’s nuclear weapons arsenal, were reportedly targeted, as were powerful tech and security companies, including Microsoft. Investigators are still trying to determine what information the hackers may have stolen, and what they could do with it.Donald Trump has still said nothing about the attack, which federal officials said posed a “grave risk” to every level of government. Joe Biden has promised a tougher response to cyber attacks but offered no specifics. Members of Congress are demanding more information about what happened, even as officials scrambling for answers call the attack “significant and ongoing”.Here’s a look at what we know, and what we still don’t, about the worst-ever cyber attack on US federal agencies.What happened?The hack began as early as March, when malicious code was snuck into updates to a popular software called Orion, made by the company SolarWinds, which provides network-monitoring and other technical services to hundreds of thousands of organizations around the world, including most Fortune 500 companies and government agencies in North America, Europe, Asia and the Middle East.That malware in the updates gave elite hackers remote access to an organization’s networks so they could steal information. The apparent months-long timeline gave the hackers ample opportunity to extract information from many targets, including monitoring email and other internal communications.Microsoft called it “an attack that is remarkable for its scope, sophistication and impact”.Who has been affected so far?At least six US government departments, including the energy, commerce, treasury and state departments, are reported to have been breached. The National Nuclear Security Administration’s networks were also breached, Politico reported on Thursday.Dozens of security and other technology firms, as well as non-governmental organizations, were also affected, Microsoft said in a statement Thursday. While most of those affected by the attack were in the US, Microsoft said it had identified additional victims in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.“It’s certain that the number and location of victims will keep growing,” Microsoft added.Who is responsible for the attack?While the US government has not yet officially named who is responsible for the attack, US officials have told media outlets they believe Russia is the culprit, specifically SVR, Russia’s foreign intelligence outfit.We must act as if the Russian government has control of all the networks it has penetratedAndrei Soldatov, an expert on Russia’s spy agencies and the author of The Red Web, told the Guardian he believes the hack was more likely a joint effort of Russia’s SVR and FSB, the domestic spy agency Putin once headed.Russia has denied involvement: “One shouldn’t unfoundedly blame the Russians for everything,” a Kremlin spokesman said on Monday.The infiltration tactic involved in the current hack, known as the “supply-chain” method, recalled the technique Russian military hackers used in 2016 to infect companies that do business in Ukraine with the hard-drive-wiping NotPetya virus – the most damaging cyber-attack to date.What information has been stolen, and how is it being used?That’s remains deeply unclear.“This hack was so big in scope that even our cybersecurity experts don’t have a real sense yet in the terms of the breadth of the intrusion itself,” Stephen Lynch, the head of the House of Representatives’ oversight and reform committee, said after attending a classified briefing Friday.Thomas Rid, a Johns Hopkins cyberconflict expert, told the Associated Press that it was likely that the hackers had harvested such a vast quantity of data that “they themselves most likely don’t know yet” what useful information they’ve stolen.What can be done to fix the networks that have been compromised?That’s also unclear, and potentially very difficult.“Removing this threat actor from compromised environments will be highly complex and challenging for organizations,” said a statement from the Cybersecurity and Infrastructure Security Agency (Cisa) on Thursday.One of Trump’s former homeland security advisers, Thomas Bossert, has already said publicly that a real fix may take years, and be both costly and challenging.“It will take years to know for certain which networks the Russians control and which ones they just occupy,” Bossert wrote in a New York Times op-ed on Wednesday. “The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated.”“A ‘do-over’ is mandatory and entire new networks need to be built – and isolated from compromised networks,” he wrote.How has Trump responded?As of Friday afternoon, the US president had still said nothing to address the attack.The Republican senator and former presidential candidate Mitt Romney has criticized Trump’s silence as unacceptable, particularly in response to an attack he said was “like Russian bombers have been repeatedly flying undetected over our entire country”.“Not to have the White House aggressively speaking out and protesting and taking punitive action is really, really quite extraordinary,” Romney said.How has Biden responded?So far, there’s been tough talk but no clear plan from the president-elect.“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Biden said. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”“There’s a lot we don’t yet know, but what we do know is a matter of great concern,” Biden said.Could this attack have been prevented or deterred?“What we could have done is had a coherent approach and not been at odds with each other,” said Fiona Hill, a Russia expert and former Trump National Security Council member, to PBS NewsHour this week, criticizing conflict and dysfunction within the Trump administration and between the US and its allies on Russia-related issues.If “we don’t have the president on one page and everybody else on another, and we’re working together with our allies to push back on this, that would have a serious deterrent effect”, Hill said.Other cybersecurity experts said the federal government could also do more to simply keep up to date on cybersecurity issues, and said the Trump administration had failed on this front, including by eliminating the positions of White House cybersecurity coordinator and state department cybersecurity policy chief.“It’s been a frustrating time, the last four years. I mean, nothing has happened seriously at all in cybersecurity,” said Brandon Valeriano, a Marine Corps University scholar and adviser to a US cyber defense commission, to the Associated Press.What options does the US have to respond politically to this kind of attack?Some experts are arguing that the US government needs to do more to punish Russia for its apparent interference. The federal government could impose formal sanctions on Russia, as when the Obama administration expelled Russian diplomats in retaliation for Kremlin military hackers’ meddling in Donald Trump’s favor in the 2016 election. Or the US could fight back more covertly by, for instance, making public details of Putin’s own financial dealings.But, as the Guardian’s Luke Harding pointed out, cyber attacks are “cheap, deniable, and psychologically effective”, and Biden’s options for responding to Russia’s aggression are limited.“The answer eluded Barack Obama, who tried unsuccessfully to reset relations with Putin. The person who led this doomed mission was the then secretary of state, Hillary Clinton, herself a Russian hacking victim in 2016,” Harding wrote.What are other potential consequences of the hack?SolarWinds may face legal action from private customers and government entities affected by the breach. The company filed a report with the Securities and Exchange Commission on Tuesday detailing the hack.In it, the company said total revenue from affected products was about $343m, or roughly 45% of the firm’s total revenue. SolarWinds’ stock price has fallen 25% since news of the breach first broke.Moody’s Investors Service said Wednesday it was looking to downgrade its rating for the company, citing the “potential for reputational damage, material loss of customers, a slowdown in business performance and high remediation and legal costs”.The Associated Press contributed reporting. More

    • 38 Shares149 Views

      in Elections

      Your Thursday Briefing

      by

      #masthead-section-label, #masthead-bar-one { display: none }The Coronavirus OutbreakliveLatest UpdatesMaps and CasesThe Latest Vaccine InformationU.S. Deaths Surpass 300,000F.A.Q.AdvertisementContinue reading the main storySupported byContinue reading the main storyYour Thursday BriefingCronyism and waste in Britain’s pandemic spending.Dec. 17, 2020Updated 1:08 a.m. ET(Want to get this briefing by email? Here’s the sign-up.)Good morning.We’re covering a new analysis of Britain’s slipshod pandemic spending, a move to the right for Emmanuel Macron and an upside to the climate crisis for Russia.[embedded content]Medical staff wearing personal protective equipment, or P.P.E., at a hospital in Cambridge, England, in May. Officials shelled out billions in contracts for Covid-19 tests, vaccines and P.P.E.Credit…Pool photo by Neil HallCronyism and waste in Britain’s pandemic spendingAs Britain scrambled for protective gear and other equipment, select companies — many of which had close connections to the governing Conservative Party or no previous experience — reaped billions, according to a New York Times analysis of more than 2,500 contracts.In some cases, more qualified companies lost out to those with better political connections, which were granted access to a secretive V.I.P. lane that made them about 10 times more likely to be approved for a contract.Conclusions: While there is no evidence of illegal conduct, there is ample evidence of cronyism, waste and poor due diligence, with officials ignoring or missing red flags, including histories of fraud, human rights abuses, tax evasion and other serious controversies.Christmas restrictions: Prime Minister Boris Johnson has stuck by a pledge to lift limits on gatherings from Dec. 23 to 27 despite growing calls to abandon the plan as coronavirus cases surge.Here are the latest updates and maps of the pandemic.In other developments:The U.S. is negotiating a deal with Pfizer to produce tens of millions of additional doses of its coronavirus vaccine. Vaccinations began in the U.S. on Monday.The number of severe Covid-19 cases in the Gaza Strip sharply increased, raising concerns that hospitals could soon be overwhelmed.In the first week of Britain’s vaccination program, more than 137,000 people have received shots.An international team of 10 scientists working with the World Health Organization will travel next year to China to investigate the origins of the coronavirus.President Emmanuel Macron of France has moved to the right, alienating some former supporters and current members of his own party.Credit…Thomas Coex/Agence France-Presse — Getty ImagesMacron’s pre-election slide to the rightWith an eye on France’s next presidential election in 2022, President Emmanuel Macron has tacked to the right, alienating former liberal supporters and current members of his own party.After recent terrorist attacks, Mr. Macron pushed forward bills on security and Islamist extremism that raised alarms among some French, the United Nations and human rights groups, but won favor among right-leaning voters. Marine Le Pen, the leader of the far-right National Rally, is expected to be his main challenger.Analysis: Despite his center-left origins, Mr. Macron has always been known as a shape-shifter. His slide to the right is regarded by some as a clean break from the first three years of his presidency.Related: A French court found 14 people guilty of aiding the 2015 attack on the magazine Charlie Hebdo, supplying the attackers with cash, weapons and vehicles.Gender equality: The mayor of Paris was fined nearly $110,000 for hiring too many women, under a 2012 law intended to address gender imbalance at senior levels of the country’s Civil Service.A landmark ruling on air pollutionA 9-year-old girl who died of an asthma attack in 2013 became the first person in Britain to officially have air pollution listed as a cause of death, after she was exposed to levels of nitrogen dioxide and particulate matter beyond World Health Organization guidelines.The death of the girl, Ella Adoo-Kissi-Debrah, who was Black, shed a harsh light on how pollution disproportionately affects minorities and deprived families in Britain.Legal experts said it could open a new door to lawsuits by pollution victims or their families. The girl lived near a major road in southeast London. Her mother said that if she had been told air pollution was contributing to her daughter’s ill health, she would have moved.The Coronavirus Outbreak More

    • 138 Shares169 Views

      in Elections

      Putin Congratulates Biden on U.S. Election Win After Electoral College Vote

      by

      @media (pointer: coarse) {
      .nytslm_outerContainer {
      overflow-x: scroll;
      -webkit-overflow-scrolling: touch;
      }
      }

      .nytslm_outerContainer {
      display: flex;
      align-items: center;
      /* Fixes IE */
      overflow-x: auto;
      box-shadow: -6px 0 white, 6px 0 white, 1px 3px 6px rgba(0, 0, 0, 0.15);
      padding: 10px 1.25em 10px;
      transition: all 250ms;
      -ms-overflow-style: none;
      /* IE 10+ */
      scrollbar-width: none;
      /* Firefox */
      background: white;
      margin-bottom: 20px;
      z-index: 1000;
      }

      @media (min-width: 1024px) {
      .nytslm_outerContainer {
      margin-bottom: 0px;
      padding: 13px 1.25em 10px;
      }
      }

      .nytslm::-webkit-scrollbar {
      display: none;
      /* Safari and Chrome */
      }

      .nytslm_innerContainer {
      margin: unset;
      display: flex;
      align-items: center;
      }

      @media (min-width: 600px) {
      .nytslm_innerContainer {
      margin: auto;
      min-width: 600px;
      }
      }

      .nytslm_title {
      padding-right: 1em;
      border-right: 1px solid #ccc;
      }

      @media (min-width: 740px) {
      .nytslm_title {
      max-width: none;
      font-size: 1.0625rem;
      line-height: 1.25rem;
      }
      }

      .nytslm_spacer {
      width: 0;
      border-right: 1px solid #E2E2E2;
      height: 45px;
      margin: 0 1.4em;
      }

      .nytslm_list {
      font-family: nyt-franklin, helvetica, arial, sans-serif;
      display: flex;
      width: auto;
      list-style: none;
      padding-left: 1em;
      flex-shrink: 0;
      align-items: baseline;
      justify-content: center;
      }

      .nytslm_li {
      margin-right: 1.4em;
      flex-shrink: 0;
      font-size: 0.8125rem;
      line-height: 0.8125rem;
      font-weight: 600;
      padding: 1em 0;
      }

      #nytslm .nytslm_li a {
      color: #121212;
      text-decoration: none;
      }

      #nytslm .nytsmenu_li_current,
      #nytslm .nytslm_li a:hover,
      #nytslm .nytslm_li a:active,
      #nytslm .nytslm_li a:focus {
      color: #121212;
      border-bottom: 2px solid #121212;
      padding-bottom: 2px;
      }

      .nytslm_li_live_loud:after {
      content: ‘LIVE’
      }

      .nytslm_li_live_loud {
      background-color: #d0021b;
      color: white;
      border-radius: 3px;
      padding: 4px 6px 2px 6px;
      margin-right: 2px;
      display: inline-block;
      letter-spacing: 0.03rem;
      font-weight: 700;
      }

      .nytslm_li_upcoming_loud {
      border: 1px solid #d0021b;
      color: #d0021b;
      border-radius: 3px;
      padding: 4px 6px 2px 6px;
      margin-right: 2px;
      display: inline-block;
      letter-spacing: 0.03rem;
      font-weight: 700;
      }

      .nytslm_li_upcoming_loud:before {
      content: ‘Upcoming’
      }

      .nytslm_li_loud a:hover,
      .nytslm_li_loud a:active,
      .nytslm_li_loud a:focus {
      border-bottom: 2px solid;
      padding-bottom: 2px;
      }

      .nytslm_li_updated {
      color: #777;
      }

      #masthead-bar-one {
      display: none;
      }

      .electionNavbar__logoSvg {
      width: 80px;
      align-self: center;
      display: flex;
      }

      @media(min-width: 600px) {
      .electionNavbar__logoSvg {
      width: 100px;
      }
      }

      .nytslm_notification {
      border-left: 1px solid #ccc;
      font-family: nyt-franklin, helvetica, arial, sans-serif;
      padding-left: 1em;
      }

      .nytslm_notification_label {
      color: #D0021B;
      text-transform: uppercase;
      font-weight: 700;
      font-size: 0.6875rem;
      margin-bottom: 0.2em;
      letter-spacing: 0.02em;
      }

      .nytslm_notification_link {
      font-weight: 600;
      color: #121212;
      display: flex;
      align-items: center;
      }

      .nytslm_notification_headline {
      font-size: 0.875rem;
      line-height: 1.0625rem;
      }

      .nytslm_notification_image_wrapper {
      position: relative;
      max-width: 75px;
      margin-left: 10px;
      flex-shrink: 0;
      }

      .nytslm_notification_image {
      max-width: 100%;
      }

      .nytslm_notification_image_live_bug {
      position: absolute;
      text-transform: uppercase;
      bottom: 7px;
      left: 2px;

      font-size: 0.5rem;
      background-color: #d0021b;
      color: white;
      border-radius: 3px;
      padding: 4px 4px 2px 4px;
      font-weight: 700;
      margin-right: 2px;
      letter-spacing: 0.03rem;
      }

      /* No hover state on in app */
      .Hybrid .nytslm_li a:hover,
      .Hybrid .nytslm_li_loud a:hover {
      border-bottom: none;
      padding-bottom: 0;
      }

      .Hybrid #TOP_BANNER_REGION {
      display: none;
      }

      .nytslm_st0 {
      fill: #f4564a;
      }

      .nytslm_st1 {
      fill: #ffffff;
      }

      .nytslm_st2 {
      fill: #2b8ad8;
      }

      Electoral College Results

      Election Disinformation

      Full Results

      Biden Transition Updates

      “),e+=””+b+””,e+=””,d&&(e+=””,e+=””,e+=”Live”,e+=””),e+=””,e}function getVariant(){var a=window.NYTD&&window.NYTD.Abra&&window.NYTD.Abra.getAbraSync&&window.NYTD.Abra.getAbraSync(“STYLN_elections_notifications”);// Only actually have control situation in prd and stg
      return[“www.nytimes.com”,”www.stg.nytimes.com”].includes(window.location.hostname)||(a=”STYLN_elections_notifications”),a||”0_control”}function reportData(){if(window.dataLayer){var a;try{a=dataLayer.find(function(a){return!!a.user}).user}catch(a){}var b={abtest:{test:”styln-elections-notifications”,variant:getVariant()},module:{name:”styln-elections-notifications”,label:getVariant(),region:”TOP_BANNER”},user:a};window.dataLayer.push(Object.assign({},b,{event:”ab-alloc”})),window.dataLayer.push(Object.assign({},b,{event:”ab-expose”})),window.dataLayer.push(Object.assign({},b,{event:”impression”}))}}function insertNotification(a,b){// Bail here if the user is in control
      if(reportData(),”0_control”!==getVariant()){// Remove menu bar items or previous notification
      var c=document.querySelector(“.nytslm_innerContainer”);if(c&&1 30 * 60 * 1000) return restoreMenuIfNecessary();
      // Do not update DOM if the content won’t change
      if(currentNotificationContents!==a.text&&window.localStorage.getItem(“stylnelecs”)!==a.timestamp)// Do not show if user has interacted with this link
      // if (Cookie.get(‘stylnelecs’) === data.timestamp) return;
      {expireLocalStorage(“stylnelecs”),currentNotificationContents=a.text;// Construct URL for tracking
      var b=a.link.split(“#”),c=b[0]+”?action=click&pgtype=Article&state=default&module=styln-elections-notifications&variant=1_election_notifications&region=TOP_BANNER&context=Menu#”+b[1],d=formatNotification(c,a.text,a.kicker,a.image);insertNotification(d,function(){var b=document.querySelector(“.nytslm_notification_link”);return b?void(b.onclick=function(){window.localStorage.setItem(“stylnelecs”,a.timestamp)}):null})}})}(function(){navigator.userAgent.includes(“nytios”)||navigator.userAgent.includes(“nyt_android”)||window.stylnelecsHasLoaded||(// setInterval(getUpdate, 5000);
      window.stylnelecsHasLoaded=!0)})(),function(){try{if(navigator.userAgent.includes(“nytios”)||navigator.userAgent.includes(“nyt_android”)){var a=document.getElementsByClassName(“nytslm_title”)[0];a.style.pointerEvents=”none”}}catch(a){}}(); More

    • 200 Shares129 Views

      in US Politics

      Orion hack exposed vast number of targets – impact may not be known for a while

      by

      If there is one silver lining to the months-long global cyber-espionage campaign discovered when a prominent cybersecurity firm learned it had been breached, it might be that the sheer numbers of potentially compromised entities offers them some protection.By compromising one piece of security software – a security tool called Orion developed by the Texan company SolarWinds – the attackers gained access to an extraordinary array of potential targets in the US alone: more than 425 of the Fortune 500 list of top companies; all of the top 10 telecommunications companies; all five branches of the military; and all of the top five accounting firms.But they are just a fraction of SolarWinds’ 300,000 global customers, which also include UK government agencies and private sector companies.For now, we only have only confirmation from investigators that the US Treasury and commerce departments were attacked. The hack, attributed to Russian state actors, took the form of a so-called supply chain attack. Rather than directly attacking the US government, the attackers succeeded in compromising the automatic update function built into Orion.That breach provided the foothold the attackers needed to begin monitoring internal emails at the departments. By hacking SolarWind and inserting weaknesses into the Orion software at source, the attackers simply had to wait until their targets downloaded and ran a fake software security update.Thankfully, even then, the full attack was a technically challenging manoeuvre. In order to stay below the radar of the US government’s own security teams, the update was programmed to sit silently for two weeks after it was installed, and then to only upload stolen data in small quantities so that it could be disguised as normal Orion traffic.That, investigators say, means it is unlikely that the perpetrators made the most of the widespread access they could have gained. Rather than exfiltrating untold gigabytes of stolen data to peruse at their leisure, the attackers had to operate in a much more labour-intensive fashion, navigating through the government network as quietly as possible, and only uploading data already presumed to be valuable.At the moment it is not clear how much information was taken, and what other departments and entities the hackers chose to enter.Nevertheless, the US Cybersecurity and Infrastructure Security Agency issued an emergency directive late on Sunday night advising all federal civilian agencies to “review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately”. The acting director, Brandon Wales, said the compromise “poses unacceptable risks” to the security of federal networks.The long-term impact of the hack is unlikely to be known for a while, if at all. Although journalists and the public think about the impact of attacks simply in terms of any striking secrets revealed, cyber-warfare tends to have multiple goals.As well as looking for ill-guarded secrets of individuals, this sort of attack can be used to map how organisations work and their structural vulnerabilities, with a view to potentially exploiting them at a later point..More broadly, cyber operations like this undermine confidence in existing security measures and hand a propaganda coup to the country directing the attack.Silently eavesdropping on high-value targets is a labour-intensive job – particularly if the attacker wants to stay hidden, and for now it appears that the temptation to eavesdrop on internal communications at the US treasury and commerce departments was the most compelling.If other customers of SolarWinds do not find evidence that they were under surveillance, they will take solace in the fact that the US government was too big a target to pass up. More

    • 113 Shares119 Views

      in Elections

      Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect

      by

      @media (pointer: coarse) {
      .nytslm_outerContainer {
      overflow-x: scroll;
      -webkit-overflow-scrolling: touch;
      }
      }

      .nytslm_outerContainer {
      display: flex;
      align-items: center;
      /* Fixes IE */
      overflow-x: auto;
      box-shadow: -6px 0 white, 6px 0 white, 1px 3px 6px rgba(0, 0, 0, 0.15);
      padding: 10px 1.25em 10px;
      transition: all 250ms;
      -ms-overflow-style: none;
      /* IE 10+ */
      scrollbar-width: none;
      /* Firefox */
      background: white;
      margin-bottom: 20px;
      z-index: 1000;
      }

      @media (min-width: 1024px) {
      .nytslm_outerContainer {
      margin-bottom: 0px;
      padding: 13px 1.25em 10px;
      }
      }

      .nytslm::-webkit-scrollbar {
      display: none;
      /* Safari and Chrome */
      }

      .nytslm_innerContainer {
      margin: unset;
      display: flex;
      align-items: center;
      }

      @media (min-width: 600px) {
      .nytslm_innerContainer {
      margin: auto;
      min-width: 600px;
      }
      }

      .nytslm_title {
      padding-right: 1em;
      border-right: 1px solid #ccc;
      }

      @media (min-width: 740px) {
      .nytslm_title {
      max-width: none;
      font-size: 1.0625rem;
      line-height: 1.25rem;
      }
      }

      .nytslm_spacer {
      width: 0;
      border-right: 1px solid #E2E2E2;
      height: 45px;
      margin: 0 1.4em;
      }

      .nytslm_list {
      font-family: nyt-franklin, helvetica, arial, sans-serif;
      display: flex;
      width: auto;
      list-style: none;
      padding-left: 1em;
      flex-shrink: 0;
      align-items: baseline;
      justify-content: center;
      }

      .nytslm_li {
      margin-right: 1.4em;
      flex-shrink: 0;
      font-size: 0.8125rem;
      line-height: 0.8125rem;
      font-weight: 600;
      padding: 1em 0;
      }

      #nytslm .nytslm_li a {
      color: #121212;
      text-decoration: none;
      }

      #nytslm .nytsmenu_li_current,
      #nytslm .nytslm_li a:hover,
      #nytslm .nytslm_li a:active,
      #nytslm .nytslm_li a:focus {
      color: #121212;
      border-bottom: 2px solid #121212;
      padding-bottom: 2px;
      }

      .nytslm_li_live_loud:after {
      content: ‘LIVE’
      }

      .nytslm_li_live_loud {
      background-color: #d0021b;
      color: white;
      border-radius: 3px;
      padding: 4px 6px 2px 6px;
      margin-right: 2px;
      display: inline-block;
      letter-spacing: 0.03rem;
      font-weight: 700;
      }

      .nytslm_li_upcoming_loud {
      border: 1px solid #d0021b;
      color: #d0021b;
      border-radius: 3px;
      padding: 4px 6px 2px 6px;
      margin-right: 2px;
      display: inline-block;
      letter-spacing: 0.03rem;
      font-weight: 700;
      }

      .nytslm_li_upcoming_loud:before {
      content: ‘Upcoming’
      }

      .nytslm_li_loud a:hover,
      .nytslm_li_loud a:active,
      .nytslm_li_loud a:focus {
      border-bottom: 2px solid;
      padding-bottom: 2px;
      }

      .nytslm_li_updated {
      color: #777;
      }

      #masthead-bar-one {
      display: none;
      }

      .electionNavbar__logoSvg {
      width: 80px;
      align-self: center;
      display: flex;
      }

      @media(min-width: 600px) {
      .electionNavbar__logoSvg {
      width: 100px;
      }
      }

      .nytslm_notification {
      border-left: 1px solid #ccc;
      font-family: nyt-franklin, helvetica, arial, sans-serif;
      padding-left: 1em;
      }

      .nytslm_notification_label {
      color: #D0021B;
      text-transform: uppercase;
      font-weight: 700;
      font-size: 0.6875rem;
      margin-bottom: 0.2em;
      letter-spacing: 0.02em;
      }

      .nytslm_notification_link {
      font-weight: 600;
      color: #121212;
      display: flex;
      align-items: center;
      }

      .nytslm_notification_headline {
      font-size: 0.875rem;
      line-height: 1.0625rem;
      }

      .nytslm_notification_image_wrapper {
      position: relative;
      max-width: 75px;
      margin-left: 10px;
      flex-shrink: 0;
      }

      .nytslm_notification_image {
      max-width: 100%;
      }

      .nytslm_notification_image_live_bug {
      position: absolute;
      text-transform: uppercase;
      bottom: 7px;
      left: 2px;

      font-size: 0.5rem;
      background-color: #d0021b;
      color: white;
      border-radius: 3px;
      padding: 4px 4px 2px 4px;
      font-weight: 700;
      margin-right: 2px;
      letter-spacing: 0.03rem;
      }

      /* No hover state on in app */
      .Hybrid .nytslm_li a:hover,
      .Hybrid .nytslm_li_loud a:hover {
      border-bottom: none;
      padding-bottom: 0;
      }

      .Hybrid #TOP_BANNER_REGION {
      display: none;
      }

      .nytslm_st0 {
      fill: #f4564a;
      }

      .nytslm_st1 {
      fill: #ffffff;
      }

      .nytslm_st2 {
      fill: #2b8ad8;
      }

      State Certified Vote Totals

      Election Disinformation

      Full Results

      Biden Transition Updates

      “),e+=””+b+””,e+=””,d&&(e+=””,e+=””,e+=”Live”,e+=””),e+=””,e}function getVariant(){var a=window.NYTD&&window.NYTD.Abra&&window.NYTD.Abra.getAbraSync&&window.NYTD.Abra.getAbraSync(“STYLN_elections_notifications”);// Only actually have control situation in prd and stg
      return[“www.nytimes.com”,”www.stg.nytimes.com”].includes(window.location.hostname)||(a=”STYLN_elections_notifications”),a||”0_control”}function reportData(){if(window.dataLayer){var a;try{a=dataLayer.find(function(a){return!!a.user}).user}catch(a){}var b={abtest:{test:”styln-elections-notifications”,variant:getVariant()},module:{name:”styln-elections-notifications”,label:getVariant(),region:”TOP_BANNER”},user:a};window.dataLayer.push(Object.assign({},b,{event:”ab-alloc”})),window.dataLayer.push(Object.assign({},b,{event:”ab-expose”})),window.dataLayer.push(Object.assign({},b,{event:”impression”}))}}function insertNotification(a,b){// Bail here if the user is in control
      if(reportData(),”0_control”!==getVariant()){// Remove menu bar items or previous notification
      var c=document.querySelector(“.nytslm_innerContainer”);if(c&&1 30 * 60 * 1000) return restoreMenuIfNecessary();
      // Do not update DOM if the content won’t change
      if(currentNotificationContents!==a.text&&window.localStorage.getItem(“stylnelecs”)!==a.timestamp)// Do not show if user has interacted with this link
      // if (Cookie.get(‘stylnelecs’) === data.timestamp) return;
      {expireLocalStorage(“stylnelecs”),currentNotificationContents=a.text;// Construct URL for tracking
      var b=a.link.split(“#”),c=b[0]+”?action=click&pgtype=Article&state=default&module=styln-elections-notifications&variant=1_election_notifications&region=TOP_BANNER&context=Menu#”+b[1],d=formatNotification(c,a.text,a.kicker,a.image);insertNotification(d,function(){var b=document.querySelector(“.nytslm_notification_link”);return b?void(b.onclick=function(){window.localStorage.setItem(“stylnelecs”,a.timestamp)}):null})}})}(function(){navigator.userAgent.includes(“nytios”)||navigator.userAgent.includes(“nyt_android”)||window.stylnelecsHasLoaded||(// setInterval(getUpdate, 5000);
      window.stylnelecsHasLoaded=!0)})(),function(){try{if(navigator.userAgent.includes(“nytios”)||navigator.userAgent.includes(“nyt_android”)){var a=document.getElementsByClassName(“nytslm_title”)[0];a.style.pointerEvents=”none”}}catch(a){}}(); More

    • 175 Shares159 Views

      in US Politics

      Joe Biden’s bid to rally the ‘free world’ could spawn another axis of evil

      by

      Joe Biden’s big idea – a US-led global alliance of liberal democracies ranged against authoritarian regimes and “strongman” leaders – sits at the heart of his American restoration project. His proposed “united front” of the great and the good is primarily intended to counter China and Russia. Yet it could also antagonise valued western allies such as India, Turkey and Poland. For this and other reasons, it seems destined to fail.Biden pledged during this year’s election campaign to hold a “summit for democracy” in 2021 “to renew the spirit and shared purpose of the free world”. It would aim “to strengthen our democratic institutions, honestly confront nations that are backsliding, and forge a common agenda”, he said. It was needed because, partly due to Donald Trump, “the international system that the US so carefully constructed is coming apart at the seams”.It’s a laudable aspiration. Recent years have seen a marked growth in oppressive, mostly rightwing regimes that ignore international law and abuse UN-defined universal rights, including democratic rights. But how will Biden decide who qualifies for his alliance? Totalitarian North Korea and Syria’s criminal regime are plainly unwelcome. Yet illiberal Thailand, Venezuela and Iran all maintain supposedly democratic systems. Will they get a summit invite?Diplomats are already predicting Biden’s grand coalition will end up as a rehash of the G7 group of leading western economies – the US, Canada, Germany, France, Italy, the UK and Japan. One wheeze is to add India, Australia and South Korea – a notional “D-10”. But that simply creates another elite club from which many actual or aspiring democracies are excluded.Part of the difficulty is Biden himself. Terms such as the “free world”, recalling his formative years during the cold war, sound outdated. His blithe assertion of American moral superiority jars with recent experience. “We have to prove … that the US is prepared to lead again, not just with the example of our power but also with the power of our example,” he says. It’s an old refrain. Yet the songsheet has changed, and so have the singers.China does not threaten global security in the existential way the Soviet Union once did. The fundamental challenge it poses is subtler, amoral and multi-dimensional – technological, ideological, commercial, anti-democratic. The idea that a cowed world is counting on the US to ride to the rescue is old-think. The age of solo superpower is over; the unipolar moment was squandered. Power balances were already shifting before Trump destroyed trust.Weak, divided Europe may prove to be the exception in welcoming Biden’s initiative. “We need to step up our action to defend democracy,” says Josep Borrell, EU foreign affairs chief, amid alarm over recent trends highlighted in the V-Dem Institute’s Democracy Report 2020. It asserts that for the first time since 2001, autocracy is the world’s leading form of governance – in 92 countries in total, home to 54% of the global population.Britain’s international position is now so enfeebled that it will back almost anything Biden suggests. Germany will support his initiative too, as long as he does not endanger its lucrative China exports. Hungary and Poland are problematic. The Polish government’s disregard for judicial independence and abortion rights sits badly with a campaign promoting liberal values. According to V-Dem, Viktor Orbán’s Hungary is no longer a democracy at all but an “electoral authoritarian regime”.Looking further afield, Biden’s democracy drive could be like trying to herd cats, with much clawing and spitting. India is a case in point. It calls itself the world’s biggest democracy. Yet under prime minister Narendra Modi, it has become one of the biggest rights abusers, oppressing political opponents, independent media, NGOs such as Amnesty International, and millions of Muslims. Modi has nothing to say about democracy, except how to subvert it.Strictly speaking, Biden should add Taiwan, a model east-Asian democracy, to his guest list. To do so would utterly enrage China, so perhaps he won’t. Including Sudan and Afghanistan, both striving for democracy, might constitute wishful thinking. Conversely, snubbing Turkey, Peru, the Philippines, Uganda and a host of other flawed or pretend democracies would greatly offend otherwise friendly governments.The point here is that Biden, like all his predecessors, will in the end be obliged to deal with the world as it is, not as he would like it to be. As Barack Obama demonstrated in 2009, making a fine speech in Cairo about new beginnings in the Arab world feels good but ultimately signifies little. When the Arab spring faltered, the US backed the bad guys – in Egypt’s case, the dictator Abdel Fatah al-Sisi – because it suited its selfish geopolitical interests.China and Russia, and other undemocratic outcasts such as Saudi Arabia, will count on rediscovered realism to temper Biden’s plan in practice, even if he persists with old-school American rhetoric about values and rights. Only if he and his allies attempt something meaningful, such as actively defending Hong Kong’s shattered freedoms, will Beijing feel the need to push back.Unlike Eritrea or, say, Belarus, there is much China can do if Washington’s pro-democracy tub-thumping grows unbearable. On issues such as the pandemic and the climate crisis, Beijing’s involvement is indispensable, and Biden knows it. All manner of economic, diplomatic and political leverage could be used to deflect US pressure. Most provocative is the suggestion, recently recycled by Vladimir Putin, that Russia and China may forge an anti-western military alliance, potentially drawing in lesser powers such as North Korea.This probably won’t happen. But it’s just possible that Biden’s well-meant but polarising “alliance of democracies” will deepen divisions and unintentionally spawn a new “axis of evil”. Unlike the much-hyped original, this one would be truly formidable. More