schwit1 shares a report from The Hill: A hacker in Ukraine who goes by the online alias "Profexer" is cooperating with the FBI in its investigation of Russian interference in the U.S. presidential election, The New York Times is reporting. Profexer, whose real identity is unknown, wrote and sold malware on the dark web. The intelligence community publicly identified code he had written as a tool used in the hacking of the Democratic National Committee ahead of last year's presidential election. The hacker's activity on the web came to a halt shortly after the malware was identified. The New York Times, citing Ukrainian police, reported Wednesday that the individual turned himself into the FBI earlier this year and became a witness for the bureau in its investigation. FBI investigators are probing Russian interference efforts and whether there was coordination between associates of President Trump's campaign and Moscow. Special counsel Robert Mueller is heading the investigation.

Over a dozen anonymous readers share a similar report: Two White House advisory councils that once included tech leaders like Elon Musk and Travis Kalanick have dissolved, after several members resigned over President Donald Trump's weak condemnation of white supremacists. A member of the Strategic and Policy Forum told CNBC that it wanted to make a "more significant impact" by disbanding the entire group: "It makes a central point that it's not going to go forward. It's done." Soon after, Trump took credit for shutting down both that group and a separate Manufacturing Council, "rather than putting pressure on the businesspeople." The councils' members came from a range of industries, including several major Silicon Valley companies. Besides Musk and Kalanick, executives from Intel, IBM, and Dell had joined. It's been controversial from the start -- Musk and Kalanick both left months ago -- but a major exodus started this week, after Trump issued a vague statement blaming "many sides" for violence at a white supremacist rally that left one woman dead. Intel CEO Brian Krzanich resigned on Monday, saying that politics had "sidelined the important mission of rebuilding America's manufacturing base." Axios has more details.

Ina Fried, writing for Axios: Intel said Monday that CEO Brian Krzanich was leaving President Trump's American Manufacturing Council, the latest executive to distance himself from the president following the weekend's events in Virginia. In a blog post, Krzanich said that the decline in American manufacturing remains a serious issue, but said that "politics and political agendas have sidelined the important mission of rebuilding America's manufacturing base. I resigned to call attention to the serious harm our divided political climate is causing to critical issues, including the serious need to address the decline of American manufacturing," Krzanich said in a blog post. "Politics and political agendas have sidelined the important mission of rebuilding America's manufacturing base."

An anonymous reader quotes a report from Ars Technica: The administration of President Donald Trump is scoffing at a lawsuit by Twitter users who claim in a federal lawsuit that their constitutional rights are being violated because the president has blocked them from his @realDonaldTrump Twitter handle. "It would send the First Amendment deep into uncharted waters to hold that a president's choices about whom to follow, and whom to block, on Twitter -- a privately run website that, as a central feature of its social-media platform, enables all users to block particular individuals from viewing posts -- violate the Constitution." That's part of what Michael Baer, a Justice Department attorney, wrote to the New York federal judge overseeing the lawsuit Friday. In addition, the Justice Department said the courts are powerless to tell Trump how he can manage his private Twitter handle, which has 35.8 million followers.

"To the extent that the President's management of his Twitter account constitutes state action, it is unquestionably action that lies within his discretion as Chief Executive; it is therefore outside the scope of judicial enforcement," Baer wrote. (PDF) Baer added that an order telling Trump how to manage his Twitter feed "would raise profound separation-of-powers concerns by intruding directly into the president's chosen means of communicating to millions of Americans."

An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.

An anonymous reader quotes a report from The Verge: You'll have two extra weeks to file your thoughts with the FCC on its plan to get rid of net neutrality. The proposal's comment period was originally scheduled to end next week, on August 16th, but the commission just pushed the date out to August 30th. The extension was granted in response to 10 groups asking for more time to respond. They had been looking for an additional eight weeks, but the commission said an additional two weeks would be more in line with the type of extensions granted in the past. The commission didn't signal that disruptions to its filing system, caused by an apparent DDOS attack, factored into the decision at all. Granting a two week extension gives people more time to file "reply comments," which are meant to respond to what people filed during the first phase of the comment period, which closed in July. That comment period had been much longer than usual, because the commission released the proposal a month before it was voted on.

An anonymous reader shares an excerpt from a report via Ars Technica: Americans might not need a fast home Internet connection, the Federal Communications Commission suggests in a new document. Instead, mobile Internet via a smartphone might be all people need. The suggestion comes in the FCC's annual inquiry into broadband availability. Section 706 of the Telecommunications Act requires the FCC to determine whether broadband (or more formally, "advanced telecommunications capability") is being deployed to all Americans in a reasonable and timely fashion. If the FCC finds that broadband isn't being deployed quickly enough to everyone, it is required by law to "take immediate action to accelerate deployment of such capability by removing barriers to infrastructure investment and by promoting competition in the telecommunications market."

The FCC found during George W. Bush's presidency that fast Internet service was being deployed in a reasonable and timely fashion. But during the Obama administration, the FCC determined repeatedly that broadband isn't reaching Americans fast enough, pointing in particular to lagging deployment in rural areas. These analyses did not consider mobile broadband to be a full replacement for a home (or "fixed") Internet connection via cable, fiber, or some other technology. Last year, the FCC updated its analysis with a conclusion that Americans need home and mobile access. Because home Internet connections and smartphones have different capabilities and limitations, Americans should have access to both instead of just one or the other, the FCC concluded under then-Chairman Tom Wheeler. The report goes on to add that with Republican Ajit Pai as chairman of the FCC, "the FCC seems poised to change that policy by declaring that mobile broadband with speeds of 10Mbps downstream and 1Mbps upstream is all one needs." Furthermore, "In doing so, the FCC could conclude that broadband is already being deployed to all Americans in a reasonable and timely fashion, and thus the organization would take fewer steps to promote deployment and competition."

An anonymous reader shares a report from The New York Times (Warning: source may be paywalled; alternative source): The average temperature in the United States has risen rapidly and drastically since 1980, and recent decades have been the warmest of the past 1,500 years, according to a sweeping federal climate change report awaiting approval by the Trump administration. The draft report by scientists from 13 federal agencies, which has not yet been made public, concludes that Americans are feeling the effects of climate change right now. It directly contradicts claims by President Trump and members of his cabinet who say that the human contribution to climate change is uncertain, and that the ability to predict the effects is limited. "Evidence for a changing climate abounds, from the top of the atmosphere to the depths of the oceans," a draft of the report states. A copy of it was obtained by The New York Times. The authors note that thousands of studies, conducted by tens of thousands of scientists, have documented climate changes on land and in the air. "Many lines of evidence demonstrate that human activities, especially emissions of greenhouse (heat-trapping) gases, are primarily responsible for recent observed climate change," they wrote. The report was completed this year and is a special science section of the National Climate Assessment, which is congressionally mandated every four years. The National Academy of Sciences has signed off on the draft report, and the authors are awaiting permission from the Trump administration to release it. "The report concludes that even if humans immediately stopped emitting greenhouse gases into the atmosphere, the world would still feel at least an additional 0.50 degrees Fahrenheit (0.30 degrees Celsius) of warming over this century compared with today," reports The New York Times. "The projected actual rise, scientists say, will be as much as 2 degrees Celsius." Given the Trump administration's stance on climate change, some of the scientists who worked on the report are concerned that the report will be suppressed.

chicksdaddy writes: Do you think that shadowy Russian hackers are the biggest threat to the integrity of U.S. elections? Think again. It turns out the bad actors in U.S. elections may be a lot more "Senator Bedfellow" than "Fancy Bear," according to Bev Harris, the founder of Black Box Voting. "It's money," Harris told The Security Ledger. "There's one federal election every four years, but there are about 100,000 local elections which control hundreds of billions of dollars in contract signings." Those range from waste disposal and sanitation to transportation."There are 1,000 convictions every year for public corruption," Harris says, citing Department of Justice statistics. "Its really not something that's even rare in the United States." We just don't think that corruption is a problem, because we rarely see it manifested in the ways that most people associate with public corruption, like violence or having to pay bribes to receive promised services, Harris said. But it's still there.

How does the prevalence of public corruption touch election security? Exactly in the way you might think. "You don't know at any given time if the people handling your votes are honest or not," Harris said. "But you shouldn't have to guess. There should be a way to check." And in the decentralized, poorly monitored U.S. elections system, there often isn't. At the root of our current problem isn't (just) vulnerable equipment, it's also a shoddy "chain of custody" around votes, says Eric Hodge, the director of consulting at Cyber Scout, which is working with the Board of Elections in Kentucky and in other states to help secure elections systems. That includes where and how votes are collected, how they are moved and tabulated and then how they are handled after the fact, should citizens or officials want to review the results of an election. That lack of transparency leaves the election system vulnerable to manipulation and fraud, Harris and Hodge argue.

An anonymous reader quotes TechCrunch's newest update on the FCC's attempt to gut net neutrality protections: 10 Representatives who helped craft the law governing the FCC itself have submitted an official comment on the proposal ruthlessly dismantling it... The FCC is well within its rights to interpret the law, and it doesn't have to listen to contrary comments from the likes of you and me. It does, however, have to listen to Congress -- "congressional intent" is a huge factor in determining whether an interpretation of the law is reasonable. And in the comment they've just filed, Representatives Pallon, Doyle et al. make it very clear that their intent was and remains very different from how the FCC has chosen to represent it.

"The law directs the FCC to look at ISP services as distinct from those services that ride over the networks. The FCC's proposal contravenes our intent... While some may argue that this distinction should be abandoned because of changes in today's market, that choice is not the FCC's to make. The decision remains squarely with those of us in Congress -- and we have repeatedly chosen to leave the law as it is."
In another letter Thursday, 15 Congressmen asked FCC Chairman Ajit Pai to extend the time period for comments. They note the proposed changes have received more than 16 million comments, more than four times the number of comments on any previous FCC item. The Hill reports that the previous record was 4 million comments -- during the FCC's last net neutrality proceeding in 2014 -- and "the lawmakers also noted that the comment period for approving net neutrality in 2014 was 60 days. Pai has only allowed a 30-day comment period for his plan to rollback the rules."

An anonymous reader quotes a report from CNN: The FBI monitored social media on Election Day last year in an effort to track a suspected Russian disinformation campaign utilizing "fake news," CNN has learned. In the months leading up to Election Day, Twitter and Facebook were the feeding grounds for viral "news" stories floating conspiracies and hoaxes, many aimed at spreading negative false claims about Hillary Clinton. On Election Day, dozens of agents and analysts huddled at a command center arrayed with large monitoring screens at the FBI headquarters in Washington watching for security threats, according to multiple sources. That included analysts monitoring cyber threats, after months of mounting Russian intrusions targeting every part of the US political system, from political parties to policy think-tanks to state election systems. On this day, there was also a group of FBI cyber and counterintelligence analysts and investigators watching social media. FBI analysts had identified social media user accounts behind stories, some based overseas, and the suspicion was that at least some were part of a Russian disinformation campaign, according to two sources familiar with the investigation.

An anonymous reader quotes a report from CBS Local: President Donald Trump's push to cut legal immigration to the United States in half is being met by opposition from Silicon Valley leaders, economists, and even some Republicans senators, who all say legal immigration is key to economic prosperity. The Trump administration Wednesday endorsed the Reforming American Immigration for a Strong Economy Act or RAISE Act, a Senate bill introduced by two Republican senators earlier this year, that aims to cut all U.S. immigration in half. Business leaders, especially those in California's tech industry, say the bill will stymie their ability to fill jobs and grow the U.S. economy. California's economy is the sixth largest in the world and many attribute that success, in part, to immigration. The Information Technology Industry Council, which represents companies including Amazon, Apple, Adobe, Dell, Facebook, Hewlett-Packard, Google, Visa, Nokia, and Microsoft railed against the bill.

Dean Garfield, President and CEO of the council said, "This is not the right proposal to fix our immigration system because it does not address the challenges tech companies face, injects more bureaucratic dysfunction, and removes employers as the best judge of the employee merits they need to succeed and grow the U.S. economy." Garfield argues that the tech industry cannot find enough STEM-skilled Americans to fill open positions and that U.S. immigration policy "stops us from keeping the best and brightest innovators here in the U.S. and instead we lose out to our overseas competitors."

An anonymous reader quotes a report from Ars Technica: The U.S. Senate today confirmed the nominations of Republican Brendan Carr and Democrat Jessica Rosenworcel to fill the two empty seats on the Federal Communications Commission. FCC Chairman Ajit Pai congratulated the commissioners in a statement. "As I know from working with each of them for years, they have distinguished records of public service and will be valuable assets to the FCC in the years to come," Pai said. "Their experience at the FCC makes them particularly well-suited to hit the ground running. I'm pleased that the FCC will once again be at full strength and look forward to collaborating to close the digital divide, promote innovation, protect consumers, and improve the agency's operations."

Carr served as Pai's Wireless, Public Safety and International Legal Advisor for three years. After President Trump elevated Pai to the chairmanship in January, Pai appointed Carr to become the FCC's general counsel. Rosenworcel had to leave the commission at the end of last year when the Republican-led US Senate refused to re-confirm her for a second five-year term. But Democrats pushed Trump to re-nominate Rosenworcel to fill the empty Democratic spot and he obliged. FCC commissioners are nominated by the president and confirmed by the Senate. esides Pai, Carr, and Rosenworcel, the five-member commission includes Republican Michael O'Rielly and Democrat Mignon Clyburn.

Zack Whittaker, reporting for ZDNet: A security researcher who in May stopped an outbreak of the WannaCry ransomware has been arrested and detained after attending the Def Con conference in Las Vegas. Marcus Hutchins, 23, a British national, was arrested at Las Vegas airport on Wednesday by US Marshals, several close friends confirmed to ZDNet. A friend told ZDNet that he was "was pulled by Marshals at the lounge" after clearing security. He was briefly detained in a federal facility in Nevada until he was moved. "We went to see him this morning and we had already been moved," said the friend. Hutchins is now understood to be in custody at an FBI field office in the state. Motherboard first broke the story on Thursday. Update: A Motherboard reporter tweets, "Here's the indictment accusing @MalwareTechBlog of running the Kronos banking malware."
Update 2: New DOJ statement: Gregory J. Haanstad, United States Attorney for the Eastern District of Wisconsin, announced that on July 11, 2017, following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as "Malwaretech," for his role in creating and distributing the Kronos banking Trojan.

The Trump administration said late Wednesday that it would not delay an Obama-era regulation on smog-forming pollutants from smokestacks and tailpipes (Editor's note: the link could be paywalled; alternative source), a move that environmental groups hailed as a victory. From a report: The Environmental Protection Agency decision came a day after 16 state attorneys general, all Democrats, filed a lawsuit challenging the delay with the United States Court of Appeals for the District of Columbia. It reversed a decision that Scott Pruitt, the E.P.A. administrator, made in June to put off an Oct. 1 deadline for designating which areas of the country met new ozone standards. In announcing the ozone policy change, the agency appeared to leave the door open to extending the deadline again. But, officials said, the agency will work with states to help them deliver the needed information.

Maggie Haberman, Michael D. Shear, and Glenn Thrush reporting for The New York Times: President Trump has decided to remove Anthony Scaramucci from his position as communications director (Editor's note: the link could be paywalled; alternative source), three people close to the decision said Monday, relieving him just days after Mr. Scaramucci unloaded a crude verbal tirade against other senior members of the president's senior staff. Mr. Scaramucci's abrupt removal came just 10 days after the wealthy New York financier was brought on to the West Wing staff, a move that convulsed an already chaotic White House and led to the departures of Sean Spicer, the former press secretary, and Reince Priebus, the president's first chief of staff. From a report: Anthony Scaramucci will be leaving his role as White House Communications Director," the statement read. "Mr. Scaramucci felt it was best to give Chief of Staff John Kelly a clean slate and the ability to build his own team. We wish him all the best." Press secretary Sarah Huckabee Sanders is scheduled to brief the press corps, on-camera, at 12:45 pm PST. Scaramucci was given the job on Friday, June 21, and by Thursday, July 27, became something of a national laughingstock when The New Yorker reported his profanity-laced conversation with the magazine's Washington correspondent the night before. He was hired by the president to take charge of a communications operation in disarray, and his hiring coincided with the departure of White House press secretary Sean Spicer. Scaramucci, in his conversation with The New Yorker's Ryan Lizza, was extremely critical of White House chief strategist Steve Bannon and predicted, correctly, that then-chief of staff Reince Priebus would be removed from his position. Following the publication of Lizza's article, it became an open question in Washington whether Scaramucci would keep his job.

An anonymous reader quotes Diginomica: A fresh initiative aimed at information sharing about election threats and dubbed Defending Digital Democracy has the financial support of Facebook and the academic muscle of Harvard behind it. Will the project succeed where similar initiatives have failed...? On 19 July and backed by a $500,000 initial grant from Facebook, the Belfer Center for Science and International Affairs at Harvard Kennedy School launched a new, bipartisan initiative called the Defending Digital Democracy Project. The project will be co-led by Robby Mook, Democrat Hillary Clinton's 2016 presidential campaign manager, and Matt Rhoades, Republican Mitt Romney's 2012 campaign manager. The hope is that creating a unique and bipartisan team comprised of top-notch political operatives and leaders in the cyber and national security world, the project will be able to to identify and recommend strategies, tools, and technology to protect democratic processes and systems from cyber and information attacks.
The group will also assess new technologies (including blockchain) to secure elections, and wants to create an information sharing infrastructure modeled "on similar efforts within the tech industry to share tech intelligence." The article says Facebook's chief security officer "hopes that election officials who are wary of cooperating with the federal government will be more receptive to working with an independent group tied to Harvard and the tech industy," and the group also includes Google's director for Information Security and Privacy.

"Facebook plans to host state and local election officials at its D.C. office later this year to discuss the information sharing organization, and launch the organization in early 2018."

An anonymous reader quotes The Hill: Hackers at at a competition in Las Vegas were able to successfully breach the software of U.S. voting machines in just 90 minutes on Friday, illuminating glaring security deficiencies in America's election infrastructure. Tech minds at the annual "DEF CON" in Las Vegas were given physical voting machines and remote access, with the instructions of gaining access to the software. According to a Register report, within minutes, hackers exposed glaring physical and software vulnerabilities across multiple U.S. voting machine companies' products. Some devices were found to have physical ports that could be used to attach devices containing malicious software. Others had insecure Wi-Fi connections, or were running outdated software with security vulnerabilities like Windows XP.
Though some of the machines were out of date, they were all from "major U.S. voting machine companies" like Diebold Nixorf, Sequoia Voting Systems, and WinVote -- and were purchased on eBay or at government auctions. One of the machines apparently still had voter registration data stored in plain text in an SQLite database from a 2008 election, according to event's official Twitter feed.

By Saturday night they were tweeting video of a WinVote machine playing Rick Astley's "Never Gonna Give You Up."

Reuters reports: A U.S. congressional panel this week asked 22 government agencies to share documents on Moscow-based cyber firm Kaspersky Lab, saying its products could be used to carry out "nefarious activities against the United States," according to letters seen by Reuters. The requests made on Thursday by the U.S. House of Representatives Committee on Science, Space and Technology are the latest blow to the antivirus company, which has been countering accusations by U.S. officials that it may be vulnerable to Russian government influence. The committee asked the agencies for all documents and communications about Kaspersky Lab products dating back to Jan. 1, 2013, including any internal risk assessments. It also requested lists of any systems that use Kaspersky products and the names of any U.S. government contractors or subcontractors that do so. Kaspersky has repeatedly denied that it has ties to any government and said it would not help any government with cyber espionage. It said there is no evidence for the accusations made by U.S. officials. The committee "is concerned that Kaspersky Lab is susceptible to manipulation by the Russian government, and that its products could be used as a tool for espionage, sabotage, or other nefarious activities against the United States," wrote the panel's Republican chairman, Lamar Smith, in the letters.

Usama Jawad, writing for Neowin: A few weeks ago, we reported that Microsoft's Calibri font has been used as evidence against Prime Minister Nawaz Sharif and his family in a corruption case. Today, Sharif has been disqualified from his position as a part of the court's final verdict of the case. The case concerns the "Panama Papers", which is a collection of 11.5 million documents detailing information related to over 200,000 offshore accounts. Ever since the Panama Papers were anonymously leaked back in 2015, there has been a major shift in the political situation in many countries. One such country is Pakistan, where the names of numerous members of the Prime Minister Nawaz Sharif's family were spotted in the papers. If you aren't aware of the Calibri controversy, it is as follows: Nawaz Sharif's daughter Maryam Nawaz submitted photocopies of several documents in order to deny any corruption, but it appears that the documents contained Microsoft's Calibri font, even though they were dated February 6, 2006. It is important to note that the font wasn't commercially available until much later. Despite being created in 2004, the font did not reach the general public until January 30, 2007.