Tag Archive for: Justice

SSU dismantles an infowar botnet. HIMARS, atrocities, provocation, and disinformation. A Russian disinformation mouthpiece raises the prospect that there are highly placed traitors in the GRU. Rewards for Justice works toward securing elections from Russian meddling. The case that Russia’s war is genocidal. The case that pan-Slavism has found wayward, but sincere, expression in Mr. Putin’s war.

/in


At a glance.

  • SSU dismantles an infowar botnet.
  • HIMARS, atrocities, provocation, and disinformation.
  • A Russian disinformation mouthpiece raises the prospect that there are highly placed traitors in the GRU.
  • Rewards for Justice works toward securing elections from Russian meddling.
  • The case that Russia’s war is genocidal.
  • The case that pan-Slavism has found wayward, but sincere, expression in Mr. Putin’s war.

Ukraine claims to have taken down a massive Russian bot farm.

The Security Service of Ukraine (SSU) says it dismantled a large Russian botnet operation that was being used to spread Russian propaganda and disinformation. The bots, about a million strong, were herded from locations within Ukraine itself, in the cities of Kyiv, Kharkiv, and Vinnytsia, BleepingComputer reports. Their output took the form of social media posts from inauthentic accounts associated with fictitious personae. The SSU describes the operation as follows: “Their latest ‘activities’ include the distribution of content on the alleged conflict between the leadership of the President’s Office and the Commander-in-Chief of the Armed Forces of Ukraine as well as a campaign to discredit the first lady. To spin destabilizing content, perpetrators administered over 1 million of their own bots and numerous groups in social networks with an audience of almost 400,000 users. In the course of a multi-stage special operation, the SSU exposed the leader of this criminal group. He is a russian citizen who has lived in Kyiv and positioned himself as a ‘political expert.’”

On the other side of the information war, BleepingComputer also reported earlier this week that Ukrainian hacktivists, “Torrents of Truth,” were bundling instructions on how to bypass Russian censorship into movie torrents whose intended audience would be Russian viewers.

HIMARS, atrocities, provocation, and disinformation.

The killing of Ukrainian prisoners of war in Olenivka is by now clearly a Russian atrocity–the prisoners were apparently murdered by their captors. (And we note in passing that the International Committee of the Red Cross still has not been given the access to the prison international law requires.) The prisoners did not die in a…

Source…

Justice Department investigating data breach of federal court system

/in


Assistant Attorney General for National Security Matthew Olsen testified to the committee that NSD is “working very closely with the judicial conference and judges around the country to address this issue,” and committed to updating the committee on the investigation as it progressed.

Wider impact: A committee aide said that Nadler’s questions came after the committee received a briefing on the attack, noting that “the sweeping impact it may have had on the operation of the Department of Justice is staggering.” The aide was granted anonymity in order to discuss a private briefing.

Looking for the details: Committee member Rep. Sheila Jackson Lee (D-Texas) pressed Olsen for more details on how many cases had been impacted by the breach.

“I would expect your preparation and for us to be able to get that information as quickly as possible in a setting that would be appropriate, but this is a dangerous set of circumstances that has now been publicly announced, and we need to know how many…were dismissed,” Jackson Lee said.

Nadler questioned Olsen on whether the breach had in any way affected cases pursued by the NSD, and Olsen testified he could not “think of anything in particular.”

Sen. Ron Wyden (D-Ore.), a member of the Senate Intelligence Committee, sent a letter Thursday to the Administrative Office of the U.S. Courts expressing “serious concerns that the federal judiciary has hidden” the consequences of the data breach from Congress and the public.

“The federal judiciary has yet to publicly explain what happened and has refused multiple requests to provide unclassified briefings to Congress,” Wyden wrote in the letter.

Asked for further details on the breach, Wyden said that he “can’t get into that” for fear of “running afoul of the classification system.”

The response: The U.S. Courts system put out a statement in January 2021 acknowledging that its Case Management/Electronic Case Files system, or CM/ECF, had been compromised as part of the massive breach. As a result, procedures for filing highly sensitive documents were changed so that they could only be handed in via paper documents, a secure electronic device or through a secure…

Source…

U.S., partners dismantle Russian hacking ‘botnet,’ Justice Dept says

/in


Law enforcement in the United States, Germany, the Netherlands and Britain dismantled a global network of internet-connected devices that had been hacked by Russian cyber criminals and used for malicious purposes, the U.S. Justice Department said on Thursday.

The network, known as the “RSOCKS” botnet, comprised millions of hacked computers and devices worldwide, including “Internet of Things” gadgets like routers and smart garage openers, the department said in a statement.

RSOCKS users paid a fee of between $30 and $200 per day to route malicious internet activity through compromised devices to mask or hide the true source of the traffic, the department said.

“It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages,” it said.

Several large public and private entities have been victims of RSOCKS, including a university, a hotel, a television studio and an electronics manufacturer, the department said. It did not name any of them.

Source…

Justice Dept. says ‘good faith researchers’ no longer will face hacking charges

/in


The U.S. Justice Department on Thursday said it would not use the country’s long-standing anti-hacking law to prosecute researchers who are trying to identify security flaws, a move that provides both protection and further validation for a craft still villainized by many officials, companies and the general public.

In a news release and five-page policy statement issued to federal prosecutors, top Justice officials said local U.S. attorneys should not bring charges when “good faith” researchers exceed “authorized access,” a vague phrase from the 1986 Computer Fraud and Abuse Act (CFAA) that has been interpreted to cover such routine practices as automated downloads of Web content.

Subscribe to The Post Most newsletter for the most important and interesting stories from The Washington Post.

The guidance defines good faith to mean research aimed primarily at improving the safety of sites, programs or devices, as opposed to exploration aimed at demanding money in exchange for withholding disclosure or exploitation of a security flaw.

Companies can still sue those who claim to be acting in good faith, and officials could continue to charge hackers under state laws that often echo the CFAA. But most state prosecutors tend to follow federal guidance when their laws are similar.

Well-intentioned hackers in the past were routinely silenced by legal threats. Even in recent years, civil suits and criminal referrals have been used to cancel public talks on dangerous vulnerabilities or cast doubt on research findings.

In 2019, a mobile voting company, Voatz, referred to the FBI a Michigan college student who was researching its app for a course. Twenty years ago, a former employee of email provider Tornado Development served more than a year in prison on federal CFAA charges after the company refused to fix security flaws and he emailed their customers about it.

In a case that drew national attention in October, the governor of Missouri threatened hacking charges against a local newspaper that examined the publicly available source code of a government website and then warned the state that it was exposing the Social Security numbers of 100,000 educators.

The Justice Department did…

Source…