News that doesn't receive the necessary attention.

Sunday, November 6, 2016

Fact check on ABC News reporter Candace Smith's 11/5/16 statements about 'Russia hacking' on her twitter page

11/5/16, Candace Smith, ABC News, from Trump rally in Tampa, Florida, says this on her twitter page about Trump:

"He (Trump) has denied US intel on Russia hacking."

I haven't seen a transcript of the speech, but two claims appear to made as fact by Ms. Smith herself that have been disputed in a 11/1/16 New York Times article

She presents as fact that "Russia hacking" actually took place on computers involved in US elections. Readers will assume Ms. Smith refers to computers related to the 2016 election since that's what's been in the media. Secondly, she presents as fact that "US intel" has confirmed the "Russia hacking." 

Neither of these events is true, per NY Times--neither Russian "hacking" related to the election nor US intel confirmation of it. NY Times states that senior US officials found no evidence of Russian tampering in computers related to the 2016 presidential election. In fact, Russians showed no particular interest in the election:

10/31/16, "Investigating Donald Trump, F.B.I. Sees No Clear Link to Russia," NY Times, Eric Lichtblau and Steven Lee Myers 

"A version of this article appears in print on November 1, 2016, on page A21 of the New York edition with the headline: After Lengthy Inquiries, Officials Doubt Trump Has Direct Link to Russia."

 "“It isn’t about the election,” a second senior official said, referring to the aims of Russia’s interference."  

"Russia’s direct goal is not to support the election of Mr. Trump, as many Democrats have asserted, but rather to disrupt the integrity of the political system and undermine America’s standing in the world more broadly.... “It isn’t about the election,” a second senior official said, referring to the aims of Russia’s interference." Officials said Russian activity was in the nature of "spy-versus-spy operations that never entirely abated after the Cold War."" 

.........


Back to ABC News reporter Candace Smith's words on her twitter feed--as election voting is still ongoing and will be finalized in 3 days. Accuracy is always important but especially about events that could tilt elections. "Hacking" into US election computers, in Ms. Smith's case, "Russia hacking" implies that special skills were used to overcome elaborate professional security measures in place at the Hillary campaign and the DNC. Unfortunately, the opposite was the case. Computer security at both the Hillary campaign and the DNC had been completely ignored. This has been reported but very quietly. Two articles specifically about negligence of Hillary campaign, others follow about even worse DNC negligence:

10/28/16, "Clinton campaign staff guilty of getting duped by hackers," The Smoking Gun

7/28/16, "FBI warned Clinton campaign last spring of cyberattack," Michael Isikoff, Yahoo News  

.......................

One of Candace Smith's twitter followers (Dawn) picked up on her words about Mr. Trump and took them to the next emotional level, moving Trump from "denying US intel" to portraying him insisting US intelligence agency "workers are liars."  I haven't seen a transcript of the speech, but certainly Ms. Smith should should know as a member of the news media that US intelligence agencies found no Russian involvement. Because of media attention to this issue, it's possible that some people mistakenly assumed Russian involvement was a fact. Others have passionately wished it were so for political reasons and so have claimed it to be fact. The latter are certainly "liars." 

"He is still insisting that our intelligence agencies and their workers are liars. This is nuts."





This is 4 days after the NY Times reported "US intel" found no evidence of "Russia hacking." And 3 days before the end of election voting. 

----------------------

For the information of Ms. Smith and her employer, ABC News, regarding so-called "hacking" into Hillary's campaign computers: (Per the NY Times on 11/1/16, Russia has been ruled out). 

100% of the credit goes to her campaign. In March 2016 the FBI specifically warned senior Hillary campaign officials that it was being targeted by spear phishing emails. The campaign declined FBI assistance on the matter. Spear phishing emails are very common--one doesn't normally need to be warned about them by the FBI. In any case, spear phishers on their own couldn't "hack into" Hillary's computers. The only way they could gain access is if someone on Hillary's staff  made the mistake of clicking on a spear phishing email link for alleged important information it would provide. 

That's exactly what happened. In March 2016, a Hillary campaign "IT worker" declared a Podesta related spear phishing email "legitimate," approved "immediate" clicking on the tempting link, thus beginning the flood of Podesta emails. The embarrassed campaign needed to deflect attention from itself, needed a big, bad scapegoat. Putin was a twofer, also gave Hillary and her neocon supporters more "reason" to rattle sabres at him to help gin up WWIII. It's common knowledge thatmost successful hacks today start with a phishing attack," and that "Gmail [used by Hillary campaign manager Podesta] is used for more than half of all data drop email accounts, making it the top webmail service used by attackers to receive credentials stolen via phishing." (So why is Podesta using it?) Information about spear phishing has been on the FBI website since at least 2009

Smoking Gun article: Hillary campaign itself started the flood of Podesta emails by clicking on phony link:

10/28/16, "How Podesta's Gmail Account Was Breached," the smokinggun.com

"Clinton campaign staff guilty of getting duped by hackers"

"So how did John Podesta’s e-mail account get hacked? The answer to that question came into embarrassing focus this morning with the latest Wikileaks dump of correspondence stolen from the Gmail account of Hillary Clinton's campaign manager. 

On March 19, a Saturday, Podesta received an e-mail--purportedly from Google--warning him that, “Someone has your password.” The alert (seen above) informed Podesta that a sign-in attempt from an IP address in Ukraine was thwarted and that, “You should change your password immediately.”

 
The e-mail, addressed "Hi John," included a blue “CHANGE PASSWORD” box to be clicked."...

[Ed. note: In March 2016 the FBI contacted Hillary's campaign, warned specifically that it was being targeted by "spear phishing emails." The Hillary campaign declined FBI's offer to help. A "spear phishing" link is exactly what a Hillary "IT worker" said was "absolutely imperative" to click on and thus in March 2016 enabled the flood of Podesta emails.] 

(continuing): "As TSG reported in August, similar messages were sent to the Gmail accounts of scores of other Clinton campaign officials around the time Podesta received the phony alert. An identical e-mail--containing the exact Ukrainian IP address--was received on March 22 by William Rinehart, a campaign organizer. The IP address included in the e-mails received by Podesta and Rinehart traces back to Kyivstar, Ukraine’s largest telecommunications company.

Like Rinehart, Podesta’s Gmail account was compromised by the “spear phishing” e-mail....

After the e-mail arrived in Podesta’s account, it appears that his chief of staff, Sara Latham, sought guidance from an IT worker with the Clinton campaign. After examining the “Someone has your password” e-mail, staffer Charles Delavan ...mistakenly assured Latham and Shane Hable, the campaign’s chief information officer, that, “This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authorization is turned on his account.”

Delavan’s 9:54 AM e-mail included a link to an actual Google password change page.It is absolutely imperative that this is done ASAP,” he added.

Latham then forwarded Delavan’s email to Podesta and campaign staffer Milia Fisher, who had access to Podesta’s Gmail account. 

The gmail one is real wrote Latham, who instructed Fisher to change Podesta’s password since “Don’t want to lock him out of his in box!”

But instead of following the link provided by Delavan, it appears that Podesta or Fisher...clicked on the “CHANGE PASSWORD” box in the original “spear phishing” correspondence (a copy of which which was included in the e-mail chain that Saturday morning).

That link led to what appeared to be a legitimate Google page, but was actually a site designed by the hackers to capture a target’s log-in credentials. The link to the spoofed Gmail page included a lengthy underlying url with the .tk suffix, indicating that the domain created to trick Podesta was registered in Tokelau, a remote group of South Pacific atolls.

The hidden 293-character link included a string of characters containing the encoded Gmail address for Podesta (john.podesta@gmail.com).

The e-mails stolen in the Podesta hack and posted on Wikileaks show that the most recent correspondence is from March 21.

While Delavan protected his Twitter page following the publication of this story, he did offer the public some sage advice earlier this week. In an October 25 tweet, Delavan wrote, “don’t click on anything ever. delete your email account. move to the woods.”"

--------------------------------
Among comments to smoking gun:
................................

"Scott Johnson ·


............................

Added: 7/28/16 article about March 2016 FBI warning to Hillary campaign specifically about "spear phishing." Hillary campaign declined FBI assistance on the matter when it asked for access to documents to help trace the spear phishers. (At the time Hillary was still under investigation by the FBI for possible criminal national security violations). "The Brooklyn warning also could raise new questions about why the campaign and the DNC didn’t take the matter more seriously."... 

7/28/16, "FBI warned Clinton campaign last spring of cyberattack," Michael Isikoff, Yahoo News

"The FBI warned the Clinton campaign that it was a target of a cyberattack last March, just weeks before the Democratic National Committee discovered it had been penetrated by hackers it now believes were working for Russian intelligence, two sources who have been briefed on the matter told Yahoo News. 

In a meeting with senior officials at the campaign’s Brooklyn headquarters, FBI agents laid out concerns that cyberhackers had used so-called spear-phishing emails as part of an attempt to penetrate the campaign’s computers, the sources said. One of the sources said agents conducting a national security investigation asked the Clinton campaign to turn over internal computer logs as well as the personal email addresses of senior campaign officials. 

But the campaign, through its lawyers, declined to provide the data, deciding that the FBI’s request for sensitive personal and campaign information data was too broad and intrusive, the source said. 

A second source who had been briefed on the matter and who confirmed the Brooklyn meeting said agents provided no specific information to the campaign about the identity of the cyberhackers or whether they were associated with a foreign government. The source said the campaign was already aware of attempts to penetrate its computers and had taken steps to thwart them, emphasizing that there is still no evidence that the campaign’s computers had actually been successfully penetrated. 

But the potential that the intruders were associated with a foreign government should have come as no surprise to the Clinton campaign, said several sources knowledgeable about the investigation. Chinese intelligence hackers were widely reported to have penetrated both the campaigns of Barack Obama and John McCain in 2008. 

The Brooklyn warning also could raise new questions about why the campaign and the DNC didn’t take the matter more seriously. It came just four months after the DNC had also been contacted by FBI agents alerting its information technology specialists about a cyberattack on its computers, the sources told Yahoo News. As with the warning to the Clinton campaign, the FBI initially provided no details to the DNC.... 

By mid-May, Director of National Intelligence James Clapper was telling reporters that US. Intelligence officials “already had some indications” of hacks into political campaigns that were likely linked to foreign governments and that “we’ll probably have more.” 

In a talk at the Aspen Security Forum Thursday, Clapper said the U.S. government is not “quite ready yet” to “make a public call” on who was behind the cyberassault on the DNC, but he suggested one of “the usual suspects” is likely to blame. “We don’t know enough [yet] to…ascribe a motivation, regardless of who it may have been,” Clapper said.... 

Clapper is reportedly among a number of U.S. intelligence officials who have resisted calls to publicly blame the Russians, viewing it as likely the kind of activity that most intelligence agencies engage in. “[I’m] taken aback a bit by…the hyperventilation over this,” Clapper said during his Aspen appearance, adding in a sarcastic tone, “I’m shocked somebody did some hacking. That’s never happened before.”... 

The FBI’s request to turn over internal computer logs and personal email information came at an awkward moment for the Clinton campaign, said the source, familiar with the campaign’s internal deliberations. At the time, the FBI was still actively and aggressively conducting a criminal investigation into whether Clinton had compromised national security secrets by sending classified emails through a private computer server in the basement of her home in Chappaqua, N.Y. There were already press reports, to date unconfirmed, that the investigation might have expanded to include dealings relating to the Clinton Foundation. Campaign officials had reason to fear that any production of campaign computer logs and personal email accounts could be used to further such a probe. At the Brooklyn meeting, FBI agents emphasized that the request for data was unrelated to the separate probe into Clinton’s email server. 

But after deliberating about the bureau’s request, and in light of the lack of details provided by the FBI and the absence of a subpoena, the Clinton campaign chose to turn down the bureau's request, the source said."

............................


Added: "Mrs. Clinton has clearly disqualified herself from ever coming near classified information again....Having Clinton anywhere near the White House is just not a good idea." 

10/29/16, "Democrats should ask Clinton to step aside," Chicago Tribune, John Kass, opinion

---------------------------

Added: As to alleged "hacking into" DNC computers:

In late July 2016 media was in a frenzy to add to a fake and dangerous narrative, ie that the DNC had been "hacked into" and by the Russian government. They weren't frenzied to know why the DNC chose to disregard all the professional security advice they were given in Sept. 2015 which allowed intruders to remain on it sites for nearly a year. Or that, as Bloomberg reports, the DNC's negligence left them vulnerable to lawsuits by interested parties. What CNN (below) refers to as "the hack into the DNC” was entirely the DNC's fault. The DNC needed to divert attention from itself. They needed to come up with a sensational bad guy who robbed them. Putin was given the job. No one needed to "hack into" the DNC-they left the doors open so anyone could walk in.

At late July 2016 Aspen Security Forum, frenzied media  "got right to the point" about...

the issue on everybody’s mind" (per CNN correspondent Evan Perez)- 

-not that actionable DNC negligence allowed hackers to reside on its computers for nearly a year---rather
 
" — the hack into the DNC.”"

7/29/16, "Aspen Security Forum: Nothing definitive on Russia’s role in DNC hacking," Aspen Times, Rick Carroll 

"High-ranking officials at the Aspen Security Forum on Thursday shied away from saying Russia was behind the hack of Democratic National Committee emails. 

I don’t think we are quite ready yet to make a call on attribution,” James Clapper, director of National Intelligence, told Jim Sciutto, chief national security correspondent for CNN. “I mean, we all know there’s just a few usual suspects out there, but in terms of the process that we try to stick to, I don’t think we’re ready to make a public call on that.” 

Journalists who moderated several discussions tried, with little success, to unearth new information from security pundits. 

We are told that the federal government believes with a high degree of confidence that Russia is behind the theft of emails from the Democratic National Committee that were subsequently released by Wikileaks, causing disarray at the first day of the Democratic National Convention and forcing the resignation of the DNC’s leader, Debbie Wasserman Schultz,” said Massimo Calabresi, deputy Washington bureau chief and senior correspondent for Time magazine. “What can you tell us about the U.S. government’s assessment of the theft of those emails and Russia’s possible role in it?”

Very, very little,” responded Elissa Slotkin, acting U.S. assistant secretary of defense for International Security Affairs. “I know it is the topic de jour and I’m going to start off disappointing the crowd.So I’m not going to be able to get into specifics. The FBI is handling it. That’s their job.”... 

At another discussion, Evan Perez, justice correspondent for CNN, got right to the point and asked John Carlin, assistant attorney general for national Security, about “the issue on everybody’s mind — the hack into the DNC.” 

Carlin very gamely but effectively ducked the issue. He said the U.S. government has identified Iran, North Korea, China and Russia as countries that undertake hacking.

Just like with terrorist attacks, prevention is success in cyber attacks. When prevention isn’t possible, one of the tools the government uses is identifying the country once evidence points to hacking. 

“Some would call it name and shame, and that’s part of it,” he said. 

He noted that the U.S. government named North Korea as an “involved” party within 28 days of the Sony Pictures hack in late 2014. The hacking group demanded that the studio pull the movie “The Interview,” a comedy about a plot to assassinate North Korean leader Kim Jung-un. 

“We treated it as a national security event,” Carlin said. A foreign nation was attacking American’s liberties, such as freedom of speech, he said. North Korea denies responsibility. 

Russia has never been targeted by the U.S. in a name-and-shame, but it shouldn’t be assumed that will never be the case, Carlin said. 

Another panelist in the discussion, Vinny Sica, vice president of defense and intelligence space ground solutions for Lockheed Martin, said he realized (CNN's Evan) Perez was looking for a smoking gun in the DNC hacking. There has to be definitive evidence, he said.  

“The bottom line is nothing should be assumed as safe," Sica said. 

Put on by the Aspen Institute, the Security Forum runs through Sunday."
............... 

Added: DNC negligence could result in lawsuits:

A DNC two month computer security review began in September 2015. Experts found many flaws, made dozens of recommendations, DNC didn't act on any of them, thus allowing already present hackers to stay for nearly a year. DNC desperately needed to divert attention from themselves: "Cyber-security assessments can be a mixed blessing. Legal experts say some general counsels advise organizations against doing such assessments if they don’t have the ability to quickly fix any problems the auditors find, because customers and shareholders could have cause to sue if an organization knowingly disregards such warnings." 

7/26/16, "Democrats Ignored Cybersecurity Warnings Before Theft," Bloomberg, Michael Riley

 "The Democratic National Committee was warned last fall that its computer network was susceptible to attacks but didn’t follow the security advice it was given, according to three people familiar with the matter.

The missed opportunity is another blow to party officials already embarrassed by the theft and public disclosure of e-mails that have disrupted their presidential nominating convention in Philadelphia and led their chairwoman to resign.

Computer security consultants hired by the DNC made dozens of recommendations after a two-month review, the people said. 

Following the advice, which would typically include having specialists hunt for intruders on the network, might have alerted party officials that hackers had been lurking in their network for weeks -- hackers who would stay for nearly a year Instead, officials didn’t discover the breach until April....

Cyber-security assessments can be a mixed blessing. Legal experts say some general counsels advise organizations against doing such assessments if they don’t have the ability to quickly fix any problems the auditors find, because customers and shareholders could have cause to sue if an organization knowingly disregards such warnings."...
  



-----------------------

===========





.........

No comments:

Followers

Blog Archive

About Me

My photo
I'm the daughter of an Eagle Scout (fan of the Brooklyn Dodgers and Mets) and a Beauty Queen.