Technology

Subterms

    More stories

    • 125 Shares169 Views

      in US Politics

      Twitter and Facebook lock Donald Trump’s accounts after video address

      by

      [embedded content]
      Twitter and Facebook took unprecedented actions to address the spread of misinformation and the incitement of violence by Donald Trump on their platforms on Wednesday, after supporters of the president stormed the US Capitol.
      Both companies locked Trump’s accounts and removed several posts from the president that cast doubt on the election results and praised his supporters, who forcibly took to the government building as lawmakers attempted to tally votes for the election.
      Facebook has suspended Trump from posting to his account for 24 hours. Instagram, which is owned by Facebook, also locked Trump’s account. Twitter locked Trump out of his account for 12 hours and is requiring him to delete three tweets the company says violates its policies. If he does not delete them, his account will remain suspended indefinitely, the company said in a public statement. If Trump again violates the policies, his account will be permanently suspended from Twitter.
      The action is the most aggressive yet from Twitter and it comes after it joined Facebook and YouTube in removing a video post from Trump’s account in which the president praised the protestors. More

    • 125 Shares199 Views

      in Elections

      Facebook restarts political ad ban in Georgia following runoff votes

      by

      Facebook has announced it will again ban political advertising targeting users in the state of Georgia, following the election there on Tuesday.The social media company said that, starting on Wednesday, Georgia users would again be subject to the US-wide political ad ban instated following the 3 November presidential vote. Facebook had temporarily lifted the ban in Georgia ahead of the runoff elections to allow political messaging to reach more voters.“Following the Georgia runoff elections, Georgia will re-join the existing nationwide pause on social issue, elections and political ads,” Facebook said in a blogpost.“This is part of our ongoing efforts to reduce the potential for confusion or abuse,” the company told advertisers in an email reviewed by Reuters.Facebook and Google had introduced pauses on political ads after the November presidential election as part of measures to combat misinformation and other abuses on the platforms. Google lifted its pause in December, saying it no longer considered the post-election period to be a “sensitive event”.Facebook lifted its own ad ban on 15 December exclusively for the state of Georgia, due to “feedback from experts and advertisers across the political spectrum about the importance of expressing voice” and using Facebook to reach voters ahead of Georgia’s runoff elections. For the rest of the country, the ban remained.The change announced on Tuesday means any ads about the Georgia runoff elections would be paused and any advertisers who were previously allowed to run ads about the Georgia runoff elections would not be able to create new political ads.It comes after it was discovered that Republican politicians and other operatives were using advertising on Facebook to target Georgia voters with misinformation in the final days ahead of the vote.A report from the global human rights group Avaaz found a number of ads on Facebook sponsored by Republicans that featured misinformation or falsehoods meant to sway voter opinion. One sponsored by the Senate Leadership Fund claims the Democratic Senate candidate Jon Ossoff is “threatening to defund the police”, which he is not. Another from the Republican party run in December accused the US House speaker, Nancy Pelosi, of scheming to replace the president-elect, Joe Biden, with the vice-president-elect, Kamala Harris.Nearly half of these false ads were shared by political candidates in the race, who are exempt from Facebook’s fact checking rules. Facebook has come under fire for the broad exemptions it grants politicians who advertise on its platform. Its CEO, Mark Zuckerberg, has defended the policy, saying Facebook should not be the arbiter of truth in political scenarios.Critics of Facebook say the spread of lies ahead of the Georgia election underscore how ineffective the company’s measures to address these issues have been. The company’s oversight board, introduced in late 2020, was meant to adjudicate disputes regarding content. But the group is not able to take down content quickly, limiting its effectiveness in breaking news situations. A group of academics and civil rights leaders critical of Facebook, calling themselves the Real Facebook Oversight Board, say the misinformation exposed in Georgia this week is proof there is more to be done.“The Facebook Oversight Board is complicit in a misinformation campaign in Georgia,” the group said in a statement. “They must do better, and Facebook needs to be held accountable for their failure to protect voters from disinformation.”Reuters contributed to this report More

    • 200 Shares129 Views

      in US Politics

      All I want for 2021 is to see Mark Zuckerberg up in court | John Naughton

      by

      It’s always risky making predictions about the tech industry, but this year looks like being different, at least in the sense that there are two safe bets. One is that the attempts to regulate the tech giants that began last year will intensify; the second that we will be increasingly deluged by sanctimonious cant from Facebook & co as they seek to avoid democratic curbing of their unaccountable power.On the regulation front, last year in the US, Alphabet, Google’s corporate owner, found itself facing major antitrust suits from 38 states as well as from the Department of Justice. On this side of the pond, there are preparations for a Digital Markets Unit with statutory powers that will be able to neatly sidestep the tricky definitional questions of what constitutes a monopoly in a digital age. Instead, the unit will decide on a case-by-case basis whether a particular tech company has “strategic market status” if it possesses “substantial, entrenched market power in at least one digital activity” or if it acts as an online “gateway” for other businesses. And if a company is judged to have this status, then penalties and regulations will be imposed on it.Over in Brussels, the European Union has come up with a new two-pronged legal framework for curbing digital power – the Digital Markets Act and the Digital Services Act. The Digital Markets Act is aimed at curbing anti-competitive practices in the tech industry (like buying up potential competitors before they can scale up) and will include fines of 10% of global revenues for infringers. The Digital Services Act, for its part, will oblige social media platforms to take more responsibility for illegal content on their platforms – scams, terrorist content, images of abuse, etc – for which they could face fines of up to 6% of global revenue if they fail to police content adequately. So the US and UK approach focuses on corporate behaviour; the EU approach focuses on defining what is allowed legally.All of this action has been a long time coming and while it’s difficult to say exactly how it will play out, the bottom line is that the tech industry is – finally – going to become a regulated one. Its law-free bonanza is going to come to an end.Joe Biden’s choices for top staff in his administration include a depressing proportion of former tech company stalwartsThe big question, though, is: when? Antitrust actions proceed at a glacial pace because of the complexity of the issues and the bottomless legal budgets of the companies involved. The judge in one of the big American antitrust cases against Google has said that he expects the case to get to court only in late 2023 and then it could run for several years (as the Microsoft case did in the 1990s).The problem with that, as the veteran anti-monopoly campaigner Matt Stoller has pointed out, is that the longer monopolistic behaviour goes on, the more damage (eg, to advertisers whose revenue is being stolen and other businesses whose property is being appropriated) is being done. Google had $170bn in revenue last year and is growing on average at 10-20% a year. On a conservative estimate of 10% growth, the company will add another $100bn to its revenue by 2025, when the case will still be in the court. Facebook, says Stoller, “is at $80bn of revenue this year, but it is growing faster, so the net increase of revenue is a roughly similar amount. In other words, if the claims of the government are credible, then the lengthy case, while perhaps necessary, is also enabling these monopolists to steal an additional $100bn apiece.”What could speed up bringing these monopolists to account? A key factor is the vigour with which the US Department of Justice prosecutes its case(s). In the run-up to the 2020 election, the Democrats in Congress displayed an encouraging enthusiasm for tackling tech monopolies, but Joe Biden’s choices for top staff in his administration include a depressing proportion of former tech company stalwarts. And his vice-president-elect, Kamala Harris, consistently turned a blind eye to the anti-competitive acquisitions of the Silicon Valley giants throughout her time as California’s attorney general. So if people are hoping for antitrust zeal from the new US government, they may be in for disappointment.Interestingly, Stoller suggests that another approach (inspired by the way trust-busters in the US acted in the 1930s) could have useful leverage on corporate behaviour from now on. Monopolisation isn’t just illegal, he points out, “it is in fact a crime, an appropriation of the rights and property of others by a dominant actor. The lengthy trial is essentially akin to saying that bank robbers getting to keep robbing banks until they are convicted and can probably keep the additional loot.”Since a basic principle of the rule of law is that crime shouldn’t pay, an addition of the possibility of criminal charges to the antitrust actions might, like the prospect of being hanged in the morning (pace Dr Johnson), concentrate minds in Facebook, Google, Amazon and Apple. As an eternal optimist, I cannot think of a nicer prospect for 2021 than the sight of Mark Zuckerberg and Sundar Pichai in the dock – with Nick Clegg in attendance, taking notes. Happy new year!What I’ve been readingWho knew?What We Want Doesn’t Always Make Us Happy is a great Bloomberg column by Noah Smith.Far outIntriguing piece on how investors are using real-time satellite images to predict retailers’ sales (Stock Picks From Space), by Frank Partnoy on the Atlantic website.An American dream Lovely meditation on Nora Ephron’s New York, by Carrie Courogen on the Bright Wall/Dark Room website. More

    • 150 Shares199 Views

      in US Politics

      Facts won't fix this: experts on how to fight America's disinformation crisis

      by

      At the beginning of 2021, millions of Americans appear to disagree about one of the most basic facts of their democracy: that Joe Biden won the 2020 presidential election.The consequences of Donald Trump’s repeated, baseless claims of voter fraud will come in several waves, researchers who study disinformation say, even if Trump ultimately hands over power and leaves the White House. And there is no quick or easy way to fix this crisis, they warn. Because when it comes to dealing with disinformation, simply repeating the facts doesn’t do much to change anyone’s mind.In the short term, Trump’s false claims about election fraud have weakened Biden’s ability to address the coronavirus pandemic. “If only 20% of the population is like, ‘You’re not my president, I’m going to double down on my mask resistance,’ or ‘I’m going to continue to have parties over the holidays,’ that means we are going to be even less likely to bring this thing under control,” said Whitney Phillips, a professor of communications at Syracuse University.Over the longer term, the president’s falsehoods may also undermine Biden’s overall governing capability, just as the racist “birther” conspiracy theory, another false claim spread by Trump, helped fuel political resistance to Barack Obama’s presidency. And the damage to Americans’ basic trust in their democracy may have effects far beyond electoral politics.“What does it look like if we don’t have a shared sense of reality?” said Claire Wardle, the executive director of First Draft, a group that researches and combats disinformation. “We’ve seen more conspiracy theories moving mainstream. There’s an increasing number of people who do not believe in the critical infrastructure of a society. Where does that end?”How we got hereAmerica’s current disinformation crisis is the culmination of more than two decades of pollution of the country’s information ecosystem, Wardle said. The spread of disinformation on social media is one part of that story, but so is the rise of alternative rightwing media outlets, the lack of investment in public media, the demise of local news outlets, and the replacement of shuttered local newspapers with hyper-partisan online outlets.This “serious fragmentation” of the American media ecosystem presents a stark contrast with, say, the UK, where during some weeks of the pandemic, 94% of the UK adult population, including 86% of younger people, tuned into the BBC, a taxpayer-funded broadcaster, according to official statistics.And the left and right in the US don’t merely have different sets of media outlets for their different audiences: they have also developed distinct models of information-sharing, Wardle said. Mainstream media outlets still follow a traditional top-down broadcast model: an authoritative source produces the news and sends it out to consumers. The rightwing media ecosystem, which developed through talk radio, on the other hand, operates as a network of media personalities interacting with each other, “a community telling stories to their own community”, Wardle said.Trump has built on that, embracing what Kate Starbird, a University of Washington professor who studies disinformation, on Twitter called a model of “participatory disinformation”.“Trump didn’t just prime his audience to be receptive to false narratives of voter fraud, he inspired them to create them … and then echoed those false claims back at them,” she wrote.Participatory disinformation might actually be “stickier” and more effective than “top-down propaganda”, Starbird argued, in part because of the “positive reinforcement” of Trump supporters seeing their “‘discoveries’ repeated by their media & political celebrities”.When their platforms turned out to be ideal environments for making and monetizing participatory disinformation, social media companies were slow to curb its spread.Companies like Twitter and Facebook did not begin putting warning labels on Trump’s false voting fraud claims until very close to the election. Even then, only a handful of his tweets were flagged, Wardle noted, while Trump sent dozens of other tweets pushing the same story and media outlets continued to report on his statements, creating a powerful national narrative about fraud despite the attempts at factchecking.The social media platforms’ decision to finally flag some of Trump’s disinformation right before a consequential election also may have had its own damaging political consequences. “They spent so much time refusing to moderate content that what they’re doing now feels like the worst kind of censorship,” Joan Donovan, the research director at Harvard’s Shorenstein Center on Media, Politics and Public Policy, said. “If they had been doing that for years, it wouldn’t be so shocking.”A new approach?The rapid spread of Trump’s election lies should be a “wake-up call” for the “well-intentioned people” who think that disinformation can be cured by providing “more quality information”, such as encouraging people to eat “more spinach instead of chocolate”, Wardle, who has conducted training sessions for journalists on how to understand and deal with disinformation, said.“We have an emotional relationship to information. It is not rational,” Wardle said. But people who work in the “quality information space”, Wardle’s term for journalists, scientists, researchers and factcheckers, still often act as if information-processing were fundamentally rational, rather than deeply tied to feelings and the way a person expresses their identity.It’s crucial to understand that the way people process information is through entire narratives, not individual facts, Wardle said. Trying to combat disinformation through factchecking or debunking individual false claims just turns into an endless, fruitless game of “whack-a-mole”.Take the New York Times’ banner headline a week after the election: “Election Officials Nationwide Find No Fraud”. The story cited election officials from both political parties in dozens of states.But that reporting, though valuable, wasn’t likely to change many minds, Phillips, the communications professor, said.“There is an enormous percentage of the population who sees the word ‘election official’ and actually, in their brains, decodes that as liberal, anti-Trump,” she said. “If you’re disinclined to trust institutions, who cares what election officials are saying, because they’re corrupt, they’re in bed with Biden and the fake news media.“The impulse to throw facts at these problems is really strong, and it’s understandable,” she said “But simply saying what the facts are is not going to convince minds that aren’t already open.”Conspiracy theorists, in particular, tend not to be very open to falsification of their claims, added Deen Freelon, an associate professor at the University of North Carolina Chapel Hill who studies social media and politics. “Almost any new piece of evidence or fact can be converted to the conspiracy theory perspective.”Research has also shown that disinformation and conspiracy theories are often deeply intertwined with racial prejudice and hatred, he added. Some of this year’s most dangerous disinformation, about the seriousness of coronavirus pandemic, which disproportionately killed black Americans, and about Trump supposedly winning the election, based on the argument that votes in majority-black cities were fraudulent and should not be counted, were clearly influenced by white Americans’ racial views, he noted.It’s no accident, Freelon said, that some of the same people suggesting Covid is a myth are also arguing that black votes are illegitimate.‘A lot of the country’s been taken’While it is possible to engage with people who believe deeply in false narratives, and sometimes change their minds, that work is most successful on an individual basis, with people who know each other well, experts said.It’s helpful to understand someone’s fundamental framework for viewing the world, including whom they view as the “good guys” and the “bad guys”, in order to understand what kind of additional information might sway them, Phillips said.“The other thing that makes people move on this – it’s corny – is love,” Freelon added. “People who love you, your family, people who are willing to engage.”But disinformation is also sustained by personal relationships.“Nearly all conspiracy theories are supported by social connections and ties. It’s not just one person subscribing to this in isolation, but a network of people who support each other in their beliefs,” Freelon said. “Leaving the group means at a minimum betraying those friends and cutting those social ties.”There are other emotional barriers to people changing their minds.“Nobody anywhere likes to feel like they’ve been duped,” said Shafiqah Hudson, an author and researcher who has studied online disinformation campaigns. “We will fight tooth and nail as humans to avoid feeling foolish. That’s why you see people double down. Nobody wants to feel like they’ve been taken, but a lot of the country’s really been taken.”While personal relationships can help to combat disinformation, many Americans have simply given up trying to fight relatives’ false beliefs.During the holidays in the US, “people are muting their uncles [on social media] or refusing to talk to their mom,” Wardle said.“I am worried,” she said. “If you have two different senses of reality, with two different sets of actors who don’t trust the other side, who are not open to listening to the other side, that’s not how democracy functions.” More

    • 138 Shares129 Views

      in US Politics

      Biden mulls punishments for Russia over suspected role in government hack

      by

      As president-elect Joe Biden weighed options to punish Russia for its suspected hacking of US government agencies and companies, one leading Republican accused Moscow of “acting with impunity” and others called for retaliatory strikes.Biden’s choices once he assumes office on 20 January range from financial sanctions to revenge cyberattacks on Russian interests, according to transition team sources. Donald Trump, meanwhile, maintains the hacking could be the work of China, despite the certainty of his own secretary of state, Mike Pompeo that Russia was behind the attacks.On Sunday, Republican senator Mitt Romney – a frequent Trump critic – said Vladimir Putin’s government had effectively invaded America.“What this invasion underscores is that Russia acted with impunity,” Romney told NBC’s Meet the Press. “They didn’t fear what we would be able to do from a cyber capacity. They didn’t think that our defence systems were particularly adequate. And they apparently didn’t think that we would respond in a very aggressive way.“This demands a response, and the response you’d expect to occur would be a cyber response. I don’t know if we have the capacity to do that in a way that would be of the same scale or even greater scale than what Russia has applied to us, but this is something we have to address as soon as possible.”John Barasso, a Republican senator from Wyoming, told Fox News Sunday the US had been “blindsided”.“Six different agencies have been attacked in our government and this has been going on since March,” he said. “We need to have a forceful, effective punishing response so people pay a price for this and think twice about doing it again.”Any response is unlikely to come in Trump’s 31 remaining days in the White House. Other than a critical tweet on Saturday, Trump has kept silent regarding the hack.“I think we’ve come to recognise that the president has a blind spot when it comes to Russia,” Romney, a member of the Senate homeland security committee, told CNN’s State of the Union. “But I think that the president-elect is a clear-eyed, intelligent individual and he’s going to assess Russia and their capabilities in an appropriate way.”Mark Warner of Virginia, the leading Democrat on the Senate intelligence committee, told ABC’s This Week: “When the president of the United States tries to deflect or is not willing to call out the adversary as we make that attribution, he is not making our country safer.“I sometimes think we disproportionately spend on tanks, ships and guns when we should be better protecting on cyber. And there are international implications of this attack as well. We need to be very clear with an affirmative cyber doctrine that says [if] you do this kind of broad-based, indiscriminate attack, you will bear the consequences.”A Biden source told Reuters the new president could step up counter cyber-espionage, with the goal of deterrence and diminishing the potency of Russian cyber spying. But Biden’s team will need better intelligence. Access to presidential briefings was delayed until about three weeks ago as Trump disputed election results.On Sunday, incoming White House chief of staff Ron Klain told CBS’s Face the Nation: “We should be hearing a clear and unambiguous allocation of responsibility from the White House, from the intelligence community. They’re the people in charge. They’re the ones who should be making those messages and delivering the ascertainment of responsibility.“Instead, what we’ve heard is one message from the secretary of state, a different message from the White House, a different message from the president’s Twitter feed. We have been briefed on this. But again, I think in terms of publicly communicating the position of our government that has to come from the current government and it should be coming in a clear and unambiguous voice.”Romney likened Russia’s suspected attack to the US assault on Baghdad during the Iraq war in 2003.“You saw the videos of the rockets going across the city and slamming into various buildings and the places they attacked, of course, were the communication centers and the utility centers,” he told NBC. “You can bring a country to its knees if people don’t have electricity, don’t have water and can’t communicate.“Basically what Russia appears to have done [is] put themselves in those systems in our country. They don’t need rockets to take those things out. They potentially have the capability to take out all of those things remotely at very small cost.”Christopher Krebs, fired by Trump last month as director of the US Cybersecurity and Infrastructure Security Agency (Cisa) for publicly debunking the president’s false claims of election fraud, agreed that the hack was likely the work of the Russian foreign intelligence service SVR. But he doubted Romney’s assessment about what Russia might do with the harvested data.“The [SVR] are intelligence collectors,” Krebs told CNN. “They’re looking for policy decisions, they’re looking for diplomatic negotiations in federal agencies. They’re typically not the ones to run the destructive types of attacks, and they typically don’t work with the other parts of the Russian government.“That doesn’t mean they can’t hand off access, but for now I think this is more of a intelligence collection operation. The thing that really concerns me about this particular campaign by the Russians was the indiscriminate nature of the supply chain targeting, the fact that they have potentially compromised 18,000 companies. That to me is outside of the bounds of what we’ve seen recently of espionage activities.”Klain echoed Krebs’ caution about what Russia might be hoping to achieve, but added: “In terms of the measures that a Biden administration would take in response to an attack like this, I want to be very clear. It’s not just sanctions. It’s also steps and things we could do to degrade the capacity of foreign actors to repeat this sort of attack.” More

    • 188 Shares159 Views

      in US Politics

      What we know – and still don’t – about the worst-ever US government cyber attack

      by

      Nearly a week after the US government announced that multiple federal agencies had been targeted by a sweeping cyber attack, the full scope and consequences of the suspected Russian hack remain unknown.Key federal agencies, from the Department of Homeland Security to the agency that oversees America’s nuclear weapons arsenal, were reportedly targeted, as were powerful tech and security companies, including Microsoft. Investigators are still trying to determine what information the hackers may have stolen, and what they could do with it.Donald Trump has still said nothing about the attack, which federal officials said posed a “grave risk” to every level of government. Joe Biden has promised a tougher response to cyber attacks but offered no specifics. Members of Congress are demanding more information about what happened, even as officials scrambling for answers call the attack “significant and ongoing”.Here’s a look at what we know, and what we still don’t, about the worst-ever cyber attack on US federal agencies.What happened?The hack began as early as March, when malicious code was snuck into updates to a popular software called Orion, made by the company SolarWinds, which provides network-monitoring and other technical services to hundreds of thousands of organizations around the world, including most Fortune 500 companies and government agencies in North America, Europe, Asia and the Middle East.That malware in the updates gave elite hackers remote access to an organization’s networks so they could steal information. The apparent months-long timeline gave the hackers ample opportunity to extract information from many targets, including monitoring email and other internal communications.Microsoft called it “an attack that is remarkable for its scope, sophistication and impact”.Who has been affected so far?At least six US government departments, including the energy, commerce, treasury and state departments, are reported to have been breached. The National Nuclear Security Administration’s networks were also breached, Politico reported on Thursday.Dozens of security and other technology firms, as well as non-governmental organizations, were also affected, Microsoft said in a statement Thursday. While most of those affected by the attack were in the US, Microsoft said it had identified additional victims in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.“It’s certain that the number and location of victims will keep growing,” Microsoft added.Who is responsible for the attack?While the US government has not yet officially named who is responsible for the attack, US officials have told media outlets they believe Russia is the culprit, specifically SVR, Russia’s foreign intelligence outfit.We must act as if the Russian government has control of all the networks it has penetratedAndrei Soldatov, an expert on Russia’s spy agencies and the author of The Red Web, told the Guardian he believes the hack was more likely a joint effort of Russia’s SVR and FSB, the domestic spy agency Putin once headed.Russia has denied involvement: “One shouldn’t unfoundedly blame the Russians for everything,” a Kremlin spokesman said on Monday.The infiltration tactic involved in the current hack, known as the “supply-chain” method, recalled the technique Russian military hackers used in 2016 to infect companies that do business in Ukraine with the hard-drive-wiping NotPetya virus – the most damaging cyber-attack to date.What information has been stolen, and how is it being used?That’s remains deeply unclear.“This hack was so big in scope that even our cybersecurity experts don’t have a real sense yet in the terms of the breadth of the intrusion itself,” Stephen Lynch, the head of the House of Representatives’ oversight and reform committee, said after attending a classified briefing Friday.Thomas Rid, a Johns Hopkins cyberconflict expert, told the Associated Press that it was likely that the hackers had harvested such a vast quantity of data that “they themselves most likely don’t know yet” what useful information they’ve stolen.What can be done to fix the networks that have been compromised?That’s also unclear, and potentially very difficult.“Removing this threat actor from compromised environments will be highly complex and challenging for organizations,” said a statement from the Cybersecurity and Infrastructure Security Agency (Cisa) on Thursday.One of Trump’s former homeland security advisers, Thomas Bossert, has already said publicly that a real fix may take years, and be both costly and challenging.“It will take years to know for certain which networks the Russians control and which ones they just occupy,” Bossert wrote in a New York Times op-ed on Wednesday. “The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated.”“A ‘do-over’ is mandatory and entire new networks need to be built – and isolated from compromised networks,” he wrote.How has Trump responded?As of Friday afternoon, the US president had still said nothing to address the attack.The Republican senator and former presidential candidate Mitt Romney has criticized Trump’s silence as unacceptable, particularly in response to an attack he said was “like Russian bombers have been repeatedly flying undetected over our entire country”.“Not to have the White House aggressively speaking out and protesting and taking punitive action is really, really quite extraordinary,” Romney said.How has Biden responded?So far, there’s been tough talk but no clear plan from the president-elect.“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Biden said. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”“There’s a lot we don’t yet know, but what we do know is a matter of great concern,” Biden said.Could this attack have been prevented or deterred?“What we could have done is had a coherent approach and not been at odds with each other,” said Fiona Hill, a Russia expert and former Trump National Security Council member, to PBS NewsHour this week, criticizing conflict and dysfunction within the Trump administration and between the US and its allies on Russia-related issues.If “we don’t have the president on one page and everybody else on another, and we’re working together with our allies to push back on this, that would have a serious deterrent effect”, Hill said.Other cybersecurity experts said the federal government could also do more to simply keep up to date on cybersecurity issues, and said the Trump administration had failed on this front, including by eliminating the positions of White House cybersecurity coordinator and state department cybersecurity policy chief.“It’s been a frustrating time, the last four years. I mean, nothing has happened seriously at all in cybersecurity,” said Brandon Valeriano, a Marine Corps University scholar and adviser to a US cyber defense commission, to the Associated Press.What options does the US have to respond politically to this kind of attack?Some experts are arguing that the US government needs to do more to punish Russia for its apparent interference. The federal government could impose formal sanctions on Russia, as when the Obama administration expelled Russian diplomats in retaliation for Kremlin military hackers’ meddling in Donald Trump’s favor in the 2016 election. Or the US could fight back more covertly by, for instance, making public details of Putin’s own financial dealings.But, as the Guardian’s Luke Harding pointed out, cyber attacks are “cheap, deniable, and psychologically effective”, and Biden’s options for responding to Russia’s aggression are limited.“The answer eluded Barack Obama, who tried unsuccessfully to reset relations with Putin. The person who led this doomed mission was the then secretary of state, Hillary Clinton, herself a Russian hacking victim in 2016,” Harding wrote.What are other potential consequences of the hack?SolarWinds may face legal action from private customers and government entities affected by the breach. The company filed a report with the Securities and Exchange Commission on Tuesday detailing the hack.In it, the company said total revenue from affected products was about $343m, or roughly 45% of the firm’s total revenue. SolarWinds’ stock price has fallen 25% since news of the breach first broke.Moody’s Investors Service said Wednesday it was looking to downgrade its rating for the company, citing the “potential for reputational damage, material loss of customers, a slowdown in business performance and high remediation and legal costs”.The Associated Press contributed reporting. More

    • 200 Shares129 Views

      in US Politics

      Orion hack exposed vast number of targets – impact may not be known for a while

      by

      If there is one silver lining to the months-long global cyber-espionage campaign discovered when a prominent cybersecurity firm learned it had been breached, it might be that the sheer numbers of potentially compromised entities offers them some protection.By compromising one piece of security software – a security tool called Orion developed by the Texan company SolarWinds – the attackers gained access to an extraordinary array of potential targets in the US alone: more than 425 of the Fortune 500 list of top companies; all of the top 10 telecommunications companies; all five branches of the military; and all of the top five accounting firms.But they are just a fraction of SolarWinds’ 300,000 global customers, which also include UK government agencies and private sector companies.For now, we only have only confirmation from investigators that the US Treasury and commerce departments were attacked. The hack, attributed to Russian state actors, took the form of a so-called supply chain attack. Rather than directly attacking the US government, the attackers succeeded in compromising the automatic update function built into Orion.That breach provided the foothold the attackers needed to begin monitoring internal emails at the departments. By hacking SolarWind and inserting weaknesses into the Orion software at source, the attackers simply had to wait until their targets downloaded and ran a fake software security update.Thankfully, even then, the full attack was a technically challenging manoeuvre. In order to stay below the radar of the US government’s own security teams, the update was programmed to sit silently for two weeks after it was installed, and then to only upload stolen data in small quantities so that it could be disguised as normal Orion traffic.That, investigators say, means it is unlikely that the perpetrators made the most of the widespread access they could have gained. Rather than exfiltrating untold gigabytes of stolen data to peruse at their leisure, the attackers had to operate in a much more labour-intensive fashion, navigating through the government network as quietly as possible, and only uploading data already presumed to be valuable.At the moment it is not clear how much information was taken, and what other departments and entities the hackers chose to enter.Nevertheless, the US Cybersecurity and Infrastructure Security Agency issued an emergency directive late on Sunday night advising all federal civilian agencies to “review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately”. The acting director, Brandon Wales, said the compromise “poses unacceptable risks” to the security of federal networks.The long-term impact of the hack is unlikely to be known for a while, if at all. Although journalists and the public think about the impact of attacks simply in terms of any striking secrets revealed, cyber-warfare tends to have multiple goals.As well as looking for ill-guarded secrets of individuals, this sort of attack can be used to map how organisations work and their structural vulnerabilities, with a view to potentially exploiting them at a later point..More broadly, cyber operations like this undermine confidence in existing security measures and hand a propaganda coup to the country directing the attack.Silently eavesdropping on high-value targets is a labour-intensive job – particularly if the attacker wants to stay hidden, and for now it appears that the temptation to eavesdrop on internal communications at the US treasury and commerce departments was the most compelling.If other customers of SolarWinds do not find evidence that they were under surveillance, they will take solace in the fact that the US government was too big a target to pass up. More

    • 88 Shares159 Views

      in World Politics

      Five Tools We Need to Fight Disinformation

      by

      According to the GLOBSEC Trends 2020 report, across Central and Eastern Europe, 34% believe that COVID-19 is a hoax designed to manipulate populations. With hundreds of deaths around the world occurring as a result of disinformation related to the coronavirus, the pandemic has demonstrated the critical importance of limiting the impact of disinformation on our societies.

      COVID-19 Conspiracy Theories Have Real-World Consequences

      READ MORE

      Only an approach that encompasses all of society can truly improve resilience to disinformation. It needs to consist of five elements, none of which can be neglected if we want to create a healthier information environment. These are: legal instruments on European or national level, disinformation demonetization, responsible digital citizenship, quality journalism and strategic communication. All these elements require cooperation from public officials and state institutions, the research community, civil society actors as well as citizens.

      Basic Rules

      EU member states need to actively contribute to the swift implementation of the proposed Digital Services Act and the European Democracy Action Plan that will establish much-needed boundaries for digital space. Non-members can work to adopt legislation modeled on the European code and collaborate with the EU to set basic rules in line with the principle that what is illegal offline is illegal online. For example, if Holocaust denial is illegal in countries such as Austria or Slovakia, such content should not be acceptable on digital platforms that either have community standards that are not in line with legislation in which these platforms operate or because of a failure to uphold those standards.

      Furthermore, regulation needs to foster transparency and accountability in areas such as content ranking and moderation. These instruments, if implemented properly with all key stakeholders such as digital platforms, the research community, civil society and technology specialists on board, could significantly limit the reach of harmful content.

      Defunding Disinformation

      According to the Global Disinformation Index, the estimated yearly profit generated by disinformation websites come to $235 million, propelling disinformation actors to incredible influence. Legal instruments can help disrupt the economy of disinformation by ensuring that ad agencies will not be able to place ads on sites spreading fake news, hate speech and conspiracy theories. Google already announced that it will defund ads on webpages promoting COVID-19 conspiracy theories. However, implementation of this policy is questionable due to a lack of transparency measures and standardized monitoring. Similarly, social media platforms should not be allowed to place ads next to hate speech and disinformation.

      In this effort, civil society organizations have been paving the way, with projects such as Slovakia’s konspiratori.sk, Czech nelez.cz or, in the US, the Anti-Defamation League’s Stop Hate for Profit. They are based on raising awareness of disinformation outlets while inviting companies to opt out of placing ads on such channels. Freedom of speech does not mean the right to profit from disinformation. Demonetizing disinformation would lead to an immediate improvement in the quality of the information environment as it would limit the reach of disinformation by removing economic incentives that drive it.

      Responsible Digital Citizenship

      Many citizens have been caught unprepared for the radical changes to information consumption and production in the wake of the information revolution. Without the necessary education and skills, users often share content without checking their sources, unaware of the fact that they are unwittingly helping to spread hate and false information. We all need to accept the fact that responsible citizenship extends to online sphere as well.

      It is crucial to include the concept of responsible digital citizenship for all age groups in teaching curricula starting from elementary schools. Similar training could be implemented in employment onboarding schemes. It should cover all aspects of digital footprints such as personal data protection, norms of online conduct and the consequences of sharing malign information among our communities.

      Quality Journalism

      Another factor in the disinformation equation is that quality journalism has suffered globally in the wake of the 2008 financial crisis and with the rise of social media. Independent journalism needs to be systematically supported, possibly by taxing tech giants and using a portion of that money to fund media resources. As one of the cornerstones of functioning democracies, the demise of local outlets is highly worrying. Support for local news and the protection of investigative journalists from threats and attacks would work as a strong antidote to the increasing dissemination of toxic content.

      Strategic Communication

      Often, state administrations and European institutions suffer from an inability to communicate their messages in an accessible and engaging way. It is of the utmost importance that all state institutions, from regional to federal, proactively communicate their activities and benefits to citizens because in the absence of such communication, an information void is created that can be easily abused by malign actors.

      Strategic communication is the go-to tool when striving to build trust with constituencies. Such trust will also likely be the determining factor in the relative success of overcoming the pandemic, as people’s willingness to get vaccinated against COVID-19 correlates with trust in public institutions.

      Regulation and demonetizing disinformation are reactive steps that address a social wound that has been left untreated for too long. But proactive measures of fostering responsible digital citizenship, supporting quality journalism and conducting efficient strategic messaging will help increase democratic’ resilience to influence operations. Even partial progress in each of these five domains would lead to massive improvements in the quality of our shared information environment.  

      The views expressed in this article are the author’s own and do not necessarily reflect Fair Observer’s editorial policy. More