Microsoft reveals first known midterm campaign hacking attempts
politico.comI think the press should do a better job distinguishing between hacking attempts and phishing attempts. Phishing attempts are largely avoidable and it would serve not just the politicians but the public to be educated on best practices to avoid being phished.
At my previous company we were tested once a month to learn how to identify suspicious landing pages or links/domains.
I don't know anybody who specializes professionally in phishing that believes this. What I hear from those kinds of people, and many others, is the opposite: that especially when you're trying to secure an organization, the one attack you feel helpless to prevent is targeted phishing. Technologists in particular are apparently easy to victimize; they underestimate how malleable the medium is, and how well sophisticated attackers understand the cues we all rely on to evaluate the legitimacy of messages and gate the shortcuts most of us take.
My suspicion is that anyone who downplays phishing attacks is betraying a lack of understanding of how scarily effective targeted phishing attacks are.
That's so true. Our IT dep runs "fake" fishing attacks regularly and last time they did it I totally got caught.
They happened to send a fake error report email (which had all of the "red flags" you should catch before clicking a link in an email) on the day I started an oncall rotation that had me receive similar emails. I was wary of missing one, so when I saw it coming, :click:.
I was greeted with a nice message to educate me about what I had just done and how to avoid it. I knew all of this of course (Ive worked in security!), but it just shows how no one is foolproof.
If it’s that easy to fool a trained professional, imagine the rest of the people out there. I sometimes which never have learned about this stuff. It’s difficult to watch so many people clicking on fake pages or potentially dangerous links because they can’t (or care to) differentiate between ads and google results. Maybe I’m wrong but I think it should be regulated.
Right, which is why the press should specify phishing here, and boost awareness for this particular threat, rather than ambiguous 'hacking'.
Awareness is good, but I object to the notion that it is "largely avoidable", and that all we're lacking is some awareness training.
> Phishing attempts are largely avoidable
Couldn't disagree more. Generic phishing attempts are. Specific others aren't.
I used to get regularly tested at previous companies and failed a number of them where they were highly contextual e.g. emails were spoofed from real, internal emails asking you to check if a website was available e.g. JIRA, Confluence which have roughly standard website subdomains.
I know this is about congressional campaigns, but does anyone remember this from 2008? https://www.theguardian.com/global/2008/nov/07/obama-white-h...
I wonder why that never reached the same amount of outcry when Obama won.
"Hackers broke into the computer systems of the Barack Obama and John McCain campaign teams during the US presidential race and stole a ''serious amount of files" in an operation that US government cyber experts believe originated from China."
Probably because it wasnt one foreign hostile power directing attempting to sway one specific candidate. Or perhaps because there was no evidence or allegations against Obama or his circle was involved in treasonous activity with said hostile power.
Also because Obama never encouraged or endorsed it.
Obama was also never under investigation for storing and destroying information related to an investigation.
Let's not forget that Hillary wasn't some innocent in this, she was under investigation and to discredit that as a catalyst or a point of contention that would be leveraged is naive. In many ways, her actions and the storm around them brought heightened exposure to the sensitivities of the topic and made for a great way to push and divide the country even more. She's not a victim and in fact I would argue she too was part of the problem.
The fact remains that the President of the United States solicited the help of a foreign intelligence agency to hack into the private communications of his opponent.
You're right that Clinton was already under investigation for Benghazi, but that's a sign that the correct domestic legal process was being followed. The FBI gathered evidence and she testified before congressional hearings. That's how things are supposed to go.
Moreover, Hillary doesn't matter any more, in the same way that McCain doesn't (hence the OP referring to Obama only). She is not President, nor is she playing any sizable role in public life. Deflecting the substantive and meaningful criticism of the sitting President with "but Hillary" is at best distracting, and at worst a concerted effort to avoid Trump having to answer very legitimate questions.
We have yet to see proof, only allegations. Clinton was under investigation for more than just Benghazi.
As for Deflecting it's the driving force behind, he shouldn't have won, she should have, so no unlike the others it is relevant.
None of what you said addresses the fact that Trump directly appealed to a foreign power to hack his opponent, all you've done is thrown out a few whataboutisms. Not interested, sorry.
You're ignoring all the contacts with Russia by Trump campaign figures, their deceptions about those contacts, etc.
You can find just as many relationships with the Clinton's of questionable origin (China, Middle East). Both Candidates suck, Trump's a moron, but to think that Hillary's actions didn't create a circumstance for exploitation is throwing it out the window. The Russians do not like her, to think they wouldn't put forth efforts to meddle through social media manipulation is a joke. Hell, if you think we're not doing it to other countries that's a whole other argument.
I don't think being laser-focused on who as opposed to what and why is relevant or helpful by any means.
> it wasnt one foreign hostile power directing attempting to sway one specific candidate
Any idea where can I read more about the analysis around this determination?
Start with the parent comment's quote of the grandparent comment's link, which mentions that both major parties had their files copied.
There is no mention of a determination of what was done with it. I want to know how he knows, is that not fair?
HN 2018: When you can't answer a question or back up a claim, downvote.
Oh my aren't we persistent in our passive aggressiveness.
While it's fashionable to try to deflect literally anything nowadays with "But... Obama!" I will point out that the 2008 US Presidential election was not particularly close. The winning candidate (Obama) carried 365 electoral votes (needing only 270) and won the popular vote by a margin of approximately 10 million votes/7 percentage points.
The 2016 US Presidential election, by contrast, was quite close: the winning candidate carried only 304 electoral votes, and lost the popular vote (which went by roughly 2 percentage points to the losing candidate). Several analyses have shown that even very small shifts in a couple of states would have sent the election the other way.
In general, people don't get worked up about landslide elections when the popular support for the landslide winner is incredibly obvious. They do worry about signs of interference in close ones, though.
This is, incidentally, what a number of liberal activists have been suggesting as a plan for this year's midterm elections, and the 2020 presidential election: in a close race, a small amount of meddling/outside influence can change the outcome. But a high-turnout race with a significant majority turning out to vote as a bloc is much harder to corrupt, or at least to corrupt in a suitably deniable way.
I don't know, but I can speculate. For example, there is no evidence I'm aware of that the hacks were politically motivated or that the results of the hacks were used to assist one candidate or hinder another.
Because those files weren't leaked in an attempt to undermine one of the campaigns.
This isn't complicated.
Because there was a follow-up (PRC looking for policy data): http://www.nbcnews.com/id/52133016/t/chinese-hacked-obama-mc...
I really feel there is too much emphasis on who won (in this context).
As car as I can tell, initially the efforts were just to increase division - manipulative ads were placed on BOTH sides of the spectrum, apparently just trying to get people to hate each other and (most importantly) distrust the system. Then when Trump went from 'unlikely' to 'competitive' (be that on his own or not) there was a reevaluation and the efforts went pro trump.
The key concept here is NOT "Trump wouldn't have won" (we can't know) and not even "Russia backed Trump because they saw him as destabilizing/weak/owned or even 'just' polarizing". The key concept is "Russia wanted to interfere with the process and reduce trust in the concept of democracy". Even if they did a terrible job of it with no measurable effect or shot themselves in the foot by electing a powerful and determined outsider that will strengthen both America and Democracy, that has no relevance to what they tried to do.
And yes, countries influence (and attempts to influence) other countries' elections all the time. It is kept in check by the need to be circumspect. If we fail to respond, or even invite it, that balance is lost.
I'm willing to accept Trump won fair and square however much I dislike that result, but I still want to prevent a repeat of other countries putting out false Black/Blue Lives Matter narratives with the intention of destabilizing us.
Or this from 2004: http://freepress.org/departments/display/19/2005/1318
They are completely different scenarios. There wasn't ample evidence of who was doing it (not publicly available at least) and there wasn't one candidate who particularly benefited from the attack (that we know of). People start becoming concerned when a visible impact from the hacking starts to occur. If nothing was released from the DNC hack in 2016, then I'm guessing there would have been less outrage about Russian interference.
I really don't understand how you can say this with a straight face.
In 2008 there was no evidence that any foreign government was trying to usurp the democratic process in the way the last election was. And Obama/McCain and their campaigns didn't have dozens/hundreds of interactions with Russian actors. And they definitely didn't owe hundreds of millions to Russian oligarchs.
I think the more appropriate sentence would be, "In 2008 there was no declassified evidence that any foreign government was trying to usurp the democratic process in the way the last election was.".
If anyone thinks this is some new phenomenon you're vastly mistaken. Plenty of documents have been declassified or recovered from foreign entities, particularly Russia, that outline their processes for destroying America from within.
As for relations with Russian actors, there's a lot more indirect that's questionable with many politicians, they've just made a career out of it. You can easily find the money transferred to the Clinton camp as well.
Money has not political affiliation and neither does power.
I've been thinking a lot about this type of thing and have come up with what I think is a reasonable understanding. Unfortunately it requires some context and I haven't been able to boil it down to a one-liner.
Ignore potential enemies such as Russia and China for a moment. Instead, think about our "best friend," the UK. What are the odds that the UK has hacked our politicians and has dirt on every major politician from the past few decades? I would estimate this at 100% chance. Everyone who can hack does. And they hack their allies as well as their enemies. If we had a chit chat with UK where we agreed to stop hacking each other, what are the odds that we'd go back to our respective corners and stop hacking? That's gotta be 0%. The intelligence community on both sides would never stop. If someone gets caught, publicly, hacking us, we'll shake our finger at them but not really raise a fuss. And we'll do this pretty much no matter who does it. Because it's just standard operating procedure for global politics.
So where does that leave us with China and Russia hacks? What is so particularly upsetting about the Russia hacks as opposed to the Chinese hacks or UK hacks? I think the distinction is disclosure. Hacking information and using it covertly is one thing. Releasing your dirt on the leaders of foreign Democracy-ish countries is tantamount to attempting to overthrow that government. That is what Russia supposedly/apparently did and what makes it different from China. Russia literally attempted a coup. I think there are legitimate arguments to be made that it was ultimately ineffective, maybe Trump would've won anyways, etc. But if the hacking/release allegations are true, then this was nothing short of a coup attempt. Not necessarily in favor of a Russian puppet, but at the very least in favor of a (Putin) preferred government.
You do know that the UK is part of the Five Eyes alliance, right ?
The idea that close allies of the US is hacking them is just ridiculous and it would've been escalated to the highest levels when (not if) the US intelligence agencies found out about it.
Yes, I know that the UK is part of the Five Eyes alliance.
https://en.wikipedia.org/wiki/Five_Eyes
>Documents leaked by Snowden in 2013 revealed that the FVEY have been spying on one another's citizens and sharing the collected information with each other in order to circumvent restrictive domestic regulations on surveillance of citizens.
So not only is the UK spying on us, we've explicitly allowed it to in some cases as long as they share some of what they've found. Do you honestly believe that the UK only spies on us lowly citizens and doesn't spy on politicians?