Previous posts in this discussion:
PostPutin-Trump Helsinki Summit (Anthony J Candil, USA, 07/17/18 4:07 am)
The events have bee confusing, but certainly Trump's press conference with Putin at Helsinki will go down in history, no matter what.
The US president doesn't seem concerned that Putin's cronies apparently did interfere in the 2016 election, and the Russian president admitted to wanting Trump in the White House. Nevertheless Putin came short of admitting he actually did it.
I have to admit that I still find it hard to believe the Russians have such a capacity. Isn't it still possible that someone else did the hacking, but Russia was blamed in order to create some antagonism between the two nations? Yes, in the style of James Bond movies, perhaps China?
I don't know what to think anymore, but I'm sure that Russia and the United States should work together, just for the sake of world peace!
In the same way it was done in 1941, and with a much more ruthless dictator than Putin: Stalin, or Uncle Joe, as president Roosevelt used to call him.
Is Trump worse than Roosevelt--and Churchill--when they agreed to let Stalin to take over the whole of Eastern Europe? They didn't know that one day 50 years later, the Soviet Union would crumble. No one has ever accused Roosevelt of treachery, as far as I can recall. (Perhaps Patton?)
Among all this confusion I have to stop at thinking in Bob Dylan's words when he was singing "With God on our side":
When the Second World War
Came to an end
We forgave the Germans
And we were friends
Though they murdered six million
In the ovens they fried
The Germans now too
Have God on their side
I've learned to hate Russians
All through my whole life
If another war starts
It's them we must fight
To hate them and fear them
To run and to hide
And accept it all bravely
With God on my side
So now as I'm leavin'
I'm weary as Hell
The confusion I'm feelin'
Ain't no tongue can tell
The words fill my head
And fall to the floor
If God's on our side
He'll stop the next war.
So be it.
JE comments: Yes, the Helsinki press conference will go down in history as the time the president publicly contradicted the unanimous conclusion of every US intelligence agency (all seventeen of them)--that the Russians interfered in the 2016 elections.
I don't quite follow Anthony Candil's analogy with the FDR-Churchill-Stalin alliance. At that time there was one massive catalyst: Hitler.
Lots to dissect from the Donald and Vladimir Show. Who's next?
Trump Committed Treason in Helsinki
(Istvan Simon, USA
07/18/18 7:17 AM)
In response to Anthony Candil (July 17th), no, is not possible that anyone other than the 12 Russian GRU officers who were indicted did the hacking they were indicted for.
The hacking of the DNC, John Podesta's and other Democratic officials' e-mails who were involved in Hilary Clinton's presidential campaign had the explicit purpose of embarrassing Clinton and helping Trump to be elected.
I have to say that Trump publicly asked the Russians to do this hacking, which indeed they then were ordered by Putin to do. The dates here of when these crimes started are very significant, and it follows from the known facts that Trump is guilty of collusion with a foreign hostile power. He should be impeached, removed from office, prosecuted, and at a minimum sent to prison. Because frankly, the traditional penalty for treason is death.
I have to also say that beyond a reasonable doubt president Trump committed treason in Helsinki. He had committed treason already during his campaign. But what was different in Helsinki was the embarrassing sorry spectacle of a president of the United States groveling in front of a bloody murderer and dictator on foreign soil, in front of the entire world. I called Trump Putin's poodle in my Tweets yesterday, and I learned today that independently he was called exactly the very same thing in the foreign press.
About hacking, I need to still say that It is truly unfortunate that John Podesta and others were completely clueless regarding the most basic facts about computer security and unwittingly helped the Russian hackers get their information.
But the Russian military did much more than just committing identity theft by spear phishing. They committed many other computer crimes. They had unauthorized access to a lot of American computers and servers, installed malicious software on them, key-loggers for example, stole information by the use of such malicious software on legitimate users of those servers, and stole personal information on more than 500,000 American voters. The indictment is very detailed, and it is unbelievable to me that Anthony would write such speculation without knowing the facts. I would urge him to first of all fully listen to Rosenstein, who announced these indictments. He gave a lot of very detailed information that all Americans must know.
Finally, here is something I wrote about phishing that WAISers that do not know might enjoy. It is on my website, which is not yet complete, but has already some useful information, and it has in particular some information on phishing, the method the Russians used to hack John Podesta's e-mail.
JE comments: Wise advice, Istvan: Click not where you know not. Could you explain in layperson's terms how the hackers got into the DNC accounts? Was it via an e-mail with a malicious link, which placed password-detecting software on the computer? Or did they do a massive numbers-crunch and find the passwords by chance--Hillary2016, for example?
The Nuts and Bolts: How Did Russians Hack DNC E-Mails?
(Istvan Simon, USA
07/19/18 9:29 AM)
John E asked if I could explain in layman's terms how the Russians got Podesta's e-mail.
Yes, I can easily explain it.
John Podesta received an e-mail supposedly coming from Google. (1. Read my blog on phishing!)
But the e-mail was not sent by Google. It was sent by the Russian hackers. The e-mail essentially said that his Gmail account had been penetrated, and included a link for him to change his password in Gmail.
(2. NEVER click on links in e-mail or text messages on smart phones or computers.)
John Podesta unfortunately clicked on the link. He was connected to a page that was run by the Russian hackers that looked like Google's Gmail, but was not. He thought he was changing his password in Google's Gmail. He provided the old password and the new password and happily went about his business.
The Russians, having gotten his old password by spear-phishing, then connected themselves to Gmail and changed John Podesta's password to the new password he had provided them. From that point on, John Podesta realized nothing different from what he had been doing all along. He used his new password, and continued to read and write e-mails relevant to his work and life. But the Russians now were reading everything he had written or gotten before or since. They chose the embarrassing ones and sent them to Wikileaks, who published them. By the way, Julian Assange is also nothing more than Putin's poodle with an over-aggressive sex drive that manifested itself with Swedish women that were originally sympathetic to him.
I do not know yet what the Russians did with the DNC server. What I know is that it was run by a complete incompetent. The FBI had notified the DNC that they had been hacked, but this idiot took forever to contact the FBI. I am told that the DNC has now hired actual professionals to tighten up their security. I don't know how competent the new ones are--let's hope more than the old ones were.
I do not yet know for sure, but it may have been at the DNC server that the Russians also installed malicious software.
Key-loggers are mentioned in the indictment. A key-logger is a nasty piece of malware that once installed on a server can cause tremendous harm. Essentially what it does is to record every key that people that login in to the system strike. Thus it enables the hackers to get legitimate users' user names and passwords on the server, as well as on any other systems they access from the infected server. Once this data is captured it is of course sent through the Internet to the hacker's site.
I plan to soon offer an on-line course called "Practical Computer Security I" on the udemy.com platform in which this and much more is taught to interested people assuming that they know nothing at all about computers other than what John Podesta knew as well. Some WAISers might be interested in improving their own computer security by enrolling and taking this on-line course. The course is not yet up, but I will also announce it here when it is.
JE comments: Many thanks, Istvan. If he clicked on a strange link and happily provided his password, the Dupe of the Decade award goes to...John Podesta. One question: when I log in to Gmail from an unknown computer, I receive an e-mail to this effect. Did Podesta not notice? Or did the Russians have a way to block these e-mails from going out?
American Hamartia and the Russian Hack; from Gary Moore
(John Eipper, USA
07/20/18 5:53 PM)
Gary Moore writes:
Istvan Simon's accurate explanation (July 19) of how John Podesta of the DNC
got hacked by the Russians (that is, by answering a phishing email recognizable
to much of the world since roughly the Pleistocene), underscores the hamartia,
or tragic flaw, that the Russian info-crime could gloat over: Repeatedly, the
astonished targets seemed almost to proclaim aloud that they were too clueless,
or too smug, or too something, to be running a country.
Which might be taken to mean we're screwed--or perhaps roughly
in the position of American politics in the age of spoils, Boss Tweed and
the robber barons--since the predatory revelations about the Democrats
in no way exonerate Trump's apparent determination to hide from the fact
that our whole system was attacked at all.
But take heart. Against all odds, when the shooting of President Garfield,
by a disgruntled spoils seeker, elevated his vice-president, one of the most
ominous of the old machine hacks, the star-crossed moment seemed to do
something unforeseen to that hack. To the howls of his astonished cronies
in the machine, he became a new man, growing to the office, and pushed
through the reform that would become the modern civil service system.
If it could be (as, also on July 19, Tor Guimaraes has mused) that the invisible
waves of consciousness create our destinies in unseen ways, then perhaps
America will struggle through after all.
JE comments: This is a cautious optimism. I think. Or Gary, are you hinting at the possibility of a new Golden Age under the leadership of...Mike Pence?
- How Was Podesta's e-mail Hacked? From Noah Rich (John Eipper, USA 07/22/18 2:41 PM)
Noah Rich writes:
When commenting on Istvan Simon's post of July 19th, John E asked:
"When I log in to Gmail from an unknown computer, I receive an e-mail to this effect. Did Podesta not notice [when he was 'spear-phished' by the Russian hackers]?"
When you log into a computer from an unknown location, the e-mail is sent almost immediately. In other words, let's say I steal your password with a keylogger and sign into your e-mail from here in Japan. The e-mail will of course be sent to you by Google for being signed into from a strange location, but that e-mail is going right to the account to which I already have access. I am just going to delete it immediately so that you have no idea it was ever sent.
In this way, you'd have to check your trash bin, or archives (which I could also empty) to see that e-mail was ever sent to you. The only way to check would be to go to your account and check your sign in history, which obviously most of us never do unless we have reason to believe it was hacked.
JE comments: Thanks, Noah. How are things in Japan? Please send us an update when time permits.
For the uninformed on phishing, spear-fishing, and "whaling," a primer is below. In brief, the "spear" part means a specifically targeted attack that attempts to look like a trusted source. Low-level phishing casts a wide and clumsy net in the hope of picking up unsuspecting marks. Think of a guided missile vs saturation bombing.
- Preventing "Spear-Phishing" (Istvan Simon, USA 07/23/18 7:15 AM)
JE asked for further clarifications on my post (July 19th) about the Russian hack.
First, John, I urge you to think about it. You can probably answer your own questions with a little bit of thinking.
The Russians cannot block anything on Gmail.
But if I have access to your Gmail account, I can do whatever you can do. So, if you receive a notification from Gmail in the form of an e-mail that I accessed your account, I have access to the same, therefore, I can delete it. If I do that before you ever did anything, you'd be no wiser for it. I could delete Eugenio Battaglia's post before you read it, for example. Let's say I don't like his post, and I am not the ethical good dude that I am in reality. Gone into the void...
Now think about the psychology of the normal user. People are busy and trying to do their work. They do not expect "aha" moments and surprises in their e-mail. So even if Gmail gives all sorts of notifications, even things that a hacker cannot delete, people are unlikely to notice them. The hackers can also forge messages that were not legitimately sent. After all that is how they did the spear-phishing in the first place. They forged a message. It looked authentic. John Podesta was not the Dupe of the Decade as you called him. He was just the average guy who did not take my computer security course. He was not educated properly, which is the case of 99% of normal people who are not Stanford PhDs in Computer Science.
I intend to offer eventually security software for rent or sale that would have helped John Podesta not make the mistakes he made. Such security software, if installed, can help even if the user is not well educated. The first thing is to be aware in real time, of all that is happening on the Internet and your computer ports. The software can be intelligent. It can highlight things which seem abnormal. It can learn in time what sort of things you do. When things do not fit, highlight it in RED. When things seem normal, give a nice GREEN indicator. The software cannot prevent John Podesta from clicking on a link he should not. But it can warn him, before anything actually happens as a result of his clicking. The software can ask for example, "do you really want to connect to a domain in Russia, or Nigeria, or wherever"? The Russians disguised where they were running their Gmail clone server. In other words such software can be helpful though never fool-proof. The software can explain exactly what will happen if the click is allowed through before it is allowed through--e.g., you will download a piece of code and install on your machine if you click on this link. Or "you will be connected to Gucifer2.0.org and about to send it some sensitive information. Do you really want to do that? Yes/No."
People might be annoyed by such notices, so they can disable them, or configure them to be less frequent by various filters, so they would be less disruptive of their activities, but they would be more secure in their computing if they allowed them.
JE comments: If I did too much thinking, Istvan, there would be no WAIS! (Simple questions can lead to profound revelations.)
But what about computer security that's too draconian? This weekend I learned from David Duggan that WAIS e-mail posts are directed to his Spam folder. How many WAISers are experiencing the same thing? It's hard to know. From my position as editor, what can I do to ensure our colleagues stay connected?
And Eugenio: I hope you don't mind Istvan using your name as an example. Naturally in WAISworld we're all ethical good dudes and dudesses.
How to Prevent "Spear-Phishing"...and Japan's Heat Wave (from Noah Rich)
(John Eipper, USA
07/24/18 9:54 AM)
Noah Rich writes:
I'd like to respond to Istvan Simon and John E (July 23rd)
Istvan argues that John Podesta was not the "Dupe of the Decade" as John had called him, but rather just a simple man who did not take Istvan's security course. Istvan said that Podesta simply wasn't educated properly, which is the case of 99% of normal people who are not Stanford PhDs in Computer Science.
I'd tend to disagree though. You don't need that degree to have a better awareness for simple scams on the 'Net.
Without coming off as too harsh, I believe this may simply be a generational gap. I don't, and virtually none of my peers, find it very hard to avoid phishing scams and other dangerous links through e-mails or social media. I've noticed a recurring theme. Every time somebody has to post on Facebook, "I was hacked ignore the messages I sent you" or I receive a suspicious e-mail from someone who I know, it's generally a person over the age of 50 (or thereabouts). None of my friends that I know personally have taken any type of computer security course. We just, more or less, have a sense for these kinds of things. I think seeing as how we've grown up with it, and maybe fallen for a trap or two in our childhood years, we just sort of.. get it. In our eyes it's no different than our parents telling you not to talk to strangers when you went outside to play with friends. You don't open links or e-mails from people you don't know, and even if it's from someone you do know, you can generally tell if it's out of character.
Of course, we do still have anti-virus software which does a lot of the work for us, too. However, I'd say most of us have little idea how it works, just that when it lets us know something is wrong we press the button that takes care of it. No real kind of course is needed. Nonetheless, Istvan seems intent on trying to sell his course and get the word out, so if anyone reading this would like to learn more or does feel threatened, it's probably a good place to start. For many of us in a younger generation though (namely millennials and younger), John Podesta does kind of look like a dupe. However I'm sure there's many others we could put in contention for the "of the decade" champion.
As for John's questions, "How many WAISers are experiencing [the 'spamming' of their WAIS mail]? It's hard to know. From my position as editor, what can I do to ensure our colleagues stay connected?"
Sadly, you cannot do much. Repeated disinterest (deleting e-mails without opening them) will cause the e-mail service to believe that sender is simply spam, and will relegate it to the spam folder. I don't think its a stretch to suggest that's what many WAIS members do, either. There is a lot of discussion in WAIS, on a variety of topics, too. From my experience helping Dr. Whealey, he would read the subject lines, and seeing as how he was focused a lot on WWII history to date, he would often choose to skip over topics like ancient history, food, and sometimes religion. He may have read the subject lines, and still been happy to see e-mails from WAIS, but if he didn't open enough to read more on other topics, it's possible WAIS would've been relegated to spam for him as well.
On one final note, I'll send another update soon on life here in Japan, John. There is scorching heat coming through now, all-time Japan high of 41.1 degrees celsius was recorded just about 20 minutes from here just on Monday. A lot of concerns about the Olympic Games being held almost exactly 2 years from now are arising. I'm sure the discussions will be heating up soon!
JE comments: Are you saying, Noah, that some WAISers don't read all their WAIS mail? I am in shock. A good WAISer would never do that...
Stay cool. Are buildings typically air-conditioned in Japan? Google gives conflicting information: 1) that central air is almost unknown, or 2) the norm is the "residential heat pump," which combines heating and cooling.
Wanna Go Phishing? Not Here (from Ric Mauricio)
(John Eipper, USA
07/25/18 4:13 AM)
Ric Mauricio writes:
At age 69 (why don't I feel that age?), I must count myself as one of a few in my age group who actually pays quite close attention to what could be a threat to my well-being. How many stories have I heard from those in my age group about much trouble they have gone through when responding to a phishing email? I just received an email telling me that my Apple account is being closed down due to an expired credit card. Uh, I don't have an Apple account.
Also, how many stories have I heard from my clients that their parents (also in my age group) have responded to a call from the IRS? Alert: the IRS does not call you. They send you letters. So hang up on those scammers. And never respond to the question: "is this so and so?" with a "yes." Why, because they record your "yes" response and use it to send you products or other illicit uses. Always respond with "Who is this?"
As for WAIS email not going into the correct folder (I have a WAIS folder that my filter directs my WAIS email to drop the email into .. yes, I do read every WAIS posting), there have been several WAIS emails that have gone awry, dropping into my trash folder, but never into spam (this is why I go through both my spam and trash folders carefully; don't want to miss any WAIS postings.) There is no rhyme or reason that these particular emails drop into my trash bin (most go into my WAIS folder).
I shred every piece of mail that has my name and address. Best to cross cut. It is a dangerous world out there and I don't need any more hassles than necessary.
And there is one thing I just cannot do, even though millennials do this all the time. That is storing my information on the cloud. I just do not feel comfortable that my information is out there in some data storage facility, ripe for hackers. (Also, how does one access that cloud if the entire Internet is compromised?) So do I store my information on my hard drive? Nope, they are all on USB drives, which are not in my computer at all times. For sure, I do have my brokerage, banking, social security, etc. information on the cloud, but these are out of my control. But for information that I can control, I control it as best I can.
JE comments: Healthy paranoia is a good thing. Just a few days ago I received a phone call warning that my electricity would be turned off for non-payment. The caller sounded like she was in Hyderabad, but she knew my name and address. I told her I was extremely concerned and would stop by the office immediately. Click.
Ric Mauricio reads every WAIS e-mail. This is a very, very good thing.
- Putin's Provokatsiya; from Gary Moore (John Eipper, USA 07/20/18 4:11 AM)
Gary Moore writes:
Regarding Anthony Candil's (July 17) puzzlement over Trump's exoneration
of Putin in the 2016 US election meddling: Yes, Putin has made at
least one formal public statement that his government does not
partake in such meddling--and he made that statement in St.
Petersburg, only a few miles from the Bot Factory (Troll Farm, Research
Agency, whatever) that everybody agrees did many of the deeds.
I guess Putin's argument would be that he and his government can't
be held responsible for anything emanating from Russian soil--though
the Bot Factory's oligarch head, Yevgeny Prigozhyn, is tied to Putin
in more ways the trivializing "Putin's chef" label in the media might
suggest, some of those ways being military.
The larger history of provokatsiya (a favorite neo-Putin word) is indeed
confusing. I've mentioned the Black Tom incident, 1916, prior to US entry
into World War I. It was a direct attack on US soil (New Jersey) that did great
damage, cost American lives, and was done by universally agreed agents
of the Kaiser's Germany--yet it's mentioned in few if any recaps of why the
US entered the war that year, with incidents like the Lusitania and the
Zimmerman Telegram being showcased--neither of which was a present
penetration of America's borders, as Black Tom was (and as the 2016
election manipulation was). The Russian use of attacking "bots"--robot
phantom crowds of respondents on social media--began cranking up in
2014 with an attempt in Louisiana to create mass panic over a (non-existent)
toxic chemical plant explosion. It didn't work, and the St. Pete follies retooled
for more surgical approaches--but it was meant to have worked, and if it had,
it too would have caused chaos inside the US, and perhaps lives lost if the panic
had grown large enough. In 1917, Woodrow Wilson seemed to swallow Black Tom
and bury it, though the cascade of events rose anyway.
Putin's Russia swallowed
a more recent mystery in the Syrian desert at Deir ez Zor, February 7, 2018,
when at least a hundred Russian mercenaries, not government soldiers, suddenly
attacked a US position. American forces frantically contacted Russian authorities,
were given a denial saying the attackers were unofficial and disowned, and then
US air-artillery strikes wiped them out. The scattered funerals back in Russia
were low-key. Yevgeny Prigozhyn, of all people, was involved in that, too, as
geo-chess sought control of Syrian oil fields. Maybe the breakpoint in a provokatsiya
depends on whether the attacked party wishes, for accumulated other reasons
and larger strategy, to feel itself provoked.
Is Trump now saying:
"Other reasons not enough"?
JE comments: We are approaching the anniversary of the Black Tom incident, July 30th, 1916. Coincidentally, the depot contained munitions destined for Imperial Russia. The explosion caused four deaths and damaged the Statue of Liberty. Germany paid reparations for the damage through 1979.
- Putin's Provokatsiya; from Gary Moore (John Eipper, USA 07/20/18 4:11 AM)
- Wanna Go Phishing? Not Here (from Ric Mauricio) (John Eipper, USA 07/25/18 4:13 AM)
- How Was Podesta's e-mail Hacked? From Noah Rich (John Eipper, USA 07/22/18 2:41 PM)
- American Hamartia and the Russian Hack; from Gary Moore (John Eipper, USA 07/20/18 5:53 PM)
- The Nuts and Bolts: How Did Russians Hack DNC E-Mails? (Istvan Simon, USA 07/19/18 9:29 AM)